6322 lines
277 KiB
JSON
6322 lines
277 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56e7c415-a5e4-4c07-88a1-420f950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:37:14.000Z",
|
||
|
"modified": "2016-03-15T08:37:14.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56e7c415-a5e4-4c07-88a1-420f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:37:14.000Z",
|
||
|
"modified": "2016-03-15T08:37:14.000Z",
|
||
|
"name": "OSINT - Locky Ransomware Arrives via Email Attachment",
|
||
|
"published": "2016-03-15T08:38:32Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--56e7c501-7804-4140-9fef-40e0950d210f",
|
||
|
"url--56e7c501-7804-4140-9fef-40e0950d210f",
|
||
|
"x-misp-attribute--56e7c59f-3cc4-4140-b83d-4250950d210f",
|
||
|
"indicator--56e7c5b9-bca8-4a7a-99fe-4fd2950d210f",
|
||
|
"indicator--56e7c5b9-3b30-44fc-8ee5-4df7950d210f",
|
||
|
"indicator--56e7c5b9-69cc-4715-848f-4973950d210f",
|
||
|
"indicator--56e7c5b9-4fd0-4df0-a195-4f7d950d210f",
|
||
|
"indicator--56e7c5ba-03cc-407d-98f8-43f9950d210f",
|
||
|
"indicator--56e7c5ba-b824-4dbc-8fa3-453a950d210f",
|
||
|
"indicator--56e7c5ba-74ec-4267-8800-4994950d210f",
|
||
|
"indicator--56e7c5bb-e354-47d9-9d2b-4a7c950d210f",
|
||
|
"indicator--56e7c5bb-0098-4132-a799-4130950d210f",
|
||
|
"indicator--56e7c5bb-57dc-41cb-901b-4990950d210f",
|
||
|
"indicator--56e7c5bc-b2b0-44c6-b296-4382950d210f",
|
||
|
"indicator--56e7c5bc-8334-4f38-9bae-410b950d210f",
|
||
|
"indicator--56e7c5bc-b1f4-4f92-b731-4149950d210f",
|
||
|
"indicator--56e7c5bd-ee5c-4985-a3aa-4e86950d210f",
|
||
|
"indicator--56e7c5bd-c3f0-4484-b236-4fa4950d210f",
|
||
|
"indicator--56e7c5bd-f8a4-4b35-9001-4830950d210f",
|
||
|
"indicator--56e7c5be-1670-406d-aa14-4ea5950d210f",
|
||
|
"indicator--56e7c5be-2a8c-4b4b-b9b6-4fa1950d210f",
|
||
|
"indicator--56e7c5be-3e04-4ac7-aaf2-4293950d210f",
|
||
|
"indicator--56e7c5bf-0640-486a-9acc-43fb950d210f",
|
||
|
"indicator--56e7c5bf-41e0-46aa-809a-4af5950d210f",
|
||
|
"indicator--56e7c5bf-562c-4882-98f4-4a88950d210f",
|
||
|
"indicator--56e7c5c0-f910-4e3b-89ec-43de950d210f",
|
||
|
"indicator--56e7c5c0-6b08-4098-b8f4-468d950d210f",
|
||
|
"indicator--56e7c5c0-c988-497d-befe-45e2950d210f",
|
||
|
"indicator--56e7c5c1-226c-4f08-a6b1-4760950d210f",
|
||
|
"indicator--56e7c5c1-be40-4900-ac36-48c6950d210f",
|
||
|
"indicator--56e7c5c2-f1e4-4eaa-a259-48b2950d210f",
|
||
|
"indicator--56e7c5c2-d0c0-40ec-8e09-4db0950d210f",
|
||
|
"indicator--56e7c5c2-9068-4306-8f32-442a950d210f",
|
||
|
"indicator--56e7c5c3-947c-480f-9c8b-42aa950d210f",
|
||
|
"indicator--56e7c5c3-6c70-4002-980b-44d1950d210f",
|
||
|
"indicator--56e7c5c3-1f18-4565-a4b4-429c950d210f",
|
||
|
"indicator--56e7c5c4-574c-49a7-994a-45bc950d210f",
|
||
|
"indicator--56e7c5c4-cbb8-4587-8f48-40d4950d210f",
|
||
|
"indicator--56e7c5c4-e060-4e09-a5c2-4b2e950d210f",
|
||
|
"indicator--56e7c5c4-a09c-4241-918f-45f0950d210f",
|
||
|
"indicator--56e7c5c5-f7ec-42a4-9e8c-4753950d210f",
|
||
|
"indicator--56e7c5c5-a1b4-470d-a3ba-41b6950d210f",
|
||
|
"indicator--56e7c5c5-c534-4d3e-92ae-4733950d210f",
|
||
|
"indicator--56e7c5c5-7ebc-4084-b2b0-4f38950d210f",
|
||
|
"indicator--56e7c5c6-9f98-48b8-87c7-4ceb950d210f",
|
||
|
"indicator--56e7c5c6-6e5c-4ee9-89de-4e6d950d210f",
|
||
|
"indicator--56e7c5c6-a140-4f46-bc83-4595950d210f",
|
||
|
"indicator--56e7c5c7-5488-42ee-a937-47fd950d210f",
|
||
|
"indicator--56e7c5c7-2ba0-4df7-b924-4657950d210f",
|
||
|
"indicator--56e7c5c7-c220-47f3-b316-4b2d950d210f",
|
||
|
"indicator--56e7c5c7-894c-4ebf-af41-4ae9950d210f",
|
||
|
"indicator--56e7c5c8-2ce4-4a3c-b05f-4550950d210f",
|
||
|
"indicator--56e7c5c8-8a18-489d-aebc-4b11950d210f",
|
||
|
"indicator--56e7c5c8-3aa8-4760-8682-4d11950d210f",
|
||
|
"indicator--56e7c5c9-97b8-4776-a381-473e950d210f",
|
||
|
"indicator--56e7c5c9-74bc-4739-9dc1-4eff950d210f",
|
||
|
"indicator--56e7c5c9-ba20-467b-bc5b-4b76950d210f",
|
||
|
"indicator--56e7c5ca-ef1c-4ff2-bd31-4204950d210f",
|
||
|
"indicator--56e7c5ca-62c8-4ab6-a75d-4c8c950d210f",
|
||
|
"indicator--56e7c5ca-aa48-4fa2-a124-499e950d210f",
|
||
|
"indicator--56e7c5ca-21d0-4504-9051-45b8950d210f",
|
||
|
"indicator--56e7c5cb-f8b0-400a-9b38-4c79950d210f",
|
||
|
"indicator--56e7c5cb-6c80-4f6d-af21-4282950d210f",
|
||
|
"indicator--56e7c5cb-7eb8-421a-ab2a-4bf7950d210f",
|
||
|
"indicator--56e7c5e3-1998-4c72-abb4-491b950d210f",
|
||
|
"indicator--56e7c5fc-b070-4522-9558-4290950d210f",
|
||
|
"indicator--56e7c665-3580-44b6-b546-49c302de0b81",
|
||
|
"indicator--56e7c666-ef14-4d7b-b0e4-4ab902de0b81",
|
||
|
"observed-data--56e7c666-ec30-4ddf-a5b3-4b5002de0b81",
|
||
|
"url--56e7c666-ec30-4ddf-a5b3-4b5002de0b81",
|
||
|
"indicator--56e7c666-cc64-4e09-aa09-46b802de0b81",
|
||
|
"indicator--56e7c667-5868-4f5f-ba64-4eb902de0b81",
|
||
|
"observed-data--56e7c667-ff38-4a45-95eb-48f002de0b81",
|
||
|
"url--56e7c667-ff38-4a45-95eb-48f002de0b81",
|
||
|
"indicator--56e7c667-8338-475c-9c71-4f9602de0b81",
|
||
|
"indicator--56e7c668-da14-4427-8d24-46bf02de0b81",
|
||
|
"observed-data--56e7c669-94f4-4cfb-80fd-47ab02de0b81",
|
||
|
"url--56e7c669-94f4-4cfb-80fd-47ab02de0b81",
|
||
|
"indicator--56e7c669-b180-4eb1-bef9-489402de0b81",
|
||
|
"indicator--56e7c669-5898-4560-b908-409702de0b81",
|
||
|
"observed-data--56e7c66a-e13c-40e9-b433-4b7a02de0b81",
|
||
|
"url--56e7c66a-e13c-40e9-b433-4b7a02de0b81",
|
||
|
"indicator--56e7c66a-ba60-45e6-b49b-473c02de0b81",
|
||
|
"indicator--56e7c66a-7cb8-40ee-896c-4fc102de0b81",
|
||
|
"observed-data--56e7c66b-af24-45d7-8f25-4e6602de0b81",
|
||
|
"url--56e7c66b-af24-45d7-8f25-4e6602de0b81",
|
||
|
"indicator--56e7c66b-fc34-42e5-b9a0-452302de0b81",
|
||
|
"indicator--56e7c66b-b21c-44aa-8ef2-4e1302de0b81",
|
||
|
"observed-data--56e7c66c-1d2c-4647-b299-444702de0b81",
|
||
|
"url--56e7c66c-1d2c-4647-b299-444702de0b81",
|
||
|
"indicator--56e7c66c-c8c0-4df9-b07e-47a202de0b81",
|
||
|
"indicator--56e7c66d-8fd8-484f-a2aa-492402de0b81",
|
||
|
"observed-data--56e7c66d-0ee4-49a3-bdbb-496f02de0b81",
|
||
|
"url--56e7c66d-0ee4-49a3-bdbb-496f02de0b81",
|
||
|
"indicator--56e7c66d-87f4-4fb2-a364-439202de0b81",
|
||
|
"indicator--56e7c66e-c520-447c-84d7-4fa202de0b81",
|
||
|
"observed-data--56e7c66e-bc88-41ec-936d-4ace02de0b81",
|
||
|
"url--56e7c66e-bc88-41ec-936d-4ace02de0b81",
|
||
|
"indicator--56e7c66e-05dc-4dc7-a43d-44c802de0b81",
|
||
|
"indicator--56e7c66f-c590-4195-bc1a-4bc502de0b81",
|
||
|
"observed-data--56e7c66f-bbb8-448a-99e4-465f02de0b81",
|
||
|
"url--56e7c66f-bbb8-448a-99e4-465f02de0b81",
|
||
|
"indicator--56e7c66f-aec0-41eb-b4ce-472f02de0b81",
|
||
|
"indicator--56e7c670-8874-4a82-b7af-47d002de0b81",
|
||
|
"observed-data--56e7c670-36e8-48ec-a213-440c02de0b81",
|
||
|
"url--56e7c670-36e8-48ec-a213-440c02de0b81",
|
||
|
"indicator--56e7c671-d06c-4eca-a7ac-45c602de0b81",
|
||
|
"indicator--56e7c671-be28-4307-a3bd-4ee702de0b81",
|
||
|
"observed-data--56e7c671-bbe8-4f35-adaa-46eb02de0b81",
|
||
|
"url--56e7c671-bbe8-4f35-adaa-46eb02de0b81",
|
||
|
"indicator--56e7c672-000c-474e-a92d-444f02de0b81",
|
||
|
"indicator--56e7c672-793c-4383-9df6-423402de0b81",
|
||
|
"observed-data--56e7c672-5098-46dd-80a5-4aca02de0b81",
|
||
|
"url--56e7c672-5098-46dd-80a5-4aca02de0b81",
|
||
|
"indicator--56e7c673-1724-4748-b2f7-482c02de0b81",
|
||
|
"indicator--56e7c673-0cb0-4c6f-8e36-459202de0b81",
|
||
|
"observed-data--56e7c673-9680-4c03-8f20-4a1402de0b81",
|
||
|
"url--56e7c673-9680-4c03-8f20-4a1402de0b81",
|
||
|
"indicator--56e7c673-4ac8-47ff-ae4d-4c0602de0b81",
|
||
|
"indicator--56e7c674-e2b0-4759-890c-4a7b02de0b81",
|
||
|
"observed-data--56e7c674-f5c0-4eea-8404-41e802de0b81",
|
||
|
"url--56e7c674-f5c0-4eea-8404-41e802de0b81",
|
||
|
"indicator--56e7c674-ed88-4d20-8596-431402de0b81",
|
||
|
"indicator--56e7c675-c474-453d-b46e-429f02de0b81",
|
||
|
"observed-data--56e7c675-8b0c-4f98-9648-4f1b02de0b81",
|
||
|
"url--56e7c675-8b0c-4f98-9648-4f1b02de0b81",
|
||
|
"indicator--56e7c675-12d4-46cf-8fdb-474802de0b81",
|
||
|
"indicator--56e7c676-aa28-4442-a18a-49f102de0b81",
|
||
|
"observed-data--56e7c676-e54c-46dc-be17-466802de0b81",
|
||
|
"url--56e7c676-e54c-46dc-be17-466802de0b81",
|
||
|
"indicator--56e7c677-bab8-4cde-bc67-4ba002de0b81",
|
||
|
"indicator--56e7c677-4d78-4183-ae94-41ed02de0b81",
|
||
|
"observed-data--56e7c677-c3e0-4f54-8d85-473302de0b81",
|
||
|
"url--56e7c677-c3e0-4f54-8d85-473302de0b81",
|
||
|
"indicator--56e7c678-dbc4-46c1-81f5-413202de0b81",
|
||
|
"indicator--56e7c678-593c-4a6d-b1b1-467902de0b81",
|
||
|
"observed-data--56e7c678-75f0-4907-b2ce-410402de0b81",
|
||
|
"url--56e7c678-75f0-4907-b2ce-410402de0b81",
|
||
|
"indicator--56e7c679-1480-46d7-a27b-486b02de0b81",
|
||
|
"indicator--56e7c679-e9ec-463a-8a3f-44e802de0b81",
|
||
|
"observed-data--56e7c679-bfe8-43b8-86dc-453502de0b81",
|
||
|
"url--56e7c679-bfe8-43b8-86dc-453502de0b81",
|
||
|
"indicator--56e7c67a-83cc-4957-8828-458102de0b81",
|
||
|
"indicator--56e7c67a-c9e8-4fcf-8738-4d2802de0b81",
|
||
|
"observed-data--56e7c67a-23d4-4614-a39a-4ea002de0b81",
|
||
|
"url--56e7c67a-23d4-4614-a39a-4ea002de0b81",
|
||
|
"indicator--56e7c67b-ed24-476d-a7d7-443402de0b81",
|
||
|
"indicator--56e7c67b-81a0-42d5-801b-41df02de0b81",
|
||
|
"observed-data--56e7c67b-7d98-4fa7-850d-457b02de0b81",
|
||
|
"url--56e7c67b-7d98-4fa7-850d-457b02de0b81",
|
||
|
"indicator--56e7c67b-9f54-49df-aeb1-46ad02de0b81",
|
||
|
"indicator--56e7c67c-0acc-4dd5-84f2-4ed802de0b81",
|
||
|
"observed-data--56e7c67c-c5d0-44e8-a24f-46a602de0b81",
|
||
|
"url--56e7c67c-c5d0-44e8-a24f-46a602de0b81",
|
||
|
"indicator--56e7c67c-8220-42de-91b6-46c902de0b81",
|
||
|
"indicator--56e7c67d-b530-45ec-bcfc-472702de0b81",
|
||
|
"observed-data--56e7c67d-7dc4-4b26-82fb-433d02de0b81",
|
||
|
"url--56e7c67d-7dc4-4b26-82fb-433d02de0b81",
|
||
|
"indicator--56e7c67d-3be8-4078-ad04-4b7a02de0b81",
|
||
|
"indicator--56e7c67e-14d0-4c54-88c6-495d02de0b81",
|
||
|
"observed-data--56e7c67e-6054-4b78-836e-476502de0b81",
|
||
|
"url--56e7c67e-6054-4b78-836e-476502de0b81",
|
||
|
"indicator--56e7c67f-8440-4d73-9d07-470202de0b81",
|
||
|
"indicator--56e7c67f-1064-4b9a-b78e-4f5502de0b81",
|
||
|
"observed-data--56e7c67f-0128-4a37-b785-4f9f02de0b81",
|
||
|
"url--56e7c67f-0128-4a37-b785-4f9f02de0b81",
|
||
|
"indicator--56e7c67f-8c24-4555-931e-406302de0b81",
|
||
|
"indicator--56e7c680-6a74-4729-9903-4f4202de0b81",
|
||
|
"observed-data--56e7c680-7dd0-41f1-8cd2-46ca02de0b81",
|
||
|
"url--56e7c680-7dd0-41f1-8cd2-46ca02de0b81",
|
||
|
"indicator--56e7c681-776c-4d80-8765-4d2802de0b81",
|
||
|
"indicator--56e7c681-349c-439a-883a-475c02de0b81",
|
||
|
"observed-data--56e7c681-8bd8-4a04-8c16-4a3d02de0b81",
|
||
|
"url--56e7c681-8bd8-4a04-8c16-4a3d02de0b81",
|
||
|
"indicator--56e7c681-8598-424b-a242-4ea502de0b81",
|
||
|
"indicator--56e7c682-bf50-4d50-986a-4b3202de0b81",
|
||
|
"observed-data--56e7c682-9294-4040-a643-4c2402de0b81",
|
||
|
"url--56e7c682-9294-4040-a643-4c2402de0b81",
|
||
|
"indicator--56e7c682-a3ac-42c9-814a-495602de0b81",
|
||
|
"indicator--56e7c683-edc0-48fc-ac74-460302de0b81",
|
||
|
"observed-data--56e7c683-1ef4-42be-aff6-474b02de0b81",
|
||
|
"url--56e7c683-1ef4-42be-aff6-474b02de0b81",
|
||
|
"indicator--56e7c683-f468-417d-adfb-465f02de0b81",
|
||
|
"indicator--56e7c684-8c00-48e0-994f-458102de0b81",
|
||
|
"observed-data--56e7c684-0ab8-43c9-9c3e-4e4902de0b81",
|
||
|
"url--56e7c684-0ab8-43c9-9c3e-4e4902de0b81",
|
||
|
"indicator--56e7c684-1f80-4bf1-99da-4ac702de0b81",
|
||
|
"indicator--56e7c685-9e78-491e-9641-45b402de0b81",
|
||
|
"observed-data--56e7c685-325c-4c41-b784-421902de0b81",
|
||
|
"url--56e7c685-325c-4c41-b784-421902de0b81",
|
||
|
"indicator--56e7c685-b59c-4095-803e-47ec02de0b81",
|
||
|
"indicator--56e7c686-4fd4-444c-8a20-491502de0b81",
|
||
|
"observed-data--56e7c686-a3c0-4740-8809-4cec02de0b81",
|
||
|
"url--56e7c686-a3c0-4740-8809-4cec02de0b81",
|
||
|
"indicator--56e7c686-f7cc-45d2-8d15-489902de0b81",
|
||
|
"indicator--56e7c686-e28c-42e8-ac30-4ad202de0b81",
|
||
|
"observed-data--56e7c687-4f58-42f9-afaf-45fb02de0b81",
|
||
|
"url--56e7c687-4f58-42f9-afaf-45fb02de0b81",
|
||
|
"indicator--56e7c687-6c40-4df8-8484-4dae02de0b81",
|
||
|
"indicator--56e7c687-8880-489d-9419-44b202de0b81",
|
||
|
"observed-data--56e7c688-dbd8-4664-b907-43d702de0b81",
|
||
|
"url--56e7c688-dbd8-4664-b907-43d702de0b81",
|
||
|
"indicator--56e7c688-c004-4eed-ab7f-47cf02de0b81",
|
||
|
"indicator--56e7c688-8830-4e03-a7de-4bcf02de0b81",
|
||
|
"observed-data--56e7c688-08bc-45d4-a051-41d602de0b81",
|
||
|
"url--56e7c688-08bc-45d4-a051-41d602de0b81",
|
||
|
"indicator--56e7c689-d1a4-47ed-a9bf-45a902de0b81",
|
||
|
"indicator--56e7c689-36b0-4d07-bd5c-45a102de0b81",
|
||
|
"observed-data--56e7c689-afd8-48e2-b641-4ead02de0b81",
|
||
|
"url--56e7c689-afd8-48e2-b641-4ead02de0b81",
|
||
|
"indicator--56e7c68a-2a94-4123-8677-43ae02de0b81",
|
||
|
"indicator--56e7c68a-c600-4757-a1ac-4da202de0b81",
|
||
|
"observed-data--56e7c68a-f5d4-459b-8e67-4a7b02de0b81",
|
||
|
"url--56e7c68a-f5d4-459b-8e67-4a7b02de0b81",
|
||
|
"indicator--56e7c68b-6b9c-4b97-bd89-4d3502de0b81",
|
||
|
"indicator--56e7c68b-f63c-4274-9de4-449302de0b81",
|
||
|
"observed-data--56e7c68b-f330-4651-9e8b-4bef02de0b81",
|
||
|
"url--56e7c68b-f330-4651-9e8b-4bef02de0b81",
|
||
|
"indicator--56e7c68c-4630-47f1-95f8-4ead02de0b81",
|
||
|
"indicator--56e7c68c-22e8-4e2f-aa2a-47a502de0b81",
|
||
|
"observed-data--56e7c68c-0ce0-4466-ba2e-4d9702de0b81",
|
||
|
"url--56e7c68c-0ce0-4466-ba2e-4d9702de0b81",
|
||
|
"indicator--56e7c68d-1f44-48be-a353-4b6602de0b81",
|
||
|
"indicator--56e7c68d-e668-4417-b2a8-47c702de0b81",
|
||
|
"observed-data--56e7c68d-2470-4aef-9d72-41a102de0b81",
|
||
|
"url--56e7c68d-2470-4aef-9d72-41a102de0b81",
|
||
|
"indicator--56e7c68e-bd94-4343-9fda-423002de0b81",
|
||
|
"indicator--56e7c68e-4488-4bc4-bcb1-436d02de0b81",
|
||
|
"observed-data--56e7c68e-0874-4cec-bdff-491902de0b81",
|
||
|
"url--56e7c68e-0874-4cec-bdff-491902de0b81",
|
||
|
"indicator--56e7c68f-47e4-49e4-96c6-434f02de0b81",
|
||
|
"indicator--56e7c68f-04a8-4b79-aeb6-4b4802de0b81",
|
||
|
"observed-data--56e7c68f-b3fc-4ce3-8ba0-411d02de0b81",
|
||
|
"url--56e7c68f-b3fc-4ce3-8ba0-411d02de0b81",
|
||
|
"indicator--56e7c68f-26cc-4bc8-94c1-461402de0b81",
|
||
|
"indicator--56e7c690-7858-4785-a33f-4e5002de0b81",
|
||
|
"observed-data--56e7c690-5988-40a4-bcd6-4b7b02de0b81",
|
||
|
"url--56e7c690-5988-40a4-bcd6-4b7b02de0b81",
|
||
|
"indicator--56e7c690-7628-4f89-9a71-40fb02de0b81",
|
||
|
"indicator--56e7c691-ec60-4473-a351-4e3202de0b81",
|
||
|
"observed-data--56e7c691-2f78-44ef-b1fb-4ed902de0b81",
|
||
|
"url--56e7c691-2f78-44ef-b1fb-4ed902de0b81",
|
||
|
"indicator--56e7c691-6be4-4aeb-89f1-432f02de0b81",
|
||
|
"indicator--56e7c692-90bc-4bcd-9121-4f7d02de0b81",
|
||
|
"observed-data--56e7c692-8048-484d-b48b-4ce202de0b81",
|
||
|
"url--56e7c692-8048-484d-b48b-4ce202de0b81",
|
||
|
"indicator--56e7c692-c1b8-45f7-8deb-479c02de0b81",
|
||
|
"indicator--56e7c693-f2b0-463c-9ea5-412502de0b81",
|
||
|
"observed-data--56e7c693-4fd4-41e5-bd55-4b5602de0b81",
|
||
|
"url--56e7c693-4fd4-41e5-bd55-4b5602de0b81",
|
||
|
"indicator--56e7c693-2cb0-41e6-90bf-4a9802de0b81",
|
||
|
"indicator--56e7c693-93f0-4d1a-8efc-4b6002de0b81",
|
||
|
"observed-data--56e7c694-b674-4c6b-b2e3-4f1702de0b81",
|
||
|
"url--56e7c694-b674-4c6b-b2e3-4f1702de0b81",
|
||
|
"indicator--56e7c694-70a8-4e45-9cb7-45a202de0b81",
|
||
|
"indicator--56e7c694-e268-45f4-8b22-48dc02de0b81",
|
||
|
"observed-data--56e7c695-c170-49eb-9844-434d02de0b81",
|
||
|
"url--56e7c695-c170-49eb-9844-434d02de0b81",
|
||
|
"indicator--56e7c695-c0bc-41bd-93a4-467902de0b81",
|
||
|
"indicator--56e7c695-0c60-4a3f-bfbe-456e02de0b81",
|
||
|
"observed-data--56e7c696-a354-40ec-9358-4efe02de0b81",
|
||
|
"url--56e7c696-a354-40ec-9358-4efe02de0b81",
|
||
|
"indicator--56e7c696-e67c-4df7-b20a-4a0902de0b81",
|
||
|
"indicator--56e7c696-62d0-43bc-b7dd-498202de0b81",
|
||
|
"observed-data--56e7c696-b614-4bc8-9891-40b702de0b81",
|
||
|
"url--56e7c696-b614-4bc8-9891-40b702de0b81",
|
||
|
"indicator--56e7c697-6084-4be6-9b14-4c5302de0b81",
|
||
|
"indicator--56e7c697-4964-4cd0-9c93-47fc02de0b81",
|
||
|
"observed-data--56e7c697-8528-4b6c-acf9-44c002de0b81",
|
||
|
"url--56e7c697-8528-4b6c-acf9-44c002de0b81",
|
||
|
"indicator--56e7c698-bbc4-4e44-a62e-4a9402de0b81",
|
||
|
"indicator--56e7c698-c6a8-4edc-941e-4b8502de0b81",
|
||
|
"observed-data--56e7c698-ba24-41ea-881c-401a02de0b81",
|
||
|
"url--56e7c698-ba24-41ea-881c-401a02de0b81",
|
||
|
"indicator--56e7c699-57ac-4879-9299-46f402de0b81",
|
||
|
"indicator--56e7c699-b9e8-4711-91cb-487c02de0b81",
|
||
|
"observed-data--56e7c699-e9a8-4254-8586-453002de0b81",
|
||
|
"url--56e7c699-e9a8-4254-8586-453002de0b81",
|
||
|
"indicator--56e7c699-e154-4a67-91d1-4cd302de0b81",
|
||
|
"indicator--56e7c69a-3c18-4490-b94f-40b702de0b81",
|
||
|
"observed-data--56e7c69a-ead0-41f7-840a-493602de0b81",
|
||
|
"url--56e7c69a-ead0-41f7-840a-493602de0b81",
|
||
|
"indicator--56e7c69a-2f04-4957-b7f0-4a9402de0b81",
|
||
|
"indicator--56e7c69b-18f4-4fd5-86f4-4c1c02de0b81",
|
||
|
"observed-data--56e7c69b-e898-4e03-b1e1-4d3b02de0b81",
|
||
|
"url--56e7c69b-e898-4e03-b1e1-4d3b02de0b81",
|
||
|
"indicator--56e7c69b-cf04-4b59-9cf6-485602de0b81",
|
||
|
"indicator--56e7c69b-b6d4-4797-9e56-43c202de0b81",
|
||
|
"observed-data--56e7c69c-3340-43da-8867-48fb02de0b81",
|
||
|
"url--56e7c69c-3340-43da-8867-48fb02de0b81",
|
||
|
"indicator--56e7c69c-d194-44a8-a481-45a702de0b81",
|
||
|
"indicator--56e7c69c-f95c-4ebe-9f5b-4f4402de0b81",
|
||
|
"observed-data--56e7c69d-7fbc-4b64-b5a3-4f8d02de0b81",
|
||
|
"url--56e7c69d-7fbc-4b64-b5a3-4f8d02de0b81",
|
||
|
"indicator--56e7c69d-52d8-49aa-a137-459902de0b81",
|
||
|
"indicator--56e7c69d-9138-4927-badb-4f3202de0b81",
|
||
|
"observed-data--56e7c69e-e2dc-46f5-b8d8-4ed402de0b81",
|
||
|
"url--56e7c69e-e2dc-46f5-b8d8-4ed402de0b81",
|
||
|
"indicator--56e7c69e-2f88-44d8-bfa9-489202de0b81",
|
||
|
"indicator--56e7c69e-f920-41a7-bfd9-4d0e02de0b81",
|
||
|
"observed-data--56e7c69f-7074-4849-94f8-45ad02de0b81",
|
||
|
"url--56e7c69f-7074-4849-94f8-45ad02de0b81",
|
||
|
"indicator--56e7c69f-f5f0-4ead-b058-429602de0b81",
|
||
|
"indicator--56e7c69f-5840-410d-946d-4b7302de0b81",
|
||
|
"observed-data--56e7c6a0-77c4-43c3-8c6e-42e402de0b81",
|
||
|
"url--56e7c6a0-77c4-43c3-8c6e-42e402de0b81",
|
||
|
"indicator--56e7c6a0-dee8-4a69-add6-4bc602de0b81",
|
||
|
"indicator--56e7c6a0-dec0-4331-a930-407402de0b81",
|
||
|
"observed-data--56e7c6a1-6118-43e1-b410-498c02de0b81",
|
||
|
"url--56e7c6a1-6118-43e1-b410-498c02de0b81",
|
||
|
"indicator--56e7c9ba-4318-4d86-af3e-43e0950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c501-7804-4140-9fef-40e0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:17:05.000Z",
|
||
|
"modified": "2016-03-15T08:17:05.000Z",
|
||
|
"first_observed": "2016-03-15T08:17:05Z",
|
||
|
"last_observed": "2016-03-15T08:17:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c501-7804-4140-9fef-40e0950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c501-7804-4140-9fef-40e0950d210f",
|
||
|
"value": "https://blogs.mcafee.com/mcafee-labs/locky-ransomware-arrives-via-email-attachment/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56e7c59f-3cc4-4140-b83d-4250950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:19:43.000Z",
|
||
|
"modified": "2016-03-15T08:19:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Locky is a new ransomware threat being spread via spam campaigns. This new malware has capabilities similar to those of Dridex.\r\nLocky arrives in a Microsoft Office email attachment that evades antispam filters (among other things) and attempts to trick users via social engineering into opening the attachment. Once running, Locky encrypts numerous files using RSA-2048 and AES-1024 encryption, and then demands that its victims pay a ransom to restore their files."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5b9-bca8-4a7a-99fe-4fd2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:09.000Z",
|
||
|
"modified": "2016-03-15T08:20:09.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd4dc820457bbc557b14ec0e58358646afbba70f4d5cab2276cdac8ce631a3854']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5b9-3b30-44fc-8ee5-4df7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:09.000Z",
|
||
|
"modified": "2016-03-15T08:20:09.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd159fe802f509b67d319ea916cc6a052035a0c0f4412406b6b78d7db4d4035fc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5b9-69cc-4715-848f-4973950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:09.000Z",
|
||
|
"modified": "2016-03-15T08:20:09.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5b9-4fd0-4df0-a195-4f7d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:09.000Z",
|
||
|
"modified": "2016-03-15T08:20:09.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '40f62d6dfa7d2429c8e1085f1460907d82cc6a48399038c07bdc5b38792f75b3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ba-03cc-407d-98f8-43f9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:10.000Z",
|
||
|
"modified": "2016-03-15T08:20:10.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ba-b824-4dbc-8fa3-453a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:10.000Z",
|
||
|
"modified": "2016-03-15T08:20:10.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ba-74ec-4267-8800-4994950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:10.000Z",
|
||
|
"modified": "2016-03-15T08:20:10.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '4725019fb0a4574d1ad42bfa481ba1992002fe60811829a89955b3e538611123']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bb-e354-47d9-9d2b-4a7c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:11.000Z",
|
||
|
"modified": "2016-03-15T08:20:11.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '85e6adb499916a6557b2beebcf44f0872908a2d2705058bfacc9d7bc4c5bc43e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bb-0098-4132-a799-4130950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:11.000Z",
|
||
|
"modified": "2016-03-15T08:20:11.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e720f917cd8a02b0372b85068844e132c42ea2c97061b81d378b5a73f9344003']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bb-57dc-41cb-901b-4990950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:11.000Z",
|
||
|
"modified": "2016-03-15T08:20:11.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bc-b2b0-44c6-b296-4382950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:12.000Z",
|
||
|
"modified": "2016-03-15T08:20:12.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd4ff4b73d7e89f80d78239a349c0197022c9d9306e5b59fdb71894040bc36489']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bc-8334-4f38-9bae-410b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:12.000Z",
|
||
|
"modified": "2016-03-15T08:20:12.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '48a84c3ecf57ffdb474f61edb43634c32663be2466e4c489ec11e029fc70c042']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bc-b1f4-4f92-b731-4149950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:12.000Z",
|
||
|
"modified": "2016-03-15T08:20:12.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'acee75cd346795ceb02fc30aa822d13c4132e64fd36b5244dd822199a5a0c0a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bd-ee5c-4985-a3aa-4e86950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:13.000Z",
|
||
|
"modified": "2016-03-15T08:20:13.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '976059c030c256db4a22d0fcbf2372cc3320877025154b5efeb3f7a1a26b1774']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bd-c3f0-4484-b236-4fa4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:13.000Z",
|
||
|
"modified": "2016-03-15T08:20:13.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '8fa81c2bce89adcb1cc246761775ebbf29cbc444be78c7a58a465f76f1cdf6c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bd-f8a4-4b35-9001-4830950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:13.000Z",
|
||
|
"modified": "2016-03-15T08:20:13.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5be-1670-406d-aa14-4ea5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:14.000Z",
|
||
|
"modified": "2016-03-15T08:20:14.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '02b00f7615e1fd9091d947dad00dfe60528d9015b694374df2b5525ea6dd1301']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5be-2a8c-4b4b-b9b6-4fa1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:14.000Z",
|
||
|
"modified": "2016-03-15T08:20:14.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '77d66d710acddbe66a4f88b9db8775466a35948bad8716c188490ae0aca9a2f9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5be-3e04-4ac7-aaf2-4293950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:14.000Z",
|
||
|
"modified": "2016-03-15T08:20:14.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '2a40da48c9dc3e20bc6e30c986306ceccbc2d8be55b355b7a73d95c1a54319a4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bf-0640-486a-9acc-43fb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:15.000Z",
|
||
|
"modified": "2016-03-15T08:20:15.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '8842974b86c6101a5bbb18dc16dea293e4eb7a9656dbee241ecce7a677d2cdfc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bf-41e0-46aa-809a-4af5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:15.000Z",
|
||
|
"modified": "2016-03-15T08:20:15.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '4fd7543247c1f7f2fb5d1c7f99b52ad0a41fb07aa9f388c46a6c5920a848c19a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5bf-562c-4882-98f4-4a88950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:15.000Z",
|
||
|
"modified": "2016-03-15T08:20:15.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'eb4d53a92e703d075787cebd97e06d1427d230f4872052a20f5d2f508fe1f663']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c0-f910-4e3b-89ec-43de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:16.000Z",
|
||
|
"modified": "2016-03-15T08:20:16.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '56fc23c1eb3c4ea5f9f7911d8bfa0af6df762eb6e22d002ddad562568606acc0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c0-6b08-4098-b8f4-468d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:16.000Z",
|
||
|
"modified": "2016-03-15T08:20:16.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '3402902877ddfa71190745690048f6a6b77b9999083305b6fea52b0dfe03bec8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c0-c988-497d-befe-45e2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:16.000Z",
|
||
|
"modified": "2016-03-15T08:20:16.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '68244d5204518ab8b7f3564577b2bcc98c8fe0ea0aee39aa5518ffb5cf2689dc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c1-226c-4f08-a6b1-4760950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:17.000Z",
|
||
|
"modified": "2016-03-15T08:20:17.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a588eb64872257a23a1171c3dd8b79cff048fac5b3c1dac538e6ec03658a72f5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c1-be40-4900-ac36-48c6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:17.000Z",
|
||
|
"modified": "2016-03-15T08:20:17.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '6a1c3a7498b3af751455d2e6b7fc45f0304c6946d59b389ec068686985b3e3d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c2-f1e4-4eaa-a259-48b2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:18.000Z",
|
||
|
"modified": "2016-03-15T08:20:18.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '74ae3c7bbc041639c52e298f1e0334c52ba8c1126eb0daf94fbb7bee40a831f9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c2-d0c0-40ec-8e09-4db0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:18.000Z",
|
||
|
"modified": "2016-03-15T08:20:18.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c543841ad16edfcf1098dffb9d4f656da5ac0f54857a2ffb79a799b305682053']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c2-9068-4306-8f32-442a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:18.000Z",
|
||
|
"modified": "2016-03-15T08:20:18.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b7404bed5dbb05463e1cad915a31e2a59b5dc7fe36c5bb901196fdd072ee1591']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c3-947c-480f-9c8b-42aa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:19.000Z",
|
||
|
"modified": "2016-03-15T08:20:19.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '204068d89b32659c9872bae0197e56acddca26e20523e337991df0f46d608469']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c3-6c70-4002-980b-44d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:19.000Z",
|
||
|
"modified": "2016-03-15T08:20:19.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bbd7dcc8a064e73f1ef8f17feb7e7f8bc2f91bc90bbce03695e952c4c1acfa86']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c3-1f18-4565-a4b4-429c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:19.000Z",
|
||
|
"modified": "2016-03-15T08:20:19.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a7c67bd2a6e4c7902f70a4f44242bdd073aea34f6e0b29491de4ddeed8a879f0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c4-574c-49a7-994a-45bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:20.000Z",
|
||
|
"modified": "2016-03-15T08:20:20.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '01002fef15f67941430c8a7e0c841583bf3eb67907e79310218e5ba3668e4997']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c4-cbb8-4587-8f48-40d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:20.000Z",
|
||
|
"modified": "2016-03-15T08:20:20.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c4-e060-4e09-a5c2-4b2e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:20.000Z",
|
||
|
"modified": "2016-03-15T08:20:20.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '177bb96ae04cac947092c28957121be9001d2a347141d22a14aa6474d099dd33']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c4-a09c-4241-918f-45f0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:20.000Z",
|
||
|
"modified": "2016-03-15T08:20:20.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bd12b97e2c0e80c899ac3fc595e46f4b5938e1e38c345195a535d25e0dd2d565']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c5-f7ec-42a4-9e8c-4753950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:21.000Z",
|
||
|
"modified": "2016-03-15T08:20:21.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '30587ec7becbff5e55f6effdd22075568d80eb4a06ce3104502d4d76004e16f3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c5-a1b4-470d-a3ba-41b6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:21.000Z",
|
||
|
"modified": "2016-03-15T08:20:21.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '36ded79221d444903554d693f5d93a5acada2454240da45b9a5257229eb21143']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c5-c534-4d3e-92ae-4733950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:21.000Z",
|
||
|
"modified": "2016-03-15T08:20:21.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fb607732ec2e3393634b2ccb8a028ad5b77ad0d01ef4a682bcc3c9e40e5bd186']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c5-7ebc-4084-b2b0-4f38950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:21.000Z",
|
||
|
"modified": "2016-03-15T08:20:21.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a62ebda2177dcaa163f49df590824213e1dca317f4c5d607d0edc806f0bc598c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c6-9f98-48b8-87c7-4ceb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:22.000Z",
|
||
|
"modified": "2016-03-15T08:20:22.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '210098efe6c332d372873e227f3d62a6f9630110746f775c4714a0d3805cfa09']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c6-6e5c-4ee9-89de-4e6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:22.000Z",
|
||
|
"modified": "2016-03-15T08:20:22.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd3654c1683a7596d3248aa8014e089162dd3c5f9075ee4791faa740f92f3068d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c6-a140-4f46-bc83-4595950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:22.000Z",
|
||
|
"modified": "2016-03-15T08:20:22.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '1b6b9079a36d36d94e4da712e315ff8c29e12513b001c9ae2af23fdb6a0b30a5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c7-5488-42ee-a937-47fd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:23.000Z",
|
||
|
"modified": "2016-03-15T08:20:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '0a809215d4845bdc11b87b07a6c2a6acfc6ad837f6ce56abbde4cf7e03efc684']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c7-2ba0-4df7-b924-4657950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:23.000Z",
|
||
|
"modified": "2016-03-15T08:20:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fc8e858023506da14dcdf7c581332bf961816cac3c342660f3a75949a366fa7b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c7-c220-47f3-b316-4b2d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:23.000Z",
|
||
|
"modified": "2016-03-15T08:20:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '5236d1e0f508409f8efe60cd4ccef67f4ce57fa40184849c16a1918f63d58573']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c7-894c-4ebf-af41-4ae9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:23.000Z",
|
||
|
"modified": "2016-03-15T08:20:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '09f3adee80045971982f1183607c4c8315c6e375a2e66b3ea8aa40d685d09cb6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c8-2ce4-4a3c-b05f-4550950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:24.000Z",
|
||
|
"modified": "2016-03-15T08:20:24.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '214c0232e8543c80c7c6010319524231beab9d8689b8295f7e13296de886c15c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c8-8a18-489d-aebc-4b11950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:24.000Z",
|
||
|
"modified": "2016-03-15T08:20:24.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e28753324b22939b239ca234cdc25daa16ed318d98b6430ea941d8bbbf418cad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c8-3aa8-4760-8682-4d11950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:24.000Z",
|
||
|
"modified": "2016-03-15T08:20:24.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '3b2507071a8ba09e223ffbfa8315e6d3537be2042d54166f5a698049e7a6a2b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c9-97b8-4776-a381-473e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:25.000Z",
|
||
|
"modified": "2016-03-15T08:20:25.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '7ce2f7f147b442079a978dca43de24105b2c3cde254dc76c7d6be165d8cf8d7e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c9-74bc-4739-9dc1-4eff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:25.000Z",
|
||
|
"modified": "2016-03-15T08:20:25.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fc4d893ae0f496f13581abc708ef045d067fa7af5a06a9a1c3631f8c8b74d0df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5c9-ba20-467b-bc5b-4b76950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:25.000Z",
|
||
|
"modified": "2016-03-15T08:20:25.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ca-ef1c-4ff2-bd31-4204950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:26.000Z",
|
||
|
"modified": "2016-03-15T08:20:26.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b1465aa094decb4d5749bdf5ed5df8da98cecea900ec719c45c2e2d630062934']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ca-62c8-4ab6-a75d-4c8c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:26.000Z",
|
||
|
"modified": "2016-03-15T08:20:26.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ca-aa48-4fa2-a124-499e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:26.000Z",
|
||
|
"modified": "2016-03-15T08:20:26.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a9bba5afdb85f0b65493356ddb0b3bb29a3a9b311fc4435f04610ff05eba508e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5ca-21d0-4504-9051-45b8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:26.000Z",
|
||
|
"modified": "2016-03-15T08:20:26.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c866dcfa95c50443ed5e0b4d2c0b63c1443ad330cb7d384370a244c6f58ce8a5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5cb-f8b0-400a-9b38-4c79950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:27.000Z",
|
||
|
"modified": "2016-03-15T08:20:27.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '240b43dfc2712d7d40312e760bcca5f9c7c259bbfa115c866127027346cb2fa3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5cb-6c80-4f6d-af21-4282950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:27.000Z",
|
||
|
"modified": "2016-03-15T08:20:27.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '3eb1e97e1bd96b919170c0439307a326aa28acc84b1f644e81e17d24794b9b57']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5cb-7eb8-421a-ab2a-4bf7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:27.000Z",
|
||
|
"modified": "2016-03-15T08:20:27.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs",
|
||
|
"pattern": "[file:hashes.SHA256 = '7a0602fffb1565eabb6a34016dc8692a08209b152aa490935fdcb4ac18ecddb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5e3-1998-4c72-abb4-491b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:20:51.000Z",
|
||
|
"modified": "2016-03-15T08:20:51.000Z",
|
||
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\sysC4E6.tmp']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:20:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c5fc-b070-4522-9558-4290950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:21:16.000Z",
|
||
|
"modified": "2016-03-15T08:21:16.000Z",
|
||
|
"description": "The .doc file contains some embedded macros to download Locky and infect the machine. In this case, the URL was:",
|
||
|
"pattern": "[url:value = 'http://olvikt.freedomain.thehost.com.ua/admin/js/7623dh3f.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:21:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c665-3580-44b6-b546-49c302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:01.000Z",
|
||
|
"modified": "2016-03-15T08:23:01.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 7a0602fffb1565eabb6a34016dc8692a08209b152aa490935fdcb4ac18ecddb4",
|
||
|
"pattern": "[file:hashes.SHA1 = '5ee5acdf2453a3ad377870ac1c2f6f91c3c0fb3a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c666-ef14-4d7b-b0e4-4ab902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:02.000Z",
|
||
|
"modified": "2016-03-15T08:23:02.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 7a0602fffb1565eabb6a34016dc8692a08209b152aa490935fdcb4ac18ecddb4",
|
||
|
"pattern": "[file:hashes.MD5 = 'c4b587b208acd9dde2c42d2393fddda3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c666-ec30-4ddf-a5b3-4b5002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:02.000Z",
|
||
|
"modified": "2016-03-15T08:23:02.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:02Z",
|
||
|
"last_observed": "2016-03-15T08:23:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c666-ec30-4ddf-a5b3-4b5002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c666-ec30-4ddf-a5b3-4b5002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7a0602fffb1565eabb6a34016dc8692a08209b152aa490935fdcb4ac18ecddb4/analysis/1456254748/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c666-cc64-4e09-aa09-46b802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:02.000Z",
|
||
|
"modified": "2016-03-15T08:23:02.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 3eb1e97e1bd96b919170c0439307a326aa28acc84b1f644e81e17d24794b9b57",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ff6cfd485855d679cf0b98215a515b3f0a88af45']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c667-5868-4f5f-ba64-4eb902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:03.000Z",
|
||
|
"modified": "2016-03-15T08:23:03.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 3eb1e97e1bd96b919170c0439307a326aa28acc84b1f644e81e17d24794b9b57",
|
||
|
"pattern": "[file:hashes.MD5 = 'b9ffd5c5f63b9438a26f36a19bd78e93']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c667-ff38-4a45-95eb-48f002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:03.000Z",
|
||
|
"modified": "2016-03-15T08:23:03.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:03Z",
|
||
|
"last_observed": "2016-03-15T08:23:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c667-ff38-4a45-95eb-48f002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c667-ff38-4a45-95eb-48f002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3eb1e97e1bd96b919170c0439307a326aa28acc84b1f644e81e17d24794b9b57/analysis/1457328669/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c667-8338-475c-9c71-4f9602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:03.000Z",
|
||
|
"modified": "2016-03-15T08:23:03.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 240b43dfc2712d7d40312e760bcca5f9c7c259bbfa115c866127027346cb2fa3",
|
||
|
"pattern": "[file:hashes.SHA1 = '0551e8a2567945a596fcd5b59de73e408d44cc39']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c668-da14-4427-8d24-46bf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:04.000Z",
|
||
|
"modified": "2016-03-15T08:23:04.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 240b43dfc2712d7d40312e760bcca5f9c7c259bbfa115c866127027346cb2fa3",
|
||
|
"pattern": "[file:hashes.MD5 = 'ba9c6e8a31b0aad7af9d9264df6e3000']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c669-94f4-4cfb-80fd-47ab02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:05.000Z",
|
||
|
"modified": "2016-03-15T08:23:05.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:05Z",
|
||
|
"last_observed": "2016-03-15T08:23:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c669-94f4-4cfb-80fd-47ab02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c669-94f4-4cfb-80fd-47ab02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/240b43dfc2712d7d40312e760bcca5f9c7c259bbfa115c866127027346cb2fa3/analysis/1456876973/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c669-b180-4eb1-bef9-489402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:05.000Z",
|
||
|
"modified": "2016-03-15T08:23:05.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: c866dcfa95c50443ed5e0b4d2c0b63c1443ad330cb7d384370a244c6f58ce8a5",
|
||
|
"pattern": "[file:hashes.SHA1 = '6fa183aa381a6dd3eb92cf90e8a6bb54887d6641']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c669-5898-4560-b908-409702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:05.000Z",
|
||
|
"modified": "2016-03-15T08:23:05.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: c866dcfa95c50443ed5e0b4d2c0b63c1443ad330cb7d384370a244c6f58ce8a5",
|
||
|
"pattern": "[file:hashes.MD5 = 'cbe75061eb46adabc434ead22f85b36e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c66a-e13c-40e9-b433-4b7a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:06.000Z",
|
||
|
"modified": "2016-03-15T08:23:06.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:06Z",
|
||
|
"last_observed": "2016-03-15T08:23:06Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c66a-e13c-40e9-b433-4b7a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c66a-e13c-40e9-b433-4b7a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c866dcfa95c50443ed5e0b4d2c0b63c1443ad330cb7d384370a244c6f58ce8a5/analysis/1457519342/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66a-ba60-45e6-b49b-473c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:06.000Z",
|
||
|
"modified": "2016-03-15T08:23:06.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a9bba5afdb85f0b65493356ddb0b3bb29a3a9b311fc4435f04610ff05eba508e",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ea0de106f727500bbbca0307ba6005a33cf0db97']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66a-7cb8-40ee-896c-4fc102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:06.000Z",
|
||
|
"modified": "2016-03-15T08:23:06.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a9bba5afdb85f0b65493356ddb0b3bb29a3a9b311fc4435f04610ff05eba508e",
|
||
|
"pattern": "[file:hashes.MD5 = '124b76844281e9067654506429437545']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c66b-af24-45d7-8f25-4e6602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:07.000Z",
|
||
|
"modified": "2016-03-15T08:23:07.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:07Z",
|
||
|
"last_observed": "2016-03-15T08:23:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c66b-af24-45d7-8f25-4e6602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c66b-af24-45d7-8f25-4e6602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a9bba5afdb85f0b65493356ddb0b3bb29a3a9b311fc4435f04610ff05eba508e/analysis/1457154486/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66b-fc34-42e5-b9a0-452302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:07.000Z",
|
||
|
"modified": "2016-03-15T08:23:07.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3",
|
||
|
"pattern": "[file:hashes.SHA1 = '1a0cb51942560793989856508302e7d2ff0e9750']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66b-b21c-44aa-8ef2-4e1302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:07.000Z",
|
||
|
"modified": "2016-03-15T08:23:07.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3",
|
||
|
"pattern": "[file:hashes.MD5 = '1cd414da2994719c23c85f076efed410']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c66c-1d2c-4647-b299-444702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:08.000Z",
|
||
|
"modified": "2016-03-15T08:23:08.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:08Z",
|
||
|
"last_observed": "2016-03-15T08:23:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c66c-1d2c-4647-b299-444702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c66c-1d2c-4647-b299-444702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3/analysis/1457474881/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66c-c8c0-4df9-b07e-47a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:08.000Z",
|
||
|
"modified": "2016-03-15T08:23:08.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: b1465aa094decb4d5749bdf5ed5df8da98cecea900ec719c45c2e2d630062934",
|
||
|
"pattern": "[file:hashes.SHA1 = '28f4e59234a80a44ad8e1028b904b4c3acc77b3d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66d-8fd8-484f-a2aa-492402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:09.000Z",
|
||
|
"modified": "2016-03-15T08:23:09.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: b1465aa094decb4d5749bdf5ed5df8da98cecea900ec719c45c2e2d630062934",
|
||
|
"pattern": "[file:hashes.MD5 = 'e37eb8e0eee250f95708df62ffb7a904']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c66d-0ee4-49a3-bdbb-496f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:09.000Z",
|
||
|
"modified": "2016-03-15T08:23:09.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:09Z",
|
||
|
"last_observed": "2016-03-15T08:23:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c66d-0ee4-49a3-bdbb-496f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c66d-0ee4-49a3-bdbb-496f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b1465aa094decb4d5749bdf5ed5df8da98cecea900ec719c45c2e2d630062934/analysis/1455873502/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66d-87f4-4fb2-a364-439202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:09.000Z",
|
||
|
"modified": "2016-03-15T08:23:09.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90",
|
||
|
"pattern": "[file:hashes.SHA1 = '5465df4d230318bb8ee6a70d495b80cefe6cbac6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66e-c520-447c-84d7-4fa202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:10.000Z",
|
||
|
"modified": "2016-03-15T08:23:10.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90",
|
||
|
"pattern": "[file:hashes.MD5 = 'e22f77892cb4ed72e58c84bc18e33c69']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c66e-bc88-41ec-936d-4ace02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:10.000Z",
|
||
|
"modified": "2016-03-15T08:23:10.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:10Z",
|
||
|
"last_observed": "2016-03-15T08:23:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c66e-bc88-41ec-936d-4ace02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c66e-bc88-41ec-936d-4ace02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90/analysis/1457677632/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66e-05dc-4dc7-a43d-44c802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:10.000Z",
|
||
|
"modified": "2016-03-15T08:23:10.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: fc4d893ae0f496f13581abc708ef045d067fa7af5a06a9a1c3631f8c8b74d0df",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f6f18dc0583d6b9436e0993290932eff5c760ac4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66f-c590-4195-bc1a-4bc502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:11.000Z",
|
||
|
"modified": "2016-03-15T08:23:11.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: fc4d893ae0f496f13581abc708ef045d067fa7af5a06a9a1c3631f8c8b74d0df",
|
||
|
"pattern": "[file:hashes.MD5 = 'deecacd2b559490c970bc72cf1a57ba2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c66f-bbb8-448a-99e4-465f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:11.000Z",
|
||
|
"modified": "2016-03-15T08:23:11.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:11Z",
|
||
|
"last_observed": "2016-03-15T08:23:11Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c66f-bbb8-448a-99e4-465f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c66f-bbb8-448a-99e4-465f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fc4d893ae0f496f13581abc708ef045d067fa7af5a06a9a1c3631f8c8b74d0df/analysis/1455877427/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c66f-aec0-41eb-b4ce-472f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:11.000Z",
|
||
|
"modified": "2016-03-15T08:23:11.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 7ce2f7f147b442079a978dca43de24105b2c3cde254dc76c7d6be165d8cf8d7e",
|
||
|
"pattern": "[file:hashes.SHA1 = '2170d2e4f55e4643ad35eaf24578b8f58531dd45']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c670-8874-4a82-b7af-47d002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:12.000Z",
|
||
|
"modified": "2016-03-15T08:23:12.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 7ce2f7f147b442079a978dca43de24105b2c3cde254dc76c7d6be165d8cf8d7e",
|
||
|
"pattern": "[file:hashes.MD5 = 'abd832d593010b007bed502909aa5a47']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c670-36e8-48ec-a213-440c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:12.000Z",
|
||
|
"modified": "2016-03-15T08:23:12.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:12Z",
|
||
|
"last_observed": "2016-03-15T08:23:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c670-36e8-48ec-a213-440c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c670-36e8-48ec-a213-440c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7ce2f7f147b442079a978dca43de24105b2c3cde254dc76c7d6be165d8cf8d7e/analysis/1457533235/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c671-d06c-4eca-a7ac-45c602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:12.000Z",
|
||
|
"modified": "2016-03-15T08:23:12.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 3b2507071a8ba09e223ffbfa8315e6d3537be2042d54166f5a698049e7a6a2b1",
|
||
|
"pattern": "[file:hashes.SHA1 = '4bb1d6b8a57371a0c69bf69b3f4835000ce4d5ed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c671-be28-4307-a3bd-4ee702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:13.000Z",
|
||
|
"modified": "2016-03-15T08:23:13.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 3b2507071a8ba09e223ffbfa8315e6d3537be2042d54166f5a698049e7a6a2b1",
|
||
|
"pattern": "[file:hashes.MD5 = 'db01a76610d67658a706cd136c6bf6da']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c671-bbe8-4f35-adaa-46eb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:13.000Z",
|
||
|
"modified": "2016-03-15T08:23:13.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:13Z",
|
||
|
"last_observed": "2016-03-15T08:23:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c671-bbe8-4f35-adaa-46eb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c671-bbe8-4f35-adaa-46eb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3b2507071a8ba09e223ffbfa8315e6d3537be2042d54166f5a698049e7a6a2b1/analysis/1455886086/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c672-000c-474e-a92d-444f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:14.000Z",
|
||
|
"modified": "2016-03-15T08:23:14.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: e28753324b22939b239ca234cdc25daa16ed318d98b6430ea941d8bbbf418cad",
|
||
|
"pattern": "[file:hashes.SHA1 = '52a0cc4dcf481d01b4890d8148014c45c0cb5e65']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c672-793c-4383-9df6-423402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:14.000Z",
|
||
|
"modified": "2016-03-15T08:23:14.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: e28753324b22939b239ca234cdc25daa16ed318d98b6430ea941d8bbbf418cad",
|
||
|
"pattern": "[file:hashes.MD5 = '80132a037cbef3cd8e801f330c0522d0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c672-5098-46dd-80a5-4aca02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:14.000Z",
|
||
|
"modified": "2016-03-15T08:23:14.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:14Z",
|
||
|
"last_observed": "2016-03-15T08:23:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c672-5098-46dd-80a5-4aca02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c672-5098-46dd-80a5-4aca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e28753324b22939b239ca234cdc25daa16ed318d98b6430ea941d8bbbf418cad/analysis/1456877812/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c673-1724-4748-b2f7-482c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:15.000Z",
|
||
|
"modified": "2016-03-15T08:23:15.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 214c0232e8543c80c7c6010319524231beab9d8689b8295f7e13296de886c15c",
|
||
|
"pattern": "[file:hashes.SHA1 = '1fcb2bd04a937ecf027d75c97bca34f4258a20fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c673-0cb0-4c6f-8e36-459202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:15.000Z",
|
||
|
"modified": "2016-03-15T08:23:15.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 214c0232e8543c80c7c6010319524231beab9d8689b8295f7e13296de886c15c",
|
||
|
"pattern": "[file:hashes.MD5 = '7ee73d1cff292308227edfb2e4447062']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c673-9680-4c03-8f20-4a1402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:15.000Z",
|
||
|
"modified": "2016-03-15T08:23:15.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:15Z",
|
||
|
"last_observed": "2016-03-15T08:23:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c673-9680-4c03-8f20-4a1402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c673-9680-4c03-8f20-4a1402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/214c0232e8543c80c7c6010319524231beab9d8689b8295f7e13296de886c15c/analysis/1456876962/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c673-4ac8-47ff-ae4d-4c0602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:15.000Z",
|
||
|
"modified": "2016-03-15T08:23:15.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 09f3adee80045971982f1183607c4c8315c6e375a2e66b3ea8aa40d685d09cb6",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd01f64cddcbdeacf6619649fd03d7c740dbc8aee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c674-e2b0-4759-890c-4a7b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:16.000Z",
|
||
|
"modified": "2016-03-15T08:23:16.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 09f3adee80045971982f1183607c4c8315c6e375a2e66b3ea8aa40d685d09cb6",
|
||
|
"pattern": "[file:hashes.MD5 = '722819d00d08562d4203814688aaa96c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c674-f5c0-4eea-8404-41e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:16.000Z",
|
||
|
"modified": "2016-03-15T08:23:16.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:16Z",
|
||
|
"last_observed": "2016-03-15T08:23:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c674-f5c0-4eea-8404-41e802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c674-f5c0-4eea-8404-41e802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/09f3adee80045971982f1183607c4c8315c6e375a2e66b3ea8aa40d685d09cb6/analysis/1457068815/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c674-ed88-4d20-8596-431402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:16.000Z",
|
||
|
"modified": "2016-03-15T08:23:16.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 5236d1e0f508409f8efe60cd4ccef67f4ce57fa40184849c16a1918f63d58573",
|
||
|
"pattern": "[file:hashes.SHA1 = '26db56e51dbc3b01b474b7c30fe30e1453c89cc9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c675-c474-453d-b46e-429f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:17.000Z",
|
||
|
"modified": "2016-03-15T08:23:17.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 5236d1e0f508409f8efe60cd4ccef67f4ce57fa40184849c16a1918f63d58573",
|
||
|
"pattern": "[file:hashes.MD5 = 'df57d9e9989042fe4b73bb987ed2ab62']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c675-8b0c-4f98-9648-4f1b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:17.000Z",
|
||
|
"modified": "2016-03-15T08:23:17.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:17Z",
|
||
|
"last_observed": "2016-03-15T08:23:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c675-8b0c-4f98-9648-4f1b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c675-8b0c-4f98-9648-4f1b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5236d1e0f508409f8efe60cd4ccef67f4ce57fa40184849c16a1918f63d58573/analysis/1456855363/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c675-12d4-46cf-8fdb-474802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:17.000Z",
|
||
|
"modified": "2016-03-15T08:23:17.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: fc8e858023506da14dcdf7c581332bf961816cac3c342660f3a75949a366fa7b",
|
||
|
"pattern": "[file:hashes.SHA1 = '2fec46d06e784efceac35711005a84c0cc84b025']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c676-aa28-4442-a18a-49f102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:18.000Z",
|
||
|
"modified": "2016-03-15T08:23:18.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: fc8e858023506da14dcdf7c581332bf961816cac3c342660f3a75949a366fa7b",
|
||
|
"pattern": "[file:hashes.MD5 = 'fa63ec25aa971c3707e33f6f8c3ae681']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c676-e54c-46dc-be17-466802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:18.000Z",
|
||
|
"modified": "2016-03-15T08:23:18.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:18Z",
|
||
|
"last_observed": "2016-03-15T08:23:18Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c676-e54c-46dc-be17-466802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c676-e54c-46dc-be17-466802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fc8e858023506da14dcdf7c581332bf961816cac3c342660f3a75949a366fa7b/analysis/1456300436/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c677-bab8-4cde-bc67-4ba002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:19.000Z",
|
||
|
"modified": "2016-03-15T08:23:19.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 0a809215d4845bdc11b87b07a6c2a6acfc6ad837f6ce56abbde4cf7e03efc684",
|
||
|
"pattern": "[file:hashes.SHA1 = '4e8f570505ea9b55fa38f7745ce74b38c0e83f64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c677-4d78-4183-ae94-41ed02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:19.000Z",
|
||
|
"modified": "2016-03-15T08:23:19.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 0a809215d4845bdc11b87b07a6c2a6acfc6ad837f6ce56abbde4cf7e03efc684",
|
||
|
"pattern": "[file:hashes.MD5 = 'cc22bb7be7e5da56f8f4a8c20416be8a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c677-c3e0-4f54-8d85-473302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:19.000Z",
|
||
|
"modified": "2016-03-15T08:23:19.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:19Z",
|
||
|
"last_observed": "2016-03-15T08:23:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c677-c3e0-4f54-8d85-473302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c677-c3e0-4f54-8d85-473302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0a809215d4845bdc11b87b07a6c2a6acfc6ad837f6ce56abbde4cf7e03efc684/analysis/1456876858/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c678-dbc4-46c1-81f5-413202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:20.000Z",
|
||
|
"modified": "2016-03-15T08:23:20.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 1b6b9079a36d36d94e4da712e315ff8c29e12513b001c9ae2af23fdb6a0b30a5",
|
||
|
"pattern": "[file:hashes.SHA1 = '4167106901ea81aa166097198df23f4560941a48']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c678-593c-4a6d-b1b1-467902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:20.000Z",
|
||
|
"modified": "2016-03-15T08:23:20.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 1b6b9079a36d36d94e4da712e315ff8c29e12513b001c9ae2af23fdb6a0b30a5",
|
||
|
"pattern": "[file:hashes.MD5 = '4552cfcc0a8d4e0c95a4c61e9f281129']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c678-75f0-4907-b2ce-410402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:20.000Z",
|
||
|
"modified": "2016-03-15T08:23:20.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:20Z",
|
||
|
"last_observed": "2016-03-15T08:23:20Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c678-75f0-4907-b2ce-410402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c678-75f0-4907-b2ce-410402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1b6b9079a36d36d94e4da712e315ff8c29e12513b001c9ae2af23fdb6a0b30a5/analysis/1456876932/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c679-1480-46d7-a27b-486b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:21.000Z",
|
||
|
"modified": "2016-03-15T08:23:21.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d3654c1683a7596d3248aa8014e089162dd3c5f9075ee4791faa740f92f3068d",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a612884800d5b7994d780688f70f86622cf60e11']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c679-e9ec-463a-8a3f-44e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:21.000Z",
|
||
|
"modified": "2016-03-15T08:23:21.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d3654c1683a7596d3248aa8014e089162dd3c5f9075ee4791faa740f92f3068d",
|
||
|
"pattern": "[file:hashes.MD5 = '8323500df64494eb9550dee5cd649c67']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c679-bfe8-43b8-86dc-453502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:21.000Z",
|
||
|
"modified": "2016-03-15T08:23:21.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:21Z",
|
||
|
"last_observed": "2016-03-15T08:23:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c679-bfe8-43b8-86dc-453502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c679-bfe8-43b8-86dc-453502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d3654c1683a7596d3248aa8014e089162dd3c5f9075ee4791faa740f92f3068d/analysis/1455897569/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67a-83cc-4957-8828-458102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:22.000Z",
|
||
|
"modified": "2016-03-15T08:23:22.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 210098efe6c332d372873e227f3d62a6f9630110746f775c4714a0d3805cfa09",
|
||
|
"pattern": "[file:hashes.SHA1 = '66be60e5b952efd91ba41bb87fcef543e958cc6a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67a-c9e8-4fcf-8738-4d2802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:22.000Z",
|
||
|
"modified": "2016-03-15T08:23:22.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 210098efe6c332d372873e227f3d62a6f9630110746f775c4714a0d3805cfa09",
|
||
|
"pattern": "[file:hashes.MD5 = 'c78a032ce5ccd2d3deb932d6976c81f5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c67a-23d4-4614-a39a-4ea002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:22.000Z",
|
||
|
"modified": "2016-03-15T08:23:22.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:22Z",
|
||
|
"last_observed": "2016-03-15T08:23:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c67a-23d4-4614-a39a-4ea002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c67a-23d4-4614-a39a-4ea002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/210098efe6c332d372873e227f3d62a6f9630110746f775c4714a0d3805cfa09/analysis/1455903933/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67b-ed24-476d-a7d7-443402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:23.000Z",
|
||
|
"modified": "2016-03-15T08:23:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a62ebda2177dcaa163f49df590824213e1dca317f4c5d607d0edc806f0bc598c",
|
||
|
"pattern": "[file:hashes.SHA1 = '1329fd1096e4281bb1e048b7c3d4091d683a3201']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67b-81a0-42d5-801b-41df02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:23.000Z",
|
||
|
"modified": "2016-03-15T08:23:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a62ebda2177dcaa163f49df590824213e1dca317f4c5d607d0edc806f0bc598c",
|
||
|
"pattern": "[file:hashes.MD5 = '4af5d1d45271025b95975cc308469349']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c67b-7d98-4fa7-850d-457b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:23.000Z",
|
||
|
"modified": "2016-03-15T08:23:23.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:23Z",
|
||
|
"last_observed": "2016-03-15T08:23:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c67b-7d98-4fa7-850d-457b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c67b-7d98-4fa7-850d-457b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a62ebda2177dcaa163f49df590824213e1dca317f4c5d607d0edc806f0bc598c/analysis/1456510044/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67b-9f54-49df-aeb1-46ad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:23.000Z",
|
||
|
"modified": "2016-03-15T08:23:23.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: fb607732ec2e3393634b2ccb8a028ad5b77ad0d01ef4a682bcc3c9e40e5bd186",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd98ee318e722ea6859cbd0a98d193ef17ce0bcd1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67c-0acc-4dd5-84f2-4ed802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:24.000Z",
|
||
|
"modified": "2016-03-15T08:23:24.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: fb607732ec2e3393634b2ccb8a028ad5b77ad0d01ef4a682bcc3c9e40e5bd186",
|
||
|
"pattern": "[file:hashes.MD5 = '0ada5139a82a007923d84f80faa195bf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c67c-c5d0-44e8-a24f-46a602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:24.000Z",
|
||
|
"modified": "2016-03-15T08:23:24.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:24Z",
|
||
|
"last_observed": "2016-03-15T08:23:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c67c-c5d0-44e8-a24f-46a602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c67c-c5d0-44e8-a24f-46a602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fb607732ec2e3393634b2ccb8a028ad5b77ad0d01ef4a682bcc3c9e40e5bd186/analysis/1457691356/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67c-8220-42de-91b6-46c902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:24.000Z",
|
||
|
"modified": "2016-03-15T08:23:24.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 36ded79221d444903554d693f5d93a5acada2454240da45b9a5257229eb21143",
|
||
|
"pattern": "[file:hashes.SHA1 = '7502963faa10258cbcba1dd215f03e8220db9b1d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67d-b530-45ec-bcfc-472702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:25.000Z",
|
||
|
"modified": "2016-03-15T08:23:25.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 36ded79221d444903554d693f5d93a5acada2454240da45b9a5257229eb21143",
|
||
|
"pattern": "[file:hashes.MD5 = 'e2d14997768f6c08746810ba872d3f84']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c67d-7dc4-4b26-82fb-433d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:25.000Z",
|
||
|
"modified": "2016-03-15T08:23:25.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:25Z",
|
||
|
"last_observed": "2016-03-15T08:23:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c67d-7dc4-4b26-82fb-433d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c67d-7dc4-4b26-82fb-433d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/36ded79221d444903554d693f5d93a5acada2454240da45b9a5257229eb21143/analysis/1456877051/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67d-3be8-4078-ad04-4b7a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:25.000Z",
|
||
|
"modified": "2016-03-15T08:23:25.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 30587ec7becbff5e55f6effdd22075568d80eb4a06ce3104502d4d76004e16f3",
|
||
|
"pattern": "[file:hashes.SHA1 = '29d0d1c5fed354f63db92e537581e151d7c18523']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67e-14d0-4c54-88c6-495d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:26.000Z",
|
||
|
"modified": "2016-03-15T08:23:26.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 30587ec7becbff5e55f6effdd22075568d80eb4a06ce3104502d4d76004e16f3",
|
||
|
"pattern": "[file:hashes.MD5 = '9f622033cfe7234645c3c2d922ed5279']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c67e-6054-4b78-836e-476502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:26.000Z",
|
||
|
"modified": "2016-03-15T08:23:26.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:26Z",
|
||
|
"last_observed": "2016-03-15T08:23:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c67e-6054-4b78-836e-476502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c67e-6054-4b78-836e-476502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/30587ec7becbff5e55f6effdd22075568d80eb4a06ce3104502d4d76004e16f3/analysis/1457155044/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67f-8440-4d73-9d07-470202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:26.000Z",
|
||
|
"modified": "2016-03-15T08:23:26.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: bd12b97e2c0e80c899ac3fc595e46f4b5938e1e38c345195a535d25e0dd2d565",
|
||
|
"pattern": "[file:hashes.SHA1 = '47ba068032feb71113e84fe702d88056d99e2391']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67f-1064-4b9a-b78e-4f5502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:27.000Z",
|
||
|
"modified": "2016-03-15T08:23:27.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: bd12b97e2c0e80c899ac3fc595e46f4b5938e1e38c345195a535d25e0dd2d565",
|
||
|
"pattern": "[file:hashes.MD5 = 'd2fdaed5749a4d2b749d3d7d92cb1a34']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c67f-0128-4a37-b785-4f9f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:27.000Z",
|
||
|
"modified": "2016-03-15T08:23:27.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:27Z",
|
||
|
"last_observed": "2016-03-15T08:23:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c67f-0128-4a37-b785-4f9f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c67f-0128-4a37-b785-4f9f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bd12b97e2c0e80c899ac3fc595e46f4b5938e1e38c345195a535d25e0dd2d565/analysis/1456877652/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c67f-8c24-4555-931e-406302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:27.000Z",
|
||
|
"modified": "2016-03-15T08:23:27.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 177bb96ae04cac947092c28957121be9001d2a347141d22a14aa6474d099dd33",
|
||
|
"pattern": "[file:hashes.SHA1 = '8e5352efb80e3bb78294b02951f3662ca526aa5c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c680-6a74-4729-9903-4f4202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:28.000Z",
|
||
|
"modified": "2016-03-15T08:23:28.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 177bb96ae04cac947092c28957121be9001d2a347141d22a14aa6474d099dd33",
|
||
|
"pattern": "[file:hashes.MD5 = 'ede7f801178095c8cb70817e5f3a92fc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c680-7dd0-41f1-8cd2-46ca02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:28.000Z",
|
||
|
"modified": "2016-03-15T08:23:28.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:28Z",
|
||
|
"last_observed": "2016-03-15T08:23:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c680-7dd0-41f1-8cd2-46ca02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c680-7dd0-41f1-8cd2-46ca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/177bb96ae04cac947092c28957121be9001d2a347141d22a14aa6474d099dd33/analysis/1457474885/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c681-776c-4d80-8765-4d2802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:29.000Z",
|
||
|
"modified": "2016-03-15T08:23:29.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef",
|
||
|
"pattern": "[file:hashes.SHA1 = '48cffe0fba17b6ac8c7b4a1199de151f9e97d846']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c681-349c-439a-883a-475c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:29.000Z",
|
||
|
"modified": "2016-03-15T08:23:29.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef",
|
||
|
"pattern": "[file:hashes.MD5 = '8c8029ce098e206eb99fbdd4f1ebe3b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c681-8bd8-4a04-8c16-4a3d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:29.000Z",
|
||
|
"modified": "2016-03-15T08:23:29.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:29Z",
|
||
|
"last_observed": "2016-03-15T08:23:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c681-8bd8-4a04-8c16-4a3d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c681-8bd8-4a04-8c16-4a3d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef/analysis/1457474887/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c681-8598-424b-a242-4ea502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:29.000Z",
|
||
|
"modified": "2016-03-15T08:23:29.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 01002fef15f67941430c8a7e0c841583bf3eb67907e79310218e5ba3668e4997",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c77462f01e81c8a332fbea95a2518598b31d4fdc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c682-bf50-4d50-986a-4b3202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:30.000Z",
|
||
|
"modified": "2016-03-15T08:23:30.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 01002fef15f67941430c8a7e0c841583bf3eb67907e79310218e5ba3668e4997",
|
||
|
"pattern": "[file:hashes.MD5 = 'e5235d4e1a4097d847a58fa2b0106622']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c682-9294-4040-a643-4c2402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:30.000Z",
|
||
|
"modified": "2016-03-15T08:23:30.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:30Z",
|
||
|
"last_observed": "2016-03-15T08:23:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c682-9294-4040-a643-4c2402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c682-9294-4040-a643-4c2402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/01002fef15f67941430c8a7e0c841583bf3eb67907e79310218e5ba3668e4997/analysis/1455995225/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c682-a3ac-42c9-814a-495602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:30.000Z",
|
||
|
"modified": "2016-03-15T08:23:30.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a7c67bd2a6e4c7902f70a4f44242bdd073aea34f6e0b29491de4ddeed8a879f0",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b3599056bc5f62d1de0917deb6e187149051faee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c683-edc0-48fc-ac74-460302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:31.000Z",
|
||
|
"modified": "2016-03-15T08:23:31.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a7c67bd2a6e4c7902f70a4f44242bdd073aea34f6e0b29491de4ddeed8a879f0",
|
||
|
"pattern": "[file:hashes.MD5 = '3251ed7021295211352f055d15d5fa89']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c683-1ef4-42be-aff6-474b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:31.000Z",
|
||
|
"modified": "2016-03-15T08:23:31.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:31Z",
|
||
|
"last_observed": "2016-03-15T08:23:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c683-1ef4-42be-aff6-474b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c683-1ef4-42be-aff6-474b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a7c67bd2a6e4c7902f70a4f44242bdd073aea34f6e0b29491de4ddeed8a879f0/analysis/1456877565/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c683-f468-417d-adfb-465f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:31.000Z",
|
||
|
"modified": "2016-03-15T08:23:31.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: bbd7dcc8a064e73f1ef8f17feb7e7f8bc2f91bc90bbce03695e952c4c1acfa86",
|
||
|
"pattern": "[file:hashes.SHA1 = '48fbf358e53fc66136b738b85337345a08c11d45']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c684-8c00-48e0-994f-458102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:32.000Z",
|
||
|
"modified": "2016-03-15T08:23:32.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: bbd7dcc8a064e73f1ef8f17feb7e7f8bc2f91bc90bbce03695e952c4c1acfa86",
|
||
|
"pattern": "[file:hashes.MD5 = 'cb372ebc363dc638c2155ecab883f1f5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c684-0ab8-43c9-9c3e-4e4902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:32.000Z",
|
||
|
"modified": "2016-03-15T08:23:32.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:32Z",
|
||
|
"last_observed": "2016-03-15T08:23:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c684-0ab8-43c9-9c3e-4e4902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c684-0ab8-43c9-9c3e-4e4902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bbd7dcc8a064e73f1ef8f17feb7e7f8bc2f91bc90bbce03695e952c4c1acfa86/analysis/1457069349/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c684-1f80-4bf1-99da-4ac702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:32.000Z",
|
||
|
"modified": "2016-03-15T08:23:32.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 204068d89b32659c9872bae0197e56acddca26e20523e337991df0f46d608469",
|
||
|
"pattern": "[file:hashes.SHA1 = '1d01be7495b92837256acae1e88aff9523296f69']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c685-9e78-491e-9641-45b402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:33.000Z",
|
||
|
"modified": "2016-03-15T08:23:33.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 204068d89b32659c9872bae0197e56acddca26e20523e337991df0f46d608469",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb777cd90eac1a0df407122561e7057e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c685-325c-4c41-b784-421902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:33.000Z",
|
||
|
"modified": "2016-03-15T08:23:33.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:33Z",
|
||
|
"last_observed": "2016-03-15T08:23:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c685-325c-4c41-b784-421902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c685-325c-4c41-b784-421902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/204068d89b32659c9872bae0197e56acddca26e20523e337991df0f46d608469/analysis/1457503446/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c685-b59c-4095-803e-47ec02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:33.000Z",
|
||
|
"modified": "2016-03-15T08:23:33.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: b7404bed5dbb05463e1cad915a31e2a59b5dc7fe36c5bb901196fdd072ee1591",
|
||
|
"pattern": "[file:hashes.SHA1 = '10a0a1f8e31606cf934c3864c3f9493408bd1c65']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c686-4fd4-444c-8a20-491502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:34.000Z",
|
||
|
"modified": "2016-03-15T08:23:34.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: b7404bed5dbb05463e1cad915a31e2a59b5dc7fe36c5bb901196fdd072ee1591",
|
||
|
"pattern": "[file:hashes.MD5 = 'c3905e97b27c91838afbbd746a93c86b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c686-a3c0-4740-8809-4cec02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:34.000Z",
|
||
|
"modified": "2016-03-15T08:23:34.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:34Z",
|
||
|
"last_observed": "2016-03-15T08:23:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c686-a3c0-4740-8809-4cec02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c686-a3c0-4740-8809-4cec02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b7404bed5dbb05463e1cad915a31e2a59b5dc7fe36c5bb901196fdd072ee1591/analysis/1456055868/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c686-f7cc-45d2-8d15-489902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:34.000Z",
|
||
|
"modified": "2016-03-15T08:23:34.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: c543841ad16edfcf1098dffb9d4f656da5ac0f54857a2ffb79a799b305682053",
|
||
|
"pattern": "[file:hashes.SHA1 = '023e2c226185b56214bace293d86a6fbcc0c8241']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c686-e28c-42e8-ac30-4ad202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:34.000Z",
|
||
|
"modified": "2016-03-15T08:23:34.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: c543841ad16edfcf1098dffb9d4f656da5ac0f54857a2ffb79a799b305682053",
|
||
|
"pattern": "[file:hashes.MD5 = '1938930a0446e8d9e8288981cf0bd576']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c687-4f58-42f9-afaf-45fb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:35.000Z",
|
||
|
"modified": "2016-03-15T08:23:35.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:35Z",
|
||
|
"last_observed": "2016-03-15T08:23:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c687-4f58-42f9-afaf-45fb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c687-4f58-42f9-afaf-45fb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c543841ad16edfcf1098dffb9d4f656da5ac0f54857a2ffb79a799b305682053/analysis/1456081598/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c687-6c40-4df8-8484-4dae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:35.000Z",
|
||
|
"modified": "2016-03-15T08:23:35.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 74ae3c7bbc041639c52e298f1e0334c52ba8c1126eb0daf94fbb7bee40a831f9",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e564cec93a8c84be2863804733c958401c12df28']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c687-8880-489d-9419-44b202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:35.000Z",
|
||
|
"modified": "2016-03-15T08:23:35.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 74ae3c7bbc041639c52e298f1e0334c52ba8c1126eb0daf94fbb7bee40a831f9",
|
||
|
"pattern": "[file:hashes.MD5 = 'bcd8871761f39198e89df811ff704635']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c688-dbd8-4664-b907-43d702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:36.000Z",
|
||
|
"modified": "2016-03-15T08:23:36.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:36Z",
|
||
|
"last_observed": "2016-03-15T08:23:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c688-dbd8-4664-b907-43d702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c688-dbd8-4664-b907-43d702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/74ae3c7bbc041639c52e298f1e0334c52ba8c1126eb0daf94fbb7bee40a831f9/analysis/1457350201/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c688-c004-4eed-ab7f-47cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:36.000Z",
|
||
|
"modified": "2016-03-15T08:23:36.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 6a1c3a7498b3af751455d2e6b7fc45f0304c6946d59b389ec068686985b3e3d8",
|
||
|
"pattern": "[file:hashes.SHA1 = 'acafa2ca62e52e123de91eca40ea5befa483a8b3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c688-8830-4e03-a7de-4bcf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:36.000Z",
|
||
|
"modified": "2016-03-15T08:23:36.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 6a1c3a7498b3af751455d2e6b7fc45f0304c6946d59b389ec068686985b3e3d8",
|
||
|
"pattern": "[file:hashes.MD5 = '1b9f7d4c8a918cc8fb1cddadab9ee81b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c688-08bc-45d4-a051-41d602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:36.000Z",
|
||
|
"modified": "2016-03-15T08:23:36.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:36Z",
|
||
|
"last_observed": "2016-03-15T08:23:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c688-08bc-45d4-a051-41d602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c688-08bc-45d4-a051-41d602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6a1c3a7498b3af751455d2e6b7fc45f0304c6946d59b389ec068686985b3e3d8/analysis/1457474892/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c689-d1a4-47ed-a9bf-45a902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:37.000Z",
|
||
|
"modified": "2016-03-15T08:23:37.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a588eb64872257a23a1171c3dd8b79cff048fac5b3c1dac538e6ec03658a72f5",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bb86918428ce5b4e56d760a18ead0abdec5eeb11']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c689-36b0-4d07-bd5c-45a102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:37.000Z",
|
||
|
"modified": "2016-03-15T08:23:37.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: a588eb64872257a23a1171c3dd8b79cff048fac5b3c1dac538e6ec03658a72f5",
|
||
|
"pattern": "[file:hashes.MD5 = 'f3a81d64b1863d8da06e658536df3c31']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c689-afd8-48e2-b641-4ead02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:37.000Z",
|
||
|
"modified": "2016-03-15T08:23:37.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:37Z",
|
||
|
"last_observed": "2016-03-15T08:23:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c689-afd8-48e2-b641-4ead02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c689-afd8-48e2-b641-4ead02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a588eb64872257a23a1171c3dd8b79cff048fac5b3c1dac538e6ec03658a72f5/analysis/1457474884/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68a-2a94-4123-8677-43ae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:38.000Z",
|
||
|
"modified": "2016-03-15T08:23:38.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 68244d5204518ab8b7f3564577b2bcc98c8fe0ea0aee39aa5518ffb5cf2689dc",
|
||
|
"pattern": "[file:hashes.SHA1 = '64772a2cdf8827bf6bafb1b7be5aa2877f92e62f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68a-c600-4757-a1ac-4da202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:38.000Z",
|
||
|
"modified": "2016-03-15T08:23:38.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 68244d5204518ab8b7f3564577b2bcc98c8fe0ea0aee39aa5518ffb5cf2689dc",
|
||
|
"pattern": "[file:hashes.MD5 = 'a9188e2204532498472f2e837c3d4a97']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c68a-f5d4-459b-8e67-4a7b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:38.000Z",
|
||
|
"modified": "2016-03-15T08:23:38.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:38Z",
|
||
|
"last_observed": "2016-03-15T08:23:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c68a-f5d4-459b-8e67-4a7b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c68a-f5d4-459b-8e67-4a7b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/68244d5204518ab8b7f3564577b2bcc98c8fe0ea0aee39aa5518ffb5cf2689dc/analysis/1457474892/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68b-6b9c-4b97-bd89-4d3502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:39.000Z",
|
||
|
"modified": "2016-03-15T08:23:39.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 3402902877ddfa71190745690048f6a6b77b9999083305b6fea52b0dfe03bec8",
|
||
|
"pattern": "[file:hashes.SHA1 = '0e6513282266e8478f00f665132726d48b71ddde']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68b-f63c-4274-9de4-449302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:39.000Z",
|
||
|
"modified": "2016-03-15T08:23:39.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 3402902877ddfa71190745690048f6a6b77b9999083305b6fea52b0dfe03bec8",
|
||
|
"pattern": "[file:hashes.MD5 = '9276017cb9993ea30e965de918e2639f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c68b-f330-4651-9e8b-4bef02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:39.000Z",
|
||
|
"modified": "2016-03-15T08:23:39.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:39Z",
|
||
|
"last_observed": "2016-03-15T08:23:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c68b-f330-4651-9e8b-4bef02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c68b-f330-4651-9e8b-4bef02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3402902877ddfa71190745690048f6a6b77b9999083305b6fea52b0dfe03bec8/analysis/1456325825/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68c-4630-47f1-95f8-4ead02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:40.000Z",
|
||
|
"modified": "2016-03-15T08:23:40.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 56fc23c1eb3c4ea5f9f7911d8bfa0af6df762eb6e22d002ddad562568606acc0",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fcc45e28738e46b99024e6992086baa929667851']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68c-22e8-4e2f-aa2a-47a502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:40.000Z",
|
||
|
"modified": "2016-03-15T08:23:40.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 56fc23c1eb3c4ea5f9f7911d8bfa0af6df762eb6e22d002ddad562568606acc0",
|
||
|
"pattern": "[file:hashes.MD5 = 'a40d4d655cd638e7d52f7a6cdedc5a8e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c68c-0ce0-4466-ba2e-4d9702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:40.000Z",
|
||
|
"modified": "2016-03-15T08:23:40.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:40Z",
|
||
|
"last_observed": "2016-03-15T08:23:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c68c-0ce0-4466-ba2e-4d9702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c68c-0ce0-4466-ba2e-4d9702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/56fc23c1eb3c4ea5f9f7911d8bfa0af6df762eb6e22d002ddad562568606acc0/analysis/1457502944/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68d-1f44-48be-a353-4b6602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:41.000Z",
|
||
|
"modified": "2016-03-15T08:23:41.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: eb4d53a92e703d075787cebd97e06d1427d230f4872052a20f5d2f508fe1f663",
|
||
|
"pattern": "[file:hashes.SHA1 = '44d875d3b648955994f1bb34fd7cfe4932fdf664']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68d-e668-4417-b2a8-47c702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:41.000Z",
|
||
|
"modified": "2016-03-15T08:23:41.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: eb4d53a92e703d075787cebd97e06d1427d230f4872052a20f5d2f508fe1f663",
|
||
|
"pattern": "[file:hashes.MD5 = 'f19562beaba90a6daf51ca7e054ef6d0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c68d-2470-4aef-9d72-41a102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:41.000Z",
|
||
|
"modified": "2016-03-15T08:23:41.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:41Z",
|
||
|
"last_observed": "2016-03-15T08:23:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c68d-2470-4aef-9d72-41a102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c68d-2470-4aef-9d72-41a102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/eb4d53a92e703d075787cebd97e06d1427d230f4872052a20f5d2f508fe1f663/analysis/1456856236/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68e-bd94-4343-9fda-423002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:42.000Z",
|
||
|
"modified": "2016-03-15T08:23:42.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 4fd7543247c1f7f2fb5d1c7f99b52ad0a41fb07aa9f388c46a6c5920a848c19a",
|
||
|
"pattern": "[file:hashes.SHA1 = '265fd969eaa383a23e381a8e6f7ed70979717dfe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68e-4488-4bc4-bcb1-436d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:42.000Z",
|
||
|
"modified": "2016-03-15T08:23:42.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 4fd7543247c1f7f2fb5d1c7f99b52ad0a41fb07aa9f388c46a6c5920a848c19a",
|
||
|
"pattern": "[file:hashes.MD5 = 'c42bc2bd5736d692dfc5c9c582ed8eb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c68e-0874-4cec-bdff-491902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:42.000Z",
|
||
|
"modified": "2016-03-15T08:23:42.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:42Z",
|
||
|
"last_observed": "2016-03-15T08:23:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c68e-0874-4cec-bdff-491902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c68e-0874-4cec-bdff-491902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4fd7543247c1f7f2fb5d1c7f99b52ad0a41fb07aa9f388c46a6c5920a848c19a/analysis/1456877162/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68f-47e4-49e4-96c6-434f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:43.000Z",
|
||
|
"modified": "2016-03-15T08:23:43.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 8842974b86c6101a5bbb18dc16dea293e4eb7a9656dbee241ecce7a677d2cdfc",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ade5793052ae0b983eeb00564459618a67747fcc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68f-04a8-4b79-aeb6-4b4802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:43.000Z",
|
||
|
"modified": "2016-03-15T08:23:43.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 8842974b86c6101a5bbb18dc16dea293e4eb7a9656dbee241ecce7a677d2cdfc",
|
||
|
"pattern": "[file:hashes.MD5 = '5ca4a80f1687c5fe0519da974567b374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c68f-b3fc-4ce3-8ba0-411d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:43.000Z",
|
||
|
"modified": "2016-03-15T08:23:43.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:43Z",
|
||
|
"last_observed": "2016-03-15T08:23:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c68f-b3fc-4ce3-8ba0-411d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c68f-b3fc-4ce3-8ba0-411d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8842974b86c6101a5bbb18dc16dea293e4eb7a9656dbee241ecce7a677d2cdfc/analysis/1457474888/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c68f-26cc-4bc8-94c1-461402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:43.000Z",
|
||
|
"modified": "2016-03-15T08:23:43.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 2a40da48c9dc3e20bc6e30c986306ceccbc2d8be55b355b7a73d95c1a54319a4",
|
||
|
"pattern": "[file:hashes.SHA1 = '494dab2d4b3cc050565425a9dacea76f88c4cf89']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c690-7858-4785-a33f-4e5002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:44.000Z",
|
||
|
"modified": "2016-03-15T08:23:44.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 2a40da48c9dc3e20bc6e30c986306ceccbc2d8be55b355b7a73d95c1a54319a4",
|
||
|
"pattern": "[file:hashes.MD5 = '7a23368ee84781d7584e058a9922f324']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c690-5988-40a4-bcd6-4b7b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:44.000Z",
|
||
|
"modified": "2016-03-15T08:23:44.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:44Z",
|
||
|
"last_observed": "2016-03-15T08:23:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c690-5988-40a4-bcd6-4b7b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c690-5988-40a4-bcd6-4b7b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2a40da48c9dc3e20bc6e30c986306ceccbc2d8be55b355b7a73d95c1a54319a4/analysis/1456821548/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c690-7628-4f89-9a71-40fb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:44.000Z",
|
||
|
"modified": "2016-03-15T08:23:44.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 77d66d710acddbe66a4f88b9db8775466a35948bad8716c188490ae0aca9a2f9",
|
||
|
"pattern": "[file:hashes.SHA1 = '04f8cf0fa9bb74b7f78d4663126d0e3c66392c94']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c691-ec60-4473-a351-4e3202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:45.000Z",
|
||
|
"modified": "2016-03-15T08:23:45.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 77d66d710acddbe66a4f88b9db8775466a35948bad8716c188490ae0aca9a2f9",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb469897a4536876306ae78e18409be6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c691-2f78-44ef-b1fb-4ed902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:45.000Z",
|
||
|
"modified": "2016-03-15T08:23:45.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:45Z",
|
||
|
"last_observed": "2016-03-15T08:23:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c691-2f78-44ef-b1fb-4ed902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c691-2f78-44ef-b1fb-4ed902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/77d66d710acddbe66a4f88b9db8775466a35948bad8716c188490ae0aca9a2f9/analysis/1456160208/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c691-6be4-4aeb-89f1-432f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:45.000Z",
|
||
|
"modified": "2016-03-15T08:23:45.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 02b00f7615e1fd9091d947dad00dfe60528d9015b694374df2b5525ea6dd1301",
|
||
|
"pattern": "[file:hashes.SHA1 = '8e5c7e0b3a6bca03148976dd0231132416e8a422']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c692-90bc-4bcd-9121-4f7d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:46.000Z",
|
||
|
"modified": "2016-03-15T08:23:46.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 02b00f7615e1fd9091d947dad00dfe60528d9015b694374df2b5525ea6dd1301",
|
||
|
"pattern": "[file:hashes.MD5 = '8a19930c553f653861495d5efe5f268b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c692-8048-484d-b48b-4ce202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:46.000Z",
|
||
|
"modified": "2016-03-15T08:23:46.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:46Z",
|
||
|
"last_observed": "2016-03-15T08:23:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c692-8048-484d-b48b-4ce202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c692-8048-484d-b48b-4ce202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/02b00f7615e1fd9091d947dad00dfe60528d9015b694374df2b5525ea6dd1301/analysis/1457451809/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c692-c1b8-45f7-8deb-479c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:46.000Z",
|
||
|
"modified": "2016-03-15T08:23:46.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db",
|
||
|
"pattern": "[file:hashes.SHA1 = '6218bd4eba6d91007d8b8c32a040194ec123f5b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c693-f2b0-463c-9ea5-412502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:47.000Z",
|
||
|
"modified": "2016-03-15T08:23:47.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db",
|
||
|
"pattern": "[file:hashes.MD5 = '4e4a8812b80c8542a3095a53c29f5441']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c693-4fd4-41e5-bd55-4b5602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:47.000Z",
|
||
|
"modified": "2016-03-15T08:23:47.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:47Z",
|
||
|
"last_observed": "2016-03-15T08:23:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c693-4fd4-41e5-bd55-4b5602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c693-4fd4-41e5-bd55-4b5602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db/analysis/1457532188/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c693-2cb0-41e6-90bf-4a9802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:47.000Z",
|
||
|
"modified": "2016-03-15T08:23:47.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 8fa81c2bce89adcb1cc246761775ebbf29cbc444be78c7a58a465f76f1cdf6c8",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd3d848de5ce582edb92c1c9f0908d625282c6b0f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c693-93f0-4d1a-8efc-4b6002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:47.000Z",
|
||
|
"modified": "2016-03-15T08:23:47.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 8fa81c2bce89adcb1cc246761775ebbf29cbc444be78c7a58a465f76f1cdf6c8",
|
||
|
"pattern": "[file:hashes.MD5 = '1a71c0d355affb90a54603698780a37d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c694-b674-4c6b-b2e3-4f1702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:48.000Z",
|
||
|
"modified": "2016-03-15T08:23:48.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:48Z",
|
||
|
"last_observed": "2016-03-15T08:23:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c694-b674-4c6b-b2e3-4f1702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c694-b674-4c6b-b2e3-4f1702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8fa81c2bce89adcb1cc246761775ebbf29cbc444be78c7a58a465f76f1cdf6c8/analysis/1457474891/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c694-70a8-4e45-9cb7-45a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:48.000Z",
|
||
|
"modified": "2016-03-15T08:23:48.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 976059c030c256db4a22d0fcbf2372cc3320877025154b5efeb3f7a1a26b1774",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ab0a8659882d2d36a114bc7ad3b749e3c44d279d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c694-e268-45f4-8b22-48dc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:48.000Z",
|
||
|
"modified": "2016-03-15T08:23:48.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 976059c030c256db4a22d0fcbf2372cc3320877025154b5efeb3f7a1a26b1774",
|
||
|
"pattern": "[file:hashes.MD5 = '1a6210b2edcba6875dc2ae91aeeade78']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c695-c170-49eb-9844-434d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:49.000Z",
|
||
|
"modified": "2016-03-15T08:23:49.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:49Z",
|
||
|
"last_observed": "2016-03-15T08:23:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c695-c170-49eb-9844-434d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c695-c170-49eb-9844-434d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/976059c030c256db4a22d0fcbf2372cc3320877025154b5efeb3f7a1a26b1774/analysis/1457474886/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c695-c0bc-41bd-93a4-467902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:49.000Z",
|
||
|
"modified": "2016-03-15T08:23:49.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: acee75cd346795ceb02fc30aa822d13c4132e64fd36b5244dd822199a5a0c0a7",
|
||
|
"pattern": "[file:hashes.SHA1 = '1d496f94c7be9a7111d40b23e03619d59359f754']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c695-0c60-4a3f-bfbe-456e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:49.000Z",
|
||
|
"modified": "2016-03-15T08:23:49.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: acee75cd346795ceb02fc30aa822d13c4132e64fd36b5244dd822199a5a0c0a7",
|
||
|
"pattern": "[file:hashes.MD5 = '003d8a858d00ac436641dd0210eb074f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c696-a354-40ec-9358-4efe02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:50.000Z",
|
||
|
"modified": "2016-03-15T08:23:50.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:50Z",
|
||
|
"last_observed": "2016-03-15T08:23:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c696-a354-40ec-9358-4efe02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c696-a354-40ec-9358-4efe02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/acee75cd346795ceb02fc30aa822d13c4132e64fd36b5244dd822199a5a0c0a7/analysis/1456532061/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c696-e67c-4df7-b20a-4a0902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:50.000Z",
|
||
|
"modified": "2016-03-15T08:23:50.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 48a84c3ecf57ffdb474f61edb43634c32663be2466e4c489ec11e029fc70c042",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fc942ac1cf85cb89659ca56f0a8ddc0bcf175da1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c696-62d0-43bc-b7dd-498202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:50.000Z",
|
||
|
"modified": "2016-03-15T08:23:50.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 48a84c3ecf57ffdb474f61edb43634c32663be2466e4c489ec11e029fc70c042",
|
||
|
"pattern": "[file:hashes.MD5 = '8b592467e1b83b90c050dce922bb54e7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c696-b614-4bc8-9891-40b702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:50.000Z",
|
||
|
"modified": "2016-03-15T08:23:50.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:50Z",
|
||
|
"last_observed": "2016-03-15T08:23:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c696-b614-4bc8-9891-40b702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c696-b614-4bc8-9891-40b702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/48a84c3ecf57ffdb474f61edb43634c32663be2466e4c489ec11e029fc70c042/analysis/1456214267/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c697-6084-4be6-9b14-4c5302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:51.000Z",
|
||
|
"modified": "2016-03-15T08:23:51.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d4ff4b73d7e89f80d78239a349c0197022c9d9306e5b59fdb71894040bc36489",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ff9790d7902fea4c910b182f6e0b00221a40d616']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c697-4964-4cd0-9c93-47fc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:51.000Z",
|
||
|
"modified": "2016-03-15T08:23:51.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d4ff4b73d7e89f80d78239a349c0197022c9d9306e5b59fdb71894040bc36489",
|
||
|
"pattern": "[file:hashes.MD5 = 'f809f03e81cfaddcf44c51c4f19e239a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c697-8528-4b6c-acf9-44c002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:51.000Z",
|
||
|
"modified": "2016-03-15T08:23:51.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:51Z",
|
||
|
"last_observed": "2016-03-15T08:23:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c697-8528-4b6c-acf9-44c002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c697-8528-4b6c-acf9-44c002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d4ff4b73d7e89f80d78239a349c0197022c9d9306e5b59fdb71894040bc36489/analysis/1457474894/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c698-bbc4-4e44-a62e-4a9402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:52.000Z",
|
||
|
"modified": "2016-03-15T08:23:52.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f7bb52767afd2cd32ede8b5f83012eb99ba1ce28']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c698-c6a8-4edc-941e-4b8502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:52.000Z",
|
||
|
"modified": "2016-03-15T08:23:52.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb6ca1cd232151d667f6cd2484fee8c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c698-ba24-41ea-881c-401a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:52.000Z",
|
||
|
"modified": "2016-03-15T08:23:52.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:52Z",
|
||
|
"last_observed": "2016-03-15T08:23:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c698-ba24-41ea-881c-401a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c698-ba24-41ea-881c-401a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2/analysis/1457451799/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c699-57ac-4879-9299-46f402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:53.000Z",
|
||
|
"modified": "2016-03-15T08:23:53.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: e720f917cd8a02b0372b85068844e132c42ea2c97061b81d378b5a73f9344003",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a63d4b76c61838ca59c334e731b65b7ca25d7e20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c699-b9e8-4711-91cb-487c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:53.000Z",
|
||
|
"modified": "2016-03-15T08:23:53.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: e720f917cd8a02b0372b85068844e132c42ea2c97061b81d378b5a73f9344003",
|
||
|
"pattern": "[file:hashes.MD5 = '70fd65b8bfee10150db3b5dd5f99e3d6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c699-e9a8-4254-8586-453002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:53.000Z",
|
||
|
"modified": "2016-03-15T08:23:53.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:53Z",
|
||
|
"last_observed": "2016-03-15T08:23:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c699-e9a8-4254-8586-453002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c699-e9a8-4254-8586-453002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e720f917cd8a02b0372b85068844e132c42ea2c97061b81d378b5a73f9344003/analysis/1457502717/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c699-e154-4a67-91d1-4cd302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:53.000Z",
|
||
|
"modified": "2016-03-15T08:23:53.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 85e6adb499916a6557b2beebcf44f0872908a2d2705058bfacc9d7bc4c5bc43e",
|
||
|
"pattern": "[file:hashes.SHA1 = '52e366a2aa3ee03976a965552874c3d91fd9063a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69a-3c18-4490-b94f-40b702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:54.000Z",
|
||
|
"modified": "2016-03-15T08:23:54.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 85e6adb499916a6557b2beebcf44f0872908a2d2705058bfacc9d7bc4c5bc43e",
|
||
|
"pattern": "[file:hashes.MD5 = 'd64cae4fffa6ba5b82bf4970eeccbcb5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c69a-ead0-41f7-840a-493602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:54.000Z",
|
||
|
"modified": "2016-03-15T08:23:54.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:54Z",
|
||
|
"last_observed": "2016-03-15T08:23:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c69a-ead0-41f7-840a-493602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c69a-ead0-41f7-840a-493602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/85e6adb499916a6557b2beebcf44f0872908a2d2705058bfacc9d7bc4c5bc43e/analysis/1456340153/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69a-2f04-4957-b7f0-4a9402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:54.000Z",
|
||
|
"modified": "2016-03-15T08:23:54.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 4725019fb0a4574d1ad42bfa481ba1992002fe60811829a89955b3e538611123",
|
||
|
"pattern": "[file:hashes.SHA1 = '9de6d7f65e5788acbc511ec92a51e493a8ec2177']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69b-18f4-4fd5-86f4-4c1c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:55.000Z",
|
||
|
"modified": "2016-03-15T08:23:55.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 4725019fb0a4574d1ad42bfa481ba1992002fe60811829a89955b3e538611123",
|
||
|
"pattern": "[file:hashes.MD5 = 'd3ce028837b312cd6d981298aac2835f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c69b-e898-4e03-b1e1-4d3b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:55.000Z",
|
||
|
"modified": "2016-03-15T08:23:55.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:55Z",
|
||
|
"last_observed": "2016-03-15T08:23:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c69b-e898-4e03-b1e1-4d3b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c69b-e898-4e03-b1e1-4d3b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4725019fb0a4574d1ad42bfa481ba1992002fe60811829a89955b3e538611123/analysis/1456340336/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69b-cf04-4b59-9cf6-485602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:55.000Z",
|
||
|
"modified": "2016-03-15T08:23:55.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0",
|
||
|
"pattern": "[file:hashes.SHA1 = '63d0b780954a2bc96b3a77d9a2b3369d865bf1fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69b-b6d4-4797-9e56-43c202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:55.000Z",
|
||
|
"modified": "2016-03-15T08:23:55.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0",
|
||
|
"pattern": "[file:hashes.MD5 = 'b265305541dce2a140da7802442fbac4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c69c-3340-43da-8867-48fb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:56.000Z",
|
||
|
"modified": "2016-03-15T08:23:56.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:56Z",
|
||
|
"last_observed": "2016-03-15T08:23:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c69c-3340-43da-8867-48fb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c69c-3340-43da-8867-48fb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0/analysis/1457454168/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69c-d194-44a8-a481-45a702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:56.000Z",
|
||
|
"modified": "2016-03-15T08:23:56.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b606aaa402bfe4a15ef80165e964d384f25564e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69c-f95c-4ebe-9f5b-4f4402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:56.000Z",
|
||
|
"modified": "2016-03-15T08:23:56.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3",
|
||
|
"pattern": "[file:hashes.MD5 = 'b06d9dd17c69ed2ae75d9e40b2631b42']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c69d-7fbc-4b64-b5a3-4f8d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:57.000Z",
|
||
|
"modified": "2016-03-15T08:23:57.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:57Z",
|
||
|
"last_observed": "2016-03-15T08:23:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c69d-7fbc-4b64-b5a3-4f8d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c69d-7fbc-4b64-b5a3-4f8d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3/analysis/1458002946/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69d-52d8-49aa-a137-459902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:57.000Z",
|
||
|
"modified": "2016-03-15T08:23:57.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 40f62d6dfa7d2429c8e1085f1460907d82cc6a48399038c07bdc5b38792f75b3",
|
||
|
"pattern": "[file:hashes.SHA1 = '2148add4f55d423f85aedd432c961d3ee8adff6f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69d-9138-4927-badb-4f3202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:57.000Z",
|
||
|
"modified": "2016-03-15T08:23:57.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 40f62d6dfa7d2429c8e1085f1460907d82cc6a48399038c07bdc5b38792f75b3",
|
||
|
"pattern": "[file:hashes.MD5 = '1da00e89bb2d5511a70a372187343e75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c69e-e2dc-46f5-b8d8-4ed402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:58.000Z",
|
||
|
"modified": "2016-03-15T08:23:58.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:58Z",
|
||
|
"last_observed": "2016-03-15T08:23:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c69e-e2dc-46f5-b8d8-4ed402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c69e-e2dc-46f5-b8d8-4ed402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/40f62d6dfa7d2429c8e1085f1460907d82cc6a48399038c07bdc5b38792f75b3/analysis/1457172798/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69e-2f88-44d8-bfa9-489202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:58.000Z",
|
||
|
"modified": "2016-03-15T08:23:58.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8",
|
||
|
"pattern": "[file:hashes.SHA1 = '1347b810ac90c13154908f7cf45b11913c182e44']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69e-f920-41a7-bfd9-4d0e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:58.000Z",
|
||
|
"modified": "2016-03-15T08:23:58.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: 5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8",
|
||
|
"pattern": "[file:hashes.MD5 = 'e1a9b6f7285a85e682ebcad028472d13']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c69f-7074-4849-94f8-45ad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:59.000Z",
|
||
|
"modified": "2016-03-15T08:23:59.000Z",
|
||
|
"first_observed": "2016-03-15T08:23:59Z",
|
||
|
"last_observed": "2016-03-15T08:23:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c69f-7074-4849-94f8-45ad02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c69f-7074-4849-94f8-45ad02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8/analysis/1457950926/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69f-f5f0-4ead-b058-429602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:59.000Z",
|
||
|
"modified": "2016-03-15T08:23:59.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d159fe802f509b67d319ea916cc6a052035a0c0f4412406b6b78d7db4d4035fc",
|
||
|
"pattern": "[file:hashes.SHA1 = '228153cc2e85db3d78b8b56fbce3a3184d76999d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c69f-5840-410d-946d-4b7302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:23:59.000Z",
|
||
|
"modified": "2016-03-15T08:23:59.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d159fe802f509b67d319ea916cc6a052035a0c0f4412406b6b78d7db4d4035fc",
|
||
|
"pattern": "[file:hashes.MD5 = '033e61c4be7aafccd77b7c2e7aedb489']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:23:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c6a0-77c4-43c3-8c6e-42e402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:24:00.000Z",
|
||
|
"modified": "2016-03-15T08:24:00.000Z",
|
||
|
"first_observed": "2016-03-15T08:24:00Z",
|
||
|
"last_observed": "2016-03-15T08:24:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c6a0-77c4-43c3-8c6e-42e402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c6a0-77c4-43c3-8c6e-42e402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d159fe802f509b67d319ea916cc6a052035a0c0f4412406b6b78d7db4d4035fc/analysis/1456255714/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c6a0-dee8-4a69-add6-4bc602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:24:00.000Z",
|
||
|
"modified": "2016-03-15T08:24:00.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d4dc820457bbc557b14ec0e58358646afbba70f4d5cab2276cdac8ce631a3854",
|
||
|
"pattern": "[file:hashes.SHA1 = '9f06ae399fc6280e97042c88c3a386d0db3798cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:24:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c6a0-dec0-4331-a930-407402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:24:00.000Z",
|
||
|
"modified": "2016-03-15T08:24:00.000Z",
|
||
|
"description": "A partial list of Locky hashes detected by McAfee Labs - Xchecked via VT: d4dc820457bbc557b14ec0e58358646afbba70f4d5cab2276cdac8ce631a3854",
|
||
|
"pattern": "[file:hashes.MD5 = '32e2c73ed8da34d87c64267936e632cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:24:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56e7c6a1-6118-43e1-b410-498c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:24:01.000Z",
|
||
|
"modified": "2016-03-15T08:24:01.000Z",
|
||
|
"first_observed": "2016-03-15T08:24:01Z",
|
||
|
"last_observed": "2016-03-15T08:24:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56e7c6a1-6118-43e1-b410-498c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56e7c6a1-6118-43e1-b410-498c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d4dc820457bbc557b14ec0e58358646afbba70f4d5cab2276cdac8ce631a3854/analysis/1457954875/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56e7c9ba-4318-4d86-af3e-43e0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-15T08:37:14.000Z",
|
||
|
"modified": "2016-03-15T08:37:14.000Z",
|
||
|
"pattern": "[domain-name:value = 'olvikt.freedomain.thehost.com.ua']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-15T08:37:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|