adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5720accd-dd28-45f8-80e5-4605950d210f.json

29461 lines
3.1 MiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5720accd-dd28-45f8-80e5-4605950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:37:11.000Z",
"modified": "2016-04-27T13:37:11.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5720accd-dd28-45f8-80e5-4605950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:37:11.000Z",
"modified": "2016-04-27T13:37:11.000Z",
"name": "Malspam 2016-04-27 - Locky",
"published": "2016-04-27T13:37:48Z",
"object_refs": [
"indicator--5720ad01-4e34-450e-a46c-425b950d210f",
"indicator--5720ad01-95a4-46dd-a6d8-4315950d210f",
"indicator--5720ad02-1d50-4ee5-8152-4784950d210f",
"indicator--5720ad03-8d4c-4b45-a4c7-4537950d210f",
"indicator--5720ad04-bbb0-4b61-a650-425b950d210f",
"indicator--5720ad04-1088-4700-9d82-49b1950d210f",
"indicator--5720ad05-ff68-44b4-8651-4779950d210f",
"indicator--5720ad06-06a4-40d9-951e-49a4950d210f",
"indicator--5720ad07-3670-4d7d-b721-481e950d210f",
"indicator--5720ad08-aa68-45fe-88a2-4a7d950d210f",
"indicator--5720ad08-8b98-45c4-9a01-44d4950d210f",
"indicator--5720ad09-d14c-438a-ae66-4dc4950d210f",
"indicator--5720ad0a-816c-4f3e-9a03-45d2950d210f",
"indicator--5720ad0b-1284-41b6-b307-43e9950d210f",
"indicator--5720ad0b-1ca0-4700-afbc-4bd1950d210f",
"indicator--5720ad0c-4190-402c-895c-41d2950d210f",
"indicator--5720ad0d-8db8-4003-a122-4652950d210f",
"indicator--5720ad0e-82c8-4dd5-bbed-4cc6950d210f",
"indicator--5720ad0e-f570-4cc7-a3a6-406f950d210f",
"indicator--5720ad0f-07f0-4ad4-97aa-4291950d210f",
"indicator--5720ad10-f83c-4b7f-a04a-4c4a950d210f",
"indicator--5720ad11-cb50-4883-8c37-487c950d210f",
"indicator--5720ad12-8bf4-4d60-80b0-4751950d210f",
"indicator--5720ad12-f7d0-4a66-b48f-4905950d210f",
"indicator--5720ad13-1618-4451-a443-4279950d210f",
"indicator--5720ad14-12e0-4fd4-bf38-492c950d210f",
"indicator--5720ad15-65a4-4560-a7c4-4c16950d210f",
"indicator--5720ad15-b5b8-4c69-89ee-4932950d210f",
"indicator--5720ad16-3b2c-4e5d-8a4a-42df950d210f",
"indicator--5720ad17-26ec-4c17-bae3-4c41950d210f",
"indicator--5720ad18-9550-476f-8122-4cb6950d210f",
"indicator--5720ad18-4b74-4a0d-b9ec-44e3950d210f",
"indicator--5720ad19-2180-452c-8b63-4731950d210f",
"indicator--5720ad1a-1d18-4be9-9a2f-459c950d210f",
"indicator--5720ad1a-63cc-4b44-80c1-4856950d210f",
"indicator--5720ad1b-bc08-46f5-b0a1-4c06950d210f",
"indicator--5720ad1c-d8c4-4984-b9ef-4e47950d210f",
"indicator--5720ad1c-470c-4302-94cd-482a950d210f",
"indicator--5720ad1d-95c4-449d-91df-49a9950d210f",
"indicator--5720ad1e-9478-4756-bef5-4e28950d210f",
"indicator--5720ad1f-1504-4e3e-9ba8-422c950d210f",
"indicator--5720ad20-2818-4d68-8929-4e69950d210f",
"indicator--5720ad20-f3cc-46ea-b139-46a3950d210f",
"indicator--5720ad21-6fbc-456b-9902-4c4a950d210f",
"indicator--5720ad22-c180-4de4-8867-4108950d210f",
"indicator--5720ad22-8fec-4d17-a154-447a950d210f",
"indicator--5720ad23-f820-425e-bbfb-4a87950d210f",
"indicator--5720ad24-6664-4bf9-ac59-4673950d210f",
"indicator--5720ad25-fa08-45ae-bf5b-4a37950d210f",
"indicator--5720ad26-fdc0-4100-a67c-4e84950d210f",
"indicator--5720ad26-42b0-464b-af40-411b950d210f",
"indicator--5720ad27-362c-49b9-b446-4f4d950d210f",
"indicator--5720ad28-4774-4de7-bc99-4485950d210f",
"indicator--5720ad29-4874-4935-b601-4639950d210f",
"indicator--5720ad2a-6394-4d14-8954-4a7a950d210f",
"indicator--5720ad2b-510c-43ff-8433-41ae950d210f",
"indicator--5720ad2b-bcd4-4ca0-a87d-4813950d210f",
"indicator--5720ad2c-5d20-44db-9768-4954950d210f",
"indicator--5720ad2d-80c4-4bc2-86f7-4087950d210f",
"indicator--5720ad2e-3458-4940-bd59-499e950d210f",
"indicator--5720ad2f-8a48-4d62-a6f5-40b5950d210f",
"indicator--5720ad2f-0b00-48e8-abc3-4ded950d210f",
"indicator--5720ad30-819c-4f34-ab1d-42ef950d210f",
"indicator--5720ad31-25b4-4d5c-abf4-476a950d210f",
"indicator--5720ad32-f900-47cb-a361-4c54950d210f",
"indicator--5720ad33-ca3c-44af-8e8d-498a950d210f",
"indicator--5720ad34-2cf4-4d42-b2d0-4a05950d210f",
"indicator--5720ad34-0b60-4e31-afd1-40e6950d210f",
"indicator--5720ad35-ce44-4c77-9ded-4d42950d210f",
"indicator--5720ad36-ee08-4189-b886-498a950d210f",
"indicator--5720ad37-095c-4674-8a6f-421d950d210f",
"indicator--5720ad37-86d8-41df-b3ac-4d31950d210f",
"indicator--5720ad38-3a9c-4e4a-a7aa-45b6950d210f",
"indicator--5720ad39-9e80-4ec1-aaef-4674950d210f",
"indicator--5720ad3a-12d8-47c5-86ee-47d1950d210f",
"indicator--5720ad3b-b994-4dcb-83f5-4228950d210f",
"indicator--5720ad3c-ddf0-4f86-bac8-4683950d210f",
"indicator--5720ad3c-60e0-4eea-8bab-421f950d210f",
"indicator--5720ad3d-cd70-4e4b-a8e2-46f5950d210f",
"indicator--5720ad3e-5d4c-4561-96f6-4e46950d210f",
"indicator--5720ad3e-fc2c-40af-8afd-48e5950d210f",
"indicator--5720ad3f-372c-4835-aa24-4268950d210f",
"indicator--5720ad40-9f3c-45a4-a1b4-438c950d210f",
"indicator--5720ad40-2b60-4f37-a5c6-41b8950d210f",
"indicator--5720ad41-eb18-4a05-a968-4cbb950d210f",
"indicator--5720ad42-7d84-4bea-b0ee-4d2c950d210f",
"indicator--5720ad42-7910-49b0-ac51-4e6b950d210f",
"indicator--5720ad43-ce70-4f12-9c75-4d67950d210f",
"indicator--5720ad44-e22c-445c-91ee-40c4950d210f",
"indicator--5720ad44-1700-4de1-8bea-49a0950d210f",
"indicator--5720ad45-a8b4-4f6e-b230-424d950d210f",
"indicator--5720ad46-3dc8-403d-90f4-41a8950d210f",
"indicator--5720ad47-772c-471a-a585-4212950d210f",
"indicator--5720ad48-2788-4860-8afa-4eac950d210f",
"indicator--5720ad48-1e4c-41d6-91af-40e8950d210f",
"indicator--5720ad49-e140-4a58-8c29-42ae950d210f",
"indicator--5720ad4a-d538-435e-88ff-4db6950d210f",
"indicator--5720ad4b-ef5c-4ea6-b076-4af1950d210f",
"indicator--5720ad4b-7f5c-41d1-998d-4c13950d210f",
"indicator--5720ad4c-e6d4-44ea-9f45-46b8950d210f",
"indicator--5720ad4d-9788-4850-a2b2-49ee950d210f",
"indicator--5720ad4e-f134-4866-a4fc-4e65950d210f",
"indicator--5720ad4e-8994-43f6-8ec6-4abd950d210f",
"indicator--5720ad4f-1080-405d-85aa-4b1d950d210f",
"indicator--5720ad50-0e38-4e16-bd70-4471950d210f",
"indicator--5720ad51-c1c8-42dc-bda5-4fb6950d210f",
"indicator--5720ad52-2f64-4ad2-977c-4a8d950d210f",
"indicator--5720ad53-52b4-44f7-9ea6-43d2950d210f",
"indicator--5720ad54-05f8-4017-b132-45ed950d210f",
"indicator--5720ad54-8040-469c-8eb5-4a1d950d210f",
"indicator--5720ad55-e0c8-445e-8df0-4efe950d210f",
"indicator--5720ad56-79c0-40c9-b08a-4a86950d210f",
"indicator--5720ad57-2968-4aab-847d-4806950d210f",
"indicator--5720ad58-40ac-43ac-9051-4295950d210f",
"indicator--5720ad58-ba24-41a0-8877-49c0950d210f",
"indicator--5720ad59-ab58-4226-acfc-4bda950d210f",
"indicator--5720ad5a-2edc-4112-8284-4273950d210f",
"indicator--5720ad5b-6474-48d5-9d55-490b950d210f",
"indicator--5720ad5c-83bc-4434-af9b-4f56950d210f",
"indicator--5720ad5c-97c0-406c-9348-4e04950d210f",
"indicator--5720ad5d-7da0-4bf2-b727-45ca950d210f",
"indicator--5720ad5e-1ca4-4b70-b1bd-409f950d210f",
"indicator--5720ad5e-2420-4c27-b11d-40ec950d210f",
"indicator--5720ad5f-c7c8-452f-adba-41ef950d210f",
"indicator--5720ad60-18d8-4fb3-86ef-448a950d210f",
"indicator--5720ad61-0bb8-45ab-ae85-4305950d210f",
"indicator--5720ad62-e3ec-43e8-887f-467e950d210f",
"indicator--5720ad62-9514-490d-9c00-444b950d210f",
"indicator--5720ad63-c32c-402e-a9f5-4e8c950d210f",
"indicator--5720ad64-60d0-4138-9a9d-48d0950d210f",
"indicator--5720ad65-9554-47d2-9585-4d9a950d210f",
"indicator--5720ad66-a9d0-4c52-a888-42a8950d210f",
"indicator--5720ad66-7620-4a6b-834c-4c40950d210f",
"indicator--5720ad67-fef8-4ba3-9ea4-4a68950d210f",
"indicator--5720ad68-4c00-46f1-b717-4d66950d210f",
"indicator--5720ad69-a874-435d-a3f2-4122950d210f",
"indicator--5720ad69-550c-49a7-bcab-43e5950d210f",
"indicator--5720ad6a-7f38-4f27-9fa5-431d950d210f",
"indicator--5720ad6a-f6b8-4f94-9167-4cf8950d210f",
"indicator--5720ad6b-eac4-4a71-a2f7-4b65950d210f",
"indicator--5720ad6c-8c84-43d6-8c94-4662950d210f",
"indicator--5720ad6c-46d8-4c00-b037-4507950d210f",
"indicator--5720ad6d-e3cc-455b-aaf3-49c9950d210f",
"indicator--5720ad6e-041c-40ad-969e-49e0950d210f",
"indicator--5720ad6f-cdf4-4ab9-a73f-45db950d210f",
"indicator--5720ad6f-294c-428b-a85a-43e9950d210f",
"indicator--5720ad70-9c24-439d-ab35-4ab1950d210f",
"indicator--5720ad70-acb0-4aab-a8a7-4809950d210f",
"indicator--5720ad71-3e98-4aca-bbbd-4d0d950d210f",
"indicator--5720ad72-44a4-4823-b1af-4dc6950d210f",
"indicator--5720ad72-f7c4-4ed4-ada9-4d3c950d210f",
"indicator--5720ad73-68f8-4c03-8179-4ade950d210f",
"indicator--5720ad74-9b88-40aa-8f6d-4b22950d210f",
"indicator--5720ad75-29e0-4e57-9244-41a2950d210f",
"indicator--5720ad76-cd90-47bc-8abc-47fe950d210f",
"indicator--5720ad76-a898-4928-a7d3-494e950d210f",
"indicator--5720ad77-5090-458a-a9fc-41d2950d210f",
"indicator--5720ad78-ca24-4cb1-b397-4803950d210f",
"indicator--5720ad78-46e4-424c-b38a-463c950d210f",
"indicator--5720ad79-60d0-4a44-9582-4cfa950d210f",
"indicator--5720ad7a-6e14-46e1-b4a4-4ecd950d210f",
"indicator--5720ad7a-989c-4da8-be64-4284950d210f",
"indicator--5720ad7b-6284-407a-ab4b-42cf950d210f",
"indicator--5720ad7c-2530-47a0-a506-438b950d210f",
"indicator--5720ad7c-b6a0-46d3-8736-48e3950d210f",
"indicator--5720ad7d-3780-4cdf-a46e-4a8d950d210f",
"indicator--5720ad7e-423c-47b4-9ded-4eb0950d210f",
"indicator--5720ad7e-8b58-4616-8c9a-4292950d210f",
"indicator--5720ad7f-646c-4436-9fb9-4f04950d210f",
"indicator--5720ad80-6c90-44fc-b46f-48dc950d210f",
"indicator--5720ad80-6164-4a1c-a60f-4838950d210f",
"indicator--5720ad81-fe10-4862-b7f1-4a67950d210f",
"indicator--5720ad82-ae9c-4a12-8d4a-44c3950d210f",
"indicator--5720ad82-15b0-4dc1-be0a-4bcb950d210f",
"indicator--5720ad83-e35c-439d-b63a-42d4950d210f",
"indicator--5720ad84-dab4-4655-a957-48e2950d210f",
"indicator--5720ad84-84c0-4ec2-921e-4afd950d210f",
"indicator--5720ad85-4c60-41ba-a7a9-4bdb950d210f",
"indicator--5720ad86-0f7c-45c8-bf8f-49dd950d210f",
"indicator--5720ad86-33cc-442c-96fb-40a4950d210f",
"indicator--5720ad87-9e7c-472d-96e3-43ee950d210f",
"indicator--5720ad88-31d4-4c4e-88f5-4db1950d210f",
"indicator--5720ad88-7674-401a-881f-44cf950d210f",
"indicator--5720ad89-d0ac-4e10-894f-4e24950d210f",
"indicator--5720ad8a-a1e4-4581-b6ce-4779950d210f",
"indicator--5720ad8a-24c8-4c03-a844-414e950d210f",
"indicator--5720ad8b-fe9c-42a1-8d4b-464f950d210f",
"indicator--5720ad8c-8c2c-45b8-ac0a-4844950d210f",
"indicator--5720ad8c-3c4c-4f84-a869-496a950d210f",
"indicator--5720ad8d-6080-4abb-9eaf-4a08950d210f",
"indicator--5720ad8e-6618-4e28-bbdd-441d950d210f",
"indicator--5720ad8f-78f8-4a5c-90a2-4058950d210f",
"indicator--5720ad8f-d858-44f4-a530-4345950d210f",
"indicator--5720ad90-eb28-424e-b28b-4d11950d210f",
"indicator--5720ad91-d670-4afa-9a12-41a9950d210f",
"indicator--5720ad91-533c-40c1-8e7b-4475950d210f",
"indicator--5720ad92-d18c-4d5b-9036-4a54950d210f",
"indicator--5720ad93-2618-43e6-a029-443d950d210f",
"indicator--5720ad94-1660-4a9f-91c0-4beb950d210f",
"indicator--5720ad95-3838-400b-8204-4b25950d210f",
"indicator--5720ad95-478c-47d1-8184-444b950d210f",
"indicator--5720ad96-99a4-49eb-a95d-4e1b950d210f",
"indicator--5720ad97-eae0-4864-99e2-4c58950d210f",
"indicator--5720ad98-9464-4ea1-b81c-4443950d210f",
"indicator--5720ad99-ddcc-4401-b8a7-4570950d210f",
"indicator--5720ad9a-1640-413c-b955-4ebc950d210f",
"indicator--5720ad9a-8c60-427b-9ebd-4087950d210f",
"indicator--5720ad9b-b3e4-49c5-8515-4ac9950d210f",
"indicator--5720ad9c-5eac-448b-8f1a-4a30950d210f",
"indicator--5720ad9d-008c-4665-bc8a-4e5b950d210f",
"indicator--5720ad9e-f6f8-4f6c-981a-4733950d210f",
"indicator--5720ad9e-2814-4cb9-919d-4bf3950d210f",
"indicator--5720ad9f-f434-40ef-9043-4ea0950d210f",
"indicator--5720ada0-72d0-4ed9-bc26-4f6e950d210f",
"indicator--5720ada1-9e40-4cc3-8029-4537950d210f",
"indicator--5720ada2-81ac-433b-a28b-4438950d210f",
"indicator--5720ada3-e6b8-4381-8867-44e3950d210f",
"indicator--5720ada3-e9e0-493f-a047-4915950d210f",
"indicator--5720ada4-36e4-4e73-8ca3-4ba0950d210f",
"indicator--5720ada5-52f4-4f50-b28b-46d3950d210f",
"indicator--5720ada6-79d8-444c-a03d-4444950d210f",
"indicator--5720ada7-8234-4543-a416-4cba950d210f",
"indicator--5720ada7-b9a0-4e64-8ed2-46f2950d210f",
"indicator--5720ada8-b348-4afb-8b22-4b5a950d210f",
"indicator--5720ada9-0008-4b22-80ae-438f950d210f",
"indicator--5720ada9-7598-414a-8541-434d950d210f",
"indicator--5720adaa-b370-4b80-8857-4ded950d210f",
"indicator--5720adab-11c8-476b-848b-4527950d210f",
"indicator--5720adab-e384-47f6-911f-471b950d210f",
"indicator--5720adac-d15c-40a0-a789-4855950d210f",
"indicator--5720adad-fb30-43ec-90cf-4e22950d210f",
"indicator--5720adae-50b4-4143-af5f-469f950d210f",
"indicator--5720adae-623c-43fa-bb81-4f91950d210f",
"indicator--5720adaf-b87c-42e5-a662-4a83950d210f",
"indicator--5720adb0-5ed4-4161-849a-4925950d210f",
"indicator--5720adb1-a5e8-49a3-b55d-45c0950d210f",
"indicator--5720adb2-6d44-4845-9031-4638950d210f",
"indicator--5720adb2-3f34-4737-9644-49ed950d210f",
"indicator--5720adb3-98a4-4463-9291-4673950d210f",
"indicator--5720adb4-d3fc-429d-904e-4916950d210f",
"indicator--5720adb5-e598-418f-9489-49b1950d210f",
"indicator--5720adb6-afa0-45d2-9386-48b0950d210f",
"indicator--5720adb7-660c-4e8f-9506-421e950d210f",
"indicator--5720adb7-c944-4b6c-9716-4b42950d210f",
"indicator--5720adb8-7294-4fef-83df-47e6950d210f",
"indicator--5720adb9-5818-44be-b958-463c950d210f",
"indicator--5720adba-cb80-4fc3-9d8d-4bc1950d210f",
"indicator--5720adbb-08d0-4564-8265-4331950d210f",
"indicator--5720adbb-e8a0-4bdb-ba84-4c40950d210f",
"indicator--5720adbc-ad34-4b02-a9e7-4107950d210f",
"indicator--5720adbd-53e0-4ffe-a430-4b36950d210f",
"indicator--5720adbd-8504-4046-85bf-404c950d210f",
"indicator--5720adbe-4700-46c7-a087-48cb950d210f",
"indicator--5720adbf-bc14-4304-b631-44c0950d210f",
"indicator--5720adbf-1e0c-4d0b-ab49-4d66950d210f",
"indicator--5720adc0-63e8-4507-a035-4733950d210f",
"indicator--5720adc1-6924-41a5-a035-4741950d210f",
"indicator--5720adc2-1f18-4aa5-bcc7-48ff950d210f",
"indicator--5720adc2-b260-4194-8189-4ea3950d210f",
"indicator--5720adc3-c290-4d33-8886-4de2950d210f",
"indicator--5720adc4-c478-4b6c-a2a7-4339950d210f",
"indicator--5720adc4-97e8-481a-8a94-414f950d210f",
"indicator--5720adc5-494c-4238-9517-4fd2950d210f",
"indicator--5720adc6-50f8-4f58-9590-4ff7950d210f",
"indicator--5720adc6-5778-49d0-9a63-4ec5950d210f",
"indicator--5720adc7-bc80-42df-878c-4338950d210f",
"indicator--5720adc8-42b8-4f1e-9caa-453c950d210f",
"indicator--5720adc9-6494-4dbc-bed5-4f68950d210f",
"indicator--5720adc9-8508-4ac5-a9e7-4ba0950d210f",
"indicator--5720adca-79ec-4394-afd3-4c2d950d210f",
"indicator--5720adcb-93e4-4e94-80ef-4f40950d210f",
"indicator--5720adcc-b890-4c47-9e4f-4ede950d210f",
"indicator--5720adcd-3d7c-4ec3-9612-4dcc950d210f",
"indicator--5720adcd-6cb0-4e05-b692-4ef7950d210f",
"indicator--5720adce-b65c-4aff-9ad2-4a5a950d210f",
"indicator--5720adcf-8688-469f-aaab-4197950d210f",
"indicator--5720add0-cb10-44be-bdc3-416c950d210f",
"indicator--5720add1-11f8-43bc-8daf-4d5a950d210f",
"indicator--5720add2-02d8-45cd-983f-430b950d210f",
"indicator--5720add2-c708-4669-9215-4ed8950d210f",
"indicator--5720add3-95c8-4cbe-868c-41f3950d210f",
"indicator--5720add4-a5c8-4e54-b746-406b950d210f",
"indicator--5720add5-f6fc-4fb7-849b-4be1950d210f",
"indicator--5720add6-4618-42b7-9a5d-401f950d210f",
"indicator--5720add6-cb3c-4b15-8deb-4793950d210f",
"indicator--5720add7-cb34-40cd-b5c5-4637950d210f",
"indicator--5720add8-8508-44b3-86ff-42dd950d210f",
"indicator--5720add8-1c78-4403-b73b-4194950d210f",
"indicator--5720add9-c6bc-4874-b70d-4ac4950d210f",
"indicator--5720adda-6f20-4fcf-9f5f-4a2c950d210f",
"indicator--5720addb-0474-4abe-b8dc-4136950d210f",
"indicator--5720addc-b6f4-4f97-92af-4ba9950d210f",
"indicator--5720addc-99b8-455c-90f6-4e47950d210f",
"indicator--5720addd-6b10-4d42-a43c-4e62950d210f",
"indicator--5720adde-55b4-44f4-889f-467d950d210f",
"indicator--5720addf-a334-4497-bd36-466d950d210f",
"indicator--5720ade0-5e58-453c-ad5c-4ed2950d210f",
"indicator--5720ade0-0c7c-4555-8747-476d950d210f",
"indicator--5720ade1-dffc-4436-9cc3-4829950d210f",
"indicator--5720ade2-59a8-4373-bb7d-4460950d210f",
"indicator--5720ade3-bac4-4460-a3d6-4fd8950d210f",
"indicator--5720ade4-849c-4b6e-8c04-452b950d210f",
"indicator--5720ade4-046c-477e-8690-4705950d210f",
"indicator--5720ade5-d2dc-4735-9fb8-4d9a950d210f",
"indicator--5720ade6-8fb4-47fe-bc23-4dcc950d210f",
"indicator--5720ade7-1aa0-4a68-8f4a-4d6a950d210f",
"indicator--5720ade8-df34-4695-9077-4bcf950d210f",
"indicator--5720ade8-7a38-472e-88fd-46e4950d210f",
"indicator--5720ade9-f5cc-49ee-8d8f-4e88950d210f",
"indicator--5720adea-180c-4ab6-8e12-4a03950d210f",
"indicator--5720adeb-8754-45d9-8c8b-4a4e950d210f",
"indicator--5720adeb-db40-4cc7-8ce7-4a4e950d210f",
"indicator--5720adec-f4a4-44de-b8e1-47a0950d210f",
"indicator--5720aded-f08c-43c7-9c70-4387950d210f",
"indicator--5720adee-0858-4185-b048-4b8f950d210f",
"indicator--5720adef-3d00-43b0-9b16-47a4950d210f",
"indicator--5720adef-d85c-4a18-935d-4be5950d210f",
"indicator--5720adf0-63a4-4f4b-9403-429d950d210f",
"indicator--5720adf1-cea4-48f2-80af-47d1950d210f",
"indicator--5720adf2-77bc-4f0b-b19c-4cc3950d210f",
"indicator--5720adf2-3568-4f50-8061-4a2c950d210f",
"indicator--5720adf3-a978-4e5a-8fb2-4b2a950d210f",
"indicator--5720adf4-2720-49a6-90e7-45cd950d210f",
"indicator--5720adf5-3628-472e-ab4a-4521950d210f",
"indicator--5720adf5-d2cc-40d1-a012-4b18950d210f",
"indicator--5720adf6-4fa4-46b5-bee4-4963950d210f",
"indicator--5720adf7-3f18-436f-a440-4df1950d210f",
"indicator--5720adf8-7468-4bdc-a160-4c6a950d210f",
"indicator--5720adf8-8a14-461f-b455-49b8950d210f",
"indicator--5720adf9-5c10-4a3a-b9ee-453d950d210f",
"indicator--5720adfa-6d20-4e08-883d-4d9a950d210f",
"indicator--5720adfb-20b8-43b1-ab7a-4d14950d210f",
"indicator--5720adfb-e584-4014-9ce1-4be9950d210f",
"indicator--5720adfc-652c-4025-a71f-4b44950d210f",
"indicator--5720adfc-a760-42e4-9266-4577950d210f",
"indicator--5720adfd-7950-4ee6-a293-4d79950d210f",
"indicator--5720adfe-4254-4ba2-b396-43f4950d210f",
"indicator--5720adfe-c4d0-4905-a503-4cc9950d210f",
"indicator--5720adff-af04-4e4c-bcd7-49a1950d210f",
"indicator--5720ae00-0c30-4e29-8f7b-41f2950d210f",
"indicator--5720ae00-78d8-4263-ae7e-484c950d210f",
"indicator--5720ae01-abd0-4934-b0be-47e6950d210f",
"indicator--5720ae02-9c5c-4780-a9ca-434f950d210f",
"indicator--5720ae02-7a08-46d5-af54-4456950d210f",
"indicator--5720ae03-42c0-4150-b5af-476f950d210f",
"indicator--5720ae04-1230-4ee6-94f6-4956950d210f",
"indicator--5720ae05-4338-4936-af37-4cd5950d210f",
"indicator--5720ae06-a7c0-445c-bc12-4981950d210f",
"indicator--5720ae06-7708-4a32-be54-46b3950d210f",
"indicator--5720ae07-7750-43a4-8b88-43f3950d210f",
"indicator--5720ae08-5708-409c-b4ec-49dd950d210f",
"indicator--5720ae08-52e4-4754-88b3-4229950d210f",
"indicator--5720ae09-fc60-4e00-b140-4e84950d210f",
"indicator--5720ae0a-c9f8-433e-a576-436d950d210f",
"indicator--5720ae0b-7214-481d-a735-4aef950d210f",
"indicator--5720ae0c-0544-4de8-a661-4e4d950d210f",
"indicator--5720ae0c-9274-42b4-8b40-46e4950d210f",
"indicator--5720ae0d-9104-435c-aab8-499d950d210f",
"indicator--5720ae0e-71f8-4677-b6ec-46b7950d210f",
"indicator--5720ae0e-0b4c-4509-be7e-4c43950d210f",
"indicator--5720ae0f-4f48-4e77-9bd2-4e9c950d210f",
"indicator--5720ae10-3050-4c67-82b4-4ba6950d210f",
"indicator--5720ae10-aec0-456b-9387-4c67950d210f",
"indicator--5720ae11-e598-478f-a5c9-4044950d210f",
"indicator--5720ae12-377c-4bee-b610-4e30950d210f",
"indicator--5720ae13-8560-4203-94b4-4a66950d210f",
"indicator--5720ae14-5854-4b40-abb7-435a950d210f",
"indicator--5720ae15-8734-4d30-865c-4f2d950d210f",
"indicator--5720ae15-0440-4ba8-8a3d-49cd950d210f",
"indicator--5720ae16-0bd4-4ceb-8f88-42d6950d210f",
"indicator--5720ae17-9d90-49c7-9a0d-4bd2950d210f",
"indicator--5720ae18-1b54-4ca4-bde2-44f5950d210f",
"indicator--5720ae18-ee74-4969-86ee-4173950d210f",
"indicator--5720ae19-c2d0-41ac-8f1e-418d950d210f",
"indicator--5720ae1a-e24c-45e1-8d5d-4ca1950d210f",
"indicator--5720ae1b-eebc-473a-b3b5-41c0950d210f",
"indicator--5720ae1b-24ac-4a43-b7b2-46c7950d210f",
"indicator--5720ae1c-f914-43e6-807d-4f62950d210f",
"indicator--5720ae1d-0bdc-43d1-ad86-45a5950d210f",
"indicator--5720ae1e-4450-4fb8-80db-4712950d210f",
"indicator--5720ae1e-e430-4820-8360-4704950d210f",
"indicator--5720ae1f-bfc0-462f-8098-4f70950d210f",
"indicator--5720ae20-c63c-458d-9d1f-48db950d210f",
"indicator--5720ae21-9ce8-42af-8fdc-48ac950d210f",
"indicator--5720ae22-1718-4afb-b3af-4a09950d210f",
"indicator--5720ae22-370c-44f8-84e6-469f950d210f",
"indicator--5720ae23-36c4-4883-889d-4535950d210f",
"indicator--5720ae24-f0d0-4394-904a-4806950d210f",
"indicator--5720ae24-60ec-4ecf-b9fc-4790950d210f",
"indicator--5720ae25-396c-4944-becd-44d5950d210f",
"indicator--5720ae26-0b6c-40a2-9acb-4db6950d210f",
"indicator--5720ae26-76b4-4e38-b9c6-40a7950d210f",
"indicator--5720ae27-42b0-483f-8f3f-427d950d210f",
"indicator--5720ae28-4a9c-49ca-9525-4a5a950d210f",
"indicator--5720ae29-af8c-4d4e-98c1-48e9950d210f",
"indicator--5720ae2a-c544-4006-9678-4879950d210f",
"indicator--5720ae2a-9fb8-4b55-9dc8-42ff950d210f",
"indicator--5720ae2b-527c-4ba7-95de-41b6950d210f",
"indicator--5720ae2c-57bc-44e2-ad6b-4b86950d210f",
"indicator--5720ae2c-e570-4d86-9c30-4bdf950d210f",
"indicator--5720ae2d-ecec-4366-872c-49f4950d210f",
"indicator--5720ae2e-2798-4f55-bc0e-4e7a950d210f",
"indicator--5720ae2f-05ec-4c69-942e-47e0950d210f",
"indicator--5720ae2f-982c-4d7e-a8ed-4a25950d210f",
"indicator--5720ae30-fd00-4716-85ed-4716950d210f",
"indicator--5720ae31-ab14-474c-831b-4f1a950d210f",
"indicator--5720ae32-724c-4ef7-a72a-43fa950d210f",
"indicator--5720ae33-3e14-4459-b199-496c950d210f",
"observed-data--5720afd0-f300-425d-bf95-46e402de0b81",
"url--5720afd0-f300-425d-bf95-46e402de0b81",
"observed-data--5720afd0-a7bc-4623-bb92-439102de0b81",
"url--5720afd0-a7bc-4623-bb92-439102de0b81",
"observed-data--5720afd1-ad78-4824-909d-44d002de0b81",
"url--5720afd1-ad78-4824-909d-44d002de0b81",
"observed-data--5720afd1-5cb4-4584-b099-4b3702de0b81",
"url--5720afd1-5cb4-4584-b099-4b3702de0b81",
"observed-data--5720afd2-5560-4df1-b2c3-4bd902de0b81",
"url--5720afd2-5560-4df1-b2c3-4bd902de0b81",
"observed-data--5720afd2-e7f4-43ad-8618-421402de0b81",
"url--5720afd2-e7f4-43ad-8618-421402de0b81",
"observed-data--5720afd3-6cac-4d5f-8093-462e02de0b81",
"url--5720afd3-6cac-4d5f-8093-462e02de0b81",
"observed-data--5720afd3-eb4c-4b9a-8ac6-456102de0b81",
"url--5720afd3-eb4c-4b9a-8ac6-456102de0b81",
"observed-data--5720afd3-5370-4752-89cf-439502de0b81",
"url--5720afd3-5370-4752-89cf-439502de0b81",
"observed-data--5720afd4-ff4c-42a8-976e-47e702de0b81",
"url--5720afd4-ff4c-42a8-976e-47e702de0b81",
"observed-data--5720afd4-f26c-46d5-9eac-413702de0b81",
"url--5720afd4-f26c-46d5-9eac-413702de0b81",
"observed-data--5720afd5-62a8-4264-b9b8-4e3002de0b81",
"url--5720afd5-62a8-4264-b9b8-4e3002de0b81",
"observed-data--5720afd5-db34-4ac1-bcb7-4ffa02de0b81",
"url--5720afd5-db34-4ac1-bcb7-4ffa02de0b81",
"observed-data--5720afd5-dbb0-483a-b6b5-4b1402de0b81",
"url--5720afd5-dbb0-483a-b6b5-4b1402de0b81",
"observed-data--5720afd6-3584-4e63-97fa-409502de0b81",
"url--5720afd6-3584-4e63-97fa-409502de0b81",
"observed-data--5720afd6-2378-4471-b926-495102de0b81",
"url--5720afd6-2378-4471-b926-495102de0b81",
"observed-data--5720afd7-b0d4-47ed-93d0-4c7502de0b81",
"url--5720afd7-b0d4-47ed-93d0-4c7502de0b81",
"observed-data--5720afd7-ba04-448e-b8a1-412502de0b81",
"url--5720afd7-ba04-448e-b8a1-412502de0b81",
"observed-data--5720afd8-6d28-4aed-907f-423502de0b81",
"url--5720afd8-6d28-4aed-907f-423502de0b81",
"observed-data--5720afd8-014c-45fb-b71d-419802de0b81",
"url--5720afd8-014c-45fb-b71d-419802de0b81",
"observed-data--5720afd8-4f28-478b-bb5f-4def02de0b81",
"url--5720afd8-4f28-478b-bb5f-4def02de0b81",
"observed-data--5720afd9-b408-402c-b6e3-498a02de0b81",
"url--5720afd9-b408-402c-b6e3-498a02de0b81",
"observed-data--5720afd9-5728-41a6-bf6d-472802de0b81",
"url--5720afd9-5728-41a6-bf6d-472802de0b81",
"observed-data--5720afda-9400-411f-9f50-4e1402de0b81",
"url--5720afda-9400-411f-9f50-4e1402de0b81",
"observed-data--5720afda-20b8-4383-a90c-434502de0b81",
"url--5720afda-20b8-4383-a90c-434502de0b81",
"observed-data--5720afdb-de40-454b-b506-466302de0b81",
"url--5720afdb-de40-454b-b506-466302de0b81",
"observed-data--5720afdb-8f0c-4fc7-a733-482d02de0b81",
"url--5720afdb-8f0c-4fc7-a733-482d02de0b81",
"observed-data--5720afdb-8114-44b8-80d0-445702de0b81",
"url--5720afdb-8114-44b8-80d0-445702de0b81",
"observed-data--5720afdc-6274-4ee4-a49f-44b302de0b81",
"url--5720afdc-6274-4ee4-a49f-44b302de0b81",
"observed-data--5720afdc-0934-4511-ba2b-490802de0b81",
"url--5720afdc-0934-4511-ba2b-490802de0b81",
"observed-data--5720afdd-9a08-45d0-81db-44a002de0b81",
"url--5720afdd-9a08-45d0-81db-44a002de0b81",
"observed-data--5720afdd-32e4-47a9-b220-414b02de0b81",
"url--5720afdd-32e4-47a9-b220-414b02de0b81",
"observed-data--5720afdd-f240-409c-88bb-4cdb02de0b81",
"url--5720afdd-f240-409c-88bb-4cdb02de0b81",
"observed-data--5720afde-827c-4cd4-aed7-45b702de0b81",
"url--5720afde-827c-4cd4-aed7-45b702de0b81",
"observed-data--5720afde-118c-4726-845b-41f002de0b81",
"url--5720afde-118c-4726-845b-41f002de0b81",
"observed-data--5720afdf-2168-4518-a036-445502de0b81",
"url--5720afdf-2168-4518-a036-445502de0b81",
"observed-data--5720afdf-14c0-4a76-abc1-44ab02de0b81",
"url--5720afdf-14c0-4a76-abc1-44ab02de0b81",
"observed-data--5720afe0-eef4-4019-8162-4b4202de0b81",
"url--5720afe0-eef4-4019-8162-4b4202de0b81",
"observed-data--5720afe0-7828-459c-a90b-42b102de0b81",
"url--5720afe0-7828-459c-a90b-42b102de0b81",
"observed-data--5720afe0-9308-41f3-a12f-4a7a02de0b81",
"url--5720afe0-9308-41f3-a12f-4a7a02de0b81",
"observed-data--5720afe1-9384-4cd9-909a-45d602de0b81",
"url--5720afe1-9384-4cd9-909a-45d602de0b81",
"observed-data--5720afe1-777c-4c94-ac0f-4f2d02de0b81",
"url--5720afe1-777c-4c94-ac0f-4f2d02de0b81",
"observed-data--5720afe2-5edc-4ad1-a4ac-460602de0b81",
"url--5720afe2-5edc-4ad1-a4ac-460602de0b81",
"observed-data--5720afe2-07d0-49f1-880b-4aec02de0b81",
"url--5720afe2-07d0-49f1-880b-4aec02de0b81",
"observed-data--5720afe3-0f0c-43f2-93ae-4e3902de0b81",
"url--5720afe3-0f0c-43f2-93ae-4e3902de0b81",
"observed-data--5720afe3-3d20-44a0-b7e8-46bf02de0b81",
"url--5720afe3-3d20-44a0-b7e8-46bf02de0b81",
"observed-data--5720afe3-8594-40fc-9503-4d1302de0b81",
"url--5720afe3-8594-40fc-9503-4d1302de0b81",
"observed-data--5720afe4-1230-48a6-9d20-434b02de0b81",
"url--5720afe4-1230-48a6-9d20-434b02de0b81",
"observed-data--5720afe4-761c-4711-8e89-4e4e02de0b81",
"url--5720afe4-761c-4711-8e89-4e4e02de0b81",
"observed-data--5720afe5-563c-4ada-b5ec-4ba102de0b81",
"url--5720afe5-563c-4ada-b5ec-4ba102de0b81",
"observed-data--5720afe5-5208-477c-8396-4ff902de0b81",
"url--5720afe5-5208-477c-8396-4ff902de0b81",
"observed-data--5720afe5-5860-42c1-b7e0-436f02de0b81",
"url--5720afe5-5860-42c1-b7e0-436f02de0b81",
"observed-data--5720afe6-d674-447f-9325-4a0b02de0b81",
"url--5720afe6-d674-447f-9325-4a0b02de0b81",
"observed-data--5720afe6-6f6c-47cc-8e9b-4fb102de0b81",
"url--5720afe6-6f6c-47cc-8e9b-4fb102de0b81",
"observed-data--5720afe7-a03c-4402-8673-426902de0b81",
"url--5720afe7-a03c-4402-8673-426902de0b81",
"observed-data--5720afe7-de94-46de-8411-4ad202de0b81",
"url--5720afe7-de94-46de-8411-4ad202de0b81",
"observed-data--5720afe8-6798-423d-8c6c-4a0202de0b81",
"url--5720afe8-6798-423d-8c6c-4a0202de0b81",
"observed-data--5720afe8-fcf8-4e89-946e-40c502de0b81",
"url--5720afe8-fcf8-4e89-946e-40c502de0b81",
"observed-data--5720afe8-fcfc-47b2-a377-43d302de0b81",
"url--5720afe8-fcfc-47b2-a377-43d302de0b81",
"observed-data--5720afe9-efa8-4345-8192-459902de0b81",
"url--5720afe9-efa8-4345-8192-459902de0b81",
"observed-data--5720afe9-6148-48d0-b882-49fb02de0b81",
"url--5720afe9-6148-48d0-b882-49fb02de0b81",
"observed-data--5720afea-0f98-460f-83b1-4d2d02de0b81",
"url--5720afea-0f98-460f-83b1-4d2d02de0b81",
"observed-data--5720afea-21e8-4651-b478-4edc02de0b81",
"url--5720afea-21e8-4651-b478-4edc02de0b81",
"observed-data--5720afea-b4c4-40e9-8608-447502de0b81",
"url--5720afea-b4c4-40e9-8608-447502de0b81",
"observed-data--5720afeb-0fc4-43c3-8773-446602de0b81",
"url--5720afeb-0fc4-43c3-8773-446602de0b81",
"observed-data--5720afeb-23c0-446c-9d98-459002de0b81",
"url--5720afeb-23c0-446c-9d98-459002de0b81",
"observed-data--5720afec-9cb0-4396-8871-49b302de0b81",
"url--5720afec-9cb0-4396-8871-49b302de0b81",
"observed-data--5720afec-af24-4388-86e5-467b02de0b81",
"url--5720afec-af24-4388-86e5-467b02de0b81",
"observed-data--5720afed-1c6c-45fb-92e2-4da302de0b81",
"url--5720afed-1c6c-45fb-92e2-4da302de0b81",
"observed-data--5720afed-061c-4ce2-a416-4c5002de0b81",
"url--5720afed-061c-4ce2-a416-4c5002de0b81",
"observed-data--5720afed-83bc-412a-8908-434f02de0b81",
"url--5720afed-83bc-412a-8908-434f02de0b81",
"observed-data--5720afee-86b4-4fa4-b199-406702de0b81",
"url--5720afee-86b4-4fa4-b199-406702de0b81",
"observed-data--5720afee-4698-488c-b229-4ab402de0b81",
"url--5720afee-4698-488c-b229-4ab402de0b81",
"observed-data--5720afef-4ccc-42e5-b078-4f4502de0b81",
"url--5720afef-4ccc-42e5-b078-4f4502de0b81",
"observed-data--5720afef-0654-4826-9b13-429202de0b81",
"url--5720afef-0654-4826-9b13-429202de0b81",
"observed-data--5720afef-6d58-4f80-a690-40df02de0b81",
"url--5720afef-6d58-4f80-a690-40df02de0b81",
"observed-data--5720aff0-386c-46a0-9bad-49c802de0b81",
"url--5720aff0-386c-46a0-9bad-49c802de0b81",
"observed-data--5720aff0-7ca4-4d7d-bd6f-4f5002de0b81",
"url--5720aff0-7ca4-4d7d-bd6f-4f5002de0b81",
"observed-data--5720aff1-0b10-4d26-ba8c-4fa102de0b81",
"url--5720aff1-0b10-4d26-ba8c-4fa102de0b81",
"observed-data--5720aff1-d38c-4a90-adbe-41b902de0b81",
"url--5720aff1-d38c-4a90-adbe-41b902de0b81",
"observed-data--5720aff1-d1b0-4117-a6a7-42b802de0b81",
"url--5720aff1-d1b0-4117-a6a7-42b802de0b81",
"observed-data--5720aff2-535c-47cc-8f16-4f8c02de0b81",
"url--5720aff2-535c-47cc-8f16-4f8c02de0b81",
"observed-data--5720aff2-18f0-4a21-bd60-4d2e02de0b81",
"url--5720aff2-18f0-4a21-bd60-4d2e02de0b81",
"observed-data--5720aff3-ecdc-470b-9d26-4e1d02de0b81",
"url--5720aff3-ecdc-470b-9d26-4e1d02de0b81",
"observed-data--5720aff3-1498-4449-8a48-460e02de0b81",
"url--5720aff3-1498-4449-8a48-460e02de0b81",
"observed-data--5720aff3-811c-4e2f-baf8-4c3602de0b81",
"url--5720aff3-811c-4e2f-baf8-4c3602de0b81",
"observed-data--5720aff4-5634-4270-a6b4-479f02de0b81",
"url--5720aff4-5634-4270-a6b4-479f02de0b81",
"observed-data--5720aff4-20c0-4215-98a3-455b02de0b81",
"url--5720aff4-20c0-4215-98a3-455b02de0b81",
"observed-data--5720aff5-7ae8-4416-8498-439b02de0b81",
"url--5720aff5-7ae8-4416-8498-439b02de0b81",
"observed-data--5720aff5-4938-4165-b5d5-47f902de0b81",
"url--5720aff5-4938-4165-b5d5-47f902de0b81",
"observed-data--5720aff6-6adc-45f3-97bb-4dd202de0b81",
"url--5720aff6-6adc-45f3-97bb-4dd202de0b81",
"observed-data--5720aff6-22e8-404f-8a99-408d02de0b81",
"url--5720aff6-22e8-404f-8a99-408d02de0b81",
"observed-data--5720aff6-816c-4333-a6bb-473f02de0b81",
"url--5720aff6-816c-4333-a6bb-473f02de0b81",
"observed-data--5720aff7-87e0-4f28-aa47-4ec902de0b81",
"url--5720aff7-87e0-4f28-aa47-4ec902de0b81",
"observed-data--5720aff7-e398-43a1-93ec-445002de0b81",
"url--5720aff7-e398-43a1-93ec-445002de0b81",
"observed-data--5720aff8-4574-4e86-9550-4ca402de0b81",
"url--5720aff8-4574-4e86-9550-4ca402de0b81",
"observed-data--5720aff8-a480-4a8d-a106-43c702de0b81",
"url--5720aff8-a480-4a8d-a106-43c702de0b81",
"observed-data--5720aff9-92fc-4198-9f33-4e1902de0b81",
"url--5720aff9-92fc-4198-9f33-4e1902de0b81",
"observed-data--5720aff9-f154-41c7-905c-4f3102de0b81",
"url--5720aff9-f154-41c7-905c-4f3102de0b81",
"observed-data--5720aff9-3048-4353-b088-459e02de0b81",
"url--5720aff9-3048-4353-b088-459e02de0b81",
"observed-data--5720affa-34a4-47ea-8d6c-4feb02de0b81",
"url--5720affa-34a4-47ea-8d6c-4feb02de0b81",
"observed-data--5720affa-6768-40e0-83a2-462c02de0b81",
"url--5720affa-6768-40e0-83a2-462c02de0b81",
"observed-data--5720affb-5ef0-447b-a48f-4e3702de0b81",
"url--5720affb-5ef0-447b-a48f-4e3702de0b81",
"observed-data--5720affb-64a4-461a-9472-460f02de0b81",
"url--5720affb-64a4-461a-9472-460f02de0b81",
"observed-data--5720affc-1fd0-4dec-8a3a-419202de0b81",
"url--5720affc-1fd0-4dec-8a3a-419202de0b81",
"observed-data--5720affc-bb10-4409-b8c5-4d2a02de0b81",
"url--5720affc-bb10-4409-b8c5-4d2a02de0b81",
"observed-data--5720affc-5fd4-4075-9aba-46c202de0b81",
"url--5720affc-5fd4-4075-9aba-46c202de0b81",
"observed-data--5720affd-75bc-499f-8a64-4afc02de0b81",
"url--5720affd-75bc-499f-8a64-4afc02de0b81",
"observed-data--5720affd-504c-487f-9cc3-4da102de0b81",
"url--5720affd-504c-487f-9cc3-4da102de0b81",
"observed-data--5720affe-0c98-4caf-a7dd-492b02de0b81",
"url--5720affe-0c98-4caf-a7dd-492b02de0b81",
"observed-data--5720affe-b3b4-4f2b-a988-432d02de0b81",
"url--5720affe-b3b4-4f2b-a988-432d02de0b81",
"observed-data--5720afff-f690-43b2-8adf-46f102de0b81",
"url--5720afff-f690-43b2-8adf-46f102de0b81",
"observed-data--5720afff-2798-4740-b9d7-4a8002de0b81",
"url--5720afff-2798-4740-b9d7-4a8002de0b81",
"observed-data--5720afff-8210-4354-9160-4c4002de0b81",
"url--5720afff-8210-4354-9160-4c4002de0b81",
"observed-data--5720b000-22b4-4dfb-a8f2-4d7d02de0b81",
"url--5720b000-22b4-4dfb-a8f2-4d7d02de0b81",
"observed-data--5720b000-ce20-4a79-ad61-450e02de0b81",
"url--5720b000-ce20-4a79-ad61-450e02de0b81",
"observed-data--5720b000-40d8-4d5e-96fe-456802de0b81",
"url--5720b000-40d8-4d5e-96fe-456802de0b81",
"observed-data--5720b001-f6bc-415b-b415-49fd02de0b81",
"url--5720b001-f6bc-415b-b415-49fd02de0b81",
"observed-data--5720b001-2bcc-49da-be57-486002de0b81",
"url--5720b001-2bcc-49da-be57-486002de0b81",
"observed-data--5720b001-eb08-4daf-bc69-479a02de0b81",
"url--5720b001-eb08-4daf-bc69-479a02de0b81",
"observed-data--5720b002-30d0-4452-9d84-4dd902de0b81",
"url--5720b002-30d0-4452-9d84-4dd902de0b81",
"observed-data--5720b002-b27c-4dc7-a7c1-40d302de0b81",
"url--5720b002-b27c-4dc7-a7c1-40d302de0b81",
"observed-data--5720b002-a810-4a8b-a573-4c5102de0b81",
"url--5720b002-a810-4a8b-a573-4c5102de0b81",
"observed-data--5720b003-8dac-4425-82ad-410302de0b81",
"url--5720b003-8dac-4425-82ad-410302de0b81",
"observed-data--5720b003-f4d4-4f5d-82c6-4d2102de0b81",
"url--5720b003-f4d4-4f5d-82c6-4d2102de0b81",
"observed-data--5720b003-ae6c-4d88-b6ea-4b0202de0b81",
"url--5720b003-ae6c-4d88-b6ea-4b0202de0b81",
"indicator--5720b076-8c24-4f3e-914c-4aab950d210f",
"indicator--5720b076-a6c8-41dd-85d0-44a7950d210f",
"indicator--5720b077-bb04-4bf8-ba64-4872950d210f",
"indicator--5720b077-c04c-4b2e-a1b5-4baf950d210f",
"indicator--5720b078-ca78-4697-8e6d-4f68950d210f",
"indicator--5720b078-3c80-4035-9ddc-46df950d210f",
"indicator--5720b079-daa4-4419-9644-4f97950d210f",
"indicator--5720b079-c878-45e4-91e9-48d9950d210f",
"indicator--5720b07a-c3f8-4d19-b228-4b9c950d210f",
"indicator--5720b07a-0a00-4488-ae93-4fbe950d210f",
"indicator--5720b07b-7a40-4753-a059-4d81950d210f",
"indicator--5720b07c-e980-45fe-b416-41dd950d210f",
"indicator--5720b07c-dcb8-49d7-a8e6-4007950d210f",
"indicator--5720b07d-c4a4-4654-acc0-44b5950d210f",
"indicator--5720b07d-5538-478d-a2d5-478a950d210f",
"indicator--5720b07d-3108-4899-ba19-4786950d210f",
"indicator--5720b07e-c87c-4146-87ab-488e950d210f",
"indicator--5720b07e-73e8-42df-a35e-449c950d210f",
"indicator--5720b07f-2a54-4881-b027-4b3a950d210f",
"indicator--5720b07f-548c-4320-bf25-49f7950d210f",
"indicator--5720b080-02ec-409a-bb77-4012950d210f",
"indicator--5720b080-0d14-4696-879d-46c7950d210f",
"indicator--5720b080-5118-4bc2-b68b-4d11950d210f",
"indicator--5720b081-79bc-493e-ab4c-4b97950d210f",
"indicator--5720b081-cc8c-4632-b235-497b950d210f",
"indicator--5720b082-0c3c-4c3e-9e93-4563950d210f",
"indicator--5720b082-9f90-432c-a55d-4224950d210f",
"indicator--5720b083-adc4-47d2-a3bb-451c950d210f",
"indicator--5720b083-ade8-43e5-bacb-4f55950d210f",
"indicator--5720b083-11b0-462a-ab16-4d80950d210f",
"indicator--5720b084-2c64-439c-8f04-4f14950d210f",
"indicator--5720b084-41d4-422c-904c-4bd3950d210f",
"indicator--5720b085-3598-4151-85c0-4a62950d210f",
"indicator--5720b085-0bf0-4d5c-bfd5-4481950d210f",
"indicator--5720b085-e7ec-4523-a944-42d3950d210f",
"indicator--5720b086-b874-417e-a5dc-477f950d210f",
"indicator--5720b086-a924-477c-b0e3-4a11950d210f",
"indicator--5720b087-0da8-4e3c-9c49-4faa950d210f",
"indicator--5720b087-6fe8-4688-bb84-4f6e950d210f",
"indicator--5720b088-0214-4f50-a0f5-43e2950d210f",
"indicator--5720b088-a978-45c1-8275-48cd950d210f",
"indicator--5720b089-4cec-4069-9ab6-4223950d210f",
"indicator--5720b089-f730-4077-8bac-4906950d210f",
"indicator--5720b089-bcb4-410e-bfff-427b950d210f",
"indicator--5720b08a-6cd4-49eb-9a90-46eb950d210f",
"indicator--5720b258-aebc-4eca-b403-405b950d210f",
"indicator--5720b259-b5b4-458a-ae3a-4d26950d210f",
"indicator--5720b25a-0128-4afa-b1dc-4a70950d210f",
"indicator--5720b25b-3f18-44e9-a5e2-462d950d210f",
"indicator--5720b25c-f098-4d8e-9ce0-4f78950d210f",
"indicator--5720b25c-fbec-4581-917b-4ccd950d210f",
"indicator--5720b25d-6128-4f96-8c0b-47f9950d210f",
"indicator--5720b25d-1f74-4702-bde8-4156950d210f",
"indicator--5720b25e-d0b4-4921-9009-4520950d210f",
"indicator--5720b25f-8de8-4db1-80a5-468c950d210f",
"indicator--5720b25f-c014-4553-ac88-4152950d210f",
"indicator--5720b260-561c-436c-ba57-4cdc950d210f",
"indicator--5720b261-d970-43ea-bd36-4057950d210f",
"indicator--5720b262-344c-494b-b836-42c3950d210f",
"indicator--5720b262-f238-457c-ae3e-4a77950d210f",
"indicator--5720b263-26b8-4980-8f7e-43f4950d210f",
"indicator--5720b264-0fb4-428a-85a3-44d2950d210f",
"indicator--5720b265-41ec-4b6a-af54-43d7950d210f",
"indicator--5720b266-0810-4306-bca8-40c7950d210f",
"indicator--5720b266-f938-427d-92ad-495b950d210f",
"indicator--5720b267-ed8c-48a9-baf3-4b9e950d210f",
"indicator--5720b268-6384-4eb7-a863-4c06950d210f",
"indicator--5720b269-c43c-4673-8a29-4aa5950d210f",
"indicator--5720b269-e578-4b3a-87d2-4e05950d210f",
"indicator--5720b26a-5414-4478-895e-4fac950d210f",
"indicator--5720b26b-aeb8-4dd8-968e-46bf950d210f",
"indicator--5720b26c-4844-4291-b809-47c9950d210f",
"indicator--5720b26d-6430-4d00-abd5-499a950d210f",
"indicator--5720b26d-dd18-4a6a-ad4c-493f950d210f",
"indicator--5720b26e-e138-4a86-96e9-45f3950d210f",
"observed-data--5720b303-9c8c-430d-97a9-438902de0b81",
"url--5720b303-9c8c-430d-97a9-438902de0b81",
"observed-data--5720b304-c170-4d2a-b49a-40c102de0b81",
"url--5720b304-c170-4d2a-b49a-40c102de0b81",
"observed-data--5720b304-04bc-4fa1-a47c-458702de0b81",
"url--5720b304-04bc-4fa1-a47c-458702de0b81",
"observed-data--5720b304-1b50-498a-b220-433f02de0b81",
"url--5720b304-1b50-498a-b220-433f02de0b81",
"observed-data--5720b305-f2b8-4381-a643-40fa02de0b81",
"url--5720b305-f2b8-4381-a643-40fa02de0b81",
"observed-data--5720b305-7818-4b52-a8d7-47c002de0b81",
"url--5720b305-7818-4b52-a8d7-47c002de0b81",
"observed-data--5720b306-0cd8-45b5-a9e8-42ea02de0b81",
"url--5720b306-0cd8-45b5-a9e8-42ea02de0b81",
"observed-data--5720b306-7fc0-4bb8-b6fa-4e6302de0b81",
"url--5720b306-7fc0-4bb8-b6fa-4e6302de0b81",
"observed-data--5720b307-8d68-443c-8ca9-46f102de0b81",
"url--5720b307-8d68-443c-8ca9-46f102de0b81",
"observed-data--5720b307-b0a0-4c22-b2bb-408102de0b81",
"url--5720b307-b0a0-4c22-b2bb-408102de0b81",
"observed-data--5720b307-964c-4956-8000-4b1902de0b81",
"url--5720b307-964c-4956-8000-4b1902de0b81",
"observed-data--5720b308-96c0-4e3e-8ab7-431002de0b81",
"url--5720b308-96c0-4e3e-8ab7-431002de0b81",
"observed-data--5720b308-77f8-4ab5-a33c-4c7d02de0b81",
"url--5720b308-77f8-4ab5-a33c-4c7d02de0b81",
"indicator--5720b5b3-4278-44c7-a16c-49e5950d210f",
"indicator--5720b5b4-2c14-490e-afc9-4101950d210f",
"indicator--5720b5b5-05d4-435c-bd8e-4177950d210f",
"indicator--5720b5b5-5cb8-4a98-8ce4-4b88950d210f",
"indicator--5720b5b6-0a6c-4da2-8921-43ac950d210f",
"indicator--5720b5b7-8544-43b0-8034-4223950d210f",
"indicator--5720b5b8-c268-49bc-a6d4-4e40950d210f",
"indicator--5720b5b9-28fc-4482-9cd5-43e0950d210f",
"indicator--5720bdbf-63c0-4f15-91a2-4021950d210f",
"indicator--5720bdc0-5b2c-4bd8-bbaf-43b7950d210f",
"indicator--5720bdc0-674c-4642-84a2-4251950d210f",
"indicator--5720bdc1-a980-44f6-a712-4566950d210f",
"indicator--5720bdc1-eaac-45cb-b4b7-49ef950d210f",
"indicator--5720bdc1-ada4-434b-a603-417c950d210f",
"indicator--5720bdc2-8dcc-4ca8-ab03-4033950d210f",
"indicator--5720bdc2-9db4-4ac7-97a2-4336950d210f",
"indicator--5720bdc3-6f04-4f37-9eb4-4b21950d210f",
"indicator--5720bdc3-c944-49cf-8c99-4323950d210f",
"indicator--5720bdc4-d784-4c6f-82c8-45ac950d210f",
"indicator--5720bdc4-5964-4e7b-aae8-4688950d210f",
"indicator--5720bdc4-b4d8-4ab2-88e1-4acc950d210f",
"indicator--5720bdc5-57b4-4652-bc99-45fa950d210f",
"indicator--5720bdc5-27c4-4bee-8ca9-4135950d210f",
"indicator--5720bdc6-d49c-492f-8677-4189950d210f",
"indicator--5720bdc6-1904-457d-b051-4848950d210f",
"indicator--5720bdc7-d8b4-4bdc-935a-4798950d210f",
"indicator--5720bdc7-c088-4297-897e-4080950d210f",
"indicator--5720bdc7-6a80-49a6-81c5-4bf0950d210f",
"indicator--5720bdc8-8cec-46f6-869e-4693950d210f",
"indicator--5720bdc8-2574-4318-904e-4afa950d210f",
"indicator--5720bdc9-decc-4451-8838-4e2e950d210f",
"indicator--5720bdc9-3390-4a39-8530-4c7f950d210f",
"indicator--5720bdca-e6b8-42fb-9933-4689950d210f",
"indicator--5720bdca-e3f4-4264-a6b2-4dbf950d210f",
"indicator--5720bdca-9824-410f-b184-42dd950d210f",
"indicator--5720bdcb-bff0-4d41-b423-4d80950d210f",
"indicator--5720bdcb-9738-42a9-a55a-4c37950d210f",
"indicator--5720bdcc-9ac8-4f1f-b8b2-459d950d210f",
"indicator--5720bdcc-d3dc-44d0-83ee-45ab950d210f",
"indicator--5720bdcd-8f30-45da-9683-49fb950d210f",
"indicator--5720bdcd-e644-419d-95f3-4e0e950d210f",
"indicator--5720bdcd-04b4-417c-b4a9-45e7950d210f",
"indicator--5720bdce-9ba0-4b9b-b8e8-4f5e950d210f",
"indicator--5720bdce-a6ec-4569-91eb-46ea950d210f",
"indicator--5720bdcf-f7f8-4ab3-aec2-46c6950d210f",
"indicator--5720bdcf-3940-42e8-a44e-4f75950d210f",
"indicator--5720bdd0-ce44-4b6d-8005-4134950d210f",
"indicator--5720bdd0-cd00-44d9-b8af-4720950d210f",
"indicator--5720bdd0-bd08-440c-9c97-4646950d210f",
"indicator--5720bdd1-264c-4656-ac27-4fab950d210f",
"indicator--5720bdd1-1b90-4fab-b9e8-42e2950d210f",
"indicator--5720bdd2-e71c-4b3c-a0a8-4ddd950d210f",
"indicator--5720bdd2-0eec-4d42-83c5-41ae950d210f",
"indicator--5720bdd2-7e28-46ac-a040-4172950d210f",
"indicator--5720bdd3-a0f8-4b69-8b36-4ab3950d210f",
"indicator--5720bdd3-1d18-4806-9d24-4fd2950d210f",
"indicator--5720bdd4-b3a0-4e7f-b629-4e87950d210f",
"indicator--5720bdd4-5830-4ec6-b372-4e55950d210f",
"indicator--5720bdd4-825c-44ec-b2a1-4ff2950d210f",
"indicator--5720bdd5-4ca0-4e46-9526-406f950d210f",
"indicator--5720bdd5-cb50-4bca-97c4-4037950d210f",
"indicator--5720bdd6-1d24-4814-bff7-4934950d210f",
"indicator--5720bdd6-9298-4ed0-a86a-4a06950d210f",
"indicator--5720bdd7-0c3c-484b-96a2-47bf950d210f",
"indicator--5720bdd7-9384-47c0-83dc-4db9950d210f",
"indicator--5720bdd7-2fe4-43da-bbb0-4823950d210f",
"indicator--5720bdd8-b494-4b74-8bad-45f4950d210f",
"indicator--5720bdd8-cb9c-4952-95a3-48a4950d210f",
"indicator--5720bdd9-6158-4256-80a8-444f950d210f",
"indicator--5720bdd9-9d7c-4674-ae10-4950950d210f",
"indicator--5720bdda-7da4-4391-b139-4512950d210f",
"indicator--5720bdda-bd94-44d0-a784-4a4b950d210f",
"indicator--5720bdda-2a48-4266-8b7a-4c57950d210f",
"indicator--5720bddb-a830-4a40-a70a-4f18950d210f",
"indicator--5720bddb-7440-4b49-a38a-4302950d210f",
"indicator--5720bddc-2000-4a09-9fb3-4628950d210f",
"indicator--5720bddc-3058-4764-a198-48ad950d210f",
"indicator--5720bddc-4b90-4255-9a38-409d950d210f",
"indicator--5720bddd-8d18-47c5-90ed-4a3f950d210f",
"indicator--5720bddd-f8e0-4ea2-8b5e-4ed5950d210f",
"indicator--5720bddd-2a9c-426a-9f9c-4e59950d210f",
"indicator--5720bddd-320c-4f32-9ac2-4762950d210f",
"indicator--5720bddd-147c-4e6d-a7b5-43fa950d210f",
"indicator--5720bdde-06b0-4ddf-b361-444a950d210f",
"indicator--5720bdde-6488-4fba-8b22-42b6950d210f",
"indicator--5720bdde-adf0-497f-8344-40c4950d210f",
"indicator--5720bdde-676c-42cf-8404-45fe950d210f",
"indicator--5720bdde-1554-4e0b-a882-4e58950d210f",
"indicator--5720bddf-a898-42d7-a21f-434d950d210f",
"indicator--5720bddf-1bcc-40fb-a337-4c8d950d210f",
"indicator--5720bddf-3e1c-4cb5-aa24-46e2950d210f",
"indicator--5720bddf-a3b8-433b-9c67-44af950d210f",
"indicator--5720bddf-72a8-4ddc-ba3f-47e4950d210f",
"indicator--5720bddf-8620-49f7-bf3a-4ba9950d210f",
"indicator--5720bde0-888c-474e-bd8c-4bfc950d210f",
"indicator--5720bde0-20d4-412c-8b8c-43f0950d210f",
"indicator--5720bde0-551c-40ff-aef0-4c73950d210f",
"indicator--5720bde0-32b4-4336-807e-4be2950d210f",
"indicator--5720bde0-f550-4dc7-aa8e-47ca950d210f",
"indicator--5720bde1-33e4-469d-9bfe-4155950d210f",
"indicator--5720bde1-236c-496b-ad97-431d950d210f",
"indicator--5720bde1-abb0-4460-b1a6-4df0950d210f",
"indicator--5720bde1-73c4-4b9b-83f2-4fb6950d210f",
"indicator--5720bde1-6580-4eff-a04d-4457950d210f",
"indicator--5720bde2-f874-4d67-ba5c-4e9d950d210f",
"indicator--5720bde2-9b34-46fe-9899-49bb950d210f",
"indicator--5720bde2-3c14-4ae1-90d3-42fe950d210f",
"indicator--5720bde2-69f8-425f-8b6d-42d0950d210f",
"indicator--5720bde2-c8f8-46e9-83af-4d33950d210f",
"indicator--5720bde2-1680-4d2f-ad3b-410a950d210f",
"indicator--5720bde3-8d94-4db2-a0de-45c4950d210f",
"indicator--5720bde3-5408-4a3f-8064-42d0950d210f",
"indicator--5720bde3-1860-4eb7-811b-4435950d210f",
"indicator--5720bde3-19e8-4684-8e45-4fb5950d210f",
"indicator--5720bde3-b0a8-4007-8229-4daf950d210f",
"indicator--5720bde4-2ee0-452f-bd55-49c3950d210f",
"indicator--5720bde4-1b98-495a-8a29-4e96950d210f",
"indicator--5720bde4-cec0-44e7-b354-433f950d210f",
"indicator--5720bde4-9080-4633-828a-4a2e950d210f",
"indicator--5720bde4-7180-4eef-a28c-4b3c950d210f",
"indicator--5720bde4-9a58-4ed6-9e5d-45c3950d210f",
"indicator--5720bde5-cf28-4768-bc40-4721950d210f",
"indicator--5720bde5-ae24-468f-bb9b-4100950d210f",
"indicator--5720bde5-aa80-41a7-b925-4ec2950d210f",
"indicator--5720bde5-3c08-404d-a9af-4903950d210f",
"indicator--5720bde5-4c50-477a-a797-4691950d210f",
"indicator--5720bde6-34a0-4426-955a-4988950d210f",
"indicator--5720bde6-e1ac-4037-b9c9-4a5b950d210f",
"indicator--5720bde6-6744-4f45-aa13-4fd0950d210f",
"indicator--5720bde6-55c4-4ad6-940a-4300950d210f",
"indicator--5720bde6-cad4-46e1-909d-4299950d210f",
"indicator--5720bde6-f92c-4ae9-9078-4965950d210f",
"indicator--5720bde7-0150-4192-8a96-4633950d210f",
"indicator--5720bde7-ea98-4d84-9385-42e5950d210f",
"indicator--5720bde7-9f50-4969-bc66-423f950d210f",
"indicator--5720bde7-a03c-48d3-82a9-43b9950d210f",
"indicator--5720bde7-ec78-4200-94bc-476f950d210f",
"indicator--5720bde7-6e8c-42f8-a5aa-47fc950d210f",
"indicator--5720bde8-c948-4471-8a64-40b3950d210f",
"indicator--5720bde8-5254-4fdb-950d-4162950d210f",
"indicator--5720bde8-5594-45f8-8fb4-47bd950d210f",
"indicator--5720bde8-9c38-4336-ad5a-421a950d210f",
"indicator--5720bde8-199c-4dbb-92d9-49c8950d210f",
"indicator--5720bde9-2eac-486f-a6c4-4628950d210f",
"indicator--5720bde9-cb50-4130-91a4-4954950d210f",
"indicator--5720bde9-289c-4892-9a78-438b950d210f",
"indicator--5720bde9-66f0-4ad4-aeed-43f7950d210f",
"indicator--5720bde9-f2a4-4538-852c-4cc3950d210f",
"indicator--5720bdea-c208-4cc0-a10c-433a950d210f",
"indicator--5720bdea-6608-4087-ac9a-4675950d210f",
"indicator--5720bdea-10fc-4ac7-9ad9-4711950d210f",
"indicator--5720bdea-3f70-4201-9605-43c6950d210f",
"indicator--5720bdea-5cfc-4988-adc6-4928950d210f",
"indicator--5720bdea-208c-4110-95f4-4a9f950d210f",
"indicator--5720bdeb-1888-4fa1-81c4-4e96950d210f",
"indicator--5720bdeb-d5ec-49e6-892a-45e1950d210f",
"indicator--5720bdeb-6bc8-482b-86f9-4ae2950d210f",
"indicator--5720bdeb-fe98-460b-a5f5-45cc950d210f",
"indicator--5720bdeb-5220-4ec4-aecf-441e950d210f",
"indicator--5720bdec-cbdc-4e51-9962-4c26950d210f",
"indicator--5720bdec-ea94-4d4c-b5fb-4196950d210f",
"indicator--5720bdec-df88-43bc-9c44-4982950d210f",
"indicator--5720bdec-8e5c-45ef-b85a-47dd950d210f",
"indicator--5720bdec-8c84-4ed8-87b5-4d52950d210f",
"indicator--5720bdec-6270-4611-abca-4dde950d210f",
"indicator--5720bded-8a38-4ff7-9488-449a950d210f",
"indicator--5720bded-3b6c-4d99-a3d6-4dfc950d210f",
"indicator--5720bded-02e4-4dcc-9da6-43c1950d210f",
"indicator--5720bded-dec0-4aba-8504-44fb950d210f",
"indicator--5720bded-d77c-47f8-9627-4bfb950d210f",
"indicator--5720bdee-4c5c-4f70-aa8b-401f950d210f",
"indicator--5720bdee-1640-424e-abd8-47ad950d210f",
"indicator--5720bdee-6800-4bb3-853f-42a5950d210f",
"indicator--5720bdee-2c18-48c5-a898-4d12950d210f",
"indicator--5720bdee-2720-4a3f-b41f-4efb950d210f",
"indicator--5720bdee-1c84-4b24-af85-4321950d210f",
"indicator--5720bdef-802c-4936-8dce-4a94950d210f",
"indicator--5720bdef-3b24-4988-b066-450f950d210f",
"indicator--5720bdef-95f4-4c33-9922-4b36950d210f",
"indicator--5720bdef-c1a4-4394-b644-41af950d210f",
"indicator--5720bdef-21d0-4fb4-9320-4a3f950d210f",
"indicator--5720bdf0-6d98-452c-aeda-4313950d210f",
"indicator--5720bdf0-32f0-4fa3-b15f-46bd950d210f",
"indicator--5720bdf0-7a5c-4a1e-bc22-4e36950d210f",
"indicator--5720bdf0-0774-482f-87dd-4e65950d210f",
"indicator--5720bdf0-29d4-47ef-8701-4119950d210f",
"indicator--5720bdf0-2000-458d-b934-4eba950d210f",
"indicator--5720bdf1-2428-4b5f-a0e9-4c59950d210f",
"indicator--5720bdf1-7540-4cb2-8b85-40ee950d210f",
"indicator--5720bdf1-88f0-40cc-8dd8-40f8950d210f",
"indicator--5720bdf1-7640-4b6e-be96-44f0950d210f",
"indicator--5720bdf1-5360-4f56-993b-43b1950d210f",
"indicator--5720bdf2-57ec-412d-b124-4bc6950d210f",
"indicator--5720bdf2-fc50-4721-a99d-4f9f950d210f",
"indicator--5720bdf2-5488-48dc-b5da-4348950d210f",
"indicator--5720bdf2-5354-4e60-a646-48bc950d210f",
"indicator--5720bdf2-1cc0-46f7-b4a2-41c7950d210f",
"indicator--5720bdf2-4e0c-43ad-b775-4e18950d210f",
"indicator--5720bdf3-c628-4beb-9114-451a950d210f",
"indicator--5720bdf3-2d88-416f-b8cd-4080950d210f",
"indicator--5720bdf3-cc10-4398-9d44-4e7e950d210f",
"indicator--5720bdf3-d644-4ba0-b561-45cb950d210f",
"indicator--5720bdf3-2774-4935-8780-4ad9950d210f",
"indicator--5720bdf4-bb54-4997-b9f4-4e4e950d210f",
"indicator--5720bdf4-5b7c-44b3-a194-45f7950d210f",
"indicator--5720bdf4-73f4-4406-a993-4a60950d210f",
"indicator--5720bdf4-c7a8-45bd-bb3e-4e4b950d210f",
"indicator--5720bdf4-3a8c-48fa-9057-45aa950d210f",
"indicator--5720bdf4-ec38-414a-b61d-47c0950d210f",
"indicator--5720bdf5-df94-44d1-a72d-4420950d210f",
"indicator--5720bdf5-d648-4ebb-b1ad-4a5c950d210f",
"indicator--5720bdf5-fe84-45ff-9c1b-4c52950d210f",
"indicator--5720bdf5-ede8-4966-8da8-4e9b950d210f",
"indicator--5720bdf5-a37c-4e9b-ba26-4a39950d210f",
"indicator--5720bdf6-098c-4b48-94e1-4cdd950d210f",
"indicator--5720bdf6-f518-43b7-913b-421e950d210f",
"indicator--5720bdf6-c9d0-4dd9-b25f-44ac950d210f",
"indicator--5720bdf6-6150-43f8-bf99-4bb5950d210f",
"indicator--5720bdf6-b070-44f8-88ba-43bf950d210f",
"indicator--5720bdf6-ade4-4a0f-a410-4b63950d210f",
"indicator--5720bdf7-2c88-4a5f-8ffe-40fb950d210f",
"indicator--5720bdf7-78f4-4086-9ca7-4b02950d210f",
"indicator--5720bdf7-8284-494a-86d1-4958950d210f",
"indicator--5720bdf7-80e4-43bf-855e-4192950d210f",
"indicator--5720bdf7-c750-430b-adfb-4382950d210f",
"indicator--5720bdf8-896c-4c78-92d3-4f29950d210f",
"indicator--5720bdf8-7b38-40c8-967f-40de950d210f",
"indicator--5720bdf8-6394-4984-b5e6-4b19950d210f",
"indicator--5720bdf8-4788-4a0f-9861-4a88950d210f",
"indicator--5720bdf8-3ff8-4b23-a0fb-4ff3950d210f",
"indicator--5720bdf8-23a4-44a1-a900-473b950d210f",
"indicator--5720bdf9-e514-4d0a-ba80-4534950d210f",
"indicator--5720bdf9-d0e0-4ae6-8e1e-48e1950d210f",
"indicator--5720bdf9-ab10-42d0-9235-44b4950d210f",
"indicator--5720bdf9-d2b4-470e-8d0a-41c2950d210f",
"indicator--5720bdf9-0844-4c44-a9c0-47d6950d210f",
"indicator--5720bdfa-4228-4c70-983d-43d3950d210f",
"indicator--5720bdfa-3bb4-4195-aa0e-44a9950d210f",
"indicator--5720bdfa-45cc-48c7-8bac-40ff950d210f",
"indicator--5720bdfa-dfa4-48fd-b6ef-4563950d210f",
"indicator--5720bdfa-c030-4504-947b-46fb950d210f",
"indicator--5720bdfb-be74-4f8e-ad27-40f7950d210f",
"indicator--5720bdfb-6844-42b5-88d6-4c16950d210f",
"indicator--5720bdfb-e194-4897-aba0-4043950d210f",
"indicator--5720bdfb-c158-4b00-8ed1-4062950d210f",
"indicator--5720bdfb-62e4-4fe1-8fad-477c950d210f",
"indicator--5720bdfb-8b48-44bd-bd0a-4259950d210f",
"indicator--5720bdfc-9fac-4f7b-8401-4882950d210f",
"indicator--5720bdfc-f888-4e64-b86c-4528950d210f",
"indicator--5720bdfc-7514-4f3d-9937-4cbf950d210f",
"indicator--5720bdfc-c92c-4391-a13d-4e0d950d210f",
"indicator--5720bdfc-1bc8-4b7b-9427-405f950d210f",
"indicator--5720bdfd-69d0-4f8e-adb3-4e25950d210f",
"indicator--5720bdfd-51c8-43b7-95c4-439b950d210f",
"indicator--5720bdfd-36a0-4bd3-889b-41e8950d210f",
"indicator--5720bdfd-bf6c-423e-a82a-4168950d210f",
"indicator--5720bdfd-4054-47ce-97f8-46b2950d210f",
"indicator--5720bdfe-0930-438e-a079-4221950d210f",
"indicator--5720bdfe-0190-45e5-b3be-45f7950d210f",
"indicator--5720bdfe-4be4-44ae-9c98-44cf950d210f",
"indicator--5720bdfe-7364-49c2-b0ac-43e7950d210f",
"indicator--5720bdfe-c0ec-4c66-b07c-4d19950d210f",
"indicator--5720bdfe-6728-45cb-ab2d-4162950d210f",
"indicator--5720bdff-690c-4878-a60f-44af950d210f",
"indicator--5720bdff-7df0-429a-b53c-4002950d210f",
"indicator--5720bdff-1390-48bf-8e63-4bb5950d210f",
"indicator--5720bdff-3bc4-4a69-8b41-4f0e950d210f",
"indicator--5720bdff-bc5c-4219-9a88-448c950d210f",
"indicator--5720be00-be6c-4a5b-b858-438f950d210f",
"indicator--5720be00-cb1c-4c3d-a605-40ca950d210f",
"indicator--5720be00-f924-412e-adf7-48c4950d210f",
"indicator--5720be00-40d8-4981-b831-40a6950d210f",
"indicator--5720be00-a590-48ae-a2a4-4b54950d210f",
"indicator--5720be00-443c-44ed-8b3c-4568950d210f",
"indicator--5720be01-64d8-48f5-b494-4555950d210f",
"indicator--5720be01-33ec-4d00-8201-4ceb950d210f",
"indicator--5720be01-6404-4743-a637-4412950d210f",
"indicator--5720be01-daf4-4662-8668-4820950d210f",
"indicator--5720be01-4e28-414d-b130-4b20950d210f",
"indicator--5720be02-568c-4f49-bd83-426d950d210f",
"indicator--5720be02-3868-40ca-931c-4212950d210f",
"indicator--5720be02-ffbc-4554-b073-4af1950d210f",
"indicator--5720be02-f604-47f7-8751-44d4950d210f",
"indicator--5720be02-1978-4a09-89a3-41bc950d210f",
"indicator--5720be03-e1c8-4182-a7f8-4518950d210f",
"indicator--5720be03-2874-4568-a8a4-43e8950d210f",
"indicator--5720be03-0c84-43de-b53d-4ae9950d210f",
"indicator--5720be03-0704-4398-baf1-47bf950d210f",
"indicator--5720be03-0a94-4821-a4eb-4ccf950d210f",
"indicator--5720be03-3a08-4ee3-ace9-42e6950d210f",
"indicator--5720be04-b7a4-4654-8ea7-4779950d210f",
"indicator--5720be04-f0a4-498c-9c16-4e52950d210f",
"indicator--5720be04-c108-49a4-80c2-49ac950d210f",
"indicator--5720be04-7b78-4314-9c27-46ad950d210f",
"indicator--5720be04-a4ec-44e1-a4b8-45bc950d210f",
"indicator--5720be05-0a48-48a6-958d-4945950d210f",
"indicator--5720be05-a890-42c1-a490-4964950d210f",
"indicator--5720be05-d588-404b-8eb6-454f950d210f",
"indicator--5720be05-42d8-4f90-9588-4866950d210f",
"indicator--5720be05-ff50-4a67-b177-48da950d210f",
"indicator--5720be05-f6f0-4cbe-8511-428a950d210f",
"indicator--5720be06-1380-4c73-a564-45db950d210f",
"indicator--5720be06-260c-4600-a155-4ada950d210f",
"indicator--5720be06-b380-4f41-927a-4219950d210f",
"indicator--5720be06-69e0-494b-b124-45d8950d210f",
"indicator--5720be06-f754-4b39-b0d1-4fea950d210f",
"indicator--5720be07-639c-45aa-ad97-46b0950d210f",
"indicator--5720be07-25f0-4e38-8da2-4739950d210f",
"indicator--5720be07-12d0-479c-a45b-462e950d210f",
"indicator--5720be07-5ef4-4f9a-b62a-4fb6950d210f",
"indicator--5720be07-69c4-4985-8616-4e09950d210f",
"indicator--5720be07-4f00-472e-86ba-401f950d210f",
"indicator--5720be08-7d08-4783-b36f-4070950d210f",
"indicator--5720be08-eed0-4e51-8b2f-41ba950d210f",
"indicator--5720be08-0b78-4c17-afc5-4f64950d210f",
"indicator--5720be08-9e6c-4f24-99a0-422a950d210f",
"indicator--5720be08-e270-492a-ba37-40f5950d210f",
"indicator--5720be09-4948-4a37-a550-46f3950d210f",
"indicator--5720be09-1d14-43b4-bbf2-4ba3950d210f",
"indicator--5720be09-45ac-4c3f-a6a1-4235950d210f",
"indicator--5720be09-94c4-4547-9e3a-4317950d210f",
"indicator--5720be09-0f8c-462c-bfd7-44eb950d210f",
"indicator--5720be0a-3ccc-4322-92d1-463b950d210f",
"indicator--5720be0a-0f48-4561-8b50-4e0c950d210f",
"indicator--5720be0a-32a0-4886-b938-470e950d210f",
"indicator--5720be0a-5810-4bd1-be0f-4c62950d210f",
"indicator--5720be0a-0f98-4eae-9578-4375950d210f",
"indicator--5720be0a-98d0-4d4d-94d3-4fd3950d210f",
"indicator--5720be0b-b800-4ec2-84a2-433d950d210f",
"indicator--5720be0b-2a00-4c40-8b01-4d73950d210f",
"indicator--5720be0b-c288-4af8-a93e-4a9b950d210f",
"indicator--5720be0b-20c0-4fda-ac01-4b6f950d210f",
"indicator--5720be0b-1a70-408f-8de6-4756950d210f",
"indicator--5720be0c-1b68-4a1d-86f2-446a950d210f",
"indicator--5720be0c-db5c-46e5-8f5c-4aa5950d210f",
"indicator--5720be0c-9fec-47f4-b4f4-4d5f950d210f",
"indicator--5720be0c-676c-457d-8a96-44f0950d210f",
"indicator--5720be0c-d124-4519-b415-4689950d210f",
"indicator--5720be0c-02f0-4e64-85a9-49e9950d210f",
"indicator--5720be0d-4e20-4502-8b9f-4a53950d210f",
"indicator--5720be0d-7800-4345-869c-4ee9950d210f",
"indicator--5720be0d-2364-40c2-aadf-4475950d210f",
"indicator--5720be0d-dd0c-4f65-8dbc-4505950d210f",
"indicator--5720be0d-6aac-4845-8066-4512950d210f",
"indicator--5720be0e-7840-4275-87a9-4744950d210f",
"indicator--5720be0e-10b4-4929-a8ef-48bf950d210f",
"indicator--5720be0e-2edc-4544-88d3-4ee6950d210f",
"indicator--5720be0e-d294-4f29-a1fe-405c950d210f",
"indicator--5720be0e-ff4c-424a-afa7-4fcb950d210f",
"indicator--5720be0e-a98c-427f-bdaa-4935950d210f",
"indicator--5720be0f-c65c-47c7-9f25-47af950d210f",
"indicator--5720be0f-f184-482b-b16a-4478950d210f",
"indicator--5720be0f-b9d8-4a1f-9bf4-42f1950d210f",
"indicator--5720be0f-a3a4-496c-b3c7-4e3f950d210f",
"indicator--5720be0f-3274-4130-8495-43b0950d210f",
"indicator--5720be10-a608-4a1e-991e-4845950d210f",
"indicator--5720be10-1e24-4526-9901-4a3e950d210f",
"indicator--5720be10-fa90-414d-8c86-494e950d210f",
"indicator--5720be10-5d58-4e3d-93e5-4eaa950d210f",
"indicator--5720be10-a1e8-474d-98cf-44e1950d210f",
"indicator--5720be10-2af4-48c0-b397-4d39950d210f",
"indicator--5720be11-4bb4-4546-86b7-489b950d210f",
"indicator--5720be11-14b4-4cd0-88e2-48ed950d210f",
"indicator--5720be11-6464-4ae2-a045-4790950d210f",
"indicator--5720be11-8690-4b09-b766-4014950d210f",
"indicator--5720be11-2004-47ad-81da-4b05950d210f",
"indicator--5720be12-03c8-4866-b7bd-4da7950d210f",
"indicator--5720be12-070c-45a1-83c5-4ebc950d210f",
"indicator--5720be12-64e8-4a4f-8536-4292950d210f",
"indicator--5720be12-5eac-486c-baf0-47b8950d210f",
"indicator--5720be12-1300-46d8-97a2-4b3e950d210f",
"indicator--5720be12-3378-4c82-a2f2-4486950d210f",
"indicator--5720be13-a758-4182-956e-41da950d210f",
"indicator--5720be13-7fb0-4cad-9f7a-4a16950d210f",
"indicator--5720be13-f6f0-4441-b4ed-41ba950d210f",
"indicator--5720be13-1ccc-43df-ba58-457d950d210f",
"indicator--5720be13-482c-41af-9233-401f950d210f",
"indicator--5720be14-c968-4ab4-aaa3-46ae950d210f",
"indicator--5720be14-0698-4f32-a77e-43a8950d210f",
"indicator--5720be14-5f34-4b60-a958-4592950d210f",
"indicator--5720be14-de44-4931-b98f-4290950d210f",
"indicator--5720be14-9a44-4411-ad00-40dd950d210f",
"indicator--5720be14-c6bc-470c-b090-4ab5950d210f",
"indicator--5720be15-5204-4116-af99-4019950d210f",
"indicator--5720be15-6a58-4bf8-bd8c-4ea8950d210f",
"indicator--5720be15-c6a4-4ba0-90dc-4226950d210f",
"indicator--5720be15-a114-4c93-9f47-48f8950d210f",
"indicator--5720be15-5094-4e34-b647-4ad7950d210f",
"indicator--5720be16-24c4-4364-bc00-46f7950d210f",
"indicator--5720be16-5720-462c-be6f-4169950d210f",
"indicator--5720be16-cc74-43a5-befe-425c950d210f",
"indicator--5720be16-31c4-45e0-8103-4161950d210f",
"indicator--5720be16-9488-43d9-9c76-43c8950d210f",
"indicator--5720be16-3568-4b9e-930e-4044950d210f",
"indicator--5720be17-9c30-4861-b494-4ac5950d210f",
"indicator--5720be17-6b68-4d4e-b580-4b81950d210f",
"indicator--5720be17-5b94-4644-be73-4878950d210f",
"indicator--5720be17-f844-46fa-a47f-4b50950d210f",
"indicator--5720be17-ac48-4b19-9bde-4370950d210f",
"indicator--5720be18-8934-476f-983c-4cd5950d210f",
"indicator--5720be18-2f28-406a-94b9-48f3950d210f",
"indicator--5720be18-012c-4e11-9546-43c3950d210f",
"indicator--5720be18-d94c-4d0b-b593-4ce6950d210f",
"indicator--5720be18-35d0-43b9-b23a-4a9f950d210f",
"indicator--5720be18-e488-494f-9df0-4540950d210f",
"indicator--5720be19-9d60-4453-9851-4590950d210f",
"indicator--5720be19-6eb0-40cd-9b07-46d3950d210f",
"indicator--5720be19-e64c-43dd-bfb5-405c950d210f",
"indicator--5720be19-80b4-4214-8bed-486a950d210f",
"indicator--5720be19-c608-4282-b88e-4542950d210f",
"indicator--5720be1a-432c-408f-8957-419b950d210f",
"indicator--5720be1a-b88c-4c2e-8632-49f0950d210f",
"indicator--5720be1a-0d08-47a2-992a-44c5950d210f",
"indicator--5720be1a-66ac-43ca-ad7e-4d77950d210f",
"indicator--5720be1a-4d78-4afe-b893-4517950d210f",
"indicator--5720be1a-c850-4e15-a506-4cdc950d210f",
"indicator--5720be1b-912c-4488-9733-4ecb950d210f",
"indicator--5720be1b-31a8-440a-9b2f-4164950d210f",
"indicator--5720be1b-6a20-4d03-af42-4c4c950d210f",
"indicator--5720be1b-c858-4b26-84ce-4b90950d210f",
"indicator--5720be1b-9b64-4e0d-b296-42bd950d210f",
"indicator--5720be1c-58a4-4bd6-aa57-47a4950d210f",
"indicator--5720be1c-9874-485b-87b4-43a0950d210f",
"indicator--5720be1c-ba94-4bde-bc2c-49cb950d210f",
"indicator--5720be1c-77b8-4612-b064-41b0950d210f",
"indicator--5720be1c-0744-4847-b1c2-4b9f950d210f",
"indicator--5720be1d-2508-41d1-a940-4546950d210f",
"indicator--5720be1d-8dc4-41ad-95a5-4f1c950d210f",
"indicator--5720be1d-774c-4152-befb-4334950d210f",
"indicator--5720be1d-2c44-44fe-b68b-48bc950d210f",
"indicator--5720be1d-a398-470b-a4d7-4a4e950d210f",
"indicator--5720be1d-3700-4406-876c-48a1950d210f",
"indicator--5720be1e-9dfc-4cb3-91b8-4b76950d210f",
"indicator--5720be1e-be7c-4e2f-890f-45eb950d210f",
"indicator--5720be1e-5f24-4ef7-80b9-457b950d210f",
"indicator--5720be1e-0518-4d4a-8135-4469950d210f",
"indicator--5720be1e-f224-4492-8982-42d6950d210f",
"indicator--5720be1f-51c8-4f5c-8e7d-414c950d210f",
"indicator--5720be1f-c79c-4633-9d3b-421c950d210f",
"indicator--5720be1f-4274-426e-b433-4261950d210f",
"indicator--5720be1f-8210-4bc4-82c7-450d950d210f",
"indicator--5720be1f-2bec-4019-85d5-49d8950d210f",
"indicator--5720be1f-1ef8-431c-a605-4857950d210f",
"indicator--5720be20-1b64-4359-a9df-4a21950d210f",
"indicator--5720be20-5844-4789-bf04-4434950d210f",
"indicator--5720be20-bd60-45e9-8ff5-4e33950d210f",
"indicator--5720be20-5ddc-4dbe-9672-42a5950d210f",
"indicator--5720be20-602c-4aa6-b365-483c950d210f",
"indicator--5720be21-1550-48f1-afe9-4fb5950d210f",
"indicator--5720be21-6af0-42ae-a3ba-4f34950d210f",
"indicator--5720be21-3a28-419f-b3b9-40ea950d210f",
"indicator--5720be21-f2e4-4b7c-887a-4eac950d210f",
"indicator--5720be21-d2cc-431b-922f-4e82950d210f",
"indicator--5720be21-7a2c-4491-9d95-4d5b950d210f",
"indicator--5720be22-0068-4420-a402-479f950d210f",
"indicator--5720be22-c8e0-43d2-a2bf-4b66950d210f",
"indicator--5720be22-6964-4075-a003-4d78950d210f",
"indicator--5720be22-8f38-4583-8ae0-44e2950d210f",
"indicator--5720be22-d478-4024-98ab-422d950d210f",
"indicator--5720be23-da0c-4997-ad4e-4fa6950d210f",
"indicator--5720be23-8dac-4480-89c4-4775950d210f",
"indicator--5720be23-b128-4a7d-9758-494c950d210f",
"indicator--5720be23-7944-4d98-9641-4dd7950d210f",
"indicator--5720be23-7f98-4da5-9127-4fb3950d210f",
"indicator--5720be24-77e4-4ec9-b157-494d950d210f",
"indicator--5720be24-4504-40e0-b798-4549950d210f",
"indicator--5720be24-dba0-438b-ab9a-441d950d210f",
"indicator--5720be24-4ff0-412c-923e-45c9950d210f",
"indicator--5720be24-c8c0-47cb-8077-431d950d210f",
"indicator--5720be24-4890-4787-8c3a-454b950d210f",
"indicator--5720be25-c5c0-4c4d-8547-4ac2950d210f",
"indicator--5720be25-2698-4562-a0c4-4cf0950d210f",
"indicator--5720be25-3ec0-4323-99a6-4f05950d210f",
"indicator--5720be25-d848-42b5-b058-4627950d210f",
"indicator--5720be25-2ca0-450e-9764-4d82950d210f",
"indicator--5720be26-4ef0-4970-aada-4fcc950d210f",
"indicator--5720be26-c838-4ea7-8f82-4e88950d210f",
"indicator--5720be26-5114-4d32-b740-4c5b950d210f",
"indicator--5720be26-4c78-4f6e-b1f9-46e8950d210f",
"indicator--5720be26-e2cc-43be-b84b-4284950d210f",
"indicator--5720be26-07a0-44a9-9797-44a0950d210f",
"indicator--5720be27-a3bc-4ea9-a7fb-4fbf950d210f",
"indicator--5720be27-2330-4727-b4f1-4a6a950d210f",
"indicator--5720be27-08d0-44ec-b9cc-4a9a950d210f",
"indicator--5720be27-b418-4439-8e5c-4a19950d210f",
"indicator--5720be27-94e8-4c90-8dfb-4709950d210f",
"indicator--5720be28-2840-4b1d-b630-48e9950d210f",
"indicator--5720be28-f570-4d3e-8250-41e7950d210f",
"indicator--5720be28-8ab4-45cd-9e68-4143950d210f",
"indicator--5720be28-164c-4c87-99f0-411a950d210f",
"indicator--5720be28-100c-45ad-b1bb-4a2d950d210f",
"indicator--5720be28-7678-4f12-8b0a-425e950d210f",
"indicator--5720be29-8634-47e0-9aba-4c5e950d210f",
"indicator--5720be29-1648-45ad-adb3-41ee950d210f",
"indicator--5720be29-668c-4304-86ac-4bb0950d210f",
"indicator--5720be29-93a8-49a6-848a-4573950d210f",
"indicator--5720be29-cd30-4453-aa30-426c950d210f",
"indicator--5720be2a-c784-4c9c-b42d-4579950d210f",
"indicator--5720be2a-ae90-4af7-9d17-478a950d210f",
"indicator--5720be2a-3764-4c1d-89e6-4d5f950d210f",
"indicator--5720be2a-8060-4701-8075-4c50950d210f",
"indicator--5720be2a-19f8-4041-ba68-47f1950d210f",
"indicator--5720be2a-5c08-400f-b706-423d950d210f",
"indicator--5720be2b-f870-485f-a1e2-4ddb950d210f",
"indicator--5720be2b-9928-4bfd-b4b1-4c8c950d210f",
"indicator--5720be2b-006c-442c-9a60-4b6e950d210f",
"indicator--5720be2b-cccc-4932-ac44-4a4c950d210f",
"indicator--5720be2b-6648-44e3-82cf-4d07950d210f",
"indicator--5720be2c-c034-49ea-976f-4fc3950d210f",
"indicator--5720be2c-3bb8-4f08-a9b4-4fd5950d210f",
"indicator--5720be2c-eb94-475f-aea2-4931950d210f",
"indicator--5720be2c-d4dc-4df1-9dee-4c71950d210f",
"indicator--5720be2c-7c8c-44de-b69a-49b2950d210f",
"indicator--5720be2d-79e4-4a51-bb2e-4392950d210f",
"indicator--5720be2d-8248-4671-87df-4b2c950d210f",
"indicator--5720be2d-3f2c-429f-adbc-4ae3950d210f",
"indicator--5720be2d-884c-47e8-87b0-40d4950d210f",
"indicator--5720be2d-9ad8-4204-b2e6-44a4950d210f",
"indicator--5720be2d-e1cc-4fef-a835-4d52950d210f",
"indicator--5720be2e-b114-4342-9c69-4e54950d210f",
"indicator--5720be2e-a0e4-4989-a7bc-423b950d210f",
"indicator--5720be2e-5398-4cbe-81f2-47d8950d210f",
"indicator--5720be2e-8e3c-4e7b-8bcc-4987950d210f",
"indicator--5720be2e-4474-4336-896a-414e950d210f",
"indicator--5720be2f-cb4c-4e17-a3ab-485e950d210f",
"indicator--5720be2f-5a60-4424-a38e-466c950d210f",
"indicator--5720be2f-9fb4-44a7-ae2e-4771950d210f",
"indicator--5720be2f-d58c-4a47-8aa8-43df950d210f",
"indicator--5720be2f-bef0-46f5-8f63-4bf5950d210f",
"indicator--5720be2f-0ebc-4906-a483-456b950d210f",
"indicator--5720be30-98b4-47b6-86fe-44f5950d210f",
"indicator--5720be30-3e0c-4fe1-bd53-4302950d210f",
"indicator--5720be30-718c-4b03-9505-432b950d210f",
"indicator--5720be30-148c-44b2-b3d1-4f5a950d210f",
"indicator--5720be30-a800-4a28-a066-466b950d210f",
"indicator--5720be31-f894-4ed8-a44c-4972950d210f",
"indicator--5720be31-fbe4-42b6-93f6-47ea950d210f",
"indicator--5720be31-fc9c-4327-8b27-4ca0950d210f",
"indicator--5720be31-1b0c-4191-b64d-4d44950d210f",
"indicator--5720be31-ef3c-4fee-a3e0-4d62950d210f",
"indicator--5720be31-a430-4b12-b60d-4f8d950d210f",
"indicator--5720be32-4ad8-472a-a75d-4f1d950d210f",
"indicator--5720be32-98e8-45c1-9f90-4648950d210f",
"indicator--5720be32-54fc-468a-af1d-4bab950d210f",
"indicator--5720be32-4420-4d97-96e3-4f95950d210f",
"indicator--5720be32-8b54-4f13-aa29-41f9950d210f",
"indicator--5720be33-1a60-49ef-a2ba-411d950d210f",
"indicator--5720be33-4cc8-4946-822e-40d9950d210f",
"indicator--5720be33-9334-4e6f-b246-497c950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad01-4e34-450e-a46c-425b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:53.000Z",
"modified": "2016-04-27T12:13:53.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALthm0gEham7dgUAAPAMAAAgABwAYjM5NTVmMTYwNTk3N2JjNTQ1YzQzZWY4NjkzMGFkMzJVVAkAAwGtIFcBrSBXdXgLAAEEIQAAAAQhAAAAGw06SFbBL4irU+VPQNMZEVhnwBJB9Qjgg9euD6/tD9UgJ+WjxNfgvHneulQjzRI58DZKFDW70/xY3X9XYgmKcygNsjARJYMJZ3G8AJLVBMbQND3sSmTWQTTTeYCeyBaUglbAJZ9GaF+O8mbViFnORWe0ibYNrPGkb6cny2ZgKqD5XDRXAtL6qesr2K6ZCt01DRVNT5ybkJlR1ptanHZI7Aj3uDFFh53x8RLsa5oa28Im14XROSe+nV/TDz+xcvECxJa7RqQakcTmWCa8AjQjsYtbEIsBE6yatEeHcWUPG3uIVYufyf37Albjaj5x189TcbVbJ0rSgqhODLJVTcFaF+H3lLqne/fKQDZJdpARXo7D9CZIl/zAqVVlnx2/l4CFWbpxFJyg15MiZt8o+Z8/ilq0+eMc+SFWTe5byOu2i6ZdYlrkVquNvkLm7Bqn0zySa45ywmf7ZGgyYRlnTI9sGflottkVgI/t+rP5Svgm0EsA1fxTTGDQqDnjJTqgxiumpPfyZaTbT8YN7TQDU6mLZvSRAIMrS49D6u9yACEF7Vbzx5s5PmHSFYgWn+wL0vvFSrN/hdlNymzIC4Jr+y5Pm681jXFRG8+JRWgthvGz7ibV1lJpc75rnF39DyppOEEyq9B/3bI7kqlU4wDy4lyTs6M24cwgbpDfpoiRYHNF0oD0+ptJH9Orb+gNlKf7mR34sMDUMq8KS5UQM1BtwJOfCVsRyS1Ubg1ZPe5iMFKk3EBaM7zLmnN8Wzk0ESwfYaCy2XF4zYh+xPNAtfWAgHELlylRfz7XMJyCoXHA7LaFXcUsjdN60q43uPXgxI8mR6bRpzV/ptcF8cuIms2TLXBIZsQT9td1MWe/fwc7o6qTvZ+sSJc1+0KzOhuH9+ZI0kdvSNF7TZ8Vt2WEgt4/YpVlz1hmYJzdWnzAhXUGniTd6vPi0UH5c5hh95xAE6YPdZkJ7VgrR9YClU11U0EpHQWgVlPPnQ2zRxWktKG39hA9ccBWj2mDDMu4HC6f7LXaGf6SBGQIVx0MWsDnFlMIDnh8L6Tte26B/dU7C7e1fimPtgVgeD9bNvmqQB/yZdpeZ3CIQ/OpOTys74du1D5+SpjIr6Du2GaL/UK+crIc53Y80GYIM+hSQcWe0+f3uFdrotiVoEhcUPPoSXPKJEi7O7Dtk4Sqm7FIydp1V3EdQEV1w+S3+SErfh/S8bTqw0OgrOiofXTOAD5pWZt2OadlWE0AuhkDjXqI209foCpWZ7pGXVEGYyXcSFE2GLi5S8BNR8HeOcPNSoxVnaXPuh0puK2f3fijVOd73plBFMX+CBR5TNZjSOvR9MP1uiKAEhTH14jiiYRNpJSJ2QPqmyDN15ULEgxNymWkPRWj8p4zdIgeMuDf0QifLRIl6EeZxbELo5WD9yxLEWgXR3O7h+KmRTfPllnstEAQ4lEnJK2Zw2dCnyDL1iglmL74BQAGb/WM11TQLCAzuKHuFMVT879kFixNZsXhSQWtfnY+J4101XXF7WhZhKj8zy7KkrlZruWfLTGD79Lk2UYSSCUWrFIWMYswgC70KowzchnqQBH8phsPD+XHk8eo8bijVznQaJ0h7484JgQGBUqs4hUg4ETu59WanECqnCMcI8ssr6r+Ni2Ep9kZ2co5FY5LDNDar/vfpc3Pa3YAmpP9C/ptod3ZwwStvlZMU4GuQSZRk0wMjfROjB7HOEs19Fff25PpUkfmraYIeLPMPBCsjtWDVXfUZN31hj9wZfvZTNMwgcK23NdqvvxH9RoNlrPb2ZJuSQQ8Q/wFrzXELPwfP97zgugwUyAkJuM27j72mAuJAABNwKtkDKlg9f27hpl0tdz+ESrciE2StBTsrLAvUEsHCASFqbt2BQAA8AwAAFBLAwQKAAkAAAC7YZtIhXKsMBUAAAAJAAAALQAcAGIzOTU1ZjE2MDU5NzdiYzU0NWM0M2VmODY5MzBhZDMyLmZpbGVuYW1lLnR4dFVUCQADAa0gVwGtIFd1eAsAAQQhAAAABCEAAACXpueFN08Q+sytIy044jfxJp71XjZQSwcIhXKsMBUAAAAJAAAAUEsBAh4DFAAJAAgAu2GbSASFqbt2BQAA8AwAACAAGAAAAAAAAQAAAKSBAAAAAGIzOTU1ZjE2MDU5NzdiYzU0NWM0M2VmODY5MzBhZDMyVVQFAAMBrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAu2GbSIVyrDAVAAAACQAAAC0AGAAAAAAAAQAAAKSB4AUAAGIzOTU1ZjE2MDU5NzdiYzU0NWM0M2VmODY5MzBhZDMyLmZpbGVuYW1lLnR4dFVUBQADAa0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '0d080c.js' AND file:hashes.MD5 = 'b3955f1605977bc545c43ef86930ad32' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad01-95a4-46dd-a6d8-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:53.000Z",
"modified": "2016-04-27T12:13:53.000Z",
"description": "unique .js file",
"pattern": "[file:name = '0d080c.js' AND file:hashes.SHA1 = 'bdc8e313ed1d64338079d6bd299f3e7688eaf77b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad02-1d50-4ee5-8152-4784950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:54.000Z",
"modified": "2016-04-27T12:13:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = '0d080c.js' AND file:hashes.SHA256 = '8ca74cc7e61941902033d145813fce6179d627d0791b362edd67e6762847de32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad03-8d4c-4b45-a4c7-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:55.000Z",
"modified": "2016-04-27T12:13:55.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALxhm0jwZUVqfgUAAPkMAAAgABwAY2VlZGUzMTdlNTFiNjg3YmRkY2NjYjhiNTkxMTBhOTJVVAkAAwOtIFcDrSBXdXgLAAEEIQAAAAQhAAAAGw06SFbBL4irU+Jt9/nwdX+8kSrFOCa0OK3oEKcIviBPlTj+9yDkFirnHJf7mOmdjiVwKs/dOjgPtYR+F4NCHwYPYOGcgjzTEfebGOlN5/Ajl9wHJ53JYLeqsKBlcO6be82cY/hFZXUr94zDAYdRCklrbohVV8ZkcSw6tCAc6yzsWpol4X5kn0wGMAPnDN6c2v1xgaYXjExJpl4zNtGFXj5nLQLBKh0f12hqDbk+GDwqE4+AFR0z5Ao3Eal2nHNZ+Db0ljc9feRhYYIsixfdbkjUj6z9FeVGb4z7WJ0QBdmyVwEwArzBYu54Xire6L5tNWHrJkV57c1YaaMjDLWgJSjOjvS75VdkQaaxw0NLgS0VntOFt/ZBnFmAX2dIEayApiTV0KE03VP04IcIQ6ynlc37YsxnN2nefbihpof94iMwP/p79JrDbVfkLTRlLOqvNi5uC1kOW7WNaB+yFdxIKwiXXFn1/PKrbMyKGtdv0eQt1Fsl9T4r6f2/HAZ1QLsn+3OULCy7dGqPrqLMIeYSD/fXsuVrp+6SMmeKak+l67RQ8ORWvjgEdMjQfFQtdOS5XApcSFXR26vUo9bUuB0DsfoN8Dx++1DeZ4esqGBuAmF2r3g+yW5HFvZSn4FwCtMxC4EtJxXdQZCJWwYNUFBBiXUCyvPjVJdU48kujCym1Dwnu+zkx5omKGbAn43gnofu2xNCECLMDwFeAI8QtocrxvOP+T5ankGaR4wf85ZLHbR5s2tKJaQTQkCfA0ilKRdwsupD8vUEwDMDwQ6veB2BIcucORHOZJ/nFZdnPjYKqrmw6vMoMxFm4Pt/BHXhnhHpwj9+0D9Vv8xDo+mUCU0xCs6ku6jitNhmElDV1uJ11cBQA1N/wnLw98CqU/I4B339ugdA6oxNwTCg2mdS4GRllawNtyC77CIck/++flHryDacW6232Ic27AelDb7ymuTVKTX//6ZsebHDfMJ8ZYFkBiWYq+LJ6u45FmaMORKrYRC2GZfp87X6CJ6ik1IfswftnVaXdM+sS3HWZL4gH1399jO1YSAv3LCMZ3MSEowFxFIJcfVjx/GdO84K8np1dL5Cpw+jNb+KJgo7rburKokwCEZUfMGJWQrtHBpTe/d7kFYMRc+ToQcQsYYKx7pynDJKBuROh3EUvNB6UnduaM6yG3emUmtjrdK+cGcWQh5rKUxZFMUHh7kOqAetFrn3AL0Z9DjzFCX1ODoo11YTwtzcjYzkcAU/yOoP5a+dYXT9yG72e+0Iu3JBGZhrynpvl8RdpBfcsIQ5evclou1IjTNTSpLYnJFZOT6nkKfc2+DoO0tTKT39z4pjNycr1sirCP63wh/E4BZcIoTy8Xc7S8qe7rrqcFUqSxzNyW7T5eJXc2Ojpr1QZeEQzT7OnImt8qgWdJhGHlVihP0PFB+PUMcSm/M+n8wAVcE3jtpXrKU0eWjOnXQzST8xP6jufiv+RZqvajSkLygfOCln+tZQUyuk9FERluCWRgk+3ozMxBqAPiql4mqVB1g+t+0ApafR3phKXIvS+/z40xArcawXmxPqaBCpkGbAPCgFjFE9p42dhjNCFX9sU8YMPrDc+tR0ffjKxVH11PbExuSpM0nycWH0+h4WijoIGAZ3tA4/dKShS1JlIrH1E22vKQoQEzZsfTsT8Ma/X+BUUenjYgMUoPJNFNZdNxwXq0Qfa3Fm41vEYrRRg93q86WQv9+LHvn7HyeHP9Znth7oXz8o0UOS9a3juBXQvW5KJLLVzfPjbNDaaotzqMlgioXcgk60NXOTpnDM19NS/UQd674E/UF4jbwEUKGSqud/oXuWC8y7uuBcr6Zomfxuo+b+rGVFBv59IxgbwE8NPgz3+J8H1NLr4uZQSwcI8GVFan4FAAD5DAAAUEsDBAoACQAAALxhm0j7U1MWFwAAAAsAAAAtABwAY2VlZGUzMTdlNTFiNjg3YmRkY2NjYjhiNTkxMTBhOTIuZmlsZW5hbWUudHh0VVQJAAMDrSBXA60gV3V4CwABBCEAAAAEIQAAAJem54U3TxD6zK0knAI8/4cxSnVD6jrfUEsHCPtTUxYXAAAACwAAAFBLAQIeAxQACQAIALxhm0jwZUVqfgUAAPkMAAAgABgAAAAAAAEAAACkgQAAAABjZWVkZTMxN2U1MWI2ODdiZGRjY2NiOGI1OTExMGE5MlVUBQADA60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAALxhm0j7U1MWFwAAAAsAAAAtABgAAAAAAAEAAACkgegFAABjZWVkZTMxN2U1MWI2ODdiZGRjY2NiOGI1OTExMGE5Mi5maWxlbmFtZS50eHRVVAUAAwOtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAdgYAAAAA' AND file:name = '0e352348.js' AND file:hashes.MD5 = 'ceede317e51b687bddcccb8b59110a92' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad04-bbb0-4b61-a650-425b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:56.000Z",
"modified": "2016-04-27T12:13:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '0e352348.js' AND file:hashes.SHA1 = '56c6b8a6db55563b0e20375e6f62ad1fb7477722']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad04-1088-4700-9d82-49b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:56.000Z",
"modified": "2016-04-27T12:13:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '0e352348.js' AND file:hashes.SHA256 = '531bfe706c156c9cd175a9a9debda5457d025d9864fb9d01cbd98fb0e8d80000']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad05-ff68-44b4-8651-4779950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:57.000Z",
"modified": "2016-04-27T12:13:57.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAL1hm0jjkNzrcwUAAOgMAAAgABwANzAxODM0YTEyODM2Y2RiZDg5NDVkMGIxMmNlNWUyN2ZVVAkAAwWtIFcFrSBXdXgLAAEEIQAAAAQhAAAAGw06SFbBL4irU+PHKZhRvanas9yrCB0gCp1RgRg2s7pW9p8a32A5yvAVJVuBwLyBxyrxa4Yp+R2wpVfoLubVtX0W3HIaDBXmGUROi75qqaEzIJ19TAUt701UoXFARbeNIEQU1VDLXbM1umZpAafcA6xDC14S5QwEXa1khz2pATmI7OFwbwI0cnV7BXOmTcmkH2PhXnbSjmDjbMYbKLekA/E1NMqnSyeWSozVJr4i1JB9ugdtQmLinTEvFNGlKG1too394nHYfKwdG/8mZrMOWQNSFzJfL9XJxdVNih4UZbZRjdl8gXilFszJiCNSGQ0q+dGHWUHN5G+cqK134K88UBHQPUoFkAnwk1pRdtg8uPfCUxmJ2yNZoeVBbWqfdUG0JfD7WP7+7QXaLXNG5+EtNCjh2aeUH4dBjDwGq5Oz0f75LrT/dn1RAGtLndvWzSvE0TJ6HmuRwf3pA7qDS7YYnFVvi6SZ/YNnu2NHfCA8T+AKlsJCa9e0spdQUPt13SJ5NHG0A5slJ3+Oc1T9OT8e9HcdgtPjqs4UD2wTR5nt+6EBA/zy1SY6DFRAI3rNUN+8zvpOqpTdxMIWfV33D+JNsNeOiELVi81rJK9bCJS/lyZ1LjxXmBiXOT6rLRtlt1DZixvGgE8VmqmcLuEvdnXXYOmPLxzo3CmcS1BXa5IgdreiALT6+kER1uRxnfJsMw06hc/+0XtM/yoJbKLzUEB7ZQNqunQIVCO2rdcx5s/nMUkMtwuc9u7EbI7wpvEDVn+RTMU3HcyLXVNBUP1IaTtb7i+/3UwD/cuFd/aa2/HftdTxJ0noITqBA7/P1CZN6FqRO5xeAKeI6d4fLx4384dKwFha50P3E8lJBWzqi9Qfdflqg+EqFtzUNfgXJFZH39t83GRHU9I1/TGeBRK3mLk98UM39CVcz9tFuGPwr8t1hYqgrY71eOxLQNSYm5eAEncjlyJMRACBZkX7VMx/pKCB53Wj/ME6O3mzMWzfBxNltGnwKAto20e417aVVCBcj2NHec9CY/LrI7flL+dMnGt2JASL+0v6AZEPopceVNkQygMyTaRu1wlL5NF/75vIzIq7JpuoZ03qZzgyqSI3bFkDihL9Dcr2oBGBGk36dwuAy4pUBfV/ClfNo7c7dOL+KG0x7Epg7YML5Xb6pt3Ep+iJw2AJ0mphLtX0FR6F70KCihOu/4I/Mf9tyKeFnX2C3GECYpYPogJ5h2GqZ+HE65dFQC65ZuH9z1o8hJ3Rr9ue8Gr6vlVuIaXaHzcy49A91HH82eOvXz4jYdObG76vxgyGEo1arPi/J8cyXxBIqXZDn2qS3Rwi/+LBCPy4q0WU80lgEdM0crLftdMUwNEe/G6dvGfE5D8HSADeKg0NqGEGDYPA6VvM0ffvoT4i8Iqt31nqi8sAO+XmtqUs5DVHqItjs/ZI3bbse+fESbHMUIeDlLWPQVFJGOwDKia2evGPGUV3sw0L6OjWJC8UfbBG4B8b6QHlEVtJLbLHfFOzhuMFwTLkC0I91ycLMEpJmddFXtKuyaQmNnCgHsE9bJJD7V9bcs5BTJUlro4I8wm/Rmi1UMjBf9v3IQLjvXglgyrhJLWdvKBjDelx4EmFEjnOwj4YLNjfXV97BHGalupaiDsKPJQxJUCfgL9l1pDTHvHmfwfcHWo8DR2s3K66UnBWBkJBaqTLwRKgyw72JXijx7AbmSFGHQfYeo9zPJTijuzKRPVClX/LUjG/wDRnhD4OkQCBn596OsfGFU9XfYeNSAcVMR3dHuKKgisVTKF4JqKNvx5AZm06c7vj5f9x/t4LSQa/wVfeqtgh2mFb02S96dg3GM6OTev7p1mxV3aabqKpeHTHc0H6UEsHCOOQ3OtzBQAA6AwAAFBLAwQKAAkAAAC9YZtIDernwhcAAAALAAAALQAcADcwMTgzNGExMjgzNmNkYmQ4OTQ1ZDBiMTJjZTVlMjdmLmZpbGVuYW1lLnR4dFVUCQADBa0gVwWtIFd1eAsAAQQhAAAABCEAAACXpueFN08Q+sytJZwnLQLrPFN8oOBre1BLBwgN6ufCFwAAAAsAAABQSwECHgMUAAkACAC9YZtI45Dc63MFAADoDAAAIAAYAAAAAAABAAAApIEAAAAANzAxODM0YTEyODM2Y2RiZDg5NDVkMGIxMmNlNWUyN2ZVVAUAAwWtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC9YZtIDernwhcAAAALAAAALQAYAAAAAAABAAAApIHdBQAANzAxODM0YTEyODM2Y2RiZDg5NDVkMGIxMmNlNWUyN2YuZmlsZW5hbWUudHh0VVQFAAMFrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGsGAAAAAA==' AND file:name = '0f3dc914.js' AND file:hashes.MD5 = '701834a12836cdbd8945d0b12ce5e27f' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad06-06a4-40d9-951e-49a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:58.000Z",
"modified": "2016-04-27T12:13:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = '0f3dc914.js' AND file:hashes.SHA1 = '998a9b5237ae6e6c1eca8d1d25e9b4aadfbeec65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad07-3670-4d7d-b721-481e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:13:59.000Z",
"modified": "2016-04-27T12:13:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = '0f3dc914.js' AND file:hashes.SHA256 = 'e9a2ea62829ee1014773f26126206e6262dfeac663b4aa7670c992f54cc65854']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:13:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad08-aa68-45fe-88a2-4a7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:00.000Z",
"modified": "2016-04-27T12:14:00.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMBhm0hUJ0t0fwUAAPcMAAAgABwAZDQ2YWY3NjZiODUwMDg5ZDliZTljN2YyODUzYWUwMmVVVAkAAwitIFcIrSBXdXgLAAEEIQAAAAQhAAAAVqFugfOzqKnkH8VjsG/ld9eOwlRs28wBCxn9DAgTGTXNppBLZFHENek4LyV3W6uZqCfWv2gSPzSiF7WrYq6P1WspYNTN+ExFMDN8k9LaOyTbuDZF5vSYWzwX2B9gJb8NP9iTHtgrXtUTxiBCAX0kIYrl6X0kB4q9CxwJpjFMXekYTpwwyFTfY9Hbh530E34JYYLv4Aht9SJ1/24GaHihlnBZXPkIBoBSHz8SFO3DW1qQQAJtZPAuxVyix6WZ2qm4FC6n7RFoRncsJPDjZGfv4s/X1cGMIwVWHo+pM8RqlCYu4i9iCiURilItVtTlLBNPLEZWHI4dqPBeYK/BzHwWLbpxesTW3HTwPm+4TMra4fQeD1nb63j3X3/q/p1SyaLwIK6yDo6VS+AU7d8Zqgdn0P6dvh0nb8X/or547P3pJn4lg7DJBV1jjL6ftWDfsce6TNF6rn7jkOh1vWbGwZg5KRFTNLIix+x+Av+8B1BieihYoQ/vpUAN+YA4R9tan270PoEyRLYqbtByE10YwEX9CRpXdNPBK8t4JfFVqlycbkWTtYzQDeg0DzJW8c8JGkM7gn/Ts1ZCKysgRBhUVjy7QYAA2Qd20Bqo5KxmxwnbDY8n2VNzEVV1PCUZmXRq7nd6wTEg9+WZg4ubIIzdpsgrgeP0s1loXfmuU1O6YNgYLnXCGY/EJ66EXJfL1C8SUevsmhHQdNMEsfgCPULsCUBqxL5GjOxPu/mn644tI0VGjWG/UzAABzNV/R45Q58s8gV2Gh1h52LPAkktaOadkC4qeXqmJEcV9IKRB1eEHheFi1YXzckNNfgrxmgYJY2qg9gVXXIqKSgPD1U3XjQcGqFU7p7RD9lu8/Z16MhjaGLlk0z6OlgcWfcKniZ83LzbHZrjSIFRWR7vB8yJYwIK1L4npPPAfGkk0dqk1pibstLBsxNMCZMY9HSoS183mq9DaEcOgKPMFRtyrC7RnUKtguhBWqHYGAvG1T2+smMu0cb9ry2qnx031MGM36zHoke3QdLFS0tjlJyUdnpocEv9FvxgkxwYIypeiSdGPIByLoOWnrAFZTOqHPGbpBWXt7eznn+JEkAksva0G/86rfxnFE8Xj7guUBQOk7iD5tml5kITVr/YyWBk8U4SnhIoSnmaUyihOYGSWYXvz7SrB06zkyLBuBrP632hhMD5b6wgiMI4FlMySNhIbaIcTnwEDo6HMInOiXy0U1YJAfO9h0xVsjt3TfzRdpLClf+EstdQw8/AQ4OhhD1KPk/VxicXJEjBZ1DChM6DaeLJayZqqIaYAOXXNxqeOy8jDu9jPrCQM1tpRfyC4cbnvACOOHq9v53TVCVRiKPHSm1vWkTvkIAa0R52uTz0QT0/ouNeYfUYmoul+Q8iYTfAXVkITSlZMjT8kQjAHpZR6LtY2+nyVhS5b0RUrlAAXtilIc0UqauOG34d1hWetWhXUmAuQ8w/lfbrhm4lP0gErNDvr8e5ry3+GprxfixCf6WaytfCuu1+A2cXGjQO56fZLGWdk4njq6ywsX/vJ7CrOQrzWTZnuVQ4OYLe2BXxI/5koMTwSY1dC/f84wsSyta5Lu7vS+mT/Q4eAmOxkSX3ObHdRQgRT/zSx11ZtUIDq63I9cDtp/gqCXmWSFVxqMIZXS8t6hvXRY4iAWPAi5v/oPXBDZ62qqq+31xHAwUA7OpBL0c1SCBBLrzXbPvNrLS2/pGxfCmE/BB4z5pS8NyI6CIH7eagJgXU5LJ4zdoHHYUUad5KBcspm9maublJBBPZe1zZE3fRdTXDVboH6u6X79Xj9iWon58D59oX4pWcZCg1cTXluw1YK5Gbj5k5Cy6wQXlB+V/5xToOA4pBFk4G1ElLqOOv8p/EMPd1UEsHCFQnS3R/BQAA9wwAAFBLAwQKAAkAAADAYZtILAac8RYAAAAKAAAALQAcAGQ0NmFmNzY2Yjg1MDA4OWQ5YmU5YzdmMjg1M2FlMDJlLmZpbGVuYW1lLnR4dFVUCQADCK0gVwitIFd1eAsAAQQhAAAABCEAAACsUdwsCY5mEcRdVvDl7cbxzd5MM7DGUEsHCCwGnPEWAAAACgAAAFBLAQIeAxQACQAIAMBhm0hUJ0t0fwUAAPcMAAAgABgAAAAAAAEAAACkgQAAAABkNDZhZjc2NmI4NTAwODlkOWJlOWM3ZjI4NTNhZTAyZVVUBQADCK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMBhm0gsBpzxFgAAAAoAAAAtABgAAAAAAAEAAACkgekFAABkNDZhZjc2NmI4NTAwODlkOWJlOWM3ZjI4NTNhZTAyZS5maWxlbmFtZS50eHRVVAUAAwitIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAdgYAAAAA' AND file:name = '1bcf709.js' AND file:hashes.MD5 = 'd46af766b850089d9be9c7f2853ae02e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad08-8b98-45c4-9a01-44d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:00.000Z",
"modified": "2016-04-27T12:14:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1bcf709.js' AND file:hashes.SHA1 = '3e1a3a2b22f7ec373d5770db91e8b0c9ac0f5495']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad09-d14c-438a-ae66-4dc4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:01.000Z",
"modified": "2016-04-27T12:14:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1bcf709.js' AND file:hashes.SHA256 = '0f3c35721fc00cadcc1e3d0aab1899f3cbb44afad258e3c3aa5c4503e9fa7263']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0a-816c-4f3e-9a03-45d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:02.000Z",
"modified": "2016-04-27T12:14:02.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMFhm0hkG2ONeAUAAO8MAAAgABwANzk1M2RkMmIxMDMzYWFjYjZiYThkODExMDRjNGQyNmVVVAkAAwqtIFcKrSBXdXgLAAEEIQAAAAQhAAAAmuoKZPRskcB+unbztlb2U7YaqhrJUNmVWqRshB5C2XhJCCvYIWQfvWM1B4vesbOllhUydW7yxpzG97v2mSqrnp1oeASR+WRUp4QJjRXK86GzOFmOtFmGQDM5iSX+31ZCwHIGYW/iJkFq3UWZPLkSvaQrTqVmTEYQDdGiJPHEqyKB7sboGfGYxi9NSJGLpNRQBJDbimunIxstcf4UJyemzVWkGfgOFd5LlHcOdgzBf8CPrcrEK6ssqHtBdqefL71Ug541UhOKJyUL4e3RQFdvujFq/0CebDY+TAoUv78H3mWgueWynDUl0RJ54TqXnKfU62evZ9UUtOan1a7T81A00Q9cstYLwWV7i9RtG5F1ZCMRS3B03ZNhIJjsOHo4A7LeZd1XBnjApPVKxfQriO8I7eRL7JhJ4v/FhXe1af4jhPvR5xNCZu3FXYFGbZ3N6HAYN9xMGMmuncf58tWZxy7l9OT19a50KMYV0WKar/zp85ahuIoNSMPTI7MGivziK/WrExWr8UOMqluWLu4CDcIahalMGSxb74szF5+eEqoFwWHkvfPGsUeVADB80BvOM2RmDBz2iu8gqQHwASYzVj+wQUoMW07vu+V1I8EEFK22jvsJq3OAO2iF07x2pvF9k+R2bxrmFPf+xuusCYv1tplsz4JLGIywQGNxukkuQ2UXAuW7VfsRlRYURiRpzovb+b73Q0W76b75SRvBczhYnIKXZjvfCzXAcy/dbFKP7HynThZXlnkE7VhTTsMaJm7hiSpbu8qKnYga7m9B8UrzjoVkZJdn6r7/bwIGzyN+b6Bupt/zy18TJGeyTaoC/Fbav+FvvtR5AHOKR28tyJltRgHHZmg2MlkxwkG11BFrukoFWes235GmZJpqdPr4ZHxdGAEfp+tpCeNIOHZDneh1IdJdbNq5mY947M+8QsO9gn2MI2QI77qOJADqoJ/a3GaazBHv28DZ82m5d14zCdwHeR6dJbUrxWMA57fcHzKc1VQEVrwsPbdijzyLqs+cEztEG/kcO0gU7t7+sR59Dpool33L6GVZtCt5gFvitBSTdmegVDpeBwckyPVcsYm7SONcGxQHRXbT81NMXKO8pAKcmom1BDEj9fErf4A0Fr5OHRkg9kD+mYcTUP/LoCQV+EZEdWqfVJlD6DYdZaeoKa8SODOmulrCvSt9gNkZ2IvV4S1WzHhlppzk9YDKeubwCHmaMjt7BB7AxI4Bh771jXu5OrqTGqAM7OYdt22IYJGTBRYd3Nyksf9Kt4E0Dy0GPnrqS007nZw5M9iPgret4lRKlI6edT5YpkTwl5PNYFn7k3Anr1rkBOfp0+zdzvf3AFylz7DNL2ADRnlnHoTlsIwMihpTmGlrLNTHLNKQNFxOhGyU4AF6BOFMU5wxiwIGGlJ9ayEVsC3nQrOij31IX4cAFWrADcoj2JyZsF+hp3VsFyer7Z8NBPRsFuizKP9KZUJf3bD3WeyaO9TXAw06C7GbdVHtBjwaNxUty/+idY5cTAAL7fp4exhrU3ini9ZZP+hu9o9k6Db2dqEmYktK0LzwQdSjHRRCkheCJbDDIvX3cABmMPq2i6VJNJCsx4En7t+kFXvwOnVH6F2EJnpDBxepmpAV14V2tgmIR2nSsnFEsR3mC5eU0JLKsdSEdj/QLuUblU1YfOF/CP+obNWP2owVTqRRVWTL7bZ3PuigO8AhmS1enN/3m4tus+MuQQo2Pk/0zfObqQVtIfKHe0q1vfVHsHmUYrsRBQGWj0JhnVgGxfBUrW/yelsurKre7L5Xnl1hyIZWMF935Pngpp+rJkrMHbeavT8uwN4b0cA6kUCyg5qWAyHXq4M0xmr/Gh+olCM5QrxNJt1O2PjNRCRQSwcIZBtjjXgFAADvDAAAUEsDBAoACQAAAMFhm0j9XNAvFwAAAAsAAAAtABwANzk1M2RkMmIxMDMzYWFjYjZiYThkODExMDRjNGQyNmUuZmlsZW5hbWUudHh0VVQJAAMKrSBXCq0gV3V4CwABBCEAAAAEIQAAAPqWXebju8b7UPSfzkyTrqGPzFxBNoSNUEsHCP1c0C8XAAAACwAAAFBLAQIeAxQACQAIAMFhm0hkG2ONeAUAAO8MAAAgABgAAAAAAAEAAACkgQAAAAA3OTUzZGQyYjEwMzNhYWNiNmJhOGQ4MTEwNGM0ZDI2ZVVUBQADCq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMFhm0j9XNAvFwAAAAsAAAAtABgAAAAAAAEAAACkgeIFAAA3OTUzZGQyYjEwMzNhYWNiNmJhOGQ4MTEwNGM0ZDI2ZS5maWxlbmFtZS50eHRVVAUAAwqtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '01c4b975.js' AND file:hashes.MD5 = '7953dd2b1033aacb6ba8d81104c4d26e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0b-1284-41b6-b307-43e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:03.000Z",
"modified": "2016-04-27T12:14:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = '01c4b975.js' AND file:hashes.SHA1 = '02d948ae8ec56230d3013f422bcaf22613a45272']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0b-1ca0-4700-afbc-4bd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:03.000Z",
"modified": "2016-04-27T12:14:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = '01c4b975.js' AND file:hashes.SHA256 = '093c9eee9da997bcdd9b1505b06ea7e8af09c7155a4c2472068593f619018186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0c-4190-402c-895c-41d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:04.000Z",
"modified": "2016-04-27T12:14:04.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMJhm0jhqGHldgUAAPEMAAAgABwAYzkwODY3NGZmOWU2MTg5MjYxNDI4YmI2YzIyMjNiMGRVVAkAAwytIFcMrSBXdXgLAAEEIQAAAAQhAAAAeDUMimWSPF60gsE0lQLcKTW33Uj68jhFOMMh7lfN22qfLqakBMoYfz6kuu/SY/ksKdraMiZwueRaJkK/KjbevvXjqmLvd+SFK/yelSjcxD8AaA+fCjmhuC5W3ZdpzIt7d3QoaYEIIGp9pzqpPqG1iXEDk4g0vEGNDpIQ1ucVf715UuRJoKcyejlujTLUmrls3pZsqDTrJJpkO5oCDPowP4IGV2m1oTF9ycrQ4CtpZIefi5WLSutpmOsMWcXhDEjGpHk1v7SUPtU3kDf8G6q+2jAgHazWDEGFnJtm0uFHaMNnne0Z6/ONqAzg3aT80GPAqNajvrjKqevtmyEmHGlTQlZZoPHQImS74xdflAzxN219iZlAGrtR/I2o5rK7+VknYSdnUJBNwQljiYBLyKy+CUkRr4FPpVWERlxXhxFhiKZQj90Kf4gEN0Y6qlXZ3SESiPRT1i51iXCzAQoqaXXfu4GWP7Hosd/CXbghRtTMNN/tdAUQl1My+9hGD9qFkSP7UqfBY0OJMWQT1avqHcg5w08pNfQkzyf267BNTMq4YM76nXvlz4p6bcyE5oca5dLfq6amCWZHqrpQa5n3teflyTmKsD++PkiXOSKOR9OpMZAHVCDsIFbfpOFUMv5t4bcB6/9+EHrNHUhhnEtGu2W5t3bZboNnqZPnE6yWqoYpabkUihJvKPLHDgXW9RXzOuZDZX4nAV2PP/IphqyoDidxUP3AeRt6S5fXbJJrZRNFUlt8TV+XFPsB4xAjvFRkz2KN4ogbZqxBPwtuj81DKGHoyckwxXAj2MdMeI8CpgOW30ZU6CncXWWLzjIyer1V22k9sxM7b1Gax889GWE6HTm0HQku18UAgDGQ8fV0Y0NnX0Xdwqq4HFSQE7gHbIH6MVIOdG/SKTtMQXIa2ZVXeEGC30IfQreCDrbLwru+rbJy2q4B/MNEzjW5lcP+KLufTZXWccFmlpqDJnNf0OFg6/RQNJhSVQfGcF6H3lGB1Tv7mLo4ukNQZmhl5uICUZdjgM1Dzswfts3S6eCEbBPdmoWAZ9orOwA6mtISB9sebiCKzZAVpelczVKUNmeZNFg4MzLSFTc+pC7ukR3nq5GJe/TZXuKBINijFLPbL4AXajauqbLhIzFxex9xHAB+XJQtRzyAQSisjk11+52gTlk4Mb9jrBLOKcYHq4IHaC7DvFH9FzDX8Z9DWEQcKEE8jZHy5cYShQVZXfuyNSPjCHllvaojnGnuZDo47yrBeg2BfFVFeiuill/hzfRXSs3K6YHRpbLCRwChUEFJK0WLJBT13zBxbxMfpwUq7DEkratJ3JSEcpGV8uLWEzaKPvnnqnrx0G+2iEut//WW7wN11wdwWDQfCNJoTNRsMdZl+OGcPZ1JZ7StYVBRQ8Tq71rpPs9UHYUt8wFNv1Hyo7wT5DGoLNAVG7TYh52yfMQsM1I8YvXQas3BqRQizQjFbJKn3iBKgguQqm5vrBUofjcRH/t6mHoQbNSwTmZNUDPvfepgQc+DDKHfYR2092jBS5OM2/f3M2VF+6ah/7N8Pa1Je7Rn4X/9YjP5c+D3e8ShhNI7NUR43dyPNSAFpAl1+/fZUYz0tveqbcPK5Obqit3Y15LwYsx8pciDjpVdTZs7K9dfxpGGEt/mZyeX46nOAdFb0puwCEAWg6yovC6Pj0zOOO8GjRm7eQMJY1h5/uRlE1ZV4JKLQjDPeMM0U/mKvlpTUB5TCFVqTR6jMX95+HovycTxLi1BMKi7bxlFOrdrPhcMLx9qKhavmpfrIIVHITIIXp2822GdnPMv9XDtZymeiNUi+SzETihOcWq05keyRX5PKUYE81nc2gy45ToGBI1DvLIu2BAQlkIglR7YUEsHCOGoYeV2BQAA8QwAAFBLAwQKAAkAAADCYZtIedEKYBcAAAALAAAALQAcAGM5MDg2NzRmZjllNjE4OTI2MTQyOGJiNmMyMjIzYjBkLmZpbGVuYW1lLnR4dFVUCQADDK0gVwytIFd1eAsAAQQhAAAABCEAAADlaSzgIbv/Xt+pfCFPUU8R4edDPGZ9wFBLBwh50QpgFwAAAAsAAABQSwECHgMUAAkACADCYZtI4ahh5XYFAADxDAAAIAAYAAAAAAABAAAApIEAAAAAYzkwODY3NGZmOWU2MTg5MjYxNDI4YmI2YzIyMjNiMGRVVAUAAwytIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADCYZtIedEKYBcAAAALAAAALQAYAAAAAAABAAAApIHgBQAAYzkwODY3NGZmOWU2MTg5MjYxNDI4YmI2YzIyMjNiMGQuZmlsZW5hbWUudHh0VVQFAAMMrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG4GAAAAAA==' AND file:name = '1d0071bd.js' AND file:hashes.MD5 = 'c908674ff9e6189261428bb6c2223b0d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0d-8db8-4003-a122-4652950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:05.000Z",
"modified": "2016-04-27T12:14:05.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1d0071bd.js' AND file:hashes.SHA1 = 'a754bf1295c9e20ed483678a441cfbc40031f074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0e-82c8-4dd5-bbed-4cc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:06.000Z",
"modified": "2016-04-27T12:14:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1d0071bd.js' AND file:hashes.SHA256 = '7e20b56d46574ea911605e5d0e1f8795edf49132053d3f54acae7911756f2992']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0e-f570-4cc7-a3a6-406f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:06.000Z",
"modified": "2016-04-27T12:14:06.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMNhm0glIHN+dwUAAPEMAAAgABwAZDRiNDEyYjYzYzFlMzAxYjgyMGM1ZmYzNzlmOTgwMDlVVAkAAw6tIFcOrSBXdXgLAAEEIQAAAAQhAAAAmuoKZPRskcB+unTTQXojIAFACBlEZrpngzjLEJB3OujQB76SHbTtvKu06Frt+lHXd7AHZGUAAiKLxU+iWwxstb5Jp6zYXshtF3cLhMhQUplZusEU1jt8p8Yzbcj67Bl9wRXk8w+c3pX6BFO5UipoGh9k+1LsMvDoky5ucgfEjfsYhVyK8jEH6MPQnt34z7DENNHxNZkrkVDF/ZFhLb4LINMWdBHBRkOky4Qyrlg+0wExtx1tJhPEjZdzceBlRZp3CFfR/o2ZA2JobHfn5FLpwE1mWei0TDj1fwDYClK7HIPYYdNuU/tO9JVc+R6vahocH8WF7O5KoBamKNaB5OASJqo0CQo5uqv79TjXJu/k6chHP/JUDsfHnyiT6l1BlbzMbTj5qXTpDfkJ+MvWvsEv3X8cfS06v7xmx/NqKu+v1369bBRh5D/S9u+FA/IcxzXOK0YxWbXt0ONUQdm6gjjU+ALlIySID5/ye20EMmYrhR5sTrVbH2OhgnuOvoCSCljcxQa1j9TUVD2sdxZtsemmJNXR9bRMKBZBy6M5rfrG+7XMsygc7ZwJC12dB3AtJjPjNIseBZB0jRciV2oDwZ+xl+unsCPEYnkAiWvA/v7Kf1fv/wMcEnV4CA6z5c8Lx7n7Tf9C2C/HLo5JVg54ZY0n7r4x2vneKEnVOsSKsUmrU0cu0bJWz5kX9JLVqPlVmGmY+TxUPsgsteINSReEzISvxH9J9vvg+Y6RIezABHzhPaSzpL9ew0skcCV+eeJxKBVAaFJHS86p8Gs/vOuF3dL0bB6eRfHgHBKL0FOTe174VHs7Qd/plbu6pDaWt4IH6272J4dOrGARBR8DJDxVe7SONVQK2L+SGVLC9qH/3h5n9vCr9ms/+NVdVLWi/vo1820bGgsSjNYkiW8c3MrWbDRjwCV7L8hQJrG+xt5Dp2wG7d1jSD3QzxoUBszLmvS3NRpc10t32wjJxkoXpVmFBVmm0LbP+yALRvrsPwSu+oVZG2jjLpsYMysG+LMUyhnfkUw9aXRsvEwoU9tFr5qX/XAlh96M9BuuKI2XmqP3qnOi8rzz3iUxw5qhpTgwk+uOHQ7W/uRoaF02Hahaembolvu1JkZxO9RyOlpncmNZRKWNi1FLmSQFgMKmBuHZM2L58s80rtaNR+bu0nDeHcbS/mHntJMuRQTMSM31Egrg9Gk0S8cyw5Jf1nltlRMWnbcPsbTukK93fwdkpXl1+/8wZvhqNfJjdu6OCqxfIn8scfZsxbAbUIz520/W5hdX6HJT1gxKiV2Z0fQzdr/6uX53GRjNAPzgcvL6xLj9pau74pKUkGlCfQ7zPW69vvLHOnaOV3+BBtjdfc6CBxm9pZ4ZWu9JhTRxMw/fNqrwbiXLEpGWbSEuPVT6y7O6Y95ChcXNWwM8V2jweB4b6BDYcqwGmC6Vs2NOzY7sFSXf1SUiMzl5ArQaP+R6wCL2Bs8iOpKfox/4XGZzogv5PAsMt/5Hea+Zp9/+m6ZzG+uMx54l303E9FKAiSS3ZCsRHk2q7YzVwuB8ij56vB+0vobtr5WeImHdMaFEM34dDPg8IlEnfr+Be1SIMWayJcPV8KpiOfINFNGK0hAfYWa49UpwD1gkoaH7wlDIu76s4Vmv15zw7TsSmqxJgorVJrJ+YlLu0fllGfeU3UAgXmmcD6vyHu+F0XQpx2OdFzUDqs9rcMzONsHvDoVErKfQquBFTuKGyAH1Ohx4nIxbCjzJ3KhmPWQcuAqsRws9wuS9FC0Y9gIu6EVK5OB0S+9A6IK0KE5z2QMEygYiH1PleuxkkOhhdQyyPRu04c+BeKX/uU/ZyC5kdQyEebXKphVkNaPaox51YEh2cjEC824bWkbD+VBLBwglIHN+dwUAAPEMAABQSwMECgAJAAAAw2GbSDic3x8VAAAACQAAAC0AHABkNGI0MTJiNjNjMWUzMDFiODIwYzVmZjM3OWY5ODAwOS5maWxlbmFtZS50eHRVVAkAAw6tIFcOrSBXdXgLAAEEIQAAAAQhAAAA+pZd5uO7xvtQ9J2YHMBfCARDMZXVUEsHCDic3x8VAAAACQAAAFBLAQIeAxQACQAIAMNhm0glIHN+dwUAAPEMAAAgABgAAAAAAAEAAACkgQAAAABkNGI0MTJiNjNjMWUzMDFiODIwYzVmZjM3OWY5ODAwOVVUBQADDq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMNhm0g4nN8fFQAAAAkAAAAtABgAAAAAAAEAAACkgeEFAABkNGI0MTJiNjNjMWUzMDFiODIwYzVmZjM3OWY5ODAwOS5maWxlbmFtZS50eHRVVAUAAw6tIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '1f44a6.js' AND file:hashes.MD5 = 'd4b412b63c1e301b820c5ff379f98009' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad0f-07f0-4ad4-97aa-4291950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:07.000Z",
"modified": "2016-04-27T12:14:07.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1f44a6.js' AND file:hashes.SHA1 = '98b267166ae8f7855487d5f8a20f8a1135bd0243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad10-f83c-4b7f-a04a-4c4a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:08.000Z",
"modified": "2016-04-27T12:14:08.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1f44a6.js' AND file:hashes.SHA256 = '9e8339264c1910d4d2e2ad3f4bc3d836312bae8905940fbb4c05ef2d914d1ed5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad11-cb50-4883-8c37-487c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:09.000Z",
"modified": "2016-04-27T12:14:09.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMVhm0gkeBTFdwUAAPEMAAAgABwAMzM3ZmJkNWMyZDcyYTBhOWFiZGU2MDRhYWU2MGNjZmFVVAkAAxGtIFcRrSBXdXgLAAEEIQAAAAQhAAAA8YjnkZ39l9mHVIpd6y3NLY0MMe3McvmlrhxsWej+UffhiuyCdaisWD5xt0GbpTeWZunCD2LSNomN4teSU4Qj+aQdaunyAxQN5ALCeY7ejxxyHQNTb7XD+au/JVlUcpxRkVdRsHnj4EZFxnfz63sq9q/mbeMEHbQCmAMa+ShsF+uTI2PXEQah2VGl0SsX8gEgLrt/MihzVQgGA4eqC3BgWDGnR9nimOzUllhucqSQafw9Y/QnFbjRtXk9ONVrN8gJaUmSkEKi+Uh8mKr9L0ZLh93KSB6ukQxxTy7c/+mdRVLpxaY89pNcTiYV5cazobdF6F/mXvN4MAwU7h19xXuTtbaX78N7tJE7sjnf1cPdcxLUTvUJIVBD8QDRVtnODSzL9FsUSBQnl46ZicQ5xCeO6IhAX3S9ng1i4LZ1PT7c2j2MNc5kEiQHSD0vdCrISme8rXCaPmzppfHV8c8XD0Kx3JPLRyViPQ3CimhyO4cTOgcnaArUBlHilQRj/JaSfaxTVT1P6UTwHBOTXcT32IHWhZbp0nm/POsDV3mTMkP8Q1tooWglf/SbEHADY5IJ7P298N+6iOY5JXgLsWdbDokCaervUQeuS/jhwFYavrxZ+0gaYy3bMPGIF2zcFIugcPVHuXrlFfoeVX9KzP2l5gow6ZpbWBUVU5/tlzHCBm/NHJpbYgZEppfRHX4lTTddWldx09sglxh/L8Pjr8J0P6A4KBCCuS1gljaqllwfoCpDYU+m8aXFFLkWN4oM4KrZwE32qagNqnfHRhW5Q07lg9vMUF+H9gB/UqojvVnw98saO2a3bHm5DKr3JeqzxvOQRmPi7xa1UJ+lLsNBhgTClQ7vtWfEduy0YUCx4xdXGasAqJLndxLpwxdHWsI77Og7VY+V1Auk+xL8PtbKUOESQ0iIUMFIcb6myHhonS0xxTwKzkDu0WQ+Tt5Yw+wdGwdZUcSbKL2w5JagV69ChiTRP8k1Y4QanImkyzGaT2Ihjs/Rv92CgRKXYOBx+LrT2mn0XPJex7HtGzxRaAiwsHI1x17IYjs0m+rql2bQ7j03BdpTzMG/MVQqyERZNopHJj+A6tY6oBye7RDIIOT+x7U3hvZQcxY5OitS8IoSilJYLgKHO4aFhB+Li9KtBq7Idoo9ddnDa7yeqKsIs7wLnq6bBvFMKNf40zzDwi/iuO7nxGzO0ITmy9hn4pxnF6wjqO5sZ4jQlcSkj/X7PhTNkO9nEzWuy12YD9/Ypn01baM6fAHyA7RoCHaOzS8nIDlcX8YSVYinjhiU/fA2Da8w9c4s7U2+tFa+NZLBDKLW9OFPquK03D7mGwmg607JyGK5iVRc9U12QHHaBoFzMoEpafFRWDS9ZOOtD/JMImxF97a6mtsMHqcrUu2wpKC4YhpDLjNXBJ/0qxJEQ7YwNt924Hd+Juzz4Fjw4vYCKsdv88ZSQpmkYA85tFvnR0hJCd7/wPnS0yWXkYWykWLzOoCdryKRwYpmWdqHxGfJl68rWtrdosnneaREiT04hjIDNBhjIZqPoxNWxC/ai42Ek/WbB5nJnqAMhpiww6TOBJHwtaPNUlzUjWWlfPb99AzDpWAt8Fugevjw26D0jEYGCUi7yvAQs39l4rpJi3+c1L5x3BKgir2Udz82zGQ7eZyY1DuALmX/lT3/mGBaZlzpIuWovFduAwTCL8CX94JoKNjBbxzLBBaCz1BEk95/3dfZDfHIaG3xUnZIukDP++mECPs6aC+EL+7sVYzW8exGCINMECHK1gSAsZUd9cDh5wpKnTmdalgSkMOlvhnEuqUaRG5TI5q2xJMhaErh+0JIeWkuEIoLzzfw36Gfnwl4IoccxXdW/6fpV81SnOFKwmQAWlBLBwgkeBTFdwUAAPEMAABQSwMECgAJAAAAxWGbSC8c3ZsUAAAACAAAAC0AHAAzMzdmYmQ1YzJkNzJhMGE5YWJkZTYwNGFhZTYwY2NmYS5maWxlbmFtZS50eHRVVAkAAxGtIFcRrSBXdXgLAAEEIQAAAAQhAAAA0gWqIaEgkpwX8CduD5zlb8WfmdtQSwcILxzdmxQAAAAIAAAAUEsBAh4DFAAJAAgAxWGbSCR4FMV3BQAA8QwAACAAGAAAAAAAAQAAAKSBAAAAADMzN2ZiZDVjMmQ3MmEwYTlhYmRlNjA0YWFlNjBjY2ZhVVQFAAMRrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAxWGbSC8c3ZsUAAAACAAAAC0AGAAAAAAAAQAAAKSB4QUAADMzN2ZiZDVjMmQ3MmEwYTlhYmRlNjA0YWFlNjBjY2ZhLmZpbGVuYW1lLnR4dFVUBQADEa0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '2a006.js' AND file:hashes.MD5 = '337fbd5c2d72a0a9abde604aae60ccfa' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad12-8bf4-4d60-80b0-4751950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:10.000Z",
"modified": "2016-04-27T12:14:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2a006.js' AND file:hashes.SHA1 = '68bfa535afbb397a467b7b1d202915bff099c076']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad12-f7d0-4a66-b48f-4905950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:10.000Z",
"modified": "2016-04-27T12:14:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2a006.js' AND file:hashes.SHA256 = 'a977c65b2605efbea8a8e7670242253ad6f9b8a593b2173cea952b51e102c160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad13-1618-4451-a443-4279950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:11.000Z",
"modified": "2016-04-27T12:14:11.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMZhm0gl8hnUcwUAAOcMAAAgABwANDYzOWUzYTRjYTFkZWVmZDYwOGM2ZTU3ZjA2ZmMzYWNVVAkAAxOtIFcTrSBXdXgLAAEEIQAAAAQhAAAALqU9XeT15fEKJcoBJ/XnvO9dHNV0KsvSg43JLxJ8xak8R0WcmLsrgC1yZw/rtmUPSwrUIOd00xBO0fc24p22ZX2ZDsrhgP9drSJMQyfRi4JXmQ/M61aWlMhF8TKCfTgZ1sMReHg7yzhYomW/Ty9vsRWGKg1+w404XmRg8hGK10sia69evHa8M7Frgs4epYvk6H8olFcIPF+3O3YHSg0Q4UMhb2mbKp0niTqxdErTXqiWzndTaOgGThDTjmMGieKPI/JMKmGlkBFaQZuG6MA2qIZLtx35qmi//BNacqpjarYTSCgzGLWnKF6gkqlmt7Ul+/DlQbrzeBH8vI5N1/r3P5f16P48qbg8V2O3zrkOV7kAw66lWkzQMp2rpyLCYk51IM2neug10AMhleoj0nbhJ1ckFLtRl6wAil2CzpUGabg1yCgu0XA3MVzgDmqUn9rx5DrY20lXM1LCKVqTqeYfDkDjhMigkRImIrZg6OZJ5PKnxvg720yLClEdW91H4tnv2ihmZwtRHuSLE8AU3JBOSlcGt7H92Ceb/RL/TeBhzI2k+AzKTiAyWJbX0Pl7aXhq/mQx7AZHWgxJ05H4JsCvSf13MIQvvT31wM6tn6j9Hte2JBn9qjS09AXAwY0qh2BPQ9ai7lUlbeU5y3WgfivB9Lm+0ucDF6OFMfEcz0ZdpzHTGrjJ9INCZ63CasJPhiN8RlSPur/zVT7hiQcocOcGG2Q1+/lrn0Ed/ejWE42URRQxbf2EdikL5yD+iiUZHfF2jcxUMXRy+bxO+dO8nu9G+FscH/vZfMtOsbYRlWzOCyPmoOCzGNXvBuqEo3LzsoZJxcYb8rVgjCAg/IJLjHevW8RT7gWtGTQbP7a08OfHVxW3vT1mxQH6adCSbSFPjt2Jz/POi7UBDvyipAJlF4944Vna1oBQsiepP4aMFFtzilisOFhEpx9yXGpypqrBgyvz02q/wqpMDXJWdUPMLFPK+z2oL+G6+t/VyELpg0BF1/kZMivgnp6R444sPGLvd+5i+a9EEuE9L2KBAsweFN0aUJKiI7DIYFoj+/ND6zGorb7F35En2eQ6loPOVaepKR2gZ74vcwKDX29PK1UKUd8JOXhFG95nHmv7kcrbOa6GKaz/hE6m2gBSQrX292RkP1bE2HHqbQx3w531XYn/jDnblDGqxM40h4W0iVtvkKimDCZQj8x5vetUUzwxvRino/LmfZIAxfOQrlWs0JuTGtJbDkfXMVz+PbwEBuDFrFyiadkXyVgsvNaEFAPM1iYvdwXGuoRVmIh9dro09GyzLdm1CbdvEv3N462NBH+IuYLhYqtuF+kAX7LIW9WlW8HT/9ZsuPuTcJmgosmYvd9bfMslCF2F7cV6cxiy9bVkG3n+mYMmpO6+fEtKF2K3L0NurbxUxv/gmjDmV3cacntoesd5ugAPA8/YBtGMjK/ZEgl78JlbTzkByCRLln6bSIbf2xZ/1JrLqIsEW0KEJzHTYZAv8Yxy4F/YMxp6/ZF4X9qRleCiAKxl5zbTskLwjCFFQ8nEmVEJmX1psNWXt4oqYcBD3CCapKCt793JM5MZnSKEXg5hguyOimJZ+h6HUnwYYXa5QREr+ch7xRQi8ek+nG2FkX1+3cWTXdx4qqDgJKr35p2RgKBKhGN82BXWwqXX/6Onu2Y/lH9p/Zv6alcGgR//UqkDq/XOJu51tmUK05574XrARKADs92fpPuubfalfJayceVXeIcQQvdmULNrSYvoreGuYDLqd28UTLyDH9sN/b7gwx8+Mjt8epwtRYbazPJvI61STeZk9AflgveS1vaX1h3Zkjm96KqNQMaR2I6yiFsXON/JAeiSBcZe14BCKziXbqOUUEsHCCXyGdRzBQAA5wwAAFBLAwQKAAkAAADGYZtITMVOrxQAAAAIAAAALQAcADQ2MzllM2E0Y2ExZGVlZmQ2MDhjNmU1N2YwNmZjM2FjLmZpbGVuYW1lLnR4dFVUCQADE60gVxOtIFd1eAsAAQQhAAAABCEAAADrAOPnW/PfoaUpi/bozEuWzytPCFBLBwhMxU6vFAAAAAgAAABQSwECHgMUAAkACADGYZtIJfIZ1HMFAADnDAAAIAAYAAAAAAABAAAApIEAAAAANDYzOWUzYTRjYTFkZWVmZDYwOGM2ZTU3ZjA2ZmMzYWNVVAUAAxOtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADGYZtITMVOrxQAAAAIAAAALQAYAAAAAAABAAAApIHdBQAANDYzOWUzYTRjYTFkZWVmZDYwOGM2ZTU3ZjA2ZmMzYWMuZmlsZW5hbWUudHh0VVQFAAMTrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = '2af6d.js' AND file:hashes.MD5 = '4639e3a4ca1deefd608c6e57f06fc3ac' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad14-12e0-4fd4-bf38-492c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:12.000Z",
"modified": "2016-04-27T12:14:12.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2af6d.js' AND file:hashes.SHA1 = 'e3a49445cd7a952622f098a5b79820c95a414794']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad15-65a4-4560-a7c4-4c16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:13.000Z",
"modified": "2016-04-27T12:14:13.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2af6d.js' AND file:hashes.SHA256 = '8b230b887b30d0905f5eb7ed13d6b8d999e342f8432958d24882adfe247ce855']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad15-b5b8-4c69-89ee-4932950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:13.000Z",
"modified": "2016-04-27T12:14:13.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMdhm0hjeUpDggUAAPwMAAAgABwAZDhmNmM0YTQ5MjFlZTA3MmNjMTMwY2Q5ZjY0NzExMjhVVAkAAxWtIFcVrSBXdXgLAAEEIQAAAAQhAAAAtth4SB72nagNyr7YXwi0Tfk4e/5revSDL1Xk9oNmvK+01xB2cOg1c18rO+FlFjDPYBN2ZoHvgWz7Gint7/0+4ZsaH64MnYPtb0KOYZXy5cVoaCNBLsxya8aJY7hRMthN2XhO9mh4lcM9uFzsIPfGni31qThsdJogTT6DFBvTRKtjP4GppGj7akJhVE/HdFfS5q8LXCvrXznHRg6Eg439vtVRRwfb8z5p1NT5MQ6x3qjFk45eong1L5AAIUlXZUmW5vYD0AYnFH0AIc0F/59TbeBSLQad57RDpO+BdofmIw1KOS5DxzOcXun/Q0aMgy1lXCT0M2HDwdbZL9Str1eJimy2ajEsmPFfONLMv84aIZBaK9sgnzndRXJGKs7YaE/Gq8lFmJHw+Kof3RwRLanUIqRAuzKsamXC1IT1RBXOvPgsRBYjU9PPH81t7BZQX60Kxxs2CWW9mOXqjD6Nqxmxvl00Ee6eiD1GEHRUZT39tcfJZRjwoJ0Tm9AW+1vLCSrL5OaUIMgAbwoEOoD7Gs4C4x4dgHbIl/YmKALlb7K76Eb3X5FoCYGLxFhqxxNf9zeb1voGDDqn1/3M1hYbY3ibE0lnHb2RtpHb/c66Vw8XEIwRnSvv9/zxgGM6WisF1yB+wTbwVEAQFNcBvxn1ifjdczUTE4Qqztr0QjxvxttK/O5ah110WxsjFg9Faaa97Yzol+SQBNQ7EhzoHWOPOmppgKFES20DkCSBkQnA/HVGg7ttPmYraT26XBhAnlLoZOooeeD1WxP3JdsHIivNciMiudqPuovHtQ3Yhobo2QDQh12WCd8ttifl89vhsjLb7mZGs/1UmjQNoeuxKHuorO2AUzQQWnzscMRvzrZSMbcFNeDcnyA+v+Bstnm7pu6F6eTjgLgPMSv9cny14TTHaLP1XNlgCQ4a+CNdyPpdCYHAoZqY5JYsRv8jqazs0b8sVjWL9wUUthk46CLYkLaAGEy1iK8sEbc2llAjL8mEctk2WN5a3bfyXorOVvmkt1YdA0lFrQJGds6RSEj2Rydq+e45LwwcsVmXw2lBehFjcMHQ/b3Q90eDGfg4fhvmqkmG8jontbtRP/JySxrPkkqbENrKj83xCJDpDUclQ3n4pH9KWMvgVpaQi9pCphcF8YFrhW5ZLVfuoMgQP4qg8m7wgiYfOpS9iCK0vQP9ELF+AoEATMd1/T+JbnCGbX8WLclIjEyUba7WI2st8C7T1zJ4wPdYVt3OzcYgXvEBsQ2AnyOJ3BeI9QGuwdF0+X7bFBx2+aBBh7vlmSWwUCNVhTC0uN5+Fw3j/sx6PoJovufgixuswPpw0JHT6buEHXfqH8t6e6bemJCOAyLqfVtW0Fmk1VbOiZ8v/BdHCpFfzoS4szQ3r+/8tah7P7P9YQgd7b4GAVeKP6nCsjh7icduweabFIxdA8NbJhI2mVb8SSll3Z5Lmp7EQQTjLCQ3zat/hstMyTmX4j0zDoLT0YUv7wKacy8D4JE4yuOhBvlnpNTQ2FHVREXfEa7Y2ILFEDP7/UeRz1E2BLlrWIc6DUSjY+5R4At0eUUMzMgZBNGaV9snGfY5BWoFybFPpDRlEmBQ+6fvhnB0W9RbuIV4VSjihiK7wvPta461olWqhDf7m0FjKpOUPACPnKQSFdfxRoymgpzyEK8cTKeIfuKvTRpHTF2bDgKuUTNqNRxDZB0STu5VqKEz2b3Re/eRhghL4a9bc3218Hruh3EdB1rjCY+0cB/KFzdTt2sASUZ4+H9Bfd3MaF3IKJFZlvHji1IJ/IVD/nIdrBtk6GlTNasWXi7ibMHi9rLFY86v6uI0oT35xC4LDVvatN+6xfgdK8jTKwAk2oXxqCjG7r69hYqN702VyRjXEmNa7qJmUEsHCGN5SkOCBQAA/AwAAFBLAwQKAAkAAADHYZtIYA8CkBYAAAAKAAAALQAcAGQ4ZjZjNGE0OTIxZWUwNzJjYzEzMGNkOWY2NDcxMTI4LmZpbGVuYW1lLnR4dFVUCQADFa0gVxWtIFd1eAsAAQQhAAAABCEAAADoASQ7931W6XgfZS4cTn4mfIXRVbTNUEsHCGAPApAWAAAACgAAAFBLAQIeAxQACQAIAMdhm0hjeUpDggUAAPwMAAAgABgAAAAAAAEAAACkgQAAAABkOGY2YzRhNDkyMWVlMDcyY2MxMzBjZDlmNjQ3MTEyOFVUBQADFa0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMdhm0hgDwKQFgAAAAoAAAAtABgAAAAAAAEAAACkgewFAABkOGY2YzRhNDkyMWVlMDcyY2MxMzBjZDlmNjQ3MTEyOC5maWxlbmFtZS50eHRVVAUAAxWtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAeQYAAAAA' AND file:name = '2c13b37.js' AND file:hashes.MD5 = 'd8f6c4a4921ee072cc130cd9f6471128' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad16-3b2c-4e5d-8a4a-42df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:14.000Z",
"modified": "2016-04-27T12:14:14.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2c13b37.js' AND file:hashes.SHA1 = '8b74103b3d349119cd5072eed3a376225e7c12de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad17-26ec-4c17-bae3-4c41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:15.000Z",
"modified": "2016-04-27T12:14:15.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2c13b37.js' AND file:hashes.SHA256 = '619fef898b9f4e1e209fbdfc2e7ae6b171260e8d83c9135382864cc2a884c8d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad18-9550-476f-8122-4cb6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:16.000Z",
"modified": "2016-04-27T12:14:16.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMhhm0hPENx9cwUAAO4MAAAgABwAMmIzYTZhNGFiODZiMjk4M2Y5OGU2Y2NiN2ZjNzhlOGRVVAkAAxitIFcYrSBXdXgLAAEEIQAAAAQhAAAAAHjNpNbHl/RuTW+4EpgoMSKRs7GKo4nCZhNr6FfeLd0WJq7DE3ndqbEu+xmDQ3tCdO/agC6irGduvckBpszPPjR0y8Hwx3410aSdpjY81XTLzQHDTpL/caCvM2jEsKghTqKEBq0X+m42WdNgrFtXcUmXoqKK2fR2J69+UnhXL2zIDqO5kHMvDYKN20anfzzFQNcZhj7/GfpXe5hNAXqo0ybuz+5vtRZ/2J6U0thnkMrYOZyWH+EzmoZto5bcFW8twjzF+N8ebKMrvYbNEv2lBbOv1AWScCzHXZbNfN+rvB2dvRTXuusKiWmdY3fnrmooERuH+/qZ0op0U6XxsxehjAwR4UVwJvrXtynKFrKI+BsIva1XzgldOUPe/LLQ2tBaaWk0iHHKqrunqt86QbIMrsbj3dwNSQQpEPYTMKnljuK2Oo4R0yNA3Ae2dGSqSGWQfVVcWalApmWBMnVQKfvWorW+UexwEyHaMvndfipJO/f1MzYNPo9jhnMzvEqs64an/kMmY4M2qRI29HQWLfQ/t4M4GMmRp1qC4avc7EDusHezT6JVlEKyDQsv8DCnCe8oUl3ZDdf/AV+fWcRQd4Sx0Dtemqf3IZHec1NZ75aJX/LSBNuqXi4vinekfxUSKMO+MLd5HlIi2XKeMSmQG7sFE/INo61pY5KvS3kbMNjxJA0wSiIFZW/sFBrWt+QrQA3wxYarhTsjoeo7fhSeeLHCXVeO1xtDVAA2juLibP+UYJToKOjSYSMnpjbk7mAHRnDE/DtwgltXOrn+NnUCFXaRUYHfT4Ne4dYWPVG3N0+fH8xWOekO/1nl1s6E90xoGw86de9f36DHHIlRUKwqA2LveOIS7wp1CPknSOVX1fPw3LRlQMsbE1snYxR5uRoeW81TRkJQmrP8CpGr64u9TiH9ds0srrkpjBotOWEwdedYkf3KIZgmU/HWkM4X1QC0CEv7Sjdcx+bQaSKJ7sTBEFXs8Orwwvj9xbODqPcQSvvowlrfETpbTGylQQTFYpwl0Fl34T6kh3p833KaQedm3YOW4J2FWqFneX/QwTDgSWSFvqMQQBZaAXjpDvogAPm2c8e4ZbN1n5WO+yFtiVwywzIJjstvgcX5l3mF5TIa3cF0bdbgdvDOosJOV1m4pidTG//IeDM320jMRsOoA9GAEHX8cmrp9UwUa/AFjs3GtVjcp43jyg1z5mKcsvuf2cWrOGbfWHhG9zT5gKrLaCADwVIOIKD/5UEkWR8TDZiBxFqNOTWfWBIfye4k6Ty/uxRRIDyOfdy7NmbeKtfDkVFl/wI0Toq7/bmHC9TTgki7g19BHCRHgH41s4PkQDfFsthpVJ1FwL2UYjRcB6sr1N4j0ivRuOXfR1w7yKwg9Hx74cF+773Dt7cYDIK4f/AHstrocn0OqyracXCuDNZpSSrLF6+zzL22bGqXXjraaDmKepJVkOLzJi+IqO48zXjqCItFLr7s5Ona6T/tpeqz8LvCSkHlG6hZyRtWagR57zjU9gVo6C/DGRx+03ytYXtYQYu1WqMg6KAgYanAtGPYAqlBTMkQg9ZoTtIFNGjUd1KzMewvgDQdqBMxtk0sEDjYGMBwt3TX2VNFAcUOC3MhP4Ngx7YXnbY+ZpkX9CTkoqOehyiiOm68OX06olgzOVwgnk/m+3x8W+G8XMlAJrUk/rDi4O2EOx61BswmwOL+MepjOmEwUAkcOFXVopLi/wKWtXnohnO5aMkugNYq6LOcyy4IXVbeV3d4gRYoTvOqlIUFylaCFsk114LnbuLDDAjuRcP1pdjKjgqUj3rZVBqOCUR/WtEXukXuI8PtwgbAFp9d5C2R/uJpiIntLu2dgBPTeqGCRgryTvpqUEsHCE8Q3H1zBQAA7gwAAFBLAwQKAAkAAADIYZtIhp4mSBQAAAAIAAAALQAcADJiM2E2YTRhYjg2YjI5ODNmOThlNmNjYjdmYzc4ZThkLmZpbGVuYW1lLnR4dFVUCQADGK0gVxitIFd1eAsAAQQhAAAABCEAAACWiRDyAjJQJsFQ4BUkXdU0QE3lf1BLBwiGniZIFAAAAAgAAABQSwECHgMUAAkACADIYZtITxDcfXMFAADuDAAAIAAYAAAAAAABAAAApIEAAAAAMmIzYTZhNGFiODZiMjk4M2Y5OGU2Y2NiN2ZjNzhlOGRVVAUAAxitIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADIYZtIhp4mSBQAAAAIAAAALQAYAAAAAAABAAAApIHdBQAAMmIzYTZhNGFiODZiMjk4M2Y5OGU2Y2NiN2ZjNzhlOGQuZmlsZW5hbWUudHh0VVQFAAMYrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = '2ccaf.js' AND file:hashes.MD5 = '2b3a6a4ab86b2983f98e6ccb7fc78e8d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad18-4b74-4a0d-b9ec-44e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:16.000Z",
"modified": "2016-04-27T12:14:16.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2ccaf.js' AND file:hashes.SHA1 = 'b4b16501908fa24182224ea5657175f7bb60be48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad19-2180-452c-8b63-4731950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:17.000Z",
"modified": "2016-04-27T12:14:17.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2ccaf.js' AND file:hashes.SHA256 = '8bf626b1048dc42ddb6270c3268e071ba3825da9aaf82b22698cc3358e2a9e79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1a-1d18-4be9-9a2f-459c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:18.000Z",
"modified": "2016-04-27T12:14:18.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMlhm0g9zAY7dgUAAOoMAAAgABwAZGZjYzk0Yzg3MTJhZDQ1NjYwMjFlZDViYTNlZjIyNTlVVAkAAxqtIFcarSBXdXgLAAEEIQAAAAQhAAAAAHjNpNbHl/RuTW7OSkzsEjPkNA7Y+lj9XNLEy2KYqLG8Xp0UegfnDrjj6+sm5qyMRKdxjNgvS1/eY00uJNS8dGqSGjjp0XVdstD2Rp7KbBoSNPGJPq5Bt2+u/J8AxxMISApiCRv42p9+I4quNhwn1UeHyR+kpwuc8qHY4spO5V9zSydHi8vp9d8VoYzcBDUnyiz+tHoMmFYlfS1lIaastQ+p6Q124JeS1HLlxb3CM123N7gMRPvzWf6K0HjRuwhN4nZMp70njmXBpo4toLT4USIGQfnXYk0CTajzKLPGp5HVI83VrO4WzqIG/3m0Dp8enXev/5tgfP76BYofSmiNRmnEZymAnvD+b2oX/4Bp69oPf7n3U9234128rEaS7kkmH9pWaNMrgo2AOwm2MXIfGdSGVxRBhlsGsulHKxJ6logw7Ek88qAfyQbava2JG39HglTcT3r5E6d9egfaI1eDHPO/HgS17w/KKM3ER8Yhv6nj43A9lsdR/CLE6JdPB2tEW8qrBXFysQR6lHuc3e4/AiFi33Bm3OfDXHck0QpUEPYbF7wCa2LiNoiygRxjhjR74uV+4I5ioaJx5rkCj+QRWM+vsyVQHl8BizpeU2JUHSqjKwuVBvQdo0XpLtBHctUwfJqahLL/mOyn8ue3ZMMEF1iPuOF+ENDo/XEkN0VmzI8XxJCRzkRS3j4nUPtrQDyHzwjldJSsc0k1hf7cYYww1dDLN6wKW3vWB1JdP5w5dP0eFV0WUk5bxeU+kSxD6NZMWJHb62E1QPn7Nlm9yZnKxkhOgHBICAS21fxowc0R+THZM+tLO3UkttW2Umc/yNEnHUGZa/aOV8biG35a2jK7eV8ioq06P47j+kn1Wow7/pTKUNXlucv1vhVXpjRaMA1FSrm9Bi3GvTMqBIrcL/WFaVni4qKvSKJQkj7qWf1o8RyQjnV8LxrFjUVwNPOL+0/giMAfRUy6qYtqXtAlPMkTq4seOkooDqF5W97HcExj3MUapkpV9u2Nz5IC6QDd8csaiTF9TWm58N7dII3xUZpS2FTc0R087U8wKS+B2L01urSfpor6pq4hJVJwjSV1Gga1Kw7RUeXoQgW9E7jMTwqMYBkhfRWjELaU8iJN8stOsG2YtTkri9BvuJBeMGkZosqVK5ktz1BU7CXegreqruoUfg7hzs4qk2HtN0cW8iCA6gdohHJgEabVBL/gqKqEQ8/kcE89riYWF+9pQ5dHhZFMXdQEQp/rt0YDn95QnBdWrD00bm219lbTkfps45sKuzOm+IKHBNtmfUOXfdhzO1yDcvTAREACHwcvo68WnZ20wGfQbTgOMT0VKn3wpVV+YqV/1VP7Ai4wCwzsFVQRY1eziEiPRj5BF0k29Caeg1LwLogk2yEv68nUGh83LXADuplF1pNNZprP20bGUQuZ1xui3R7Kvg5Q8UB/5kYi3V9Vl9HzdPd99oQPpKffO7mBPHiAgKIuHg8XmUkHnrMUGYj1eCu+Vi6Ot0ur+x8/5caJZqA0uxHCcgEvTgL31556S/qf5SbcfTLmhtBAscyqKAUptilcSQ3pHxHDj13xM0Vt0vKbThQnrMExeduc1YWRxOyfsUm1JHG0YnR6jRCyFFNAGiphO+J0bEdglH1qX7sqtNMYrlUrrpVKx7j7UEP8FvaqKJ4VyF469M+HtTPHpFNOEjtPNp/7orOSa8/yDu1937lNYPfAokKAEH966sVHMxoeGiR7Rg/xJcihNp9qxlJfKK9aE3L7cXsxokBP45p5gmgqHX1sADmp0BgmkXP297zxCIcfkp1ey3K2G6VV+sO4fif7V5WmI4v9xED7ytI2tK4EN5MsVc4X2LpOoVayBA1C8m9OETNTUEsHCD3MBjt2BQAA6gwAAFBLAwQKAAkAAADJYZtIa8AyyhUAAAAJAAAALQAcAGRmY2M5NGM4NzEyYWQ0NTY2MDIxZWQ1YmEzZWYyMjU5LmZpbGVuYW1lLnR4dFVUCQADGq0gVxqtIFd1eAsAAQQhAAAABCEAAACWiRDyAjJQJsFQ4dHCcdJ1osaDqINQSwcIa8AyyhUAAAAJAAAAUEsBAh4DFAAJAAgAyWGbSD3MBjt2BQAA6gwAACAAGAAAAAAAAQAAAKSBAAAAAGRmY2M5NGM4NzEyYWQ0NTY2MDIxZWQ1YmEzZWYyMjU5VVQFAAMarSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAyWGbSGvAMsoVAAAACQAAAC0AGAAAAAAAAQAAAKSB4AUAAGRmY2M5NGM4NzEyYWQ0NTY2MDIxZWQ1YmEzZWYyMjU5LmZpbGVuYW1lLnR4dFVUBQADGq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '2d1d46.js' AND file:hashes.MD5 = 'dfcc94c8712ad4566021ed5ba3ef2259' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1a-63cc-4b44-80c1-4856950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:18.000Z",
"modified": "2016-04-27T12:14:18.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2d1d46.js' AND file:hashes.SHA1 = '5cdf406fc232335cd593e0346dbea59c6c2ce75e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1b-bc08-46f5-b0a1-4c06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:19.000Z",
"modified": "2016-04-27T12:14:19.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2d1d46.js' AND file:hashes.SHA256 = '3c12c6e575bbef22ea237d3a4f9b8519e060d075d01c1003a2d21f149c179f63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1c-d8c4-4984-b9ef-4e47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:20.000Z",
"modified": "2016-04-27T12:14:20.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMphm0ise72KbwUAAOQMAAAgABwAZDVlNmM5YTdhZTkwNTU4NDVhYzIzNGE2MjhmOWNhZjhVVAkAAxytIFccrSBXdXgLAAEEIQAAAAQhAAAATEchL/PkA3+pkusNuo0AiN8FswLh8ctFIsiW5ZydnPSe/qn4Z6E1Glmr5xJXINJYGPmvh0GFQxQObi/6+mCxADkdN5s/cwAPXSwxJZnZwlHCj2hN0yguuD7HJzMmLK+UNqB+9Gl77vh931N872Xwe4Rk/1FnX4oZbAZU1Ej+k9DwMg9+1+RhRJeM4eUMpI33ir65T6oG1aPkDdCIv6ZqJR5HmC9xGuAvbfkiKZ5KKYesotI0e8uuKH/lKVKFx/yRnLS+JTiXOD3N/Yjn/oS4AL9S1ub0AN77xbHR6UZYjQjlCtv30OEmPlwIiJeFNRhIxfo6DgommTfsADz877HrMUdDP8pWI3N7ngh1lUoSkR2Bu9o7gV435XKr/+c0FVsKDtBPwZCSZWjAZdllOAhGjw2iCQG4e5gU5yOyW828XzplTxYMIEj+iriKaM8+HcwbvJg1cb8qRmv57Urx5K0LI2311/NLrpJ2ex/NoOS0pZm/gPiNNdM9yc/hTymMdYYE1SVsOkp17R5SfqcLX9sWV4DunDiBNc1TtPSwpIbRJJUrLTIrecUgnrQ2lvaZ202G3fwvV9URB6/8TIZSZGq//sZyL9DbTKBxMDnWhL5XsULJvuoZCdHzE/sEnAGPDOAjg49UU48uy1+SSUSpfCfcoT0DtnNV/N93slv6pmKy56lsauDM0wqgsWPUEvL6PfS3DNFX9Yn1BhQp+WKoy8XV1ujtDAWJXYRYj9aX10j2jYe6nk0Hz32r1Ma0nBch3u+DX0kas721JcrkDRJuSbk38wTrJWnvjmdQc0LUmgdwhoCBNXJStcDWZIkYbpbzY1i3D4YyiUV52BIUfCU3F4zwTzc1ScDAKTP2zU/Kp/jfzeUQNv40lt1Qu3LufxPEqtgwyfnB8uI1njd9X3Mimdsx3M7ccQgEgCK0ncTwqDwtKisyNuQjYxV4zDkaNYRv1nc1JZ5V12Gw8CXNV+gkDqK+yJSF/HzKpJk7QBSGJlH/afGDof8fhCqIcYWvos7xTPGVty63Ln7c4wTwqKkvZji4Ms0ofhLjx9CiHFafGGidBiWbCfZAadWzhtOVsNAgPZ6SyQEmrLIp8ELR3MWBbn+stsYJ/imTxbfFJjD9T9rezWI6XXptjTkDL5pg0WRFyEaLcxsenrtoYVDLffSbU/+Gq8aiLiNdARPhmdJlj2cKGXa1L2i8mhqsFlTU1llzlwg425JDmObQF0e48dICcADpr1CCjRbsD79FSpBo+UQj2JJXeYCiFVB8PqlvVY0g4lqw+oLRwTvheC6SINY6SjOToVXa35fi1NNq03GvuiZQX21abRE7iCLn7cOml+X6m9IcduN6EExOPeR4Axh0ZNn48HpM7YUZNhTcUKKP4O91DXYLkRVGzlVCQkIUdL0WraskzaAkECw7A+WAe+ee+s85sGoXPijikQskAo2DddHwZaW8g6Y2oG9bV1ZFknJ0QJvY8FMOuUe3Rx28RoPNEt/TXArZ45AcuDhlrCUbkHeVTp/efs9imtepaMrjh5aQmHOCKyPrfaY5iwFrlN/zYwBzlclO3ukOyLnEMlrEtTprRWbkNCGqvn0OcEObpLiWBk5q1p+jGw4M0o8oExyxuEB17Vt2ZfeXhYhFIu4Zl6a7b0WBGavYVQZTqZYRbwvstNbGYfPJZMUYsmPHhUk18XFFwWz0ZvZGmfVbp2U3XJVRjf+ZpoH9OYmq5R2wyteydzkl+6pVgJ4Z3eRUfpzQ2PKmSc8vV6Y2Gk12dEbz2dVC783JSd7iGSTD/JE6RMMNFORGsI0RYXrSLa6LvkEREVrNylb07mYUgy4+CRqyDN/lRa6D2Kp8EVBuo9IDZh9UoVhQSwcIrHu9im8FAADkDAAAUEsDBAoACQAAAMphm0i/3g9TFQAAAAkAAAAtABwAZDVlNmM5YTdhZTkwNTU4NDVhYzIzNGE2MjhmOWNhZjguZmlsZW5hbWUudHh0VVQJAAMcrSBXHK0gV3V4CwABBCEAAAAEIQAAALzB+jY/XtCq+2TZz4+oiz/pXTl181BLBwi/3g9TFQAAAAkAAABQSwECHgMUAAkACADKYZtIrHu9im8FAADkDAAAIAAYAAAAAAABAAAApIEAAAAAZDVlNmM5YTdhZTkwNTU4NDVhYzIzNGE2MjhmOWNhZjhVVAUAAxytIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADKYZtIv94PUxUAAAAJAAAALQAYAAAAAAABAAAApIHZBQAAZDVlNmM5YTdhZTkwNTU4NDVhYzIzNGE2MjhmOWNhZjguZmlsZW5hbWUudHh0VVQFAAMcrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGUGAAAAAA==' AND file:name = '2e1226.js' AND file:hashes.MD5 = 'd5e6c9a7ae9055845ac234a628f9caf8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1c-470c-4302-94cd-482a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:20.000Z",
"modified": "2016-04-27T12:14:20.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2e1226.js' AND file:hashes.SHA1 = '6801e4ceb5cac93487d2acdf95c687a7fb4a7d83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1d-95c4-449d-91df-49a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:21.000Z",
"modified": "2016-04-27T12:14:21.000Z",
"description": "unique .js file",
"pattern": "[file:name = '2e1226.js' AND file:hashes.SHA256 = '479732e964aa412960284684346a85099e2459f6afd79a653c736d60d6b8e0af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1e-9478-4756-bef5-4e28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:22.000Z",
"modified": "2016-04-27T12:14:22.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMthm0gVuyJKdQUAAO0MAAAgABwAMTI5MmY1NWYzZjRiMWVmODVhOGI1OTJmZWFhMmZlZDhVVAkAAx6tIFcerSBXdXgLAAEEIQAAAAQhAAAATEchL/PkA3+pkuqjonb6jCtSnMxiXze75eYG9baOwtAIThOtLCnPO2Npq9HYqeQdNZlMVz+cUcTn9J3Ny+T13q5DDVgGMuKkcVpCyOFkBd2NvqSxb5aCijDik+UjRVwmq4XOlycVl7L5VaIpLnBxa6wSyaNo9vxMMboiz1PBadtB8UItrNE3n839SP9j/tmtOT/G9PsIIEwpEaVVSXleItrw4D8LrmWDjidf+QCkvsZiK78h+6g4qJ/uMqBK6eQzcphKCmfVNiMvvP0XJKHsOsLxeMTSrsBSnfSFL5SXVSwnGhOdeSD/XvUnxpPMOkBQ9iDimnzFToFXhowai8LKb898KUNLKgJDLmqa2B/QfQYWcVk0or93qpfrmiOazQ2hCA5PkBor0W6Fl91rgndHi5m1PcIaj5z7n11644ou3EJTNY/OiORfIIZ2URvKf/F+oF+0QyOBb+GsLdrFb1ZWTZGQdVH7yB905DVBE41vgQ90e1UjSluPeybV7XBix2pf7t6R3R/ANQWZ8zd8n2H7Gyogp4fMwFV4LXL8z/W9SzHyxTUGgDa0a9QpIN+h/ouc+Q9i0rxNuQjsS0I0xH3kgV9GK9DUwfw8lB2y1ScRid/X12yhHrySNXpn/C/VTWuTdBE7RlFsSvaPM5zaAFr9xIVPBab9Hmwo6ug9lxlYq0Rx3qrMWhjInN3D1D4UhZSM6xX7agbfT3lOXv9U1OcLRTozB6+vForlyHn5yDU2b77lywtbPYVnFJZPZVUvuclibvho1/Rdh6Gxdbau1SycpiWgpqpiiMUwYgkx5RhCCwUbUtHfD/znBtUmR4YoUGoVvv6ILlqUOkfEt8OEYmoW4YdJOE93OC3Iri3eOLSH9etPr4iohdzbVM+Kn0k23OFezfqd+2EJYW64aaLJ33ugPGkA4pAq0tEchnXL92nZ5E5KKERdMSVjPXA6kM1gLTqPOQ+9zw8y5GUNMb56aQjlKyzUwQxwDilC2sK0L/zH7CWVY4RH2X17z7jmO/xH/pnd1kuw5Lk5ZwFU9/07Dpz81YnaORYsPvCBKKenJdQRVEZjoLYxu1sZEBOMMKLaMJJWOn3MXvQRaAgl+UXRTaxnVtHtgYxjFzw5loQ4jUTlUqugW9s3kDL1mYwkBoQsqty5oUj3V3iDqKoe7K95XA19I8IgPaBAtTfq+ljcb6GiIBtGTHZat1pFSUMUnCnGO7iesM4XJH2lYqy8y+ZUuPrI8H5mVww8T1Q3KhgSd6O5MvHBckzqRFNQZiSebT/84ePUSQIa8nwzlOThfXhBdMH3zm/THIKboYOewr8ykpB3OekMcpLtLSDoMtSGpK3sEwPAJQoq9z/QVB1kqdjHP+0KkFzcdkWzoKhtHOgLVN5ERQFtl3nY2jT4LcOvMFUhBNiARyKxaYHyMl7uHrqSF2DSv5zmcIjQ+eKRSnf0XNKgNvovNVoRjvY/b8Zb8glXWi2aGSi1/t+EhzlvnrbEhim0kMpdjwti6sBljGMS+9l8FC0x16a94axv+SN1E8c3ZO+Jn6UoLpCdQkqh01Z54+qsH+Dtt+4aMfYWdoeQpWmiE5fBMqtQP3mVnH+ruk/rSSJAsJmBlhniiSG68Ao76cyVr0iTuZ5r1xef7UBmftvs4ZrTj3WPNR6TMeV5felMNz8cG/6X95FenQ310p57Ygy5HoLUmkpAuEjTnWYIn9RijvhVvEiIiFYSvVkGKf9+D/gS4NTkYaznGMWayyYdc81fJWnuZbHkECLTwIsG7+qnkGKMpQDLDBHDO1xgLsjOCTe6hlfA2Jte290BetI8OnWfSyffzGJXIRF8fEtwq8BV4zOZz6lJTugi2wLogEUkGL8O33op6b9QSwcIFbsiSnUFAADtDAAAUEsDBAoACQAAAMthm0g1ZVh2FwAAAAsAAAAtABwAMTI5MmY1NWYzZjRiMWVmODVhOGI1OTJmZWFhMmZlZDguZmlsZW5hbWUudHh0VVQJAAMerSBXHq0gV3V4CwABBCEAAAAEIQAAALzB+jY/XtCq+2TYKnJtfoge+DbhFFJtUEsHCDVlWHYXAAAACwAAAFBLAQIeAxQACQAIAMthm0gVuyJKdQUAAO0MAAAgABgAAAAAAAEAAACkgQAAAAAxMjkyZjU1ZjNmNGIxZWY4NWE4YjU5MmZlYWEyZmVkOFVUBQADHq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMthm0g1ZVh2FwAAAAsAAAAtABgAAAAAAAEAAACkgd8FAAAxMjkyZjU1ZjNmNGIxZWY4NWE4YjU5MmZlYWEyZmVkOC5maWxlbmFtZS50eHRVVAUAAx6tIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '3e1d5251.js' AND file:hashes.MD5 = '1292f55f3f4b1ef85a8b592feaa2fed8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad1f-1504-4e3e-9ba8-422c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:23.000Z",
"modified": "2016-04-27T12:14:23.000Z",
"description": "unique .js file",
"pattern": "[file:name = '3e1d5251.js' AND file:hashes.SHA1 = '228e18e84205da318a2f604c2e9d29eadd5cdc18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad20-2818-4d68-8929-4e69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:24.000Z",
"modified": "2016-04-27T12:14:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = '3e1d5251.js' AND file:hashes.SHA256 = '9eeb96fe9bdbe509fad39c81ac6a6793a704bf65788e8081a729ff137fcea5fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad20-f3cc-46ea-b139-46a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:24.000Z",
"modified": "2016-04-27T12:14:24.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMxhm0j0u7eqcgUAAOkMAAAgABwANTU3ZjEzYjA4OTJjNGZkZjk5MzJkZjNkYjRlNGM1NTNVVAkAAyCtIFcgrSBXdXgLAAEEIQAAAAQhAAAABUm9Vny9oagJOCs3QsLOCYBbehRKXNCP/v60Dx1RGVPEa+mjr4WBCEQViz6GX2KXLJaJNS6NK1MIU8HIbSrUAfka/3NsoDhy+bqJnjXzT9Qr7b0AMn0aNea7LkcECvBH9vMmogrPe+n+we47iqHx8NLfqA90174/1skJ6m7cdq7RBrKCsM142htJaHmHQjz1Jz6a7xpCefE6knYjtlWAWSYnkppMl42LoNKaxzbl6QNvmbhevu8JICDY0FowBt52UU1xliLuLCcsQIpwuglBkz57EIU+N/Dfi5eg900gzJIWjSdE3+3AIt4kqY0zTMMFT115IIkM4gUetMEcfJxt4FaEOih7CYrIJuEYaxY3oQW7x33c+QwYHeQI79nrDBrfGYXvMrIbpr9xNi3W4Iu0GF3RvGqebWTj/dFpLKn9sm+6EUP3O7klQEldPwGN4ihDVncExm0y1dpiRClEBOVCiNwZBxgMrEm5jnuXq9fBcMo0IR06INFGR3nHnt85dtjgs8ElMO/PViXzyQJ+6/vl7UR2x8Za5fkZHCBu53+it21NzXWpFNFkMjBpDoMuuEHpm+yKVcJEROZc9k9Qa0zaZFlMjv/3UJzfmNaXGQERZ0GgfNVgTqBh7pWoYnL+2+qvyGSJ5fpTeytSRuurS8+GThnOAV2cbFjMAQkeMCZm3AaCp0/MAqUsblCSpcUfg8DwzbbYmWzP6FZhlxbUCeKvg8HOB96UzMyWKaitfsfL4BrNdqbPoqhnDckCGbsAnWwYIA04Q5iGNfQ7Z9NaqTBlBAwHtYudDuncmYoNjHAwjbRBImems8Aqg9Oag6IoFlt1xdpYrMRM2MOYOJ+zPP6Jgf2nm7PpPMrV1IzQlpDes5LN7zLiU/2pYiEUi+HxgExoKIRwSri0W65UY276S6NF3FhskKmbyB/UxA7DcQnaIjn+hcueeiQU3jykpdUjW9KHCwnaf3OvHNqCcl65boSXNKFy0+3Vg+PDYU5fIxHEnpifGI9NrC2RNjCqcpJak7CQSr8Jhrb8q3JFeM20IlbXcCgwEXn8efQ7FwevZb7Y5rVFFAuW+IFymCZtBVRfVjy1Ds+VpQY0Y+fGzWDJJk1/kl2czHfOxMUiw6YIwJ/fQNedAHLpN2d/LW3GWoSQgNpSEYHOys1CT0+RjIhZguELDGzADHpBZ8PzHOcZib6vIb//hMmQ2pEYEE8RCBV/XvyFFNImi8HX/GMB+tzESWve+PfpBrv6nDY38ZmiE8kvXfJYMEN7vIC3Y8UbKLBP1DP4+VbXpPFTRyY2GZQLJEDrdJZ+AJY/VCbWiZsiEw8hLSAnh/UXpHrslnZ1yQIeqD1oXb9cDPbqCQIwwjyecXJXrAbF913CEQXw6wQcm92ilNOjiksVOYOtCib4/e0HnZaPuZw3X5hs6NVj1le5SzVejzX9vXb0KO+kyWIlEXMH1hr6Jsj30/jG1uYGCtmYsjsIaa1wS4oleaa+Scgvx7KelX/wCAeFR7rV7L6pdLTBxUoGwsvrQO+43ZkoqrFcZWlH5o7AMU/ETS1Gr4KMbk/ITexY9z8aA6sAjAf5zks5hYTwdMs6r5pYrcLQtaU9GNKuIjQYEwWCvxzw0COLQNsN4wAm3H/jCtmtawZOsP+3+9danMEvVUWMI3VZonP14Nm0BS2JApEwwGcm6cQG4oxsVORa/Jkrlhe8ztlYNCy4nJbb70PzUVMGpReWEUq0gfdZRJC52in3s5McyVNynIhhlALWGhnizpLVcpHtFLSa4ZOssKyjGQkkwsK+vJSMhCHfQxyPqfppXOG1MNHdqonVDEltLgtXdTHiKen/k98zzVq4ZS2IkN24IdmnrDJw63qCeb9QSwcI9Lu3qnIFAADpDAAAUEsDBAoACQAAAMxhm0g/tFmIFAAAAAgAAAAtABwANTU3ZjEzYjA4OTJjNGZkZjk5MzJkZjNkYjRlNGM1NTMuZmlsZW5hbWUudHh0VVQJAAMgrSBXIK0gV3V4CwABBCEAAAAEIQAAAF/Hqj3nlu28je5riTEv8HE2CycOUEsHCD+0WYgUAAAACAAAAFBLAQIeAxQACQAIAMxhm0j0u7eqcgUAAOkMAAAgABgAAAAAAAEAAACkgQAAAAA1NTdmMTNiMDg5MmM0ZmRmOTkzMmRmM2RiNGU0YzU1M1VUBQADIK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMxhm0g/tFmIFAAAAAgAAAAtABgAAAAAAAEAAACkgdwFAAA1NTdmMTNiMDg5MmM0ZmRmOTkzMmRmM2RiNGU0YzU1My5maWxlbmFtZS50eHRVVAUAAyCtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = '4a1cd.js' AND file:hashes.MD5 = '557f13b0892c4fdf9932df3db4e4c553' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad21-6fbc-456b-9902-4c4a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:25.000Z",
"modified": "2016-04-27T12:14:25.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4a1cd.js' AND file:hashes.SHA1 = '1d985476d735526ac298de962d2fcaa6909e84d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad22-c180-4de4-8867-4108950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:26.000Z",
"modified": "2016-04-27T12:14:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4a1cd.js' AND file:hashes.SHA256 = '8ae8c365d78d74328177011eed73fdfd144f224cd8e61fe579a71cc0908b0b8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad22-8fec-4d17-a154-447a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:26.000Z",
"modified": "2016-04-27T12:14:26.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAM1hm0i8XOWzegUAAPgMAAAgABwAN2M2NWJiZmRiYzJjZTFhMmM0ODZmZmM5ZDdmYjZhZmJVVAkAAyKtIFcirSBXdXgLAAEEIQAAAAQhAAAABUm9Vny9oagJOCrBMIN9NE1Gk7WnNhtHbj8KuzRydlcKqdiWhFuhuuQt7MUo/TMNcGjFeK1IKkrsQ0ASIgqq3IKytTv7ilzwcMCXtMwW7PfVgcguOkBbCnRZCGgT3t0oSRnDTmi3r5XBgmSTY/1aOaaSHAu3/2E1zSS6VFMyRQdWTKBOjHr+x0k9xK7gnadI8RlFoqGSTVFEurb2Kvm45wVrOUIpcLSrjBizYUbRqkkBXYUmzm1myccLH76acN3ti/tVvfNszrva8xHZEL3je240XPKSAkx707zDdt9+/095bdCJ1UCh1HWhd3uYg59WaMUJMqixIe8t+gjuIznn0Mi2IX3BKPaEh9ydB1IiCY/TqfFOjN8QeS+wcn/SFTQL4XvXSvsoP6JQfdKd0GXT+ytqisIEwPPPi0g668c+myZAQKJP61l9XrnrmMGmLX8xILJBxyLGzNGmbcpUImwgv+oQMGN0+kpAVk+z51GeuklXQJD2YNOu/YnKjcCYJgUvsIV/35h60Ri2mzCqL4tRDRabTs/3P2NPrVSy70v4IAGyH21FWwLyITk0BEHMb9bBkK7J64JySugpTffZf6AayZN5ZLzmnHN/zeMJu04n7sN9Xf5w3XCob0pFGh1IGPXRiSGot23ejVqyZzz6pMu0EeeFR21qi+/edYw1cv/+wNPfXfMIsp69mjHmSLZcEpIYiDm0a1CL0jr5LmWcsqyUCXHf1LWC8KKJBsp2h2XF3fl6vnXybQsw+/SqRBgnMcuRlpDFng9d/Sec+KDQ1PI9oplkJ0cdEynosWIyMjy6932SfJEjATHc4bByFVerYi2yfq5K6VPKmzxcEHP1huqNMfIqhgMpk3Y8I4ggfjJDc/zzTlBq56MV+ggss1rBGBMSzPo4Y62VDQVEQMei13i9ZE/j+UlvsfidPclW/zLb2M1VbPWmpDGcfMfAecJaHxURDygDi4Bfc9BjqTxLAyLMoJZ02grZX0D4binaRxD10DDG5rsNMLqCNfdIF36lCfa7Gd9MPUz/yrXv6q0e3Gq1Ihxpiv2IctBZDWLgzcSh+xD1FxWwQmJzgZSr2at1IbQNaL3wh2NOe3pfH5xOEWU/uy+JAfIg4SvtOawWeMQkpUCQDXCfAPGZugWlrYw8c33242guwUZAu4eoVidcPeZND5uaBAFC2tTuBCyp4W5DBvNCoGChXGl8WpP3CUlKoW7AFwr7dsCyH9vq7CCwHTteGFIg+x8nhepMgveL6x/YrbGR22t0ncBPLqRIGqKSurNV/AUa+yMfmEsnTBciNz8wMlMCGKQUYVZpPTi/Wj/QekxIRIV/3u03aByvQW1F0oCEebZlrnPKBCvCV+PB85eOBb7QTtU72zjsena+l66HRhcfAwGQ8+npRovJzFRfbRCFR9eRSITKehp8+nH6O3BizLbDujSBev9Mv0aeuUqCHBnHFqsZUoKUkr7oZHuoc5Q0VMef8Zsy2hMv5veFSMJwyNgNjyu9qoSNm0G09VwJu3JNBmqBU6+K+1SgzBl7zSdJkH/9PTWaavidVdW0VeNP3uW0m2o/o853QhwXNb74LRuJ/3PyhbksCaxJ3VzpU0X+8Mga8QTFfl4uDJMVPGec9aMu4uHQlEkToqh0vVEA2z/2LlU4R+GGKi2V87pPQ/oJVOgjui0iS44V5nyEvfWEiD/ibA3cZHux6563IoI4TVObH1YSdmmvEd7jLrtpy+hDpZ8IVG4TzsXOKZ4z60gCYTRtTu5uNsggtIAIb6R7HPg73q8jztpoLSZy59N2habQ4gO8b4ZUgJwttyxIz/GImVF5Q7Z+RQerIpyhtjvXlCVCVgKlfJSt+OwMi48sdEjV40YQZ/XtBwJ1pFBLBwi8XOWzegUAAPgMAABQSwMECgAJAAAAzWGbSIgX5mgWAAAACgAAAC0AHAA3YzY1YmJmZGJjMmNlMWEyYzQ4NmZmYzlkN2ZiNmFmYi5maWxlbmFtZS50eHRVVAkAAyKtIFcirSBXdXgLAAEEIQAAAAQhAAAAX8eqPeeW7byN7mqGvJCOehAgwdBUFlBLBwiIF+ZoFgAAAAoAAABQSwECHgMUAAkACADNYZtIvFzls3oFAAD4DAAAIAAYAAAAAAABAAAApIEAAAAAN2M2NWJiZmRiYzJjZTFhMmM0ODZmZmM5ZDdmYjZhZmJVVAUAAyKtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADNYZtIiBfmaBYAAAAKAAAALQAYAAAAAAABAAAApIHkBQAAN2M2NWJiZmRiYzJjZTFhMmM0ODZmZmM5ZDdmYjZhZmIuZmlsZW5hbWUudHh0VVQFAAMirSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHEGAAAAAA==' AND file:name = '4d867c6.js' AND file:hashes.MD5 = '7c65bbfdbc2ce1a2c486ffc9d7fb6afb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad23-f820-425e-bbfb-4a87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:27.000Z",
"modified": "2016-04-27T12:14:27.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4d867c6.js' AND file:hashes.SHA1 = '4555cd1dbda11bd7ca029485da02146fe0839dfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad24-6664-4bf9-ac59-4673950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:28.000Z",
"modified": "2016-04-27T12:14:28.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4d867c6.js' AND file:hashes.SHA256 = '415b0df36fb5f1e73a2b0fee41c0148caba99aa66b0024ece37364d805a785b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad25-fa08-45ae-bf5b-4a37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:29.000Z",
"modified": "2016-04-27T12:14:29.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAM9hm0jLjH5QewUAAPYMAAAgABwAMTEwZjI3NjM0OTc3YjE3MDcyMjUyODk2YjllMzU1YTBVVAkAAyWtIFclrSBXdXgLAAEEIQAAAAQhAAAAAM0jxC7cWiTE/o1uUid3O7hINxsbuGzricg/1QzTapjEeoZy/9ihSAvudT2VjVV0tRG0RZD1Hg9dTz8RQWCa6ZhHK8PMDLuBX+DFKqobXNxSL72BwQkrSy06EnwQV7ofy2jO6nW6FzuVCJFf8qsQPtLBe7sMRJNNF6b67qn9ZVocBZ25kn81/i1/enequBh3PvEfyn4xBYp27dZMMRSAubPJvCZdzDJS678tMWAQhFBp+aL5usY1BK9TOJgVfoFcUIEnnGlV7BpfX5fSAlBXNP5BfF3DQQCKBFu8btqGSG9mWMFZUnJDwS7qcFOaPSQdGQcfSRmQdVfWpV2kTxTvVK0AZENRZ7q1fTxJWrkXxgy0pyFyHVX2+bIfTnqjSLSXGz4dCb25J6jUXWE+KxWHszFy2eXAsWo2lA8WTRuL4x6ksNZl6YEXpF5kVttanldfELKsplh86yB8KiBb6sSFo8VGQeVUKupAuRKAC5yadFjFaRNapUWKoKYDmbwVRYPdvn2Vt2P1IEoLA2s3KyhfOa9Wk7Ng2g5O7loeyCoxAFzY4L1VRJqKkLm2ZC2bpMVTh3wchIQA12azyTt8GghM+khpSNgw4eyYknpgEJuztYN1oAGwJzy4px+disl5BJ4KM13FPJfRR0jEuE3QDZBhAdQDoRut1rJlxZQQ/Dae25IcNxyIFMANgPFeyT1xH4/MBAWQober1e9GA25OSH5ijHSJcI7Ww2dZ7cvCKnXQh24KsSbv6j86xQWPA+L5k0EOexpEg27NAG00hz9JSeV9jOWtTZtGIFxpHT7jefo5LQ3twqpROo4B7gHS2CXv6yfk56y94d8dOJuMhQM26yBWHK07Ua6zR4qnAbln4g5UitvGpdPxbjL6+qfn6WT+wBM0T7oygJADX4V1U1pdu9q4vXxnI+mXICm+9rPSO+laA/7ukObGLIRBFVGqFdwNX3LY1g0sli0k/48BffDaAGOp8tbHGqAF/CUZQE99CvVpb5MQC4D8ikY7NWZpdOjHXszsJx6QZ9Gzn21IwkNIerCes025x47Pq2YuZlO8k2znc/+IOhLLFafS2qP7xvwI7TP2ojk1R4HIhqqai9fSbS4Gm73AyBwOiIQbPmJsCix/7FvklrYAxAoEsrApszL3j+W0gx5LKGt9RR96FFYR+L7hM8FTpPwRuD+MGCnsXhuTOi5qNjOaHw0KmT4I234MyAUdmA+bY+2hzLm5HBzMRRUsJd6SP5L2Ry/nT/FpW26w5T+4rclaahfPzZjGBpTH4EksdAxrOwzHXqe8ecWuHVj5N388aXo/uuby6XQk7Aq+l8GsEe9nzN+2e1+g/+W+U4J8O8+3ATTOmi2ujuMlkywqjT1Q5z+KeYPRv735lVWIEwbljqbT0rSqbYawSM9tFe1OC1bOBF/FsC2YP7mgAAM3npGQoRzNkURo9+xIJ1zLe1zdQuApR/JC94VT4ZpEucRUhb/H2s9rXVe40+eZ6h5Qfe3NCVtE6hfZU6HS4wrgPQV9qBtB/dRxTDPcYDYBPjhLG9IfPl4hOa6DoL+gzgWlIzWJhbc6jmpQpHyS1OGbOIXl1KDsEaHsxQjMX7/141qny4xbFqU9thlLmPS9JUNHDxz4q50V65GKApLrgyXeDsPlMscXAWxScTiCch0D1Sno1+lLRDNTOwGn1z25J3RTTTNZWlnq5goD4ZrZerZ1cBrT//i1SGJIvRXdco3mrqJPMa4oNsCulYfpKImzSikBSqhmYMtpqfQUqjvTATctukTlOjTMboXw8aDl/7SY8+9mjgVQD+YMXg2o6i1dLkOHQoNFS5lXxL/ONRuTdNUD3OiRAox0EQ9r9EBpllm7WJBTxhpZLWNK9tpcav5QSwcIy4x+UHsFAAD2DAAAUEsDBAoACQAAAM9hm0hwteIHFAAAAAgAAAAtABwAMTEwZjI3NjM0OTc3YjE3MDcyMjUyODk2YjllMzU1YTAuZmlsZW5hbWUudHh0VVQJAAMlrSBXJa0gV3V4CwABBCEAAAAEIQAAABcZp8Hfdi7XptzrXu75ib9W4YimUEsHCHC14gcUAAAACAAAAFBLAQIeAxQACQAIAM9hm0jLjH5QewUAAPYMAAAgABgAAAAAAAEAAACkgQAAAAAxMTBmMjc2MzQ5NzdiMTcwNzIyNTI4OTZiOWUzNTVhMFVUBQADJa0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAM9hm0hwteIHFAAAAAgAAAAtABgAAAAAAAEAAACkgeUFAAAxMTBmMjc2MzQ5NzdiMTcwNzIyNTI4OTZiOWUzNTVhMC5maWxlbmFtZS50eHRVVAUAAyWtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '4dc92.js' AND file:hashes.MD5 = '110f27634977b17072252896b9e355a0' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad26-fdc0-4100-a67c-4e84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:30.000Z",
"modified": "2016-04-27T12:14:30.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4dc92.js' AND file:hashes.SHA1 = 'f61fb244f3128733fab941727802ccb42785cb94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad26-42b0-464b-af40-411b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:30.000Z",
"modified": "2016-04-27T12:14:30.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4dc92.js' AND file:hashes.SHA256 = 'd34d1537212a49c9622efa3db46c13801065c478c2f7a4c954965e36223c3ca2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad27-362c-49b9-b446-4f4d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:31.000Z",
"modified": "2016-04-27T12:14:31.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANBhm0hFNdItfwUAAPUMAAAgABwAMDEyYmQyYTk1MjlkOTgzOGJmY2JlMDk3ZDg0ZGMzM2JVVAkAAyetIFcnrSBXdXgLAAEEIQAAAAQhAAAAAM0jxC7cWiTE/pKCf6/q8n7LuRLAlzhv8FEkPz6R3SiDYl3IZGxa4iurVSk/TzRA7h+kJBNrXmdO95s7NFuwr2yCAVxJcigSVJaKlb7h0UVtYBw0kmLIYyQ+FXp4kZPzUsfcw8tXMnpjf8z01H5x46rTBU5CzNZf4tFoIq0UEKME5wE301GZqxm4uBx0EgDjGt9qod7xkc0+N+vMsm+SCiCyiG4AO2sKb+tMLqxJZzllU/DO75HFdmae23hV+QppPA0T5vpY0c+VQQqyIYgb15LdSPODa/yDlT8Dzdfx2mGbI43zN29EEXKKPs0J/fi66oWUIlibebgJQW+hN9XHSA3AtcKRqn2MLu/VnaaEn3hwKDgnBzRJM6Qnrrp9cLRkdO2enQYAVu5FpY8oqMn36Dn+5jw37cgQodXU5RuQDua3DlMfj8fZod4cz8S64Rlu7ZdBSd/k1g84niIDQJ9bju+mBUfHanwulHQOycmuh5M4QgmUGHL1GP4k6bPEJLNuq8Z9g+zLhl/fJVlifJ2BeYtVdh3EzETrsu+AwMu62f6dqW6Qjus+LObKrEcb4eIMWlrst0R1aw400xhFqj5cHq9lKQy2uqWxCNvsnqKsyUhOcebTYDmtM9sorip5fCumv8wtZfYPq96kxEBfVTS4LT4xZyhoUoQgELE6PvITpF3qPmcASnCVuFkOdptbQF/reririDjeoUrFI9lpxI7mvQNaomREWs/uN/YcQ2fwxbSlY9RZIN9XsHdTllJ4DlsIK641lJge9+U1yEqJILnn7zLEeYXmafXhrPLKwkaTc1dS+NWaFcvNMtf7eUB5d6nASOCsL3fEXiuUwiXC+ypuK7Tqn0or5/yw4fWn/YUjWq9Uy9z5IULsJanFEuDyhCJJhV2kRRSGRo2mqpUROcmd4b72WWpIm588+lkS7g3Fh9gxwMHCLJq4+wb6NlnrfGPk/N7x+nz7seTUMJgDE23XimUfpkWTFbs4hbwJwXe8rIexGvDpF5NLoDJODZu/+sq/EHs9urJF0GUmU/5Ljy0Bn6EKmxvvG+JxSVkJVwPMJB3NtnL5sRwR7fdR8lxmMvnlbmmjXK8Gbr9n25K2fmOgMx6OpodiKGP0VWteAc4CUJUkH8qKDeWpbr7dMjtlhSjyYb5/WfIfvr4nzpx8nemgiCNSyJLOO3WUNsn1NvfS8LlRK1sJel4NznuKpmQOfPN2t2Xhs6P+t2gvtyp5cjxY2lnpffA44QBUWbohk76DQF4ME2wQVm8TlEO/djhYm3PURLLf4QKAe9CVI9ov4EpsyzBf/11ZUcOLSjnClUkGtLpkX0E+gpX2/TG1wKSxiOELtOmELT1KN+2Gjm3fBdCezliBl1wIcN5yAJ9WnJeH/DriWk+uvZW9d+TNmRZeriB9ckUzCxz6hnU7tey5eebiJoaHTLj/mov5W2tQ3rDNaSBFeYoR6j/H6dOa/2S0fqvrJMGxZEVPD7CAqFQ5azUFCvealMrVIOQNngmLHyOtD88h388d+dkeHNwCJ80IqHY1aXfXwOtob1dKSShJLLA0K3AbLVZvUwL+RbrlUlfcGReHc1ansSxj8nZGsfdjCf9stwrlQU1bJJY/CMJxJ2UeNZTT+q1MEulkuNCcgvs7yFyFEXt2n0EA/MoXTSfUdLTVbAAUDnOcm4bb4rA6fd3Z/pIxh0I18m5zK7f6TIBQVnREKHQ8rKUI2qJew/q2e4VDeNyv8Up7y+uooEGXTPaePW23a98oaMnGY9pbq4Dp7rXLOkP5G2NE+YI9VCqX/+bcGkQdy8za1w0WkKQtEndmiKxtTUAnYcEXT6yvBYXXl+tqNmPtUS98EffaGjbcTn+OgyFIOblmmW1lDrULn9GGUEsHCEU10i1/BQAA9QwAAFBLAwQKAAkAAADQYZtISln4NhcAAAALAAAALQAcADAxMmJkMmE5NTI5ZDk4MzhiZmNiZTA5N2Q4NGRjMzNiLmZpbGVuYW1lLnR4dFVUCQADJ60gVyetIFd1eAsAAQQhAAAABCEAAAAXGafB33Yu16bc9J/3GNM6HPIBh9vKD1BLBwhKWfg2FwAAAAsAAABQSwECHgMUAAkACADQYZtIRTXSLX8FAAD1DAAAIAAYAAAAAAABAAAApIEAAAAAMDEyYmQyYTk1MjlkOTgzOGJmY2JlMDk3ZDg0ZGMzM2JVVAUAAyetIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADQYZtISln4NhcAAAALAAAALQAYAAAAAAABAAAApIHpBQAAMDEyYmQyYTk1MjlkOTgzOGJmY2JlMDk3ZDg0ZGMzM2IuZmlsZW5hbWUudHh0VVQFAAMnrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHcGAAAAAA==' AND file:name = '4e5036c3.js' AND file:hashes.MD5 = '012bd2a9529d9838bfcbe097d84dc33b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad28-4774-4de7-bc99-4485950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:32.000Z",
"modified": "2016-04-27T12:14:32.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4e5036c3.js' AND file:hashes.SHA1 = '945c45d8bca53da72ffcd9a3830b8e09ae04d703']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad29-4874-4935-b601-4639950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:33.000Z",
"modified": "2016-04-27T12:14:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = '4e5036c3.js' AND file:hashes.SHA256 = '34f3727cd8cdf1b63f55b6a42adb689fc046a2b484eaa851f859bc7a4d2044e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2a-6394-4d14-8954-4a7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:34.000Z",
"modified": "2016-04-27T12:14:34.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANFhm0htsQ7NbgUAAOYMAAAgABwAYjQ3ZmI5ZWRlNzZmMmJjZWZlOWU2MjU5YmUzYTNjZDdVVAkAAyqtIFcqrSBXdXgLAAEEIQAAAAQhAAAAX25Cxv4qcp7frvEvjxKtEac418YFgFUvOsBHeU3dc3M18qIdYBQ0DDDGyap9mPmGkutr8QSNlDoP3LnJPV8IEmHmMF3SjKOq9KZoBd/nR7wSd0Qm0O44514UVwftOmXtNHfnaGwFWIcz5HM71CwfpM+aFkSg5pAcpp0LiXOlgY1ZdvhjIPRmzI9T54t4Xj1IQdoUUb0U1LEZWOOzd5xTRmSBp4yUY/q7aml+pvCle8CaTM2vMza291vvy/1lIw+B5GC1ZQSyk5rTAovXER4SVLGhm+eIXSSKw9HQ9R8wnhTHSg2XqQxskf3HZXrmBIACnXQShk8frB6esKA0NiEsFBgVTHRGNeNtXgR7rB7N5zSJjTZic709nLBzPBWcNiRazy4NPt4YQmbcMPrdn1m97OlCf9jN6Q26bGdg5pGfD1kxpJIUiBRAbkwB4g8pQ8/1CntS0rLD1UcI0vYDE33ZzrU4mzPwgnoCt43m4emsWwgaZDduR1BIJkEjpPj8WxVxf5cv3gGLGI5WncIOd0hnuOrMKIlB0sqSs7Y1txWP1pIbZ7lF8pnat0XMMrRCx39s9yj/22295WcICjYa3LbIRDwW/KbJWmF45bRtsPJlLHac+w9XustCcmzS/qcsoZbL/fx/YAa5xTVLLJbgPfqNnizVtHh4euaEH6furHbrWsU0pvkXNdIENcWSeSKvq4JUbPkLAb6KlvTA3qT23sL/czARLm7x9dFIqvUxoaDAD5XjOLQmaSVngIZYDkLZfHeOdM3D6WewDfzRhAr0DwWGe/PyWKRxiqCRHpHDTYdhsolJMxlK4AaXL/lR2Osa9dMakR/A8lQlqgMVkl0aL2oRTw8H8kO0vqkGJ8/KjlAPbyDYCusmpiB9YCSf99SNj1gUpq4KzqjTYMXSoQoVr93v77O3oTRne2p7APsXjtjhB5GXzHL1jIDxHA8FxqeefSatRyxSuEBZhvLaz1QxF3OxVHMI5h6Xy0OGLyGlRPGr3KsMlYMgXXbHPP8dJpcMcn3gOPMNk/MifE4j/MjxTZSjJPE8WFem57n55w8zCwqN4d35Pbysl0hDOsm1/e3xGbVx/V/H9LPXXykrHZ2UCjSlLUgtLV+wMDNTxDRVdVEK5Dp/8zdIBOE3M1bvLzVNjMGRXdHjMqyZ0eqxZSnSDinTmjagwtgD4s6hudEqjGxU+vqsG8rL3s1JnORck7X8gAflq//Fu9LbthE6jwy/zoR5SkKTxkT/GlX9/ThOiG06x1nUI2PBiqK0uX/Bc4XeLgDbYBXeMymHrRyDWdG9WVLD+PWlPxlGNKFI4/JhVLYdwFT14Z/A09DmpzH1zxkaYZgHjKGPZzzNjORH7PXnketYXuF+ZwldLHNuJt1N+EXO29DAi8tGI0fvildsl/k5ywyyUCgZ5dFDo3KlGFLc2C7pX5VH+rW59HqIYBq6Ul/+1HEitRX9SGWzLzJ7KrJ3EMk7ALif/FUyOM2qIf6oVnLCqrxB7nzQyvvHTikolh8eMjkA8xG+PIYluRDr4LOcKksSuU/JSHhvV1QxMOil1JmndRs0gwFq2/+Zq9wWTTjk9XVVViJeDdObhu56U64bSrWPlLb/GHvLNUrBb+4GHC/3lzI7R2xXPeg3BWlsTphvp4Ps92kT75el8XuV0pFgZ3dGld3V0UIPWFjTxTjoRB/eDVQt5nwyxlryLZHdXAjTGFjG5DiUC8V9PAgPx0y0GdTM+J0KuEozAiOH8RDDw7B05l8xysmh+x9zI7xD1VhTG1IsPsWsLyAMtjc359u9VERbqu+bs0mi8sPU6BgnUICNed96iyn6rTDwfZBEJVXyt6pL3HtxBbIJRMYKQloi+1BLBwhtsQ7NbgUAAOYMAABQSwMECgAJAAAA0WGbSCluJWYVAAAACQAAAC0AHABiNDdmYjllZGU3NmYyYmNlZmU5ZTYyNTliZTNhM2NkNy5maWxlbmFtZS50eHRVVAkAAyqtIFcqrSBXdXgLAAEEIQAAAAQhAAAA3pFTsUSSsevk8f4hI/qI2yCxy5J2UEsHCCluJWYVAAAACQAAAFBLAQIeAxQACQAIANFhm0htsQ7NbgUAAOYMAAAgABgAAAAAAAEAAACkgQAAAABiNDdmYjllZGU3NmYyYmNlZmU5ZTYyNTliZTNhM2NkN1VUBQADKq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANFhm0gpbiVmFQAAAAkAAAAtABgAAAAAAAEAAACkgdgFAABiNDdmYjllZGU3NmYyYmNlZmU5ZTYyNTliZTNhM2NkNy5maWxlbmFtZS50eHRVVAUAAyqtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZAYAAAAA' AND file:name = '5a1c89.js' AND file:hashes.MD5 = 'b47fb9ede76f2bcefe9e6259be3a3cd7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2b-510c-43ff-8433-41ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:35.000Z",
"modified": "2016-04-27T12:14:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5a1c89.js' AND file:hashes.SHA1 = '1e3e36b29684151495c499b6b1560fbdb78d34e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2b-bcd4-4ca0-a87d-4813950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:35.000Z",
"modified": "2016-04-27T12:14:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5a1c89.js' AND file:hashes.SHA256 = '9d6f5e6f87ff02d21dc5ef664edbf38f07c62540d4649e4de9732d4ecf8ce476']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2c-5d20-44db-9768-4954950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:36.000Z",
"modified": "2016-04-27T12:14:36.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANJhm0iZPF7ofwUAAPwMAAAgABwAZDk1OGY0MTdhYTE4Yzc3ZmU5MDliM2JhZThiN2UwNmRVVAkAAyytIFcsrSBXdXgLAAEEIQAAAAQhAAAAgWHkT4m7mkFJwCjM4dScyaiXykId4RGhjnwQU/D08E4IGS2xS7VArbDrl4CT2sU60FVXADBUPmecWI2xl6jUzuCQsivuSnUOI5YnYzA1d3/z1QxE41YGq3IRB8w+n+yHlkFUMJ434/RJ6dR7QyMhWNdQGORxo28E2TfwWhByf50my5o3ux9ilkrPWrXfXPRaRdYUShO2+jNdZwGPntmfnIBp7toqINqIhtfotxUUXs/JdzBybQKgFRH+VffQ3oWWeBVyv/N4Za4V0LbSKqNsOG+ZnXaLMA+DsRHy1UJfhyo9B45S3BYfx+PNZNvYrkhqsUB8o9UAlxmhhKL5SwUzYTv8ofI9lpwUF01gjrSg8BLhF5yxUdmcGvbFKi9V4UgWgK7mVo/lUlDgOm8CKQ6mjy6a0JUps9x6WGSzMay62gTf8pfl59fJgps9qaeFw1m7U6V4N/1Xbb4TXDsf2cKWFYfx/z49dY4+tVytdMH57Yhqu55kF/D2XyCf6JOj6TsLG1uw6YSxbq1Tz2a0PNU5gsVCJqNjCe3hwl6I1sqGwZfuNg08V+yMwLQjNvCJ64fcSu4UCDSl2ZhLSbCVSXc7Zt8PQKPusLII09ndKSK60j+qsgIsZpUWVp/DzzhFXae3NBkaTjrFlxVI9BnEJrcU/bK8EyuqdqUDt4e/d4PlDwoxrNAEM5tVyNoKTJEBcFTCVSyR4+tuBfbkt3jbzglDyZhhefeYj4hm4WTNtAh4Lxuizunq66w+QVXGK68RvZV0b1Db8L4ycKoV/L0OAhhbOnLOHbLA37o+7wzSE1ZUI2zFXhemLNv6zGbH7qGZA9P6R09INmEpuKeMbFAxolf6kItjRIdTFC72jsHQ9Y0Pu/85TBLazGO1KiMN5lwnhJQhH3tqFIoBSyTV51UGk6liMgnAjHTi5wG+Q4u8xFSRRAU8SHymO0qUVbPxlCzTJIlmXTMiwjsU0KgQpJ3H1URg5fIOqa162HjgQF40CUBQo4jKUc8ua/ZvuW5Wt3tS/9lkNE3A+tGQw16QKKf/2w5OY/yLWqsADUluHRheGH8UwGQyfRdCgKYd4nzW7kanTm7kdJEwgl6sufm/O648RvnGouXkYoPxkXwyiJC7ewza/MsZJHmui8tBoN0JydmnhvlcVHvADpzfhUoxKpP7ybSoAuqqcbjpMh/Nw26JrP3hgIAs4inC2LxNHPBpASHV+WlK1kZXN1XyLQLf64BJZfy2p8pv8lc52PQCh3Ua17tXPQ/XyquPEJnRK/C8QOo5C691qjG0tP4XCmBK1+6T7zsQ1xxUvq99WDqePTcYWfEnOxdyWhJY4drV4QfSZ6B/HFv6R5FKsVRa4kuKCK3QFhUgels8Oti8089DKDRl/jDF59ZsfzD5zHWnUNmSp+aIDzol4bEl7v8FS0+SoBz6Zq2E2nUOrBfZSYsfLVPFjq9XkSaZPUmZ6map+NTDSEluhTNstkVl0+XVi7Fh6TuFCYrUfEGUwcmwZ+v8s/HYWb2cNwnlPkzQYM6J9C5S/KYt2jkvIOXCyuZgurZqff2/TCXEw/6XHFyb5mk3rMJFH28wLVbvo9tI1kE9v5rhwnw6g8X/QM5U+DzcYm5kSHqrA/mqG51aNBdR7Z8Q2FNc2hsXt7JmkBOWPr+t4rFoq0LL0QimbddmUmIb24ic4FnLKlNdThUvKqPbqh4UBfOz77oUuKhW9lw1Sh50htNF8tMbUkqycd/yOoJr4N2ACHYMUhEUlXedOq3JlfXEasRBizkxvFYdMaq5FfqnOBs6irEWJWWMbcXXBEBujLquusfJ1hBvEELxbbRvNKOQcCELLq4RIt64AXGQZf4Q2XN/kUhu0YawbT9fcGda0yOF2G/MIQ0EUEsHCJk8Xuh/BQAA/AwAAFBLAwQKAAkAAADSYZtIb5aVaBUAAAAJAAAALQAcAGQ5NThmNDE3YWExOGM3N2ZlOTA5YjNiYWU4YjdlMDZkLmZpbGVuYW1lLnR4dFVUCQADLK0gVyytIFd1eAsAAQQhAAAABCEAAAC0tL5iA+VVYHlNqBc0pDGKy1I1ClhQSwcIb5aVaBUAAAAJAAAAUEsBAh4DFAAJAAgA0mGbSJk8Xuh/BQAA/AwAACAAGAAAAAAAAQAAAKSBAAAAAGQ5NThmNDE3YWExOGM3N2ZlOTA5YjNiYWU4YjdlMDZkVVQFAAMsrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA0mGbSG+WlWgVAAAACQAAAC0AGAAAAAAAAQAAAKSB6QUAAGQ5NThmNDE3YWExOGM3N2ZlOTA5YjNiYWU4YjdlMDZkLmZpbGVuYW1lLnR4dFVUBQADLK0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB1BgAAAAA=' AND file:name = '5b3cc6.js' AND file:hashes.MD5 = 'd958f417aa18c77fe909b3bae8b7e06d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2d-80c4-4bc2-86f7-4087950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:37.000Z",
"modified": "2016-04-27T12:14:37.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5b3cc6.js' AND file:hashes.SHA1 = 'c7bfb228a8a5a7e5804230c2a7af57877a0c4bbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2e-3458-4940-bd59-499e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:38.000Z",
"modified": "2016-04-27T12:14:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5b3cc6.js' AND file:hashes.SHA256 = 'cf192f6306fe4028b1a58abb048637ba064130865757ff07ed452a67219c0909']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2f-8a48-4d62-a6f5-40b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:39.000Z",
"modified": "2016-04-27T12:14:39.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANRhm0g4OpqZcgUAAOgMAAAgABwANWNlMjQ0YTUzYjU3N2FkYWFhMTgzN2I5ODkzNTZjNTJVVAkAAy+tIFcvrSBXdXgLAAEEIQAAAAQhAAAAlETDNqM/0HbYVBDl2xvVV/lDcapeiFDkZkArbYal4lbISylg3FL6qYrJ7ujnjs7+5YV1l4zWNWT0MnyrU3u/hV6llZG/WSCUgBg4N2EapORValYWGCF3X/MaNJkqgO8RqQ35x7skuJklz452OSA3jfiUV/ulQqqvPa/xd0CjPZ2YWDPl5g9I8IE7oA3tdH2BxgoIPYVsVwgw5FBo91yvlIPm/aEhknAg70GExPbrdPukDV1fXP7IogYBQC7lyPSJ4CvTCSNqAHTA48w9vQqnJiTfglOU4g5hMucUlq+GqLg+0ZpVBmL5jZc0WhzaLbs/20phSWyreTwP8rFU9TBoXTjE5JKEzMtObfTg3UAaBX2+Ct5603+G6F7vDG2VNuj0PPF0MmCs6KQNyDsioeIF+CL98PXp6hEohLwkPUt4OfMXT7lzlIsXMiRgcM3WFViveo16g277AFlELTvxMLVibKzjDkaqLnVp1ho1YwEoGSV0iKL/aZCP1+qOjr+1p5ZfWe23agvo1i4FD3dR33jdkOM5VApuFAsG5AdJYkqxOJCa27TxCz5vMTjseTSsL4XnEUwPWvPuAvrH3H9IA934zswPKmnKQF8/VUqTIqqFbBSVEma72G0Yygj7n4IUQ068qvyjIjHwEtqmCTsDgIkgvDuEHq7AzuPJ+kBeEjBkk5izeEEno3vJ+b5sMsAkL8qrMNI6DzaDtPt2ZEdkCelMtN2TxQmrpSFnUtzAMNZyBbutFhqYmtQO6M8hlmbravMHrz5gHm4tTuIpFjZUFh+YotABoT4yUpNM2x33+DzIkSIzLNGxMMSmcHPe3K40upObVMx5ss1K+Elim7RStQetzN/K5A/PxHuG4J/NuzWQ2wx0G6gFEe6LfhP6mF63puIe1//g6fpWcknfZVQt5f+bKJQgNtJBH9FZDLjSjR7WUXGvBexqPe5J/Dv/v6CtjIl+ssMSVFqMqEJ8Rcf39Is+KISqKzUm27fVkpb8thRqsVFXtHxCrbkN9n3YVA/3U44bZrTvOCvZvBD/sSeNwnkfJvvpWvQ0fddawMiDt2dEgKffM2rI5GUxOa9gfLTjuvAUQ9E538QY9wuLIeIfovrM2OIfg2Hmtqzh7hNkVGvTMrej9EWLHdh4qx6AD+d3QMeasvKlFsm7X+oIUeELOB3I2gMJowziFfojI0aCi9h02IwXLzlA3TzX3XCRRaBhJdScOlKIaqZ0YcETJX+8AQqSe240zEiJNwk1S9HOPR0POpNJlOdcEUzqygj3UaJ10A2sHODv64CX1xnpNEQ2tnOZlmzhowfXuHntn1T4hmFhTfoNUFhJ4hwsIUUVCT+ThGK//bMequ+I1dz+4Mu7CCo9g6Xm4oI+2VTVamrBcS1MnrYhwtePhHn1/QydC0OcORuyVdcIek49GKUJ7RKNOdjgAGijeWMg70KHraTjoEWvdPC3js0FMX48fPk+osgnmLk2HPSZ8b97GNywCgZPgr+blXpN8GZYSnjgmGoLhrjH6GqXAFVeBD7frgiWsE4eZtJk6Ujm9iNfISbf+SrnmF9uy4ZscOuBZAeN87UaabWiYbtYwOptb6IYLF8f1sBWv1L46Sd9PhzBZ+oh78YLr92Hq4eC7/ZdYJF4xocoFyuCDjbpMNV9FzqPNemclFwXfFT4ttgsB3WW5ZuqV7AwqhoUkN2vgwFcc+NOhpSUO/Pspr9Hc0cANYmD1r4kBYLUxdzZ0TEJUfumlygqWJBz/+W/P5AC0M3W1stgNk6k4c2cTQjfKJKaAwJZY/+ng4mx3H3wWXqD5PDDU0GevFgeWZ2IADzrr+uumDcO2Q4tYh/8qMhK/dJ1/Qv8iMCuhQU7YygPUsZQSwcIODqamXIFAADoDAAAUEsDBAoACQAAANRhm0hOYYeeFQAAAAkAAAAtABwANWNlMjQ0YTUzYjU3N2FkYWFhMTgzN2I5ODkzNTZjNTIuZmlsZW5hbWUudHh0VVQJAAMvrSBXL60gV3V4CwABBCEAAAAEIQAAABe6SMcY0K3Y1e2zVye94yOlXhvftFBLBwhOYYeeFQAAAAkAAABQSwECHgMUAAkACADUYZtIODqamXIFAADoDAAAIAAYAAAAAAABAAAApIEAAAAANWNlMjQ0YTUzYjU3N2FkYWFhMTgzN2I5ODkzNTZjNTJVVAUAAy+tIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADUYZtITmGHnhUAAAAJAAAALQAYAAAAAAABAAAApIHcBQAANWNlMjQ0YTUzYjU3N2FkYWFhMTgzN2I5ODkzNTZjNTIuZmlsZW5hbWUudHh0VVQFAAMvrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = '5d9f3c.js' AND file:hashes.MD5 = '5ce244a53b577adaaa1837b989356c52' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad2f-0b00-48e8-abc3-4ded950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:39.000Z",
"modified": "2016-04-27T12:14:39.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5d9f3c.js' AND file:hashes.SHA1 = '1172853fdb06feaffb21a01bec4babef02d25bd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad30-819c-4f34-ab1d-42ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:40.000Z",
"modified": "2016-04-27T12:14:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5d9f3c.js' AND file:hashes.SHA256 = 'faea28d78f99a0722a23682c80b1ac0de5d99fa9b8e09f9e9c99034ffb9c3a29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad31-25b4-4d5c-abf4-476a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:41.000Z",
"modified": "2016-04-27T12:14:41.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANVhm0jZS4dIcgUAAO0MAAAgABwANWRjNDRkYWRkODE3MDk0YjlmZTBhMGUyMTJlZDlhNjhVVAkAAzGtIFcxrSBXdXgLAAEEIQAAAAQhAAAAZ5179gOr5UFAZ1riEjbBriA5sco5LRslL853E7lUJB5LvbHexYqEfZO4Jpzu6sBx///9mys7R6xDZPPZjtqWxx3a43Vpfz5iRY+6d2vlcV+NNF0fEB69FlE79m/ru47hh5alSDjV576atv+QI4n2quQjR8Bmugx7s0qh+e0vSBb4ueyiUTznpLxH87830bfn/CH2rRDJMRhIpB1EYgLGVE9dw+Ea4WF2fuFRsJ6VkHISR4XC6fAcVMwiWzihq9w5GHZRWPVefP/JhquYGK9UFARkJKXbD/fXoLKocsFLR8zmZStrS3GzMav4Q4hk42UjoI0ISAvByNM6vGI9ceBXwoktCIlGiMkigu0XfmovVh3lqnQFhaE51JC5qPWM0YBdOkgt8oZvyjbxQu+vDEjqY9gPoBk+85SlOULV2oX0jRVcFVg8YyimYSIlMsLUYqWTdAnZfK3a8pgFrDLDmK/9htkny6OtFMkP+27aTkabZBNMfheJVl9cwMPp66JnGsobK8UwKlSHuk3kW+1oEdMMabTcV7VK0S69uA0J5I5YcBBsskdR97VdyjY3CAAXKCohPIXaftwQcj/rRR7NJZ2jndgexXBbKSR5wocvl31fk85KS/77TePfoweo5bKjQi0iolw6FryvmPo9gSl2AhNSi5N8SS8drgTWGV2vzgkX/yGWcXjZoXfz1aYtV2tF+8qmo4zU1oLHj3/Kw1TIYu3/fFpLaByw6j4YGjRfhgazA7BJtIMVC9JcIGbMKCwXaAdgsiok+s4J41CtPE0ff29nSmm2vMSiPrzc2b/6GUjIXruEs7VDqYQrKsk28FcvUSd6XXpuv5ADVfr77GEGwTarACmjkZWup4Nhj0iifKtt2BMkJD3v6IsrfkFfaIww9k9Nck9phNgpbXqN3Y33fdN8IectWmRxkQjNE0wRQNx8skSWwxBFhSLw0DbVUXwfQWoaL/r67ISKjGfuEYzlFAe8qO7HR7UA0LWrieH21nJn78346FvOwBoJcUgxYll9IeIGPtx1qdcaEDzQ2eBmC3rs1eFURc4b9wp7YUpYxIgOJDoFr2wOA5oBAGJmzWBRCXfIE/6jcWO7r3+2BT1GwyS/avdBbyNkbzVvQJxxKRcwJTT8F3JZ99ECKMZnEiJkwARbAqq3/pGUNXjF/XRoN1XFpE85O92wQrSQAAzeTDI56nj9DYwqiMOjEnLpP+w+1XhM78hiWfVD5gp0/F696Br9KmNP+ZDRg+f/ENzOYnrBJ3NT0SMTXS9onE0HNaUHwMniPU5JHUHwDBThrZjhg3tybWGjqrLs0WmKlGveL4+Spa6OyIcCwmrRSXD4HYs+JQbla+NI67aXeBDmJ9eT5CJziy6CbaI9cM9XrhXad4eNv0KjveaGibXKQBExPL65eobpnVMx9vpoxe3T2J3GmbEdPJBSp+UFMsdomGwkwdH5qowd/X62USI1iPr3yqeJopmOa7/VHTubY3DM2Q1EzunaCqJZeb7K85T7pYO3H2ry6+Ja1WU94HTMMWJX+Cs7gQ9M6k/60/uBcRMY2nlWYQg2zbR+QLKxyGhwsIPQ8tzNLTmbZARpFpMYIem1RlLsNwd35Zfqz+geI8SWQzAFryixQ+NybbELB0DNclen8oJfbGkOpn1l4mLo9LoHK8ze5uZ0dbhqzrZ9GjyMKpa44EjWBm3/nx4LNSgFxcfM9o9MS9HkZZ9u1PR8CrdBc/x52utCUYc/uN9eugpuu8qVHIy+iz3PbR6xinpdgISPT0PGusYvIRtOfgok5ZorjNricHCzdPosnLjpMM8HsUTefixOg4kOdMsm5adU2YSm06ZHVd73BczlB3fNK2KO/N7clWFIYjZQSwcI2UuHSHIFAADtDAAAUEsDBAoACQAAANVhm0h69SPLFwAAAAsAAAAtABwANWRjNDRkYWRkODE3MDk0YjlmZTBhMGUyMTJlZDlhNjguZmlsZW5hbWUudHh0VVQJAAMxrSBXMa0gV3V4CwABBCEAAAAEIQAAAMLgt6gFv6T4Ek9H3CnsyHTrdbCW64WRUEsHCHr1I8sXAAAACwAAAFBLAQIeAxQACQAIANVhm0jZS4dIcgUAAO0MAAAgABgAAAAAAAEAAACkgQAAAAA1ZGM0NGRhZGQ4MTcwOTRiOWZlMGEwZTIxMmVkOWE2OFVUBQADMa0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANVhm0h69SPLFwAAAAsAAAAtABgAAAAAAAEAAACkgdwFAAA1ZGM0NGRhZGQ4MTcwOTRiOWZlMGEwZTIxMmVkOWE2OC5maWxlbmFtZS50eHRVVAUAAzGtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = '5f59586a.js' AND file:hashes.MD5 = '5dc44dadd817094b9fe0a0e212ed9a68' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad32-f900-47cb-a361-4c54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:42.000Z",
"modified": "2016-04-27T12:14:42.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5f59586a.js' AND file:hashes.SHA1 = 'accc3c049042f7b92088f36786b3dbaf39912a20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad33-ca3c-44af-8e8d-498a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:43.000Z",
"modified": "2016-04-27T12:14:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = '5f59586a.js' AND file:hashes.SHA256 = 'c9fb8439b4baa86f73eb5d0a6fa0b9e293bba1a0575df98bcc46e5cc2853794d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad34-2cf4-4d42-b2d0-4a05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:44.000Z",
"modified": "2016-04-27T12:14:44.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANZhm0htyEmPfgUAAPQMAAAgABwANWIzYzlmNDY3MTU0YTNkNTQxNGExNTk5ZGYzMWZkZTdVVAkAAzStIFc0rSBXdXgLAAEEIQAAAAQhAAAA14jaPGjK2BeeftnOhTT1hFbRYHA+DqTB9pqrjjUI7OzreleAeh7XxyLRreQLnm8ATTQ0/3K7L8lf1Sa7f9fXXJHYlR4djcn4CQ2HpcPmrO8Qi+V6eEtdaW8xY3NpotIvqVtrMI+pKAEni2eQYZbUtIWoevkkSgMn0uuH3Guck3BHPljSH02mpnhaAAwIF0LK9XyR37C/DOdFTozXCv0v1VDKzzNQbAgYb9vl4Jt5eOWF/vLH0wl/zofmlYemFPR1424rRq4NQGH5L1aetsLqwhEpqme5hHaX6zMyBkaMW+31H2/VYDANchoK+IqAz7GwKnwIuqnA4vVVUZe1d7Y3cjs0x7vcZtTS9+gv3GgLKDjI3KEHG1pFQ3xhsFhysTnPY/TJKENtO7kr0IBIIArcKf3q3hPoWYuM1Y2WNHoHohUX2JHMjH7pJe5lXGuWrCi7m40x2daStgyqSb42JGOAD7P3A27rfNTjXGwkq5bN8py7WugHc8x5PLlmy9OEioruLiKVN3zBf/IIXuJpwEG3Kb6IQ57XaPEzFN8Et+FRjUq72Lo5F/UU9scsWXmN5N9NVye3a1NX0+V/sn6hawmbTNsL5uoffgpve4j5F2pHERZYaMZJAb3e0tH7cGObvdiwq7YIyJgHoF9CsR4Wloi4Bm3HvtvKGIUdydssES9acHJL7jB8bLh1dQKfg1XM8vtKIbKyUFAxqr1kOGs7MwEGsV2KkN/eDiBzcHgylXdaWIt+W0S1egrmerjzr5bmQXvzwdUF4Lnr0mPmiBmh753MKzll+VLxOImM81uebCkWG7DyEyThsqYPPNcgwzkBYwpJaoOLttP1H+x1FBolQiBE1L5kU3Ojzxj9F8YEUZE0kxlUyMpf5f1aY+hU2NsVZtnCcxgpC0SNMxatPLXOFw/LOEshMc9zgu/5B83CS0T1SzZpfDW5L589Drcm8413KIUub2guunBcILfK5dERMS5oJNEIhAOsndbQs5WWzbLmv3Mw5dUUjo6Kmz2m8ZqkxSjvzB1r9bEqY4XtNZM7e6FDt1C5tZW0YQDK7nLa6G4HcKLUAK5QQ4je0DzPyaF/4snPYd1Oalz0eRyDbhNstHElS0Uvy4HSQrhm9kCRElqC083yJKlyZTpIoAdGGkIiSXy7x44bcKyf3lxZCbzBIqTBPrT/cF0y6uBX07hUM6GcHkESZEAtgUXrCKpQaKaEXcoTAvbFGVlmO1I7aoFRNRVwuJYv3HwBD31pbAKP3lFrzj1QMsbnbs2tZKejMUrm9B/vcsJUkPkXFp3vi44XPv7eql7H19/ePNaXanG+Y/bIdCnIFkK+wV77IaAsKREkRJ1SdGgR+rzzhLBM6ACT2DnLrZQNxKY6mRqj+bn19OIFdhaME0qiR81THKwtiQjmVfA4wM8pLMq6SEPAzKWKSl0NlBZ4eSKQcIEWB98h+0QU8SfMQewQmCJPY7Gw2+MrICkdksTz7nshiK8kLXZGGxo/5pKXa8Y1HvMkPO47azZ8BZdbmmY2kfoztj8V4ZgkWzhtuDWdZhivmdA2Ess4fPAoP9BmrIuImiy4/Db3ucNDGHVGkh635qhtEmWbXJuF2/5+21JRbcvvEPAd5t5kRvRMLioFSdc4QY8Zmg41udsvtoF9Cw4B5/ydiME6HqBJU/2pLOkMUfPewRyvXDVjoaSeAMkqBSYZr7Ma8jpWB+360YkY9qRWvgpcqcPhZRMcqKrWzvwbqPrrDqtu/AQOtED2Qg4bjIEEYvlFUtw7UsAkk+gYeChR681FaaPDVP3vXBsiwZ1KOaoOlRck0AoRqoZIppNvB9p3RM1IJ1oYoIdMX+wZxrnEb76h1GVDDftLpHgkUdhAoDwUM/WDWIVYKFxQSwcIbchJj34FAAD0DAAAUEsDBAoACQAAANZhm0g06NluFgAAAAoAAAAtABwANWIzYzlmNDY3MTU0YTNkNTQxNGExNTk5ZGYzMWZkZTcuZmlsZW5hbWUudHh0VVQJAAM0rSBXNK0gV3V4CwABBCEAAAAEIQAAAGNvJCw6AZ0MTCyEntN1Cs5GcMoDADpQSwcINOjZbhYAAAAKAAAAUEsBAh4DFAAJAAgA1mGbSG3ISY9+BQAA9AwAACAAGAAAAAAAAQAAAKSBAAAAADViM2M5ZjQ2NzE1NGEzZDU0MTRhMTU5OWRmMzFmZGU3VVQFAAM0rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA1mGbSDTo2W4WAAAACgAAAC0AGAAAAAAAAQAAAKSB6AUAADViM2M5ZjQ2NzE1NGEzZDU0MTRhMTU5OWRmMzFmZGU3LmZpbGVuYW1lLnR4dFVUBQADNK0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB1BgAAAAA=' AND file:name = '6c3e894.js' AND file:hashes.MD5 = '5b3c9f467154a3d5414a1599df31fde7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad34-0b60-4e31-afd1-40e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:44.000Z",
"modified": "2016-04-27T12:14:44.000Z",
"description": "unique .js file",
"pattern": "[file:name = '6c3e894.js' AND file:hashes.SHA1 = 'ad33d125c90b5df9c807a2c7063d41098848ad75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad35-ce44-4c77-9ded-4d42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:45.000Z",
"modified": "2016-04-27T12:14:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = '6c3e894.js' AND file:hashes.SHA256 = 'ab696a6a053c2376eac6926bc616d34d50f17efdf32e9e8e6ba416a857076eb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad36-ee08-4189-b886-498a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:46.000Z",
"modified": "2016-04-27T12:14:46.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANdhm0hAJ/ouawUAAOQMAAAgABwAMDY3N2VmYjNjNDUxZTRmNThmYTBhYTAyYWMxNjA1MDlVVAkAAzatIFc2rSBXdXgLAAEEIQAAAAQhAAAA14jaPGjK2Beeftj/hCQ7TX1XA5NcUPg6IGE/Iy+KisKULCb8ijYnREkxtmErzak6H6CPxfYiFRmz8Q6zI05ontQHs0b6L+dluNW2f2XYS1EWr7C0VFRCsqNgziXJfYa+bDHkbQvGQrg/ofYekHvCfwMZBvUBh/3iQGdj/fHf5THk3QqcbS5nGdoNlyyfKlru7ozbZWKfQsS9Au2j/uFyQK1LKtiBCAS2wjys2PZyFxBaAadGHgwdHyQc4SzNSdjAAU/0DtiVoPYPCUizjw253rdIcvUJEeiY4W+4OjOEYm62QgYNBGkoqGX3X8hD+pzx5QTrHdh1N71xFB/UZ4djXVbvBAMiF860NFzWswjnw5otG0PpRwm9LVZCSnHZRR/sixhTAANppa4gjMe3sCOzilNhOGrQKo6i8UA+INP7My8YXzMfkeaP+3h6dA69LdE0V5XcA1HOyMe4/80kgmdjKmbUxPhWRZdGT6Y4uVA1Iu+kF6EZ4cX72vPsRqqa9LAzsHENPqU4hOXfmFuTHx2/bKM3tbMUEbMsROiC+qLWFs9agB0nTTrDIujvF0kdgHU207Y61rgcjeQPu9sB3cC4/KtANXlT4aBIZBRa9LhlT/dURyfOAd6c427qrbVyNLZiE8ZgSPlzHmcwjVZxGdY4eQbZss5XbyX3an0yLYpzc6g1STgxMk1r4FIRUDrCMB1ofan5O+EZPhnJ/BUEHApkO0iBQq6XCUEAEZmGcQNpkNd72YjQhZ4ejqaatZ4iJn2M1/JCjF2L760UfJ2IWeZHnd4PObXgQPaoggfHFoluMJczO7KvjCDYiTGr8p8mrIM6ep54oSWKknY0spP375tIS7a2GUdbl71dIIBAR+yRjKQ4fb0DrVXAnt6G9TmrtBslKlQg2nsyLrzmVpPkpxt8DZptD4AGn6BuQVW4TkLuG2CS3x3knYViT2QAQjEmaZBaJUausTiZ7FjRm9JAPjd20KCVNUtc8ZZFXMRe6oyIA4ahdixBuviI6h+iBTWSTXdUdKz8ReHPxYxGRyZS2LqLLrHFGF/GoQTRdStleQ4z7DWx/mEYkAJUQkwBjWS+ckchWcUiGJtFbkDqYIa1cyZ25tRgVnOuGSmHMW2rYuy2LXAf6gfHsOohdJznvfmUtU0o68wDBkV1V5XUzRehK3ADUS4nkyP59wppl5OtJEXfHmrYSiBwoCuM0gxbqQv5c6k/jmRK6vPhYOMyg3FOkpi9FiPYB8KPyi8jnOuUtHDb3b8FMAE90jg7GNDmUO28hVmkmn30WNm2cI6C9SvNGesEQW8bNc5W1TQG5XmI+59LCGVeY3zp5zcL+H4ELIvRQdHch8g283HIcNWl3lsftTSbnYMz3uWgYCoEAGkESr0jVCALq8zscblNg1g2V605ZzW6ps8bxpi+fleJpmZC9tRXXOkFy1HJocsFzq+gfn94VX8SX1NVq76T6Ljj/wc4usql8d22Gh29OEP+HmAR3hZZh709WIqU/G6XzebwtWhBhn7V7e1TUZaoJNI+ss72xXjcyGYdnR9ps1K0kYqG057k/Fy3jHvrlxYgNWpPoBsIHi/h6bZWqGPz3U4mugzejtePKQDtSPANYNLiAipdENQierPN2egTbUWVIH0EVkC0kbesnuepFGAP2PIKR5ib/bEFgRuVLHSIqk7AneAgJq8XyZi567yHPetYuInXMqBQ/mk0K7roaI008wKTM1NU1pAj5mFxczR0FBNLmiYPVD2qTquJAx/rs3TWaIHO5Dq3Wmh+jHmdZ5L5HL97u+OCSOfPi3IrBA+wb/B2/1VrcnQ2h4cQrRKVw6Kc3yRQL9lts6U/cqAKTz/2U6aocFBLBwhAJ/ouawUAAOQMAABQSwMECgAJAAAA12GbSKoC14QVAAAACQAAAC0AHAAwNjc3ZWZiM2M0NTFlNGY1OGZhMGFhMDJhYzE2MDUwOS5maWxlbmFtZS50eHRVVAkAAzatIFc2rSBXdXgLAAEEIQAAAAQhAAAAY28kLDoBnQxMLIX6M1LvMrEuYpYSUEsHCKoC14QVAAAACQAAAFBLAQIeAxQACQAIANdhm0hAJ/ouawUAAOQMAAAgABgAAAAAAAEAAACkgQAAAAAwNjc3ZWZiM2M0NTFlNGY1OGZhMGFhMDJhYzE2MDUwOVVUBQADNq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANdhm0iqAteEFQAAAAkAAAAtABgAAAAAAAEAAACkgdUFAAAwNjc3ZWZiM2M0NTFlNGY1OGZhMGFhMDJhYzE2MDUwOS5maWxlbmFtZS50eHRVVAUAAzatIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAYQYAAAAA' AND file:name = '6d5e6a.js' AND file:hashes.MD5 = '0677efb3c451e4f58fa0aa02ac160509' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad37-095c-4674-8a6f-421d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:47.000Z",
"modified": "2016-04-27T12:14:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = '6d5e6a.js' AND file:hashes.SHA1 = '594b741d5ff8c2bd9c1689b6c353c7af46078505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad37-86d8-41df-b3ac-4d31950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:47.000Z",
"modified": "2016-04-27T12:14:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = '6d5e6a.js' AND file:hashes.SHA256 = '977dc0137343fd1d1e02a32e5114eb64bddc43571d2eeef00b4640f157f5e157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad38-3a9c-4e4a-a7aa-45b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:48.000Z",
"modified": "2016-04-27T12:14:48.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANhhm0gHkDifdQUAAOsMAAAgABwAMDQzYzRhY2QwMGIyZDFhOWViMTdmY2QxNDkxZTk1NjVVVAkAAzitIFc4rSBXdXgLAAEEIQAAAAQhAAAA4MkxHtTRAxRblxQV/sre/w+wPiT9lzP1mRvTVwTNoYZ4qAIakwuopTrJqDEND5uYGArYlRaVIItnD7p1akbqVK5eSKhYGZm8eUz1464QJw/D+wTumEUVq5QzF4UQZ8rNJkeo41RHtDFub8X0gQyoC58VjiamI4ngDwZQFgAguzDK2tvf19SxfmwF2X9yA2okkjuJi06SCozflI7tnmXx2N4sxX6ZYYJKrLJW3/D3AX9U6iLJlzqof2fRwLLnkKWVRdNQexJBBxM8Q6vCmKNyIOV6CRChrl1HIrxY92e2Zn+KxQj03wWcC0Vb2c68e7UdVMR0QvWzS7aDyzaXPzbscMfj+aszUvUJFfFLKVGnM8EkiznU1Cd6PVPHyXBFAg0/kJQSN/LOB32mN8/lRUVoTLcYcJLeOBRqp5WkaM5f3HclPKVp8t1u0VKp8K9cpotH/fNl6PZnA/JS4my3XHQNajXwtnyP2MAE+rXV7VY1SQCUirucHtf/YFSh4rWwQoRiK9+MgLpvBCp4vcP16NQ2riGU/b9CcNfQ8OhdGbeWfHgGBJGeRLYppjYip98Pynhm1ni1CmhIQ7hL8rkA3Iq053LN+5JDZLzyO5O/WTyIMbGr4EoioxPnKQYTaW5ZZomU7oblS+MJ1fkIP4WfT2aCGEG+02701s2b2j4tmBPxBt7jSCGC8VJNeSW26B4qI4VlCCFXx/OU2DiTxRnEDKKa2lIQM6A8ObOJTRM1tMid0VeEphZfzOFDPwrROUppNIZQh6JJmBefNo3yOeNf/ba4SgkAkHBMFO2rPGdpuyU4Hj4QDuqejsDnxWQRHbuhSDDqwwCKQrZ//6Hf8PJni9V4d0VMJRAVqZ2ojIsPHixsOhfcXiO5T3889PgBlmoW2y6BmL/j8OmhbP82dHUPHjgcjB72A4W5PDl2zmeZ3zGa2Xt29BZTidDTj8iSnaCVOayac8o1T+3OPyvY+lojH00+TjxiGIxwSI6jUZaPtXkOmd4h2B1Nc5KYWviu/4YqQwkoJP2w5rWZF+K8JoydqPMSNHrt06ZBhLtl1K6sPQhnA1Z/vWB6LG27K2/N2EBeXrsAExCu4gaVmf1QjGKWheELIghgXg+1dEjIHmKSkAoWDQ0CrNrAINXiL3xymIM5n/k0rKmJINHiyEg6x1s7BfTXsogL/qNefXq4NTNbDkOBsMDB/FVUcaE/fDnHKomLJ+U9l84H74ex6L8bF+Pbyk4IwhuWdiOVYR4gsQ+hG0ajWHe7ODSo/39wivYyvzO2aNuCZ0TvcoJ13tiMctRE42Y/s1RjfgRhqQolJ8zrCJGWXP85wX22ED/zW5HUcPDCQP3VyeTJkYrCGARMbiW6Ys7EtT/GtJ/enCRatWHXX8Mef2y/PKqCdJ7waGjl1aHzl/GoZw3WSCjv1+sp/5KZc0L1xzdgi3PBQF9hWjTBQRiWxnKIM1e37hywo423IPnQcHLdy984QHzXaY70dapoTRAfc3kcsKawORSE7MrfzrYYYLaJi9WmnpaQCYv9Qb6CgsSqX18hpBO4DskNreXCD5lCa336JdUUav/0ZDXztswpkMdd183Yh+80vFzwghJeJIRfQEULf0efbyInyKGEsKSaabou56al6fE0AUW0ZnEeSJ9Q/fvSf7PGNV91MFB8pHiGZ+x9gB4wtWaRR/FH9MaS0FmFDYlkawuXy11c4ew6v3DrzAaF7qyXtNCTHvg1mYvq02JaNYStc3HvHpzmF/KJ58hVmvs369o9dgW3MeYABIfW7+Toyxd4Fl8q0i/hwrt8EJzORpjPysKJmGajvitCvuwTTn+5a1fdGLKOnlfltr2jc1tQssrQW3XZAl7cVdb1bLp1iddQSwcIB5A4n3UFAADrDAAAUEsDBAoACQAAANhhm0gruZ5WFQAAAAkAAAAtABwAMDQzYzRhY2QwMGIyZDFhOWViMTdmY2QxNDkxZTk1NjUuZmlsZW5hbWUudHh0VVQJAAM4rSBXOK0gV3V4CwABBCEAAAAEIQAAACj+9F964ySnYYp0AHx+WspqpJTa01BLBwgruZ5WFQAAAAkAAABQSwECHgMUAAkACADYYZtIB5A4n3UFAADrDAAAIAAYAAAAAAABAAAApIEAAAAAMDQzYzRhY2QwMGIyZDFhOWViMTdmY2QxNDkxZTk1NjVVVAUAAzitIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADYYZtIK7meVhUAAAAJAAAALQAYAAAAAAABAAAApIHfBQAAMDQzYzRhY2QwMGIyZDFhOWViMTdmY2QxNDkxZTk1NjUuZmlsZW5hbWUudHh0VVQFAAM4rSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGsGAAAAAA==' AND file:name = '6e51b5.js' AND file:hashes.MD5 = '043c4acd00b2d1a9eb17fcd1491e9565' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad39-9e80-4ec1-aaef-4674950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:49.000Z",
"modified": "2016-04-27T12:14:49.000Z",
"description": "unique .js file",
"pattern": "[file:name = '6e51b5.js' AND file:hashes.SHA1 = '606572010b54de2aeab84b21f99ab67bb01436b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3a-12d8-47c5-86ee-47d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:50.000Z",
"modified": "2016-04-27T12:14:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = '6e51b5.js' AND file:hashes.SHA256 = '18aa8c3d0b201b6eb381d0135b3508a6b43111bddb53051bac5163b3a69eb916']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3b-b994-4dcb-83f5-4228950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:51.000Z",
"modified": "2016-04-27T12:14:51.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANphm0idkpl1dAUAAOkMAAAgABwAYzZkOWFmOTIwYmM2YzgxMGQ1N2Q4MzNkNDdlNTE2ZmRVVAkAAzutIFc7rSBXdXgLAAEEIQAAAAQhAAAAs7okpiDIXtYIDmDLSrEDWCCcFvfF8WkgPHjfXC39oLbCGonXX8NAGRktpkIMNxDFjZGyjf16QLgV3HwCTM4Ddgogy/0nQ2U3lCviFkjWUMcdpCWmb2koRimjhERPArSLATN6cIXpJymp3AedDAEM2Ccyk997iJ5VYFOvH5iKM4S5aR6LFFZZrIR6h7SFLuUqwftPt8x2c8TDWqHTSLxfMpAKnPx7wd0BTyN7XvMGk2sIr22Z4raqyyvwtG2nz4cdAl9fknaEMaG7cNC8N1FLyRb4Ksnq17feIALF4m7RkjqcUZ6gQD1knfP9pvEjmL/cf/0eZT1x1iWrcRv/zBkIQzfuQS5GB8KzqfOg/krAMTZ2aQDU/lK1LJBVZMXVmILkpbtV/cSAmrWXtegdWjObKVkAFdNB7IEGszncpFpBudtStYyUbJRQqOAb8oxoZ4jkNARs9h13ji68GxHxktiXdtkUlkSnW5kykLFKRBO9OmWjAD5zImEd7ee+Xho2eJfmQyJKtguK0fprIShb8lbQ+wtD4M+Y5vdKi/Mj7KFQkNSBU54RNuwK6BMCnpLdxAaewBGhioVnjqmU9ry10A0+LtMWO35R64aEv1m+Nlioy7N/4u5++kAVjjZ+o71BxCV3+wugF1XjHxtumDGrYSYUR9MH/as5E3aOFVcbPLQA+7bhX4X6VFN6khjZ3sq7NnYE26NdJZBdlq2g8yFYUK8Fd6ZxUPSq9wlNY/epWpwbmHDhKEo6xnjyQvbRqY6V0BukYqd99kx+GonJPJ0fQA+SyNRhAOguMAOwL1vP4nD/rdj6sikOLmCwZmGPq3QgQjW53kgnT6bouGmtk8qdtc1QIj/66B7V4oYNA61yvcOPDMeZ35jTEKf/cdkShsKZ6eUYa0njoJAR4kDMgE6raBwwEdRwNqtLYOxcHNsg97xwRZr+ykhDkV4gZoN1l3NUkYocsZaR6y+cy4WevPpXyvTVPJCy7AVAwDpMworA6ss9KRyGHeqnm8GO4IYfyQ+qxRxnDxF/cb/nbY69bVs02qreAHq1n3rvMn4mhQxL5UK1wCYzGu9nZlW2HBNR60as2Id3matwXLvuxqJ7p2d4bMGxP3CLD05Ow1PxAc0NWGFxuJBBlIXpTREIPEJWYH4mKuCCFZWExziK500CuFSUyA3b8nZmD8qqslN2InCGNOFkHkEEME/3NbCEyZ28pWHzQSyYQxZCTD9ainEmptLTI5UFrZdVjouttTnZWtrLnVrDa7xW0quDuHe6Q3oCmv/FSvXTKIju8Y4kfHkVDfL1zsLYMYkolirJd/S3cCAK7b3WJLkKQxI82UI9QPZkmOLJd1FnL55iNrhvch3IHF9/Gp5beAE79pFK0HmqoaIGdSVs4Dcr+l2pqq+d0Wj8PIbPSS6M6C/x/PsJQ7Tun68iSLMdrxq2IUe8k8vYzfsMW5N9Ie9COR2DjlSIim0RGlT71TYNPu4vYJFrXssXprjk2VqHf4xWcpH2Dd65t1KvrJwUvPErQHvhijeGn2hP0UFc0e4SXxG86bRYvexuuhdCR2bsohRfUN2jR+osGgnM2hemZa2RSJKTVnrskvo3FBdF5nvQuQ8lbbtc0dyXfeermfo/wzLRTOTwoddZ1O1H+d1eKKlz54uS0U2WWr/RwBJU3vVkSm0AFcKIdkuHkI9xKyyoyNErSIGBTSU/yfwCWeQ/GS095W+CTDEve0w/NgGJaygJ440LFtbK4/E9kJ5lfMiF/PovNvhDf7leVJf140o2bu84d0jEecgHLgq4Qf8KUIri9vqBcNxdb/oQ6edFl1oRQPw3VaZ5oX1H1KsGBP1ij8xRTgqZMXzTL4QWHVkli1ADem7xLFBLBwidkpl1dAUAAOkMAABQSwMECgAJAAAA2mGbSPcykw8WAAAACgAAAC0AHABjNmQ5YWY5MjBiYzZjODEwZDU3ZDgzM2Q0N2U1MTZmZC5maWxlbmFtZS50eHRVVAkAAzutIFc7rSBXdXgLAAEEIQAAAAQhAAAATWpmQ/idKIUenVy098vJ4LAXPQOuZVBLBwj3MpMPFgAAAAoAAABQSwECHgMUAAkACADaYZtInZKZdXQFAADpDAAAIAAYAAAAAAABAAAApIEAAAAAYzZkOWFmOTIwYmM2YzgxMGQ1N2Q4MzNkNDdlNTE2ZmRVVAUAAzutIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADaYZtI9zKTDxYAAAAKAAAALQAYAAAAAAABAAAApIHeBQAAYzZkOWFmOTIwYmM2YzgxMGQ1N2Q4MzNkNDdlNTE2ZmQuZmlsZW5hbWUudHh0VVQFAAM7rSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGsGAAAAAA==' AND file:name = '7a4eb11.js' AND file:hashes.MD5 = 'c6d9af920bc6c810d57d833d47e516fd' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3c-ddf0-4f86-bac8-4683950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:52.000Z",
"modified": "2016-04-27T12:14:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7a4eb11.js' AND file:hashes.SHA1 = '3e165ebfd8f42d398075202d9681f1605fb3f4d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3c-60e0-4eea-8bab-421f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:52.000Z",
"modified": "2016-04-27T12:14:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7a4eb11.js' AND file:hashes.SHA256 = '1b3b52f8e271365947f287be172ef69f73af452fdc8c4bb687b2aab27469f6f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3d-cd70-4e4b-a8e2-46f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:53.000Z",
"modified": "2016-04-27T12:14:53.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANthm0gyWQwCfgUAAPcMAAAgABwAOTdlMjE2ODI2NjZjMDA0ZTk3OTQ1NjMxZGI2ZWMzN2FVVAkAAz2tIFc9rSBXdXgLAAEEIQAAAAQhAAAAs7okpiDIXtYIDmF8ByoCBkDI55hh10nIgyQ2GUMD+19tId8PnIRwFvcrhHAvNkQUeVW80JJCis0sq9Zl2wWp6bD1/cVavVsw1vhNdg1guRWQeY3fKCfpj3cEZNEEAiqiDL7QitJHEMI+R/1jVHqdORQO54k2iR7lLIMam9Dy3GMvVs3/eNtpHCpdCAFVYo+07bnlSRHVV7qzB+5rlMXlCplLhKYVF4QouCgajiNsfkK2w+4ulQJ2zDvjoAom7rH2hJhZFJLrfLxNxZ5F0++UicbHJmPUkZ0uDQ6IzulMp8ZaM1Vtc2XYuvdN6oDfDsT0Btt7zRnYzF63v1zvoSHRU85odR0uoNs9+KVow8F5dUcb5oRPPvzGcj0Ok0mNcT7W8vmsoA4OHZQjYRRpufhbGTjv/sbB9ZVK9vsC/i1VAG95vemAJeqjc42zDWOAKwEK0hnBFBiT42an5F8QhBTxBtQzA9Nz8B+j+rEf8jv8nKE0BxPrFGiyISbk1AxOEKjSI1HdNcS+Vt+5m/kWpmbdFEvfLFV/LJtxAMVqsk1roDQad+Gu9gWT6WJuVeyIS/PnyIjYJmVr4uE/1sW/UWY6lC+ZbdDvnY6EJgRhCLXrM+RYi+BphnTvZbNZbRyNc+jP94trdSwsXfPbojMymjSAs7QxDnx1XQgxym7YbUdVUcoV4I70fafj50mDQA1zbiWdthxj0fbbAEcbBCM4KpDJQLbBPwCVHERIrfymV5IGco1XZfIOKAs+cIDFNbFmvOw2ALSClPlAw1IQ8VAjJjo55l2G6DOjp1EWORzJIo7pEyH1JPI1J83O7n/IJo4qb3IqpDX2lehuSE0vZGfVj8FCHILLMQe4WUFfx2wOEjytTxPY4udmlNzWQpA1TY1KPVX5yYsMmE784115sG2HYuiD9omJmodOZYfAVuPnPDuSlQxfxMattf0cBdKykuY6J+D5GfwzQmcTAMYR0GTLrxgFXMp+22w7sPx/R7EXDQs7lfrGbyeqMrnzZEeOC43FKuHsIK3wSV8Jn+esX5/0gde4st/49F5/J5WiQrq+1Um+JwT/zTVhD4cfZuAmk5K5WNCfjN6OOINPPJvyb8zDOLrP8e69EvklkCU+j4V0J7ek6MQu73+uPQKEkjdRLvxuHYnqyDxn9W5+XT9kRlOyZdK+Ed6ye6ZMwQreuq5A9ihyXZgyJnjLoVJ39eVo5M7mn3Pwk9D3xgpjQS1Hskw8ECHo3wPP2IVGvoyDBqM5SfN0NgLtdpEZxhXpas/xGBRI2qsVsWO89HDmx+XrcfIgaJLQjhg6EyAPHSaQZaGXrRJHGcLrUrOXT75Nr+xpUr2dxrzSoZjvdZw0SRbsDh7x4O23m/s29Pi2+Z7gaGBEwgOhndHIl3WOeiRGJpxYki3oRT7JSzuWFCwv7c87oVL1TFiZT8iFO6cPwMnIIhndlbMxk5J9xJSS1geFpNy24RCWsCbcMUt41pAyxbNohsETPrdf5SBv+7YoCwXeh6r4uL9IF6r+uCoP5gh74yiULkfeeYU0uZbAra5bEjITOdRusEqOYijj9hUhzqbZU3kjVV4wZ2knEw1Ue5M0lJ6bxdatH6ejQKdtXPVVW+1ER0cPofJmGHWO7pxwA1npCFfybO2k2iPshXxwUL+hrhaxltuq+MQeT5ZCUTaRG3RobTDgClfz6JBF+HAcMsQrYTIY5awXrUqJJQvZmcCP2tiUtRGU7VSunKUsbY4e7IAqtr0OkIKSqidUo0b0Y+GblpfmkzVrSsX8aRZ1XMqNbfcN3GDr5MFULxURlwGdR8oiKD1bkM9oJs9tSY7bf7l3FhEbOT7u8Ye1RJZXKYbr0TWsS4PjAqksVLMwidWHM4YtG2SOoltQSwcIMlkMAn4FAAD3DAAAUEsDBAoACQAAANthm0gsnaypFAAAAAgAAAAtABwAOTdlMjE2ODI2NjZjMDA0ZTk3OTQ1NjMxZGI2ZWMzN2EuZmlsZW5hbWUudHh0VVQJAAM9rSBXPa0gV3V4CwABBCEAAAAEIQAAAE1qZkP4nSiFHp1dqhZjrUAKs5OkUEsHCCydrKkUAAAACAAAAFBLAQIeAxQACQAIANthm0gyWQwCfgUAAPcMAAAgABgAAAAAAAEAAACkgQAAAAA5N2UyMTY4MjY2NmMwMDRlOTc5NDU2MzFkYjZlYzM3YVVUBQADPa0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANthm0gsnaypFAAAAAgAAAAtABgAAAAAAAEAAACkgegFAAA5N2UyMTY4MjY2NmMwMDRlOTc5NDU2MzFkYjZlYzM3YS5maWxlbmFtZS50eHRVVAUAAz2tIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcwYAAAAA' AND file:name = '7a12f.js' AND file:hashes.MD5 = '97e21682666c004e97945631db6ec37a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3e-5d4c-4561-96f6-4e46950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:54.000Z",
"modified": "2016-04-27T12:14:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7a12f.js' AND file:hashes.SHA1 = 'fa2ed46c7afa947aa7a04a61619b8a5ccd34babb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3e-fc2c-40af-8afd-48e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:54.000Z",
"modified": "2016-04-27T12:14:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7a12f.js' AND file:hashes.SHA256 = 'ee652e31be7b8cef241c33677004cc1df7094a2b9602923af155e31165690747']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad3f-372c-4835-aa24-4268950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:55.000Z",
"modified": "2016-04-27T12:14:55.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANxhm0gYQBrtfwUAAPUMAAAgABwANTk1NTM1MGY3OWQ0NjhmMGRmYTc0MzVjN2JkNDM5ZThVVAkAAz+tIFc/rSBXdXgLAAEEIQAAAAQhAAAAs7okpiDIXtYIDmZkrI7W4q4NESN4HR2Cc8x2XiVorKuDwcVonzY31TphxMgZQMFlNJYlANyaO5bRBNV0lQUQoHZXOaNP4uLmIWZ5eK1+HWo653w6aanE3boxsC0TgMOr2virznPb8S9h+A7M6EZBzrHNpWDcUDRQkHvSIR4aF5whW0oAdVhuiS4QXjJt0IN4sTHVhACLcprO24lF4sFiF8gYjS5PrDPXnTew5LTDgCeiqEhYwcF5gh3R6ZSfcyKbEo3UZgBOy/zj6faBxEhEQuDa2BgzzmL3PTY7vIfSLqXScRBzWsISgJyy+y35qvHxobOSGqtfltMATbbodJQ9RijjpYkcNS9J2SKs17VZkTIvfWKh9U0XjG8kPL7FEx3b5OWSKrPKAUqyMFkMylIKFb9w01+5xqVg0rORbQ4026gSg8E5N4zFU4ol+gmKtpal+XJcQiQSH1DQtny22pzr7UQyKoAH2hBUOrveMbZgkrG1POIhnA8iKX855P+wUoWvlIwrixY0zDOmHL308LbiIIB3voFDnp8aQORsAG6MUJXx8YcIFM7N03Vh7WD4C13kL4CuZ2tcxwjI0DR9tgfd+vNfox3bdfGg4XYrKeyTrZekAsdjar0GhNfLe8EtZbpwmcXZblGQXFEYlZZOQ8QhS9dw5aenuLHyWkAMM9SL85vSi3YJrGbBKEVLwbcsH2PE3LEVIoRHHryn7E22R4aKIaxxnoIk8nFFYWU6cM0bhI10TV0uofoUgExYDqRPdyOA6M9CrVFp0O7gwfDoOLkk5ZI2fbZtv5StsP6nsPovxJ2ntpxQ6zdoLMdSnUWXq9pcnPMiR5NjahFhO4bqHyGGNUmdIp0nKy7RzoZ+ahKzMwuhfR8pNw6eSFEOY/N54i3i47ahKYbGPuB+W7ZR/Y/RMf5EL97V0YZWg266wjmBTp/1lFKqwPUXFZU9rEOmzam++iHP7SLa9eOQBDXUAH9It1OZQ4xbKkWV2U8cNReflroh2BJWKsJ33K7uuE2Qvw5gK6wV+lKIAD3rlmuHGtfMGD69TWhvP+W92/OlCb4nmA8U80n/UEFbd3Q1/IVJ6T6L4YbD0CBPVTxga9/ImnM8FAYRmvAg5vFeYJj9ltnggB0UPExV6nCjjWOG4s9f0QWwRdw4IMllWYtUsiq/Ro9jAPqAV9rCD6C4Mu7Iu0axt5G0NPHyRaIh0A+UgrvQ4K1riJsLwsg8IioQCcvOASv5tyJkFY5f421EBeKdfY1KuYkbM1cSr3ZDadkcMtsduqBExkXn3Bz0AA0tPfW4K8SWjfL7R/BNSGN/SKCBghTfJ+gGy6LUxg9gqGclO18BEwwjtVxFjLNP71Vy7VOdyAui5BrAK0j8JcYbr0u717svcZG/aOHgXHxjkmRsZyJQAm52iIFUNrrAEI5sr7WtNhV1cbQUm6V9SAntVhBCN4cFL7ZrRYwxhO09mAvBm6qDE0zY+5qwNLRbPWyLaF9SkQcmBHy0FTKsfI9HfWu8zrbAZMwgMKUfR9YnHg0tzn5yuPsGCOYF6NbQ3cAmqFM3IAZ+UpUYafzs5qzB2FJPt/E4jiC3ybnOuwCanhVr7kGT3+3pZ+UF2Zeh+85IB4PmdKYCJ7z3OFsgaghrs82QpM0rkLvQnDz+P798egW12FV79PslTeNedUiNQy7wiWgWMQGzMF1eGNgvbAaN3naEmiX2pExkMSG3evwLu6q+ANbXqhpc9/lVREQn2dCBF5gBmoTQ0BPSUdbnjxqINimSjIR8JlmtNNec1lg+veoEHRw6FLqq8HdDnCaQxR476GeTP6Hv2CAzv3kCzPh9ZE9LJnFPwKNY9ik5+vWB154fFdcirTckZwZ5xBiTLO6a72n5YJzTUEsHCBhAGu1/BQAA9QwAAFBLAwQKAAkAAADcYZtIiiJcZhUAAAAJAAAALQAcADU5NTUzNTBmNzlkNDY4ZjBkZmE3NDM1YzdiZDQzOWU4LmZpbGVuYW1lLnR4dFVUCQADP60gVz+tIFd1eAsAAQQhAAAABCEAAABNamZD+J0ohR6dWgzjhHjiVpLbmARQSwcIiiJcZhUAAAAJAAAAUEsBAh4DFAAJAAgA3GGbSBhAGu1/BQAA9QwAACAAGAAAAAAAAQAAAKSBAAAAADU5NTUzNTBmNzlkNDY4ZjBkZmE3NDM1YzdiZDQzOWU4VVQFAAM/rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA3GGbSIoiXGYVAAAACQAAAC0AGAAAAAAAAQAAAKSB6QUAADU5NTUzNTBmNzlkNDY4ZjBkZmE3NDM1YzdiZDQzOWU4LmZpbGVuYW1lLnR4dFVUBQADP60gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB1BgAAAAA=' AND file:name = '7ae4f3.js' AND file:hashes.MD5 = '5955350f79d468f0dfa7435c7bd439e8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad40-9f3c-45a4-a1b4-438c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:56.000Z",
"modified": "2016-04-27T12:14:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7ae4f3.js' AND file:hashes.SHA1 = '3b431bdfa18b91b294f7cc8300f70328a37aadf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad40-2b60-4f37-a5c6-41b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:56.000Z",
"modified": "2016-04-27T12:14:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7ae4f3.js' AND file:hashes.SHA256 = '06d6a45df0d02d0be8a049c488f5fee5ce84f4f3679aa1de94a7a0ce1e324ce8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad41-eb18-4a05-a968-4cbb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:57.000Z",
"modified": "2016-04-27T12:14:57.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAN1hm0hqpsfqcQUAAOYMAAAgABwAYmQ3MmZlNjFiYjNlMjJiNzRiYjMxNmIwMzYwYzYwYWFVVAkAA0GtIFdBrSBXdXgLAAEEIQAAAAQhAAAAVqq7JJJYE4DoTc9e9ReTHMSTTGbeEpo0n+IaOWQd+wflw6Ek8+FGuKZRaPwc5J/cP8CasB4PG89GTBim61zIkYa1ekLAy4ZKg93r+eCsL4b8TaurpkJfp7fIJSoz+5THVYEeAeNIbIcGoPUR6C8v6O1lbbuyW7LtFd5COcnroThmAsoGQXVWf+wc8WNqMWYNvbY4cJEP/EA8dA747vMeGWuIM+fVzdAuVcI4q/3dH9lzX8dIRYskcAUxaTs0HGHaARAzwtZ+NT9e9kPSpKxEAg8nyt5vknBfCGJD8p991gmMOtFn5N+LdO3EqpbCOLVn08lScnLOHoNNhnDJli0CII68GTGpej4rnd3sW2iZavMvI4q6mHJNLe4t7Bz5r2oxm7exQWXcKxynEKfFlsxGqIUuOsABA7ng5h/5NySNo3EzIvb36iCRWG2WdjbGXZcxAXsb0Fgql7kQWHaGwqFK9AXhSCWhfWnwa2tKdojUpKX8WQzSmgw176OdIzLrFwg6P5r4HDcUToGCByy1xU4i0gvvsuCXC8ufyEHexBpDugAev/Ej+Hy6yLXGfbt3PR95QZOGi0rJdITuqb++FokXVIs8uIrzF/OELlZgKmQmZS+w3c7uFCY9hXVPhrlVrVKT6bWD3fc84DMkT7709TCO/W1SLxKj5FApq+8ituhFs3G1E1vLdUz0Q40bfA61uAP6PMguLtSBvdw4bECn349HlKAkpg2O6QEt2imhvGDXIYxRe9inqPdlmrzMG0xAqQTnujOpxNDg/5S9VQUUbaCVmMRHiewBl0TecDFwYI+a/a/xgri0Iw2/tUmc3Rzohoy3fHE7kAvlfd/PCtdLQFg+tSMiqJPvJcyh4qUnKCgsPYJkBIW/krqNR42RpMZVMWPgFiRX6wUQM35H3NDk3CiPAb5V9udEWx9aXdB+swVTfDwZiYTKX3qMAEUNpt3LcMRnP6palsH4prWnhgqjEWA46kgXMdVYllrYC5rePyrHFx3ZS6vAsReua59JWS9eINNG7j1RnLBGvsvp6CPRNKkejlN/FmyB5nEXuvzWpX6bGBPLRY7Ol/ce9g1nI+hwi2iLfkFCiB0K77pNT7fHsvJ0BJno6gSjLkEq44PcvEg9Vbnp6aMeZf/G7LF2yYZyT2Y0ZqSmA/vJ9osOu+Ace3xKBkkYAMOV1x7imgOQGlkcE3MLJpH/WDnf6tiVBY0v8JLMtr23QYQ3Ne3PqEI6xtYooIq0vQUvZjpICWPaN1ZXJNHH8t5AKLzsa3iVwVdNOSWyBWA/BqAxF/eYf5B7d1tG+YHyxq3suiKjsDVxSI1zPRosR5paZRCfobcjalwlRdpCjpSqOyTN83fgoltpU4hwG7pmBKjqJhpkKaZ6OEDVfvpDu0vcvroYLe5SQpPd1l9p/kf3vlGZzT8GR39lAUjEdKx13uVduyV+bg/4lx39HatwX4FULKX37Qrk6q42a1vE96U621/T0FiXLDq7z3tPbTp5QsI+hkZo5oTNhlOu6ttEG+m63HuZv6gkeowcPTVNWA2RmP3IKO+wr2nwUZwola+262ZZfEmj+UL6t+jvnnVD+Oi8ZWGtNNI4ypO9ozlp+Qmghpq6gQK0Zw0Pf68eXBff/XUPJY6nNBIB3ecGuE5ivigKPzNHLJYwUrRdzZWt7h+W+lRgQBgHJVUWs/os7zHVDVq3srmKeijhxcHm2YNUvjtd81Tu4DU9YlybV+OIahubmHSW1Jz/j5eaT4Lcm382ubS1rhTn+5K1F0BDob8pYOtc9CaVdBgz6ipN1U4MHFeW1uCfzWgWPKOccnh7yD9uBSAd4LKCmNITDG/3cLGaMvKanoUKx/hEumsMOhmD41BLBwhqpsfqcQUAAOYMAABQSwMECgAJAAAA3WGbSLr0h7wVAAAACQAAAC0AHABiZDcyZmU2MWJiM2UyMmI3NGJiMzE2YjAzNjBjNjBhYS5maWxlbmFtZS50eHRVVAkAA0GtIFdBrSBXdXgLAAEEIQAAAAQhAAAA6ZTaO9jeW1lZAfoZUFWuuVKdkuXJUEsHCLr0h7wVAAAACQAAAFBLAQIeAxQACQAIAN1hm0hqpsfqcQUAAOYMAAAgABgAAAAAAAEAAACkgQAAAABiZDcyZmU2MWJiM2UyMmI3NGJiMzE2YjAzNjBjNjBhYVVUBQADQa0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAN1hm0i69Ie8FQAAAAkAAAAtABgAAAAAAAEAAACkgdsFAABiZDcyZmU2MWJiM2UyMmI3NGJiMzE2YjAzNjBjNjBhYS5maWxlbmFtZS50eHRVVAUAA0GtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = '7d9dd3.js' AND file:hashes.MD5 = 'bd72fe61bb3e22b74bb316b0360c60aa' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad42-7d84-4bea-b0ee-4d2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:58.000Z",
"modified": "2016-04-27T12:14:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7d9dd3.js' AND file:hashes.SHA1 = '75ab82ea86b97fb6f408c73849260e0d535ab5d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad42-7910-49b0-ac51-4e6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:58.000Z",
"modified": "2016-04-27T12:14:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7d9dd3.js' AND file:hashes.SHA256 = '2ac8704d3095189d125d88ce09a29cb462867209044625b5727827161550665b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad43-ce70-4f12-9c75-4d67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:14:59.000Z",
"modified": "2016-04-27T12:14:59.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOBhm0ipegvCdAUAAOwMAAAgABwAMDQwMTI2ZjM4MWEwZTUwNzBlZTM5NDU5NzY2YmQxMjVVVAkAA0OtIFdDrSBXdXgLAAEEIQAAAAQhAAAAVqq7JJJYE4DoTfIUPKnKxIMQOsjjG7QLJ+gm4MIbuDlPI8zX/Gb7nNN8roF7VjCYrvehaJPIhF3K1ph0UniAqnBlP9KqVGsJId09wu1rpXtY+OC4gznpP8oz0dvkmv8FH8mwWtFX3Jmy2yPM3QBcWcSWex2f5555vHLwGzrEjraF3n3+Y6/y7/iXO4pJWpqA1uxzh573cciAaPrFTyL1E428bVBSLtvtXGrQy2+sDLp4Z8hnH9OsntkhVDT3ITGc17d8d9Of77GyY8o1+eLt4xjbxu2cejVgzSLD0/h/+NSNcfBNv/YOJ9gX36mN6ysyGnG+4ZZuP5ZbUk+wt1R4SKoIcFNyPDMbqWA2PSXS50lGj7YhCAqzLtIeUBYxOv8Q+ElZ9lvXISPgR43il6w9FmEWLHJJZFsupsV3DDNJ8oZPvlC2otF3/3mbh8zdmm15VNY1FPM+bOwVEBqm/LIsfeVojj2tUjR81p0vlrm8KuwUMY/3L9p9aux6JA2QgSwQC1R9WGoVwJdauxvCFEc4RGVFp7WG1wzojEpJSynddrmzrlOMyJyFshOKPGu+xS8SphYEsi+Aj1ydcs7MuMtQAlijg1I4aJ70DF+Tmm026zBtvdowF3nnaLpwlbxSFM+kh/q2Qr9GBh2uqepovmLAerGX32o4gV5Qhiy9WoZAPWexQ7uytGD8fcCdILBbQ/U57OOnPh76modJxjgJa9V1Yjnl0DXFlJ5XI7NcUZ1E/28rmwTkV9fXDziSUwO5qmosvHoIiUjlJ29VgRCKdjDwusQzfkSvh3ejxh8uaqW86zXY6/kUVjRogg208iNmLJAwAjg/cc8PTqJY95o8EBkfn5k7ZtXsqPS/ptBvi5S5+sS82aR7tKxJhKiuLuI8hwGZSgjHY6Iu1lVOt686XK7fdTJObvmUQ4XrYLaHqbXX6O2PCy7OB5JdvBVOxyaeZpJ67QjRYrAhtEIxRb/CPc8Z9fr74Q74Gpb8cPtU6huC+IZNS6T1I9YpYHTb9+qNhs46r0k5kio2zariOtPtRgOc/5vPkqF6q5Ilp8TFsl05te4W3SxMstlhZYLrT5IpKUdNJ8XzeYPWz/AKodVkS0DPXABb1/wc/KsKlJV57/Yv54HoPhAxn7vSsf7+SkX9GPn4S03EgBukLbKM9v8k8VymFHgy5/Ca6m03icyv2odfKZEttL4PrqwJkrZgfDaoVuyvszMo/vFMu86EAOKV78+Y43mORfrKnpVYkL6uvo/GlQn0NePO3S8bfArACiltSBRpyhqv0r7U3Hsntp6K4U8LKMS5ymN9ms6Xr9S14urnFfjX9+myHVT3PhMD1ZFlNg42bGf7pbgkf/iC8te2fbpk4aIDk0WpxzElD8YKntk6iQai2HJ2XOOYW8P14G3JFQNzqVU8Vdw3qSD/ms2Y2pWeof31bzgOehInk5VYiT8eb05jpDh++e3u5NbIq7adn8n8/ZLY1XQ0vGAHYykZfSy5c3UHW916GUDm12Lfuon46RcDabqPQhima2rahHMa3f1UZGb678STFwJ55rFAdQ0WBAEZSvgUdwFJgiQdgT7m7YEj3Kqc5/qGaQajEqlprALQAAKRL0WnBWMFq+YsLp2hDlKvWDw6J7v0x6bTRUtbV0t4xJ2JUZBxEaeqmYVNH8T3SCEtm88xemw9t6P3E2RahkWrIVBCyRwnmLq+ADukYBqswaKCIgDBcHqWJEvk9TwyF7X5c7BIG6MKNhvp1QhFoNmTftzCNTnX5DuX8Ms/NOKp+TpcvViP19c3d+zwXy7kTwhyNil/WbLj522b+h4pm81SAYpAoyuryOjOPP676bn3O7X4G+y1uK1BIcsX88fh6tBn1lBLBwipegvCdAUAAOwMAABQSwMECgAJAAAA4GGbSCX5A2YVAAAACQAAAC0AHAAwNDAxMjZmMzgxYTBlNTA3MGVlMzk0NTk3NjZiZDEyNS5maWxlbmFtZS50eHRVVAkAA0OtIFdDrSBXdXgLAAEEIQAAAAQhAAAA6ZTaO9jeW1lZAcfMOzPeV3SpOuHwUEsHCCX5A2YVAAAACQAAAFBLAQIeAxQACQAIAOBhm0ipegvCdAUAAOwMAAAgABgAAAAAAAEAAACkgQAAAAAwNDAxMjZmMzgxYTBlNTA3MGVlMzk0NTk3NjZiZDEyNVVUBQADQ60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAOBhm0gl+QNmFQAAAAkAAAAtABgAAAAAAAEAAACkgd4FAAAwNDAxMjZmMzgxYTBlNTA3MGVlMzk0NTk3NjZiZDEyNS5maWxlbmFtZS50eHRVVAUAA0OtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = '7e0f5c.js' AND file:hashes.MD5 = '040126f381a0e5070ee39459766bd125' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad44-e22c-445c-91ee-40c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:00.000Z",
"modified": "2016-04-27T12:15:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7e0f5c.js' AND file:hashes.SHA1 = '9e11f750763f52266b0175e1fe9db1d66566d662']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad44-1700-4de1-8bea-49a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:00.000Z",
"modified": "2016-04-27T12:15:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7e0f5c.js' AND file:hashes.SHA256 = 'd519f1fb862bbbbf2724420c7bf1a5bde6ef0abf304383c14fb50253c8c40ef1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad45-a8b4-4f6e-b230-424d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:01.000Z",
"modified": "2016-04-27T12:15:01.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOFhm0iOOC1ufwUAAPkMAAAgABwAMTYyM2MzYzM4ZjliM2UwODNkYmI1NzM5ZDQ3MDRmYjNVVAkAA0WtIFdFrSBXdXgLAAEEIQAAAAQhAAAAVqq7JJJYE4DoTfMCaPhBFJKsGX4Jsdid49ZkE1yrmkIar6Y6rXaTbqqa3I4w3FeevPwBBPbIetyOkJSkrTRHrEQXlKKNLWMt4M3v/eeZzOZcRqLXuYiJqyGiVMBZCCqyMBOeiQcHnhqX3lvJ/G11vAtXKJYwE7xSkU6R5GQRcOFzSsrYktrRhFfOQqFdjNdWAI2IEVJcrhZPa1ZhEReLb0FTOJpV1H+libKimiNHetbN0vRz3KNAw46yrGf+WWHCv7SzmJmk7vOLR3YqKwi24C5TZtgVOzMI39hPJsLq0OPwy4Ipg6Uw5RMnafqIQG+cOuIpBFoxweKz1+3yeJ9SIxPFzF8G0KAP49doURsCNB1UPffnAeUlzApO+j4b72UiYLoX3UZdPx2HFnxTkdkBVoAPQPSSIgo8y/1VBZa704uun5P5rV28NBzLl4ov1Ct5pjYODbcs9wBJl5acoTu4lRF87YZphQPPBVAydbEYPRaHTFf+dJPcadO3FuXQRmtq5ALpArOPEfVKh7yZ+ZJ08MNvXSsVTs1osfelbLFWRKoyXTBXM7pmuiLQRUFOGZMn6fYq6/RyQO4/ZjkIsdwFOnmkwqs4oBUL/BHrOjc6LrLm/N7+mVP2qATdF15YCbzCzR5g1t49+5gMwlxWdibY+RU7EU2IeMxtUUrJ+DE4/0Klh9zs8oW/krLhG1704KNoxmBfyRjRanjjSG8T+NC+LF7AjJOztzXdWJv1CDJIuksK3sovMPvgY+YR38Dxb37icY/aHt0C/OnH5TFdNSYgGzLkV60CHNdENPr8F6FKPgWefjQjezFIFJVQ/VlsY1ordN7lDfnX6c/WZJmZTCEQzfw/fTnQlHGV1ymUebutq91L0XyMLACuACNgdbQX/KL7mmmeZX7Mk5Clgvh7/tTVQl6PFBjjh12vNRkmRdwtsA4DQJiXIRb8lhlCrLqoztxmCwMJughypGUMIk5fICTuWRGB7e0gz2HVrqiPKeykMCZCOG85UEeosBAEug57962jFC1mG1oY6DgChf5sYLrwqkcvhINbYAjz1mTMi+966x9nAVePKf5BaZVGwskImMJoMxennFll7/X5NtviSsX7XaRQCvOIw0CovwVWbgHH8NHQWemK1cRh7+LMgE8/3W+uehRu2JoK177/FZCujtRB1/DsRdlRikMv6+84SRLEbvQzlofrUIeC0LI3breiA1tuoIVzJ4JElsNvCMd82khqOKxDGiFRs0AiYh7iFOkefXUZTdRH4FP0dqmtfNB5L2MjTVIsUTVkSQal1ss2xifEc8MSMemvymcGjS/ZEtFqfUwHrT6safpdmnsKa3RqJiD/HOsHGFu84jfGBfaPbNl1Rf8CZ/Omusuqxw0IWgVThUM1htYXXE5YcxAfeppCa+FYrfZ37Dv7+N8nNAFT41cHN6zAE7cmzhXbe2U5KSJR+PKCP9AQFErJhRyruC4QN0O2ueVsmEoeZMBO+j69YVV2LPX5U0uO+1tNpcoqn30y1OB2ghCKL/tZtqxGDChFZtqPcM8s10sNX9uGiV2Kw6PTavBiDsneUmQWiwZTHh51j6c1xfrmjSOM0JPi2BhNzlcbnFqnjnEZgz1jlMnAKuin6Tk5bZUA3AZkb0qhUhN/VXiz7te+Psho7h+OJvcmD7p34y/lZ1eaObVsykKPIQV25eE8qhcJ9Bde0mZLKnKbKfUPYhufId5V2d/UOsdrKhDIwUtcVx5pOVihDuZZdvy93Mfber54bmfG8zaE0GiZlqETpKg6eqX0DrFQbszrbBuKdSeF01+4xrDGxySgtwgPaUNxKHsFb5Rg30KYwfGQsovEM4rygGo8LsL/XKYcYOBwXLei0JtElJpC9rgl0o0/UEsHCI44LW5/BQAA+QwAAFBLAwQKAAkAAADhYZtI2tTtVBUAAAAJAAAALQAcADE2MjNjM2MzOGY5YjNlMDgzZGJiNTczOWQ0NzA0ZmIzLmZpbGVuYW1lLnR4dFVUCQADRa0gV0WtIFd1eAsAAQQhAAAABCEAAADplNo72N5bWVkBxgolgG8BYLKBJVxQSwcI2tTtVBUAAAAJAAAAUEsBAh4DFAAJAAgA4WGbSI44LW5/BQAA+QwAACAAGAAAAAAAAQAAAKSBAAAAADE2MjNjM2MzOGY5YjNlMDgzZGJiNTczOWQ0NzA0ZmIzVVQFAANFrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA4WGbSNrU7VQVAAAACQAAAC0AGAAAAAAAAQAAAKSB6QUAADE2MjNjM2MzOGY5YjNlMDgzZGJiNTczOWQ0NzA0ZmIzLmZpbGVuYW1lLnR4dFVUBQADRa0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB1BgAAAAA=' AND file:name = '7ef857.js' AND file:hashes.MD5 = '1623c3c38f9b3e083dbb5739d4704fb3' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad46-3dc8-403d-90f4-41a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:02.000Z",
"modified": "2016-04-27T12:15:02.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7ef857.js' AND file:hashes.SHA1 = '04a181294e20e4bc4feb378ac8764b4ac92b1d91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad47-772c-471a-a585-4212950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:03.000Z",
"modified": "2016-04-27T12:15:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7ef857.js' AND file:hashes.SHA256 = '4ec296488e0ab7a537898025d322252024ac8954e833eb3cec3a3e1308a782c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad48-2788-4860-8afa-4eac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:04.000Z",
"modified": "2016-04-27T12:15:04.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOJhm0hLVDbacwUAAOcMAAAgABwAMTg1OTE5M2RlMjU0ZjMyMjcwNzY1YzRkYjYzMmU1ODFVVAkAA0itIFdIrSBXdXgLAAEEIQAAAAQhAAAA3/nreBhP1cuHP25GQ+QbbkIsctK6BTIS1054gQCaGIPWYBO+XXFc1h+tPgAnzOUmPrPgu8vWLYcn2q4pMvlk9FoFzjIy4042BcWytrMT3cf2hok6zwA7Qkc4Qjf7+s6sOwUFqlv966OYUR4V5AKZ852yfv8xsv6xXkyadQxE3QLbRhf5yOcRyQzKiQbUUCwVJ7G4VUrx0tSjMKZdE0Xa/zMLc2ZlMspP2uQnW4cy0UapZr+YNKUbClQAzEpnlrg28K+O5TYEccBsHawfakXaIRHN+8mXkx67ErFjnQEnYXF19UDxxlWS5oTGpsdnGTucHe7YTE43X9CKWFgbqPrvG1dcj1O+YhMwKkwHv51LoOpMLxehFaAFXL4Mqo3eamI4qAhLkDtyxCxze5pcNDg087pnGa+1umUidMm/uOnFb/bBlO1M7rVIrgg37joSKpc0TGL9i3JKxl1RFqBkaynVOT/zCy99buRM7q0rHsGhrNDfqgJWIO2Wb0AXbjyMWyIdlkd9EKn4tyMX+TBzfazKLEgZhWV+SXnA4Bh5nC+KojIfSAulVZoBNYUSB6BAKidyjS8vpzkkz8utqVxB/6pi0n6UpJ2WHNzRkmtbJVXeq4sM4swmsGGnkfviuUhSBNWaN6nHweA7M1CXWWA7nuYQxWbvWKlt6hEyFbKXzHkVrjOKPDrVr3zX3ZOQ20rqsCayRHE84ak7WUjUaRkGjl8p418Rw0nRhLOLuuiS0FdaDSsbPhVecDrdgU5KmXX5l3v+t7fnJxEkxDzhD4GJLvkZ4b20JBIOCx0JRhRTGXcGoFlZUFDnqXZUyb3oGeuBYqOqpVjuOcfaVhq1TsMNQZUs1R9ZAhvxoWII5aQKDkOgj0zHoBA+PpHf84BtWiYmYTXAuNGM3frDiYdQh4me77OaJph61JzdynZOLPrA1phMSYBU2RJuyAmPe3Q9o8InAX1p68Chg1ghYisPAtTTPQG0xbHq1aEI/DnP70Ugy0QQusm6c0J9UK0G3YThoBTuLux8alYEXkcIKuKMYO/jtQ26ZlazkH7Z41e9+7t/atY238hnDrgBE4E4/unDtGt2zdB9xRhTDbnWpB6SumCeTQi0x4SYVwdB8xxI0B6zC6bTTtYFQ4DUa5jmVsLd8uKNUCZuEis9OpGH0zN09Us2gMJknMR/S/JeoeDT/XPPghagSBHfVHGzFfzaD6aqanKbaDrcrHJ7pJE3jy7pLsxnLvfeJDwg6Q2Szx78bSH8yc9NncYooVcFgpFHoqBeD85dcInF7abmX8MkmQ3b26IqjunuVvOd/mjJV6DD1eds/qb2kW/8QdIc3DcsSm5HS6NU1HVG/aiHRy22w9/2X5G6vhTlqhoWB8RiWvYlC3jDG0UvpXdzabo72baAcM6CWoyH+GkH92jjsge7LBDwM0+V0UBjsVTWcHA3xd6ypm+0y+QWMzsUlfFYq4qjEBOvzaSUMWKT361hS0OSSVkMOJhLXA8iyS3Ljsr5C+Vb1UkB6WEN3yR3A+OSmyaPsGx1495k0ttqP+khYzB47Vdf0lTNBMHjOhZ3YJ/QwEBMqAjlooxC/iXpHnvtIK8G4lr0ZNoqVQW/ip8Q0Va9AIx1X7xikOxgjxZGcYk4bLmulEPEt5AfAsRucwPDzrAJRxSjsaKbZEznfQCHi9MnWjvoCPb7fcPEyXIE17+ENA8s13+VHCrQRLyZYB8l9xSqOb0eiqKHKZp3JAKTI91axYkyc8HlCrZW2antPydU4t7FieuobUJJsHjJ6xDvnuNOSp0xCC/f/D1P66A2HzRe3aDwfHJ8p2Agh8rT1xtwrCvTXZOraKf5OY6wOJ2qWVCss1w2ir6FQzKbAdmaUEsHCEtUNtpzBQAA5wwAAFBLAwQKAAkAAADiYZtIy3qIihUAAAAJAAAALQAcADE4NTkxOTNkZTI1NGYzMjI3MDc2NWM0ZGI2MzJlNTgxLmZpbGVuYW1lLnR4dFVUCQADSK0gV0itIFd1eAsAAQQhAAAABCEAAAC7c3kWwnIUFWTfJdHSrQ5ycgh6vwpQSwcIy3qIihUAAAAJAAAAUEsBAh4DFAAJAAgA4mGbSEtUNtpzBQAA5wwAACAAGAAAAAAAAQAAAKSBAAAAADE4NTkxOTNkZTI1NGYzMjI3MDc2NWM0ZGI2MzJlNTgxVVQFAANIrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA4mGbSMt6iIoVAAAACQAAAC0AGAAAAAAAAQAAAKSB3QUAADE4NTkxOTNkZTI1NGYzMjI3MDc2NWM0ZGI2MzJlNTgxLmZpbGVuYW1lLnR4dFVUBQADSK0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = '7f60f9.js' AND file:hashes.MD5 = '1859193de254f32270765c4db632e581' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad48-1e4c-41d6-91af-40e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:04.000Z",
"modified": "2016-04-27T12:15:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7f60f9.js' AND file:hashes.SHA1 = 'ca80f49a42663074ee27b2163f2478af30dbfeac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad49-e140-4a58-8c29-42ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:05.000Z",
"modified": "2016-04-27T12:15:05.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7f60f9.js' AND file:hashes.SHA256 = 'd480f6b57ee39e90d080b0c29527d2521b9441c68d2803fee6d8e280353cf209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4a-d538-435e-88ff-4db6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:06.000Z",
"modified": "2016-04-27T12:15:06.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAONhm0gIHyiWcgUAAOwMAAAgABwAYjZmOGM3NGJjY2M2M2Q1OTg2MTNjOGZmM2JkNzgwMDFVVAkAA0qtIFdKrSBXdXgLAAEEIQAAAAQhAAAArGxnaVJyxtZXUW9rP4FcKc13jqvrYUMyFzVc8LDNOsHts2DaDDtiXcptD9oksq6a+SWQNOVKwTReWxGSuGMhjlVi56DId0gsLYVrk1y/tcrTtxgX0NG1OAwq3eYL656EVX8MmCkQz3xWj+Q8RRvAYiNsC76MIAbvoA2/3cHvrCMy99Z6T5PWCi8oPNqRCkfnGzJdD3/XUmF8+VxtorI3OcVzBCVkG4w/qWmMscSCIiigFr2HvHy4FbPVuwIDmuhKguvGeBVAwZsZnGqsahdoYEI+zzrnO4jebiGPPW3WgZiVwHDKBWrII+arI1nwFONz6+BROkn6J74z08sUFdBSLJcE+N9ySAeNSO1iPPgLSPwQv8GFfcZJYDpUkcTGHvq2Ou71hBkwTuRGTVkucggu6N/oa/rkBBdiU1kk4lXm6lUNkmgWJu6xwGtVEEg4JU3qUzYBsobqmYznnW9QVGtgO8R+jhy70+zuCQJYFxFvLMzTakNDV5jiaHNzeF0XxNkaGW8v+S7hS9eJE3YtvKygs8mxemNT+mjcELhZxvaKNZQM9TFAPcbHbeJKkHSR4ula245o9NwtBsvlPYcWFK3SF3WseZcP5ILSMbelMAj5kE6uyJATm6o1FNtK9WAZ6TV1g+UWLbDL9pubT9LuJJJTlsitngWn/cOJ3UpJdnbWVfbfh2mbyRVIPa0rNusrl8exGq7ofPSG8AOYA34D2mDUacoDmbp7k19cKdfxE4hF6KkoN4D7SjTfkbr/0iTYzECrjebHUuRN+cFk50FIghNhlTX7qULiHN1VBJjOeP0WUUabpJEFxDbxcd4SpsitssmbbuvUwg+WR/JdX6y4jr4alpijfo341s+avdO9ILQaoqkl+a69+FVn9jIPStkoLV1kg0E8aqFSyN4ql96kamezubH7/m6QmL3x96fjFt8mzMwlytk1ZYpM8YnCaH97LEXzPqHAQc8tFjArWKclS2XEKkULtOGfRLf5EVQiqX3nnI79dCIDuaUVjT1ol/bMnKgndQZfIP0c9h+WNRXEloZJ1koyHzELB6j2VWPeLA8hR7HS6sYr9j/F29AkAbnz/FwO7531hRVL/3QJaGfQYLiKchMVLaN59wJFffovIZy0hUA2cERQuBu0sdrEWvDXDSIOma+wvzcAJd8vZ/rWqGdTqLVI9inaWva8jGcowOg+lPWaAjkYdjeyKUeHs1y1N4Xeqq0XNPqblS4gaevrHlPK9uI2Jh3MLiNeThOtXY/MLsF/IKdRcgsvlWr9FS2RJksf7gv704Bw4MiJbKu3b/w+HQLTPjCCaCIlRxbcsi1JhNsJTcSKHKuxMF+XtL/7fs3UXMWRD6btVWUl4Kk7+2mqOq7knmU+xzFlNT2tIvAkM5HkmLL4mQtdjq3WMv5i0uTL1j8hqAJOk/eE9+mmb1KkPoD08wJVvZ/hvkwIeEi5gacnouTTPFVQ0enXYvm2qaoK4Sj8EFfHbYbBwpyIxr5haSahjOEEQ+MR9Yfr5iT8uT7KQclsCo/cYkrV2FS6X+wIst1YQfoyt/WJMzuVppdze/6qR28SU6dyuxXSGL6vRF9LnVvg/37578i2f6cWouTwNiCjlSOVXS5hm/57nQeOrRtVAb8RvBNahF5iM+tJJHRAUTR/ISrMtoSRdEWWoll3EKujizm6PRDmZiVZ2gJ/NZ9Fp+WbwK2A8A327uhREGmi3VO+8eYKN6ExCCqYYOOelHVlPim6PsJ2DkJ78nrB2NsLuk387NHYZi68qxNnZwxmHjLCp5ioi8z7VqJ+5nOgVbkZCJMq7TZ1jRT+iJctQaEHaJHvc0FGlzroKid5L+u7Jy6nf1V6x+t+l/P0rItftYBQSwcICB8olnIFAADsDAAAUEsDBAoACQAAAONhm0i7IcCdFwAAAAsAAAAtABwAYjZmOGM3NGJjY2M2M2Q1OTg2MTNjOGZmM2JkNzgwMDEuZmlsZW5hbWUudHh0VVQJAANKrSBXSq0gV3V4CwABBCEAAAAEIQAAAAKV9x9fPG7+HoaNIK9ETmicSnkL67DxUEsHCLshwJ0XAAAACwAAAFBLAQIeAxQACQAIAONhm0gIHyiWcgUAAOwMAAAgABgAAAAAAAEAAACkgQAAAABiNmY4Yzc0YmNjYzYzZDU5ODYxM2M4ZmYzYmQ3ODAwMVVUBQADSq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAONhm0i7IcCdFwAAAAsAAAAtABgAAAAAAAEAAACkgdwFAABiNmY4Yzc0YmNjYzYzZDU5ODYxM2M4ZmYzYmQ3ODAwMS5maWxlbmFtZS50eHRVVAUAA0qtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = '7f19508a.js' AND file:hashes.MD5 = 'b6f8c74bccc63d598613c8ff3bd78001' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4b-ef5c-4ea6-b076-4af1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:07.000Z",
"modified": "2016-04-27T12:15:07.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7f19508a.js' AND file:hashes.SHA1 = 'd197d3637a21cad59a4822c67a0220cafe1d3cb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4b-7f5c-41d1-998d-4c13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:07.000Z",
"modified": "2016-04-27T12:15:07.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7f19508a.js' AND file:hashes.SHA256 = 'bb8d01e37599e55d32649b0e2da7c5cf8460c3ec270b58cf8d9db9cf9242c574']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4c-e6d4-44ea-9f45-46b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:08.000Z",
"modified": "2016-04-27T12:15:08.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAORhm0gGL8mWcAUAAPAMAAAgABwAYjE0ZWIyYzBmN2Y0YjBjMDUwNTQxMjdmN2VlMTQ0YjZVVAkAA0ytIFdMrSBXdXgLAAEEIQAAAAQhAAAAur+FZb7u7/DwXf52UTue0yWKWp7ruEsFNe9wJ/Z1CcrsiFvZluyQz+qEqqVf3lr4fJF/9HfYSIx0i+510ZWRQdwUyCtREDYrWxsGphn7iLhVun6db3RSHIBCPq1CGkwoyFlJNmfkjJt/d8FIo6e3inA1NhGakeJ7jB3W82MUOexsiNWtegkKTpQ8bBm5xx0wWzu5Rsi1xO0Sd/xGs6hQ9LIJZ3Tx1IrBgcSx9hrAF7DgXQCIgi28Kx4hy0suoZMrGue8b3/eD1193PA/HUbdununhKi/ixlNPZcM+s5zYjqRETlOgJGkve1w6CDK50u7wU5LUcj+h8zDEIzaAXz/wKQu5SpO0paeYiyiJhrfLKsQYlxJH82eDNEBU701kz8TiHLVo+IbKO7jgr3VyUq7LKMJe6YR5tt8Fq/+YPk67xlHXmmRKDSFpdhWYbAa5XMQ9NStdjnj/jDjY+D35MX8Tm9PB/26L7+FwfEhKekn2kJHF0UZVSJ97QIqzdAwuhEWovQR4dDlCHhymFzYkUAEWSEZs+cUglUlDkMWkaO7/BSn7EHYFtVxcW5bBOCgSqU9IaKUCPPUwN1I9dopCvwtjqPqRujKUUhDuxjMKzIzTA5MjnG7JyQAVFQKV+KFVDB05pBYEHe71lyXV8trvl1jXWN6vUXnDT2GNThcQrwyRrqTs1ubqZToLt1b39JlLGMapcwLUR9Ier/Zs1n9LyLYkpaapu2CS9r7pqnoqPuBvJAveJ4/XKeznqdmH0MML0SH/adcgBDKYTp6T/UlqRHFCZy6oRgsm2vPJkmBOvQuqsu5GzfFD3McXAT2UYjK7yHZtCnOOvvQp/K3pk553sMMHRtI5PRvz1IQWgDOmS3Hu9xnxWGnWRbVjG1o7o4si4+iDqE0KZyWi+cw9yg40gbFFJSifGPitB0e6y7dQC56JipM3KlWwG/1UhhMx5xvw+LWzkj1SJQrQoYaRBKaT2JFZ7pbk1VJE72jwsbLGEF1gWpnXYf2w0dIgygxoNTotiJfUYe9Rc8vj/L3MsaVH2bNg+hhC63BEVTa173yXbqlMSRk82p7XL6fhNoFay/lCaSECn5ojQ+tMCDo+ooOXPMfHA+hBhU8bftQfS/Pr6DrZot0ju8nIrtxq+CI0J4loZNfXt9OLeS4KhZDSSJhlYD8onQlcGya280+ODfQMJsqsIicHAAMOi+AxuNUVosX/R5BHzNT0VLcr69Ec3lB77yQxJX3+Dgf+8YYMB2BD7/UhmnNACg/ghdQJAyL/moI4nDjh7Ds9yLbaZYybFv5ZHYniHAt86tI81S+TEabzOCPuuxEopF7zptPREa0njyOQIQjtVg41a4JYUsN/gTJlHdnr036gVnAWt2RuJ6CKRhHySWmY7Ef42DtA750W4AKIc7QKrJEV6g1SQCSyGIpKdq6LBQbt8zy8I/XVZ7OVX7k1zKmk475cotuPXGFz7bXLvLyMwLcgmiN++uqW1Tywkv9IHJFJDEgL+8bRp1fyQKLL5pOhkYa6MUqiabEKW2udiBldC3zM+iFIQ95eWA0MTmVRNegrJ7REQ5t9ceBqVew8pOHVE91rjWEFQ02TefwzB72Fp+8lccdTHVikMvvLNp7+eSnMBleMyufb/+0++nSF2KeiW77IfTPJjM+FtXAJX65lq8rwzNlcIWviAaUGj7rLzmlXvyzrpC1+vioh7QIbxuBuMFerXPE5Wf2Kp4d+P86lgdmxcWaXpLL4pS9GnfJG/hfCqPRJRtIKoHEIxiWjzqVJ9MyBDe/YQTlo25cqxy+YDqjuwGjBNegF+6XU/KxfXSW7Jgt9fsC5gSRTjI1ZyMuP+bnIWBhNJpT576V6jNoUEsHCAYvyZZwBQAA8AwAAFBLAwQKAAkAAADkYZtInKD8VhQAAAAIAAAALQAcAGIxNGViMmMwZjdmNGIwYzA1MDU0MTI3ZjdlZTE0NGI2LmZpbGVuYW1lLnR4dFVUCQADTK0gV0ytIFd1eAsAAQQhAAAABCEAAADKlQjKnSoVgbUXlZSX1zW3z+Tp/1BLBwicoPxWFAAAAAgAAABQSwECHgMUAAkACADkYZtIBi/JlnAFAADwDAAAIAAYAAAAAAABAAAApIEAAAAAYjE0ZWIyYzBmN2Y0YjBjMDUwNTQxMjdmN2VlMTQ0YjZVVAUAA0ytIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADkYZtInKD8VhQAAAAIAAAALQAYAAAAAAABAAAApIHaBQAAYjE0ZWIyYzBmN2Y0YjBjMDUwNTQxMjdmN2VlMTQ0YjYuZmlsZW5hbWUudHh0VVQFAANMrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGUGAAAAAA==' AND file:name = '8c162.js' AND file:hashes.MD5 = 'b14eb2c0f7f4b0c05054127f7ee144b6' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4d-9788-4850-a2b2-49ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:09.000Z",
"modified": "2016-04-27T12:15:09.000Z",
"description": "unique .js file",
"pattern": "[file:name = '8c162.js' AND file:hashes.SHA1 = '912b2eea8e1c6e744c809ac3bd9aba76a8cbb95f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4e-f134-4866-a4fc-4e65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:10.000Z",
"modified": "2016-04-27T12:15:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = '8c162.js' AND file:hashes.SHA256 = 'facb1eaf2abc3d58e6500b6c9f33f50c2d74a281430b6c65e54ef41a0f70663c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4e-8994-43f6-8ec6-4abd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:10.000Z",
"modified": "2016-04-27T12:15:10.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOVhm0jKMJwkeQUAAPMMAAAgABwAZjY3NGZkNjEyN2IwNTY0ZmE5ZDA1MTZiYTUwOTc5NDhVVAkAA06tIFdOrSBXdXgLAAEEIQAAAAQhAAAAHCvQ82LrSfe1eeSMu1VA6GDC1zyI2TlZfvz2Uq/VnHkBYeQEjW6QDz0JsOKmInNGUAdFuJod/jaCgwCGwCRroJnkj6z45S9shXKHSHozXOnZlzXwmfzc9Wgox+jinQp4J/Lta32mrl5p0v24d7PdWJfn5EHJPEOOixUlounmac6HmHNg2LIFXe2ae2iXHPX2+hMsGkLe1vwLcIsrPvXQANJpvM+HquCHdS6rNXYNWjoeL/73ifDl9ve0JAPEdudkEgfxugcb9O7lE22Fbc8zdfjm0xfGvua9RXkL+xWiRBNayb9eMFfmJZ9zqNn2VDGcDH9aPc9Phwl0Tm2K9dj1OoA0rtpItxkDZUe0vebDcgwYyWMHSkpaP3CiLIKByfd0Exitu8k1YDgILITNj2HfWsUGf9dc8Tvivvqi4VrrsK317abmtXLZKs8GNRwCpvhbzENe7MNXtSPpA3grQhNNAjzLx9BycECQJ6Lr/clE9+qixkbVBWP6rIinjShKQrXo6FEG3OOq6ZRKJeaWxKK+DJWbCN4DloTVYFYTC8OnaQD/sfY9EeMFo3a3aVE1/kky26bkDbUmFzpjMK5QKwRNYAN6BdIOxBE+yoC/8JxbpsYGUDhNEkji1H1QK551A/TZwIs1YhL+nkf4e2PvjsYXhd8kJAcdCq0pYSg0XdVWgHBkvSNv4KHheyP+TIBiE2TbhBgZMJ8lB8M3PrY+Sgjnq+MsgsPyfd50iw5L0Zw1Ss1Q9WLve+plzfY9CRqA0mnBs2i+f4udx/aWUimz3no4w9GsvwW4SuYS/8+3rVIJDL4wm806oe9yoUojvaWY4lduhmYr+vOtbdflol7t9lNmRp7i9P7VN6L41uLfqPyxrRq38x6sINlsg36XQTa+0/qShiEmLEqtRwv9QaX6tUHmyWHdL4xE2JoSBjT8h/ZjZGkPfo4VTvyxrm1KXztlw13W9uOc1PbbQpF4i9K7ZhDKebqRW5/ubatBfbYvRZV+HBh5Z3I/0eW8pwcVU4EUGzOdtGfR4ADqPjvcHjpcZaslKn1mThi3feqg54XnmKub1qtjTV+F0BgL/nIwyGfubEOebcrnpVF5HaRlYcXjKWG6eiP9hhlXOT503NcJ2EFPKJQWc4FuEjWXRNeVbZGG4Ta5amaOSrRzSfoSiknH3XkodjT8WXyA4yY2qYx8qCerEl2+pu35MP/NVJFHOpezcBaFPE5k1JNBCTk8q5IqEHhtg+Re4JkyMVO/weDUpBJ4fjvPgVOcuvy9cKir4EAP3imTTk3RdUfCt451MXBIhhBTua3qnDf/F+/Thcx88rpIcgoxbR2hPcm2Oar4NoO8PcUINEt4IyPTxtWn7Ey5c/Av0KtLzfu2LdsGn7HuGxGS8bjy7JDswDV85ifXpQtr5zDCi7/YNmcZ/wdHEd5rHPoep7chKg/aEVgoVNlpB7ugqTmdhCWshPj3EEM5fJerJ4QVB/eEbVhEmp1HB0nH1ERq2heLbgRX6lNWYZlXNmw25NRpna9BA+t8piu/JtDPSoedAiJqOzL3AKmUAAbCl1OW0Y0rBTX7Kyx+uQDq5HkW2f27oTuKkp8DFAg1iMkxm99yIosrLPOJVUw2dIOv/TpKAnlgiSsoCIGpg9369OGwYjO5WtaXO8Y739e0h42A/YD+FZbk2WlYTt0TIu5VZHx5J4F9TuXhDbua2LjDLJ9w9d2Kt0HAKwy9vnEFjJ9SQ4s5ray7dR1zuVuPbQWzTq/evRlGH86WvGqcC9ahkjCZtNEGz3IdnTpY47877lslQDJb0e1YzopmuTcsgU1EcPGuT6nbMX6lThLFZqEZuCWsJJSYFzAHlPCSO54kZTwMo5V2oYSpXd/lXPY4UEsHCMownCR5BQAA8wwAAFBLAwQKAAkAAADlYZtIDOrS4RUAAAAJAAAALQAcAGY2NzRmZDYxMjdiMDU2NGZhOWQwNTE2YmE1MDk3OTQ4LmZpbGVuYW1lLnR4dFVUCQADTq0gV06tIFd1eAsAAQQhAAAABCEAAADiOJb6ZRQwVslUWBe8JxCa0kXc6eNQSwcIDOrS4RUAAAAJAAAAUEsBAh4DFAAJAAgA5WGbSMownCR5BQAA8wwAACAAGAAAAAAAAQAAAKSBAAAAAGY2NzRmZDYxMjdiMDU2NGZhOWQwNTE2YmE1MDk3OTQ4VVQFAANOrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA5WGbSAzq0uEVAAAACQAAAC0AGAAAAAAAAQAAAKSB4wUAAGY2NzRmZDYxMjdiMDU2NGZhOWQwNTE2YmE1MDk3OTQ4LmZpbGVuYW1lLnR4dFVUBQADTq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABvBgAAAAA=' AND file:name = '8d985f.js' AND file:hashes.MD5 = 'f674fd6127b0564fa9d0516ba5097948' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad4f-1080-405d-85aa-4b1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:11.000Z",
"modified": "2016-04-27T12:15:11.000Z",
"description": "unique .js file",
"pattern": "[file:name = '8d985f.js' AND file:hashes.SHA1 = '3843a11a4395601bf1ab94b4361231ca48f7badc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad50-0e38-4e16-bd70-4471950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:12.000Z",
"modified": "2016-04-27T12:15:12.000Z",
"description": "unique .js file",
"pattern": "[file:name = '8d985f.js' AND file:hashes.SHA256 = '206affe254b7c6fc5c4ed51538b9a99332153ef829cbc0d6632ff9fa0b1ca9a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad51-c1c8-42dc-bda5-4fb6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:13.000Z",
"modified": "2016-04-27T12:15:13.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOdhm0h8FTIUcQUAAOwMAAAgABwAYTIzYzIxYzFlZTY3MjdkZjUyNjk4YzA4NGJjZmMxMDBVVAkAA1GtIFdRrSBXdXgLAAEEIQAAAAQhAAAAqkis8Bsg+R95bge4gmEqHEzxZdj7uDTk+uuysLH98dGVbGuzvr8kBw6NxYL+bz8Sp1cIy2O4KLLFoxJ+EQdFM0KIr11BFxqiQIob17SDLS7tfwHuaQUX2nBah1CDYvbYp5sNPP0Farmw4orMSbiwEKBxfxGL35QQtLghGJSwYwwg+n/YK+g48GXJZkapyIXpFThcqRlJBRrZx0xCsnHMaOj4Ff564t/Ic5op5cQ6BZFwVuFalIk7w523fAA09jSK0e/NAsyUYJEEXkXG96uTkZwBntjCFYv+F4nDo+N35uCF4a7DlZkoAvrB2JngcwJxb2NpVXDPG5Lvl/8dqhfu6wps8XWTquaMeAaGqJ5WaBa4yrjNh+gwJnmsiM4GSZhRhDSq7V3ZOIDhh05Vu56nyB3gYMkGZWxNlf6uuJt29MHvyD3vSe7hO1t6Pfp2tu95jxW3FKFG+BeSPtrn3L88SEemmUAT5LwC45BENE3eElBL+m7AM6xEkjPpujRrVln61t9beqflBg+hZa4Mt8/iFLwI+oOk3C7V3ZLx77YNyTUFTXnIlYJ/kC1ehEpLPKo+p1gEi7USGKeEj1c2MZkUTptNiZqdkl3NsE8L7lCebK+XYh3s1a+2bzmCXPLhDWJP+dMgheXIdo4/CP0a3OHjUGPnAABsFGPnhRPKcdDFHGLb186O+gJLBdCboONJ6I5tfFssPCHViS0H0v1epQ7pj+WlVOQA4aBFvy0fy32AniYYt2+sDykYaeTXXekl8Gn+zSC/ruuDHfXnkPrlWpNhDvGJZhCaRwS5fF14OeC6hsL5l+Pkjz1g7A+B5A5M6iWBdQxZVfCshJ8sbUHiwqQORCouW20gbGEdfBHcxqm/2lXlWJsda9shl+6JQkiYa8dBeD+EF4X6hGkd+xG1b4geLOXu67xG1MbZc7KH2ZWlRbQAgPoIyho0zycG1Dn3Uyk70dXNiZQEhJQ9RQSJCzFCP5kxfFu9gIF3fVl2ea8D+dPAxeFle9nONPk1/HWIdJfpzCvDxUocrpKsq4fOMJTj0dRx7+zPnPrbOHZg01NN3iR1Wb7Ix/DIhOmLiqOfcTcqXkk7mBuurnxG3KJIyWi/RSzMbqvdtI56lR/X7JHPt/KdFsB2JwVrhndzJ9515imdNUIFSsQB3O0IJfR4XkoQgBnZPu98uqNAeY/9BgV23ven6QTnlC5bHKW+PzL9uwbN2vxTwDmZKhlvL36CNU51N37cm0tvFlcul2lfpdSYwsJz+8ooVxpfte6JZvEyjuoeJCdD0LR2W26OzEF7E7jdLU8GiClSHVFz+RhP6/onkPo5EC4HCkaCfwKB1M6WQhAl3Skbm6EAoCaS5filp0LY/ZweK8Y1qKjakuSbMIhuT8iDfkDxICQwpkseDoiVw88OpVjFAX8huB7rybqKb6vwEeKD08KtpnLDDjOfJDelmzFPJ62N3EYaMOPhs5aXA0C61n7oGqkgKJa8+994320zA5aIwf420dA6f6gFqMwgAzI7b4uTqmqv3nyscU6oq1iekjQ/+Y85vYoTK/iSdZ9YlwEt4bUnfpmZ/v4eMzdGEJo3bxjv8uxO6NVOukWO81ertquIjrQi0SwjHN6zQCo2OJQjAarDT38lcYneerfB9Dk3NxucA5O//znxgoANU2CcSiiQdgDZgYSHdSpK4C8WFgGPMOfKHTPqf1gnqUejW2S7/NabfTXk4ttZoXqOhbjeEabppgvD7IGhwiHV9gWkbeO9VlTRDC2miw7xMyE+Sk/ZBKxAYDT06JcoI2aPursaw+ULJn2GVG4EH0acMHKYZYUwyMhb1bMEdUkMhflyhMsl0ON0K5WtYdTSWC1vzNHSVFBLBwh8FTIUcQUAAOwMAABQSwMECgAJAAAA52GbSIwnL4gXAAAACwAAAC0AHABhMjNjMjFjMWVlNjcyN2RmNTI2OThjMDg0YmNmYzEwMC5maWxlbmFtZS50eHRVVAkAA1GtIFdRrSBXdXgLAAEEIQAAAAQhAAAAhUSomdKF4d1VDDB5du6o99uIozJIRjBQSwcIjCcviBcAAAALAAAAUEsBAh4DFAAJAAgA52GbSHwVMhRxBQAA7AwAACAAGAAAAAAAAQAAAKSBAAAAAGEyM2MyMWMxZWU2NzI3ZGY1MjY5OGMwODRiY2ZjMTAwVVQFAANRrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA52GbSIwnL4gXAAAACwAAAC0AGAAAAAAAAQAAAKSB2wUAAGEyM2MyMWMxZWU2NzI3ZGY1MjY5OGMwODRiY2ZjMTAwLmZpbGVuYW1lLnR4dFVUBQADUa0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = '9b2129a0.js' AND file:hashes.MD5 = 'a23c21c1ee6727df52698c084bcfc100' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad52-2f64-4ad2-977c-4a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:14.000Z",
"modified": "2016-04-27T12:15:14.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9b2129a0.js' AND file:hashes.SHA1 = '9d740f1e676452835d125faa1e69d2cbb3c80021']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad53-52b4-44f7-9ea6-43d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:15.000Z",
"modified": "2016-04-27T12:15:15.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9b2129a0.js' AND file:hashes.SHA256 = '9e35077257072091e5130b5a7136804fdb4da5760f2aebf6baffc58be33217af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad54-05f8-4017-b132-45ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:16.000Z",
"modified": "2016-04-27T12:15:16.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOhhm0gzOwHCeAUAAPcMAAAgABwANTQ0ZWYwMjgzNTE4MDE5NTkwYWY2YzU4NjExMmY2NmRVVAkAA1OtIFdTrSBXdXgLAAEEIQAAAAQhAAAA7SxANjJWKNIxKP5bb7Q75Vz9pTPJ0KjSNIxbpP4jDrg/8axv9o4XZ+pJsF4j1S8vWsTnTgeOqXkgSjqYdmayYYASQGp3bxoP2SkIBk1UFJTUetSm6VjjbV2QF3UXnKsoLdJSqJ/Eu/r0fsnjmPU9peb6qPNi+KU1AieekTo7mnu7k/Li7+BgccWI5aZmWoGUOdnBBsozFrX9uZS75O4+9/R/f3WkVcULYRyHGgvwNG32ZZN/vEiil5Tidk9QQJacwHDNdnf36YN2f90gMEkMA0g45BYCJc96q/EWDstucnMTH6L21DCXnoPmOoSVQ6g9kM8GrL3TpIP6FTAyQsyQwVOmxOFmRoPoh7Z/QmbvcDNsDU/BuA6/vaCiNm445aEguXsqk0GWVbWjgCNTRh/uvxWQHazjnujzsTshMh2suxIqEVXHCIMohRc6P6N17BFkch5ty2sOympbWvkNKsQAIZaiWYws+YuTVd7rc6aaw9tg5ykIX8rvqFJkDQOzAPxw6ObZplQ+Y7mkhbZtFLnJ7K2LqNtmGl9nNqm0drqVBq+xi5APGobM4522Z0fAZcBWQUwLGOB32wp2qyYm5EBhKeIJv0/Nz1AKJWKiNhopfmNpQA2bsD+kVxStbonefp0zwbVgqG0IEmx82T0/dg7dmJRm31ONIbTUPlZDTebiVfHhNHNL8DXIjGOGtLSfqzMomqDC4VV0j52656G26i9NMh8zyM3S+lxDoE4MGFZjnlljTKGYhLS9tR9HdE8pxrxqg1VCs+d1UcJ8mPSokBowLBvrVvGQ87NToRZPINsEHinWzUrL4FpveNeAxHL4COKq8MhAMmOD4WkaHMPwIF2J5GIctqrEyB9nrNBwZfiPzGfl2IIcQ3UEgxvtMT4/vTgegjMMaJvmbku3R/DPZOhZvvobbOfqkZ5Nb8txZ+Mw7elCG5AUTYjKKrEolHCOJ2/v/mZ2rO6Fnx/bBGJVmI+JVIssJ7rDhz+ZnkSfkx17QlOgv/Zq98fZE62OcWPFnkjB/QRl9nT16N6Ik7cUlod9ZXfJTjdoSPE+mf3a4E7VmWB0rHg9Vu67zp68MCmEvbtS3zVGhXTSC6HqbJnEN1B/m6LgTzNZVRugvctt4Rv9D/ghUsWzYdu/XZ23BOTljxTIXnhUkFoCj1x5ovvuXh5u6WRkPkqI5AliaSUwMsWk5/SN8AqdXW+1rpUeLOu0n4cKgC0b0Jo4+7ApMocS2gq4WnuVVu3VpeL/BqSUWFyV+2WBjcaAqV/QWjvzRs97EftAhXxufN05sOj9ZHNF9OYRCfw//gMVdPSLyLXgLOXyNJSk18Yy+DmhM1cEtw4OEqLLtZpsmygyNLKNte30F7MQ/OdZCXSKIYVqEZGoXY1qi3YyyHiC4nPYVDI5NtGuhSkiMws23Bd3GRV+aAU3zUggdsxw6D3AE6EEYZlr5vTl2D3Pv+3GTbXX35TZCvb+deuNBfjradbqH1w9hhqjCxoCPAKnDBph832Oe9wDu8kmix1OAtzJ6Hrg6srn8XLlk5YPmI5lM6u4wCUlZN2FQ9IdhvVmKO4Ul2wM+sJyXDSYYY7x9tEPvsn2HVEHcRaYsS8ZyRZiknCE0PpQi0/vMpeo3KJuqpv7lgj5o/x5ZgevnVkF1NM9mwYCTB42qjmAdbWxgoLXc1gQ4yCmFx7UAuWk5CuQi6PyC+Qq+jIv+NFuoCJmSb0CN4gE7jhU6Ncs53BZykEOsztT6NTtK+RxI58fTkfhNjMsIEn1YC9HvAhZT4lrHbnx4/x6YZEI6a0foVNCQhh2jAFZukv5WXxO7AyjpKwEyGSJM/Cg/KKj628UBSOKNY3QlApEKtEgj7F6Te+d9EF04PHLj69QSwcIMzsBwngFAAD3DAAAUEsDBAoACQAAAOhhm0i76oILFQAAAAkAAAAtABwANTQ0ZWYwMjgzNTE4MDE5NTkwYWY2YzU4NjExMmY2NmQuZmlsZW5hbWUudHh0VVQJAANTrSBXU60gV3V4CwABBCEAAAAEIQAAAJV36VLXBws0a1+rzXZemcltZ8dMR1BLBwi76oILFQAAAAkAAABQSwECHgMUAAkACADoYZtIMzsBwngFAAD3DAAAIAAYAAAAAAABAAAApIEAAAAANTQ0ZWYwMjgzNTE4MDE5NTkwYWY2YzU4NjExMmY2NmRVVAUAA1OtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADoYZtIu+qCCxUAAAAJAAAALQAYAAAAAAABAAAApIHiBQAANTQ0ZWYwMjgzNTE4MDE5NTkwYWY2YzU4NjExMmY2NmQuZmlsZW5hbWUudHh0VVQFAANTrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG4GAAAAAA==' AND file:name = '9c8ec1.js' AND file:hashes.MD5 = '544ef0283518019590af6c586112f66d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad54-8040-469c-8eb5-4a1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:16.000Z",
"modified": "2016-04-27T12:15:16.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9c8ec1.js' AND file:hashes.SHA1 = 'ba82c3a4d5f06794405efe71d5902f9c001dcb14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad55-e0c8-445e-8df0-4efe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:17.000Z",
"modified": "2016-04-27T12:15:17.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9c8ec1.js' AND file:hashes.SHA256 = '8bd38e3d516708d14e90ced150bad20d370afba9074a91adcaaea584ae20d9cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad56-79c0-40c9-b08a-4a86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:18.000Z",
"modified": "2016-04-27T12:15:18.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOlhm0gmGNyldgUAAOwMAAAgABwAZjc2YzVhYzk2ZWZhZDdhMmYzYWE2MjJlNTk3ZmJmNDlVVAkAA1atIFdWrSBXdXgLAAEEIQAAAAQhAAAA6x+jxIUKLnrO5xk9p1mUHsYBsfq1Jp16TN81/jIF4dnl2rBTxRoVP/v61OX4y/KqFOoVwE+Tr+pKrKswhgp8p2CP8eYc6Ms1WOEV/kf+voo9xYpbOhccnkYArjQgoQ05MSDuTW1r24APupYWsk3L2zPVdV5TZz6HotzgshVGkD+7Y93pF0zQJx4XiRMsTB1F+yadybdrVvDIfqNXz35t9ZA7aBGfguhF8uHzLZyFBRS6biw/+aePAXGTitpTHScv1pXuPoVvXkTZzCk1hPafvtn/ksAqmSn1oxAOKPl3fMq0VnndZFoNgII6/9oUVvZcriHBDTEZrttwPubzi2hTg3OGtSGHzc1TTx5qtb2sxiEL0DFJsKZIBlL6NLi7ZkhzvFlyRIhd/fkPRSlohKo5Zlq8zbjqq9b/nFY96oAVBm4vhd0pMpEq4rnH7a6XXO/XyTpmSXxwLJxh1MtGk1jDIT5JISWFVJJMgTu9S71AHJOJSvpii69QjWh2F4sLWZGpURHFP/mpp+pluiawf0V51p9nQDz88o00CVuZtLmddn6DSp0ZaiRakZouEN2Nu6MBrqzT+vtvFI4qrxVYKyBXLbUkC+3MDRT4U/8JD0u82JkByB3dGvkIj2RAy+ALLJ434qqdpuU10A0JSxqrvI2ZKx+Tol2dpIrN/lZukOl1Qt/+F5kPyfvhFf/pUuLIVOFiBN1Wp1pCvXpSWiHcCuNgrMz2IstZSpzsx1BSPupxoL9BSvKziAfltJp7zG+t+S22YMnrXDm2dRYeJdij1g0dv8hw1OfQNSHpfJS0d1tEdskg9B2s3LSE+VsQaaM48ZtnZ+J086rIk7xCEqvek48S14xPf0HVVL09fX5rduyfrNAkMKrHMJ12vZ+0RhoARcbCK+OE7nKt3aX86ofEj1WkrM+NV7xo+JHytwv7gkv4h1WASpBjJT90XxXSfJynJwBewffJgMKdF7vvr6Z7DJz/1gjElnkUy1KIcUNsTRaDlWeDerjIgaQqpAB9kv+xKo5xAuJALNFLJUEsBzJao+CnC4vKj2nU0RFyMxCsrxJCl6h+O/6yHZmZtRqdnF9b/l1Hxo9QdCGFPLnQOFhmye4DP8T5g4WeRjqHBEA2BVpc3fSyKJE9FrsBgxSjrGe7Q3rn1vaQnNTdOqAIVyKb5tP2+jaM4YTytoML15mIO/UQJmkfCoEnjYlsSONQ4hVpZYUDyfPc7YVds6kW1+mxwFyWKfcclufsMbxKUdf0mDJPXAZM+48Y9WBsRqJjXdO3f9mXb1OP7vNMGmZtNqn5lrZkPLcgjWNKvjH60gaanDv1Brs8YHqvM/zfrDKgBicP3+nigZEpiKBiEpz0jsCI1N2a9jFUuva9DoyG/IwH8xbFhrB9BOZRcihreXH8CRpBBg+9oZzddpSUdaGCHPxzvZzdObu6ZxVEIHu0+wsuPwVkMzBJU/loKlUs/yFOtpGWyv2KaByzFA8Ti3MQlHDaNc/6X6EMYP+0SjrWK2He5jXkG2VhNEyhp/k09qB5suFNnjZWPlNqnTJ4Lj4VLHorz9vKOZdnIVZ7DpNTaJRyk7ox0Q5Z9tdl18zQpuUajRgUtDYW8yht4HSij/a2lJ58Gktel0wNRhs9qzmREoszF46PSBmoGhIFyvuNay0aXWMH7eGd2BjVOHc3jixLx0fcdmmcDRdj5S3oD4Sn6NDuwWsCEAciuIera+xO1c20OQfLewS/oLBNKb4aissFCnUlAXyr9/0kJIrMyE/sEi4MClsX/pdATjX6QlxsojEbkTBZWvKFsXhWwkfAoMEP+/dHriIneowYgdFFXtFLsUb6lmd0gweZIlqv3fcMccX8dupxaiHnw3Inpv0DUEsHCCYY3KV2BQAA7AwAAFBLAwQKAAkAAADpYZtIcHbCvRUAAAAJAAAALQAcAGY3NmM1YWM5NmVmYWQ3YTJmM2FhNjIyZTU5N2ZiZjQ5LmZpbGVuYW1lLnR4dFVUCQADVq0gV1atIFd1eAsAAQQhAAAABCEAAAAHMToOrZnU3+xr9Q1TaHAePHvhNfBQSwcIcHbCvRUAAAAJAAAAUEsBAh4DFAAJAAgA6WGbSCYY3KV2BQAA7AwAACAAGAAAAAAAAQAAAKSBAAAAAGY3NmM1YWM5NmVmYWQ3YTJmM2FhNjIyZTU5N2ZiZjQ5VVQFAANWrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA6WGbSHB2wr0VAAAACQAAAC0AGAAAAAAAAQAAAKSB4AUAAGY3NmM1YWM5NmVmYWQ3YTJmM2FhNjIyZTU5N2ZiZjQ5LmZpbGVuYW1lLnR4dFVUBQADVq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '9cbf35.js' AND file:hashes.MD5 = 'f76c5ac96efad7a2f3aa622e597fbf49' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad57-2968-4aab-847d-4806950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:19.000Z",
"modified": "2016-04-27T12:15:19.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9cbf35.js' AND file:hashes.SHA1 = '706ad921b716a5dca2955251857a3275616089a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad58-40ac-43ac-9051-4295950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:20.000Z",
"modified": "2016-04-27T12:15:20.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9cbf35.js' AND file:hashes.SHA256 = 'a27d893c1eba08326ad9eaa058f0357bc23aaef236809e800068ab382ea425fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad58-ba24-41a0-8877-49c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:20.000Z",
"modified": "2016-04-27T12:15:20.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOphm0j/yaswegUAAO4MAAAgABwAZTg2YzBlMTQ2Y2Q1ODM2NWMwZGRiYmYyYjE4Y2FlZjRVVAkAA1itIFdYrSBXdXgLAAEEIQAAAAQhAAAA4UGFgQA2nGkgpZFPBnl/ZogcRRKZFE3Vd6oqDx9wUVVQm1T3uSKnkV1B6PvK4kqFSzwRiRfMi23xPibU2+eunnlXokPajy1wJkrx5G74Bvnd5wtGwIE6UxszX51NYMCuXBakhydigJHrwYvk2sLzn2zVwhVYqeDXWfFMSafQE9iK3cjLQ9Lyli/8368Ws/ohZc9qQ53gqaLctkT92Fp/wGr2YbnyQdS+6prQStWQ2LGQphej4GGhtLvhRHtWC8m70NJFe0YC8CNMTYSBbfbN1F8EoWbg8K+ADSAh3EsZoNJMIIfFJLCjWkeN1UE+ISa61ANqEZllkghImzIsfy7B9nI7SZp6d8eQvE4rwGZVRy44P0WfVuKmUklXUzCpwnUUtnVXcG0etqFRRiCrk3mgCIn1AGjPNNzgr16tXBbOfxzoN/+uXSHXi2R6FZxPKmRv3efoXu7y65+xYN0+lkkjFEKPAu0aa6Kw59dcrdXRMNHUr2HBZMDPtQfjVJqcikX4Uoy9WafunOA9h29ANBaZ9hf4y35cUZRdS4JsOpT1aa8bVquYZ5w7ucs5/Xdc3+kzroBOE41BgULSXSKNgG21ay6bVGUEgJ0jyS91H8mSBVtWe4Qbj5O/dkrYJ33RWT5DgmrGz01HWyIzT/q5Vy4746x1VHW35fSkyG/AAIcQPYcNGolbS+B45QYeckKC9Pmes3Ly0/4kIzAtFnTfy2WgLF4hRr29KSLGu4tIv6/4UwEsdr77qQFaaLEU4IY9HNCXVSCMQ78EcFKk8w9FBLTNQlqB3Jlt9deDZI9Tc5m5gQxZOa0/5KrFFMxMqVPYFYWBwlzy84dPDCVAM0b6gD+pgPDyjbQ6fGdUOYKofeECDVwd1hM1vSmPzLzzdK4XfCH99IyNon9yOs7O4CPJA8J7zhBR96RxfAHooSu8JR6Z7dowtekiaP5jwrh8stYRl2Z9TyDTvInXGxu4GdOYLck9vbRng6Z6oSwtsCeg2kIU1+D+Yc5oEvqZeZGuLLM+hYfM3CcDgD9YZ3ACNw9vl1QZiIRRfi449kEkzFOgfyzKBH9FgbC/4rRRBKXbAbN9bBfMZFZBIVwjcpGYWbfuggwCq7YfUKo/cQiElXvxXgWuy9tepxhToapSoGJVm7h/EvhNSS8zA8SFgZxhvWyA4HFUDv3xp9PDYJCx42e8wBfebdlyGzOn2Pscocpvo+N7Snu1k6bWKBAsrs0kZ3WDeDH7aTHJRo+fjSuYTztNP2Mbw4w7xC+qLLYHQzeAXnP1c1nEu0IOJ0kuEzkR/pCTU+mirg8W97NKbBSZRMMM5YRPMCCPkai3nFeuUAL9CY8cNkoz6mpMw1oWK9wFO+Wh6cCn+mXXy9u/XfP422IPeEWycIJKU5u3T5CssVowNFa8FirX+6nw65zciBujrYxhVsCMsvQlk8juhbvJ/ENbtKT5/iqiS+Tqd9pFJ5Qeutn+BVMNt9Wc17ObVB0BrvXr+NQslgiRy8Y63WpiyfUU71X79GGHQOwfm5FnfJDDaVtNCQeIN8VSmWy+mGkelhAnj6cnCnqpYXcl2b1IeG67pV0XaN4QCmeO4NnsciPxMColder/Gz9HiHVH6jAPAOGypw3GFhdjaqIjpiOXYCNvGNB4aH0TUqRip82YogP1DZ4dHNdR8ge7JtlmGEth5hgj8T3ZDJMRPk1cMWOI36XYPhtjuw90IUaP0A7qqx/IiBHvwRFIOwvlRjhYApiMhiFJ9j5iv3Khi3uVXnqomsJo9W+FAHAncj8/+USkHOaTMYiYAdj/k5N3ob8WfDTcw0UQAHYis/az8HqzKZC9HTInJzbHl832iGbnfdTDKhp7yFj54zIgYY0YjlMUG+ODA1BLBwj/yaswegUAAO4MAABQSwMECgAJAAAA6mGbSOcTAt8VAAAACQAAAC0AHABlODZjMGUxNDZjZDU4MzY1YzBkZGJiZjJiMThjYWVmNC5maWxlbmFtZS50eHRVVAkAA1itIFdYrSBXdXgLAAEEIQAAAAQhAAAAoPnDkfKtpcvs6qzjocoElYK5wyvwUEsHCOcTAt8VAAAACQAAAFBLAQIeAxQACQAIAOphm0j/yaswegUAAO4MAAAgABgAAAAAAAEAAACkgQAAAABlODZjMGUxNDZjZDU4MzY1YzBkZGJiZjJiMThjYWVmNFVUBQADWK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAOphm0jnEwLfFQAAAAkAAAAtABgAAAAAAAEAAACkgeQFAABlODZjMGUxNDZjZDU4MzY1YzBkZGJiZjJiMThjYWVmNC5maWxlbmFtZS50eHRVVAUAA1itIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '9dab14.js' AND file:hashes.MD5 = 'e86c0e146cd58365c0ddbbf2b18caef4' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad59-ab58-4226-acfc-4bda950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:21.000Z",
"modified": "2016-04-27T12:15:21.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9dab14.js' AND file:hashes.SHA1 = '547177c50cace0835b25779263ff53338aa83e78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5a-2edc-4112-8284-4273950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:22.000Z",
"modified": "2016-04-27T12:15:22.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9dab14.js' AND file:hashes.SHA256 = 'b2f5dedfbbc815ca95a28ee864a8af12e6b0f0e0e08a02792304b13b02062c31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5b-6474-48d5-9d55-490b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:23.000Z",
"modified": "2016-04-27T12:15:23.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOxhm0hxb50qewUAAPAMAAAgABwAOThlYjc2ZTdmODQ0YjNhZThhZDVmMGMwZGJiMTBiZmFVVAkAA1utIFdbrSBXdXgLAAEEIQAAAAQhAAAAprWqeLvjoDK+lfrkrvkTB7IVMzR1ST6iIuzIQ5ihy10kcpNBozk/o3TXCg4b8EggkYwAHUUYH6w9knhXFepXjSUK+7LuQ8RP58uW+bOqjrxkcExP1vUuIBlINEp4YHly6HAhepmJEQhmccHev9d81gz3TvWlBNXwLV4Zzhcy1Y+ueZcN1oKU3rui23fUDjuSsSykausjT9jbn89wmtITWRaOJ6YFxEUk8ZIy/smt0K/lDWGPVvbKeVdilZ23j4cD/kpDTUGaOpVo6CXhCn+sm32h4joQu4RofrtyT3Kny0GCSH0da0p+HeDWAtgoF0yp1NHh1nKliooKpwm6nYHD1iybvYePAyfDAtvbvMWTVx6uht0GcBfqwL81DVgxc57Rx01BY0zPP22APYSYn0b92H1K9qKWZ0j4AjvdFF5seEWXzrBGAeq8fc9fbs8Uo3iLg+PeEGlP2XVDFa8sQBom34h0MTJOdY6/X5unA1UpV8CA9tya2PIs9MFQAx56ZHX4cYB5eN30d3GbyGezaTel4qdp989WdLH4hoa+fOB5ecFKnun3mKe3nEi1obq/vyTsqkaHBDWEEqszqV2a6Uxxkqh2ufHSl7sUuPeSNBcNx3EP5K+dV6H9P2D982OZgT361rIAAtAVJEC9UD/ZilX0xsQLc+DUBrfXuaXn+5D7KAX+wB6FaFmHVZfA3jpR7dqqUJCrFn8C73T4IvjIcriEE8x713PGxAPdIX3yvHdrMNhSChTMyiWBhTFmo8Q2vbE+xODAG5NmRy+AlzZoJxJiP6izKPeMqGoybb8y2hmz8m4PVSxZQDAvF08bTbtKvqNI9AwHHzBOaQKsT0YZUZDB0T1K/IA9lD1wYj5SkQeRArmUBcXZrMkso0EZK6kX9bxbc2RCA2jRcT+LHazaY6WgMRIaZ4Zv/fyxfokLS+xpXPyLeeV2jIfQe/mkQNUXbAmQgoTl4RNidI3KsH4elw0CERC81upIg4By/WChQBW2d/uzJZKDsaAFtNzSVDvhdKVjgToa6lqP6bZCvtELWKNcPt8i55pk4C+3hNwjEAyWUSB/QsTlO0ARncsnBbPvP5T55bHXQZ2YGARAnU/AMqj5bvrII3+wTNGf+QUMI/50QBYMrLgvVYFfJWlS5DGsZnBdThGxsf5jLopKWTsp7rWGqQqy/XmlS5jL04vItcChKc0N4s5Qr+C+UnGPD+8y+QAYplgWfwrzBqDBxSYnOoo1qffcZtG1eKU8EssCtCClY2TME12odElf0kej26Y0iGkva8UQ6H99XQMcymvtSafWOFSXZpmISqGqPmU4ZJe8ad11MX9kQYcuo+gteXOFJaW4by8A3vt1ja7ownXdIxod3hijTCDaM/3QEE3O40Gn6BjVG2EMaaBoAcH9FmO1UZJ0q5Dt/zz0nq4z4uK4uWuzaFg8PbLsuKpPmOg2kADkDaE7gQtl8xKlhnvIrqMYTFG5AzJOzl2zPS1nkPQWOgJtjaJ5/rs/Du/M52KzZ6YrmA/+r3gL8zwHTsHthIDyn7caxvNFeYzV2Tx1P15RiBZbXdbhXoMGnFQuyjaQgLdj5dGJML/c4YDi5w2zV6v7l3c2V1wWLNks29vwXbGn1//yCM/I1nFNTrzCy3B4uNhNk2yOA2t8GXD1lc/7lroOlGGB2g7YQo+RY65/cssNb37wq8i5U+Mau5UiSlw+OyPuJhjipKWwp9xFaFxTScR+8GsS9nFf7ESJdR90xYBfWOkQdjCLSSMgGI8+/lLm7i3EDElxhWd5kWTINNxDUMi1cbyYNhsd/PKNTb50oaLp2A4oMaWYT1g4MEslgNr2xVMHHQEF1AKprf4ZBZW8v+YrYDy+RRNx07saQs6dVoVQSwcIcW+dKnsFAADwDAAAUEsDBAoACQAAAOxhm0jX7S+hFgAAAAoAAAAtABwAOThlYjc2ZTdmODQ0YjNhZThhZDVmMGMwZGJiMTBiZmEuZmlsZW5hbWUudHh0VVQJAANbrSBXW60gV3V4CwABBCEAAAAEIQAAALkt6kJ3KfIgyRwMjkb8LTGMIKFhqBZQSwcI1+0voRYAAAAKAAAAUEsBAh4DFAAJAAgA7GGbSHFvnSp7BQAA8AwAACAAGAAAAAAAAQAAAKSBAAAAADk4ZWI3NmU3Zjg0NGIzYWU4YWQ1ZjBjMGRiYjEwYmZhVVQFAANbrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA7GGbSNftL6EWAAAACgAAAC0AGAAAAAAAAQAAAKSB5QUAADk4ZWI3NmU3Zjg0NGIzYWU4YWQ1ZjBjMGRiYjEwYmZhLmZpbGVuYW1lLnR4dFVUBQADW60gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAByBgAAAAA=' AND file:name = '9f6ed08.js' AND file:hashes.MD5 = '98eb76e7f844b3ae8ad5f0c0dbb10bfa' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5c-83bc-4434-af9b-4f56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:24.000Z",
"modified": "2016-04-27T12:15:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9f6ed08.js' AND file:hashes.SHA1 = 'cac33710488a500af54236bf52a27feef3c5fcab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5c-97c0-406c-9348-4e04950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:24.000Z",
"modified": "2016-04-27T12:15:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9f6ed08.js' AND file:hashes.SHA256 = '8450eb1a9c75f0e8f49223d0d7242ed7711bcbf699477ec56176e83b1f25ae71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5d-7da0-4bf2-b727-45ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:25.000Z",
"modified": "2016-04-27T12:15:25.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO1hm0geFQRlawUAAOQMAAAgABwANzY3YmU0ODY0MTAxNTMyMTY2NTdjZjJkNTkxMzc3ZWJVVAkAA12tIFddrSBXdXgLAAEEIQAAAAQhAAAAKyxmuDSSPGQskcovJVyfMyNyhNZeFvY6CK+f+YUkxazbhu4KCGENl+9TtKI5U2/CB8on1vE+p7hk4ELuaFd9+unb57+R0MNPRtNduf/EpQ7jK3HV9XKV1qtse3eunjSJHh2MdKYo+wGtYTcKJVz3Cp2YQMG4yw+Vm8K+NUT5fGmUBKiIDYCBnAgFx3QHh1mVWAZcwB/LjZvHZkgPPaDyTBMhIZDrZOMvm9+ttbV6i7eQcyK8Cq2SUceMiQYu2vir2oxNr2vVKYj0TRLudc/aQ7ORBaVyf+xrVPKXc+QQC3U5AuqAPmyIZ5D+tr7Y1Bt0kgkwy/yDun8jiga2EeOB/LuH3YabQLaBmm9yZToS2aNjTWakWWFjjuzkpUmLNa/sr6JKR3en/9tB09fa8iAeQ+Wr5RcfmguaITQbHi9mu6CR6/DK9kaDIqHqi17kg6n+hDcV0msdRLXRA7VfC2JqN1Kqyab01vQTakJPvX/GeLyD5qUOwbDd6xRvuyIYV/0lBsUeD/dOAK3F2Xa1wBnjtrf7cDxhhbLU7feRimsnpY4lou4FbgmADiizBNs3VPNGIsRlCyochmyCBln0R/+pooMfdGBsGwkSS/yFcrBvkrLiCiH0yufIUeR7NSdCR1yqHg1HfyG9Wr53cW3dsdhw78WGz9Gjk7cWzyKyeyfLa4dZ00EgUQAPrSOR1d7R8VCBhnZkxI6ftU9pq8SCqw22VtUeikNdAvKhFEO8i3tIkoVCH/rU/7JP4u24xmHprJ/yz+QxQQ2Khto3VHn5f3teRbm+AN3Iwz2FzMVH6OCYMwdn+G1jQzbLtE7P5rVwCRwbuOREW86TMcVuA6qE2P0fVZXMtWtKqx741hMtAZ9jnu4oEHZplu5VGNYjFJq0hAAVZbaDeQLtuM59/PaQDAnAnyZZUEnl63HpsY5CFwZ4cLPV6oEU6RzvIHmD9lDDA7/ILVK2MV6pWyvn1NUu8pFwxoNx6hZGoSLRLarQVuevtxmsnfoWeKcsljGdETlMp9nh/UXLwkeBTfLs0FxrEO1S6t76BjPuuaw7Yrzt8cQFzU1AAQ0Ln7/Izyve+2XBx4QSJyobHzrM5zHl10BwqBVe50BvtcTE+fOpsNVQrtti53ijkVX38Q4xj46nLWFBV/Qgoj3ZI+qmJ3hQavxK8rBXYreajFBYoSiBcenT5/sp9fQWGxjnRQ3QvxA8k2hZoux26iT1BiYWrNhylcyvhXm+3iDCYazAFnWtC7BJtpJGGbAapHPbGVlif4im1pkQ+LzQwuwA/kdt6vM2X4MGHIx1eZYar91V2mC2n6TsNKQZLu+Xm/n9OZmRq3cLmfuXam4kwJ1EsezPBhBLRylWHWyVTs9GnoaiCj20TBIqL416z/DDAIEjkQ45IcaHTbhxN+8O3GZRWdGFc9427CcDTUifU+I1hQ7zRnFDMhvSSs3vbNiYdWf6Vqv2df7Vq6kGQhFNyf6KZ++fbtkgVsyz2u/YZfdHJOHtIT2onIin5fND3EQzeeXkFtY4HGTyQEIYad/EcgHyVQfMHizAPVUct3+glfK7m0CP2l67lN+fxkdhjVdPC6m+1WFhnfhxZjRjHnvGeNxdXpiPCJwLURBF+mxxhq5cVA+X7wtnVMOwIVoZDzm2hxhc0TCh2hCfZfYbTorGZopDywFKVDnsq1fvlpCQHJFPZZk2Kvj1/2jUdg7FmZ5btc4gbl4XuZSn8+rxAZQNmg4hdBbZ9Hnk/d9QOmC7gMubmAEAImBwW1yAPF0JXnjORiS2Zqo/ahLOKePrXbQvMLz9Ul8wBYRuAJ/320rpxq15dcd/Hhhm2+hIfnP1heCXr3Xzf/kBWgQEQVBLBwgeFQRlawUAAOQMAABQSwMECgAJAAAA7WGbSBwJh3EVAAAACQAAAC0AHAA3NjdiZTQ4NjQxMDE1MzIxNjY1N2NmMmQ1OTEzNzdlYi5maWxlbmFtZS50eHRVVAkAA12tIFddrSBXdXgLAAEEIQAAAAQhAAAAOxjnd7H7n0Chxob29roj2Zzi/0AtUEsHCBwJh3EVAAAACQAAAFBLAQIeAxQACQAIAO1hm0geFQRlawUAAOQMAAAgABgAAAAAAAEAAACkgQAAAAA3NjdiZTQ4NjQxMDE1MzIxNjY1N2NmMmQ1OTEzNzdlYlVUBQADXa0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAO1hm0gcCYdxFQAAAAkAAAAtABgAAAAAAAEAAACkgdUFAAA3NjdiZTQ4NjQxMDE1MzIxNjY1N2NmMmQ1OTEzNzdlYi5maWxlbmFtZS50eHRVVAUAA12tIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAYQYAAAAA' AND file:name = '10a5b6.js' AND file:hashes.MD5 = '767be486410153216657cf2d591377eb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5e-1ca4-4b70-b1bd-409f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:26.000Z",
"modified": "2016-04-27T12:15:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '10a5b6.js' AND file:hashes.SHA1 = '4bf1fb4e661d1d8277454a289f1da2458006f7b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5e-2420-4c27-b11d-40ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:26.000Z",
"modified": "2016-04-27T12:15:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '10a5b6.js' AND file:hashes.SHA256 = '530d6ba59edb414848ac20f118ebad11ad20e2d8d47b03dbdaf71ad1502dda48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad5f-c7c8-452f-adba-41ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:27.000Z",
"modified": "2016-04-27T12:15:27.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO5hm0jwb1YAcwUAAOkMAAAgABwAZTAwZjc1MzMwNjg4ZWY2NWEyNDRjMTI4YmM3ZjQ5NjZVVAkAA1+tIFdfrSBXdXgLAAEEIQAAAAQhAAAAKyxmuDSSPGQskcm1BTCmwfsW7QU8dUo0qWhfZoZd8JSP9k0ESYp5RgoNXKEAT109UPzL3eskFItSB5mbpyp3MgyBahsu48K0HkM6ulJCGNFJFxmn+gv1vAuWmOhbGolouqP/AEwT7FrqMXODu3+f5IUYevq1GUbGw51JrMkyRJ8nsKKg7CpsCmhRuGzj/H0revp05/73z/jKN7A5Ccohuxlv98gyzprYCYHhZe+xL6VYh7GjxSQcavazvZuqDFQPZUSqqFX1WUrFvM+Xf6ZGCaVecY9OCNqrpnBDuRRlDr/4MmTFCJ5EMUkAB5cv70VN2RThUsNt4HbZf7LkHkryd0DOnn2O9tEEYROkzK5/gxFb4UCOZLsYkVDmW9Wq10pSG0EL1u+sqCCZJNbnFok8yAirP2X6gYGj0gSOwfYRAJeJTkSGiYKJuS7+c6byjwJJVYvcJEZPZC/56V7xt0hvWmbS9eGnzpFyUjjb13YPwYovE0jvlz8RCQO5gCNm2T482/8n5namqskLYyoWYn+mC2X/hqzbTn0sCwmqkrcea/OYD7JOJjySOtIDgrzijJSgUzA+2Tza4GZA2EnzqhdIik7lHIlhaWDsIbPJIUJXu/plvM/1baK2GWtDfPFKR40cwyvmDxXbWlYxxZN8RNgqrVSsWoMF2ULiZP7rLu/5YY6+wAY0JZCzSanT2pdILwZRnLvtWmuEdGIecdgJJMTkH2w4FslUNTAGFZiZtJosY6y/lY3Vk4TUT2HqJGR/3g3HLeQJDsTrDYbScRLQ1P0uLeGpWoOaR63uM7xEfyGqSjYd+4+i72iE1uKkRWlf+RCEgfLVkz4CRu4x2hMDMSd4nEqFbgMBHlUUFvq9I0z3R1PFCp89xRpw4EMiMLC0PLGlOuFo4rF/zHrRiqg5xvlqOzj0DbxJbdGUpZhWnNZQxDWFU279xdL7trUgEdFH4yIqGwaN2jG8/jvYUBv+DPy76aBf3cKiUqFSLMr4awzWj3Q4rlwRZ7YF8++GPJqk3v7jfFILOPLWGo3A0ovTtLAIDF2WZVAPjEReeKKu46Iwi0AbC2xZBTRhu2AKaC0U8HTxYEy945I2qbxng63cq2HxbaM+TOyRDcZvuP3wsrlztWr6Pj/CymL5PEm/BZ4/4jYYgxbBayzTUsOy67aEPrMWFQzQb+du3NGuks8aFm8jXjexsmhj7XtVwsYkOLDrFGtqF1S2jshwq29wnR2runr8BHRJQEzhIEb9HJAfucOzyh732ial9XZer8sQweUW4HWdLhjFOxQEuiUlLmnrEhSpfwB51xuyza69d6lZgPd7cO5xRzx87S3oFpAMj1uDdTM4aTHuglaJT2N5bvQXIVbEeuiUCjXWDNi2P4Lsa/Yu3sVJXvvR9A2IN7lZwemsGO7s7aQ+L4QikWi4vxBJ/RB4qVrX4/KQJ31whMmIBucXUT2qws/MaIGd2y8SBNRF+9hnKcxoJc2Svx1BBzgWAfiOkUQ+u7zEHmcQD15Eo+3UetvgmxBoV9N9PnRUzu2E9idfttn9WUIk2hq0wsWhS+hwtLEtRJOJIdGRVaI0JpMaKEwOeZdEe69ZEjuHlbRt5oUzhSUvOjYMf817uKhyLe3KDsph2vZBu/8600aaqu0gwxVFguXt/9MaWOJ+hjH4VRwbOtV9UTzcuPwGZrmraBK6mQ1xOFv2N1CGzYgMW/clXcbrTKmtyo2LzNVSa5PBhsRICH874pCoIVxPKLHdU1DzbfWyCP5CVtJgxGiuB4tuKi8KhFx96TAMpH7RpKn6LaDIJYJ3G4tC09+DhcGVUdwQljIEn3CpxcjHdb2YkaYjVMfhr5L/rsq3LrGUe5thbo7WXoPUUEsHCPBvVgBzBQAA6QwAAFBLAwQKAAkAAADuYZtIT6vqnRQAAAAIAAAALQAcAGUwMGY3NTMzMDY4OGVmNjVhMjQ0YzEyOGJjN2Y0OTY2LmZpbGVuYW1lLnR4dFVUCQADX60gV1+tIFd1eAsAAQQhAAAABCEAAAA7GOd3sfufQKHGhUHo4EWCs5dS9FBLBwhPq+qdFAAAAAgAAABQSwECHgMUAAkACADuYZtI8G9WAHMFAADpDAAAIAAYAAAAAAABAAAApIEAAAAAZTAwZjc1MzMwNjg4ZWY2NWEyNDRjMTI4YmM3ZjQ5NjZVVAUAA1+tIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADuYZtIT6vqnRQAAAAIAAAALQAYAAAAAAABAAAApIHdBQAAZTAwZjc1MzMwNjg4ZWY2NWEyNDRjMTI4YmM3ZjQ5NjYuZmlsZW5hbWUudHh0VVQFAANfrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = '18bc6.js' AND file:hashes.MD5 = 'e00f75330688ef65a244c128bc7f4966' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad60-18d8-4fb3-86ef-448a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:28.000Z",
"modified": "2016-04-27T12:15:28.000Z",
"description": "unique .js file",
"pattern": "[file:name = '18bc6.js' AND file:hashes.SHA1 = '2d9a9726e1f5b4be31620fb05bbf53ad1b874496']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad61-0bb8-45ab-ae85-4305950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:29.000Z",
"modified": "2016-04-27T12:15:29.000Z",
"description": "unique .js file",
"pattern": "[file:name = '18bc6.js' AND file:hashes.SHA256 = 'b193a520392e1bf9a6128a147ddc236f5967f38c5629c06a23e3f400d63e332a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad62-e3ec-43e8-887f-467e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:30.000Z",
"modified": "2016-04-27T12:15:30.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO9hm0henEvXdAUAAOUMAAAgABwANjYzZDBhYzIwZGY3NzY4NzBhOTc2ZGIwMmM4ODZhZWJVVAkAA2KtIFdirSBXdXgLAAEEIQAAAAQhAAAA5YchXpPfEIJFiIur/mTdFSVFe/vuP6Z6tGtLCBbMLhaUDvKzKpqPHr+Fa4kXmPh9/iBvceL73V66Fiov1BskklAzndYSOfdiFANMokEQa4ke8ShdMKLREQBkgENEbJ3Ob0I1lxuMrd0hHXDqUHxdEGyYvRutkDq89lC75Ia7H0a/7XgTk8OgGA1nNmxQUw9KRPbc2pRF4HT6Lu8eu2szGKwi+FVFFD1nFuiKffkHDs32JSioFn0wUK5gbC1UkNxJOxQ3+BhTrv81xMgSO17r/3AiUTKRQ2xrFu6XZWNDSfbhZL2pFhaNXhiNVH7QgrVceunZt9tKUNR4FMYTXM04QVb+mNEwIY/yYOFsS+9+7G7nMkFiOovxG59lj0mAVWa8vpklTE4QIbaVMRP68Ni67XDDR3llh6eOoAjWFk7o2DazYBDxd9G9uFmCkd1YQaM78isuYgs5q3+gJTdnI5RxdMuWcM2bjFUhWcmJ/0dHjrgrMLftVrriYzlak5g2ChRS/uV1z+ISBw+tA0lpjqoXq3jUSte1yDpYZDBLxwWk/z1WCgwQgpogBUckQbWn7KjjpG37RoePz6ck1vwzwNb6xy2SIDTYBP3uRwA3VZhq9xGz2Hwkl6/73TYZ00r6GnBLnTei137mkpAikv3bnYnMJ0LS6NvK/+K5eERTfH1HxYrgPyDsCjtZI+b6TURPFe15v9ajZ/J/Cn36/msSVzKFf2vvk1dNaVNEmuGgeDzAQaneEnkpKNP7NJrRdADJocoD9qRKAFyqaYaoEFRZA9/atABpLTVwVSn8vO7Mq1jGif6m2AqQimL/X583e1TvwB4Hl0g6W/U8LghfJMbkcREkgXefG7UvfKLNZ8m49SC6C99hvlWBrU+/Zxs0UY7VKcK24GS1SZrdRW55oLnhNjjxqw2N94DEBjlx+zQywMoXrUHUkARzAeTzI/I9IIQoEh2Q0nF9v0swj4vU00NyAcKYCzxvOIoekYjV4pm3TIqizQnTXWch3/ZJWhev3sxC+nNaTJK6K0jS82IvoEwj/rRwNjxPbLub5jHdpkroLZbM0RZVa6wfnbZnwRFn/k1kaFeEVNUFMZymC8ljgsAt+wbFt9uH8qJOj800hdw7Z1F2CSyxS6B9binqp1we1A2Zslf5aZ4o9jsJS6rWCbOvlLhk9yqWxk8LbUEShKxqWkfxbPrWqQkw3J9YzGPxNGIH8R27YVSV4aH1U1WZUmpdY2Z+F3OG2YIH59bM5h481D4fMnam+yGCaw6GnMcNuoGR6+fJ+K+9hiUR5pB0AasoZoDGb9hwBfTLaPzFeNLod5e1EU3Jag/5wdEwmhb2JizXmso4nOsU6LEAcNZ4S393Ani3dsWZrPbt2Njf7jfooyYmEO0H2UKc+1FIiMRFHZSzDUYNQtexcgr7tdaRvgWmcfTypwIvg8tkVgls9I6NRq9BMtnTwUTr7/Dd0usybMSxWMGw3GHJ6eIxyxyOFJB3tSo0nfOAn/8M6esXUNteJ+OFyyCyIBR7l97Dl+3x003RPdtECcxhE0zDveS0VMAyrNelURBBkDTsuLxCPuuZwISgKFu3nl21KtkC/1r4PONWhRcAxUk3g1I2Ljs8pcAxicR8pG+pqjRys/xaYRdOhn6MKGBZ16DrzAXw/yolCp6tOeLNuN29VZiC/bzKaRfobUhquVBrm+z6I3g6+8jGCaMIGESRUdxMpxVaRIlPMfuDdq8WKeTZ5eJxM7nkF/eKRHPvHnY9TYZXfuwX+5cfMd3azZArZm0OkwJjF2Rpy9GWTchupTrykpPk9VszIDACvalSi+6owyNjGCDn2lG7VByNLWPdVkdU5noHcBwD8uPe/9wKt0rJRVBLBwhenEvXdAUAAOUMAABQSwMECgAJAAAA72GbSEjI46oVAAAACQAAAC0AHAA2NjNkMGFjMjBkZjc3Njg3MGE5NzZkYjAyYzg4NmFlYi5maWxlbmFtZS50eHRVVAkAA2KtIFdirSBXdXgLAAEEIQAAAAQhAAAAJKAHN/zoRuLjTYXhCCshLkSqSkoEUEsHCEjI46oVAAAACQAAAFBLAQIeAxQACQAIAO9hm0henEvXdAUAAOUMAAAgABgAAAAAAAEAAACkgQAAAAA2NjNkMGFjMjBkZjc3Njg3MGE5NzZkYjAyYzg4NmFlYlVUBQADYq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAO9hm0hIyOOqFQAAAAkAAAAtABgAAAAAAAEAAACkgd4FAAA2NjNkMGFjMjBkZjc3Njg3MGE5NzZkYjAyYzg4NmFlYi5maWxlbmFtZS50eHRVVAUAA2KtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = '21fb07.js' AND file:hashes.MD5 = '663d0ac20df776870a976db02c886aeb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad62-9514-490d-9c00-444b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:30.000Z",
"modified": "2016-04-27T12:15:30.000Z",
"description": "unique .js file",
"pattern": "[file:name = '21fb07.js' AND file:hashes.SHA1 = 'e6b2552887e4a4f618f8e719bca9d24f3565e938']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad63-c32c-402e-a9f5-4e8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:31.000Z",
"modified": "2016-04-27T12:15:31.000Z",
"description": "unique .js file",
"pattern": "[file:name = '21fb07.js' AND file:hashes.SHA256 = '7439a285e18bbc19296ab9d06a2f1fd5859e8b828a3301a15f8fe43761d65a7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad64-60d0-4138-9a9d-48d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:32.000Z",
"modified": "2016-04-27T12:15:32.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPBhm0gXMKy3ewUAAPQMAAAgABwAMDQ4ZTA1ODNiNmM2NzkyZDAyZTE5NWVmNGU3OGNjNTdVVAkAA2StIFdkrSBXdXgLAAEEIQAAAAQhAAAALe+399i7b6XTfmLy/yDvOlPhCUfLn1ebfkqCZjvZa2lua6xIyn8KK80w814s9GGcIfjjmQyrwBPhBfHz2KkLvEAPEs4P7VnnNmpidVy68EVGvM1sX/2CXdR/FVojM/l/WkF32j5Zs2850ZFWgkr9WJzIi/NY0DoMJxitnSOFNvOTh4AeYdAKaKLEytahyvROLlMbMocOsB/0Cun2IKC6Xd34Ys5vOHV2fn5mSPXh1SZ9NUNbLkNVKwiGDOkR7wPp/SJd7WQAu3gfeFExRtGzIJhlwwmr0qBLmQCIJ2DbAo7iLfRVQmD/qJyMqFveLpmmB/6FP84Uohidg3L+WdIsKNd0m/aTj2Gh8IjPnVpcLtKm8GAq+I+NS+9IdKVaSIPiYhqdulcDRTGyiTBJ5/Bp0J3b5qckPqvdQxa34ngAYAL4RoLEp1F3nJry7NkrZjBD2y/MWSfSD1ZSGJjwgyUy6r5tlM5w8kw4skWRXV2glpfnGpO206oNcpuNEXVWAAr6u3XL1bnoTg8JAYFPaqP2rW41+J8+Kvrxei0iEbFyC/e828WHmfSY6lC75tNDTrBnnD0fv9rfl5+TeazX9WtYvS7d83xFFiCaaYswBTCFuAa22zK3apRvGpOglSnKQR0OhdWiLk6AUaRYdptYGC3v8F3Y1Gz+pUFYOOBpPnWt1p2qaRVnQbT0GY5gIAafZ/ce3IDEUG5PhHC/2xhO0qSDv6R6Em2WjZclxomyBDerBJBA5hy9TXFBBcwSlfgI9eGre/c5nidYp/ulkyqdmu95KP1ggU8NyH7tiRgOZIRg/wmH9jO5JY2/qFe9kDAY8S64ay3YBUM3XTA7KHFo3rwZByVbd4cuU/In0syQAqaR9MjwlRElHZjeKVjN6LeiePRuOFF+JrOB9aKoeUwv1kigtpoypegEokxb3ys3u0+nV3wHRCeDAl/NyZw7ItmxglGItCkDMCxjeyCM+HtMuERk7v8dNvtgATnC/HOw4W3CLIFizmUJHT0iR1K+oufv08SdozuwmB7pk4P9SIUZNhYVj6CybsicttFvDZRfRXmuhKa3qNVSud8r3b6bwAS6OZoF6aRw9UQ60UUQwLqAcRn2e/Fj4DLorElY9Kvy5F3DGipHPQrV5y116AbSpgxZHhYsBw15IAsXF3Q8HgAzE3TnkbUsFmrrylHZVIO5lfUSIcN6A2EXij2tp1nBaDBABI9vrYHYL83uornNAPwXnQM8HXdJglAa+xgFjmHOYCcKrqRJbxVXXuw0ThI7VbXmqA3aTLE+29LRd9hiR23rXHIA5WTb5h0gB7+RLxvKwmm/06peabIgu5Uqrm0c7lyKLa93BimXB/s4CO3X9W6QTwAtALYpbwBGEVarRIb+qVs48SrvkMldwzJ3iPWrrr4gcN6s0bPcOvZAZoLGNpK3apRiYUhA9lzziKEs212L3pXVcU4xRmcmcriieCVOCYTDWzOv0e6z51rQ3oPtZ4ZsZac824P6L35c9GndxEX5dmP9TKhX4H6MxoE0Y4RbODTIavif6zdA7tS9P/Uhg/PipAlgwjBqnfu5cOcuvKouXE1OKL+G4cUT16/IqblFfPKB1tiw34ALNVLO9OT4ITKHcFyDvKZ39OcWoMFya2SfFc/3YHmFWlafPwCEB1zatQIbF9q358o6B506rHvOhhdO5LjIm86NEiuVklRKJe4ZzpZ5ISfTusTfKWvBs3dn8TZ7jCAgmSXgcONtxGqw15Z9nLpYjXKKSAfW/2FnsJBs6r+h3csag74Hfs/Tx0lS2QogpZhxxg2hLgnPPgj4i1+/D4X9lTG7OeCfN8C2h6eGeDHmrRku95U3Tbzn8OQ7LuijS19UQv7hxV0eixygnhJQSwcIFzCst3sFAAD0DAAAUEsDBAoACQAAAPBhm0iu0cRHFAAAAAgAAAAtABwAMDQ4ZTA1ODNiNmM2NzkyZDAyZTE5NWVmNGU3OGNjNTcuZmlsZW5hbWUudHh0VVQJAANkrSBXZK0gV3V4CwABBCEAAAAEIQAAAOfAGca11MGfOsJB23LEB4kDPsOsUEsHCK7RxEcUAAAACAAAAFBLAQIeAxQACQAIAPBhm0gXMKy3ewUAAPQMAAAgABgAAAAAAAEAAACkgQAAAAAwNDhlMDU4M2I2YzY3OTJkMDJlMTk1ZWY0ZTc4Y2M1N1VUBQADZK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAPBhm0iu0cRHFAAAAAgAAAAtABgAAAAAAAEAAACkgeUFAAAwNDhlMDU4M2I2YzY3OTJkMDJlMTk1ZWY0ZTc4Y2M1Ny5maWxlbmFtZS50eHRVVAUAA2StIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '22b02.js' AND file:hashes.MD5 = '048e0583b6c6792d02e195ef4e78cc57' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad65-9554-47d2-9585-4d9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:33.000Z",
"modified": "2016-04-27T12:15:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = '22b02.js' AND file:hashes.SHA1 = 'bba9f207fd4539daf0a72422e963ab84fcf0845f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad66-a9d0-4c52-a888-42a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:34.000Z",
"modified": "2016-04-27T12:15:34.000Z",
"description": "unique .js file",
"pattern": "[file:name = '22b02.js' AND file:hashes.SHA256 = '45d134e1c72d672923da4817c304657488c437df9e0eef340284527ddda02716']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad66-7620-4a6b-834c-4c40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:34.000Z",
"modified": "2016-04-27T12:15:34.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPFhm0g+7P4aeQUAAOoMAAAgABwAZmUzMDM4MzZiNWY3OTExZGIyMzk1ODk3MjQ3ODdlN2ZVVAkAA2atIFdmrSBXdXgLAAEEIQAAAAQhAAAAi0h/KO8b2t148w2HZcHhwVl3zJJsX+KZV3oQwry2v23g89yGHzTWcBGoT+i5ZD6XEdBqJ0UEemK3UJTMds0+RGoznUzM7WRYvYQ5jMCkttYqYrzcqWBqHvVxbb/lgkbvhgklPcep5jIE6WcA4yg4S+772QjvBMQzXAh3Kz/whQsgNF4lYTpXKbTTvz2ox2Q/+DeIxE6HFgBX+5cvG65vxSKcqMlL6DtugTS4GcMLIgZbJak2e722l7ga70rYi+r4dK0M70bdE4bq3eO1yK+Tsvfa6iYA2u7X3fv+9HOjXr27v5ohmSAd+IUHnDWLPS2FMomIjlJCinld5p53ADTEbOPdayPCnSJs377476+hI3Yf/5uLI81ZuJpeT6OLOMOybUlhJiLbz2Br40nTQuc8CGWALGppNgUL1oHxE/0etiZM/oZP2t1XC5b9a+hRKhuYTjc0Aw9rSH7oCP57tq4lm2gd8wlCk3jB5I9qK2SMBrNhsXIa8t3y1ePts/3nwvEEFm3zkfjla467b0liiJANAcz1uBBaX2t7Drjlv9j9HZTGSXongS90a3JDOYT+FpslqNzh57rR407DhZCxR2knzqTRCjBlXgtRMKvpi9/yFNMJbo3RWbpwr5Mdr17axicfvKF+oaQKGj8hohEC0abj95qMNoXkENd2Ag3jpIUAuMw45y5YKmIsapNy/mcJQBwW3RRSthF8Y14o0XGul+nxf4Cbm6fxWiknVOdy5qacnFEA5moBp5swOWoDlE6Q5wUZtLUz8XTPGLUiDCkzgDkVXeqlgv4xLtqdcSBbO0Un/JQ9X/S4/+ignrNdtu01Pn9ftKAVmKDI9/cvQcFhMCmq/XqaCtbVmy8SqwGZr6IfrQGlJKp+uc4ry5vLWkZNyH2HSlGYea8ksEbyInR1/9RB/volfLdDFZltujOl658nwj4yOrNK6n7d7M7z1Gm4P8d2qweSSY5zmr7UHo/TmxHf3nidS26UTWlWu8GZgG2L44P5BK08SYXSPAgBu5Il40S0c0/C/yAjYpfIaAJnbp39ydLAkgFpVlz+AbBezSWJNvXb2aa07uE9pmjegf6DGYhD/S0qZYFT7zEkrNyc6Ce6pK8pythHNjkTpJt9bWfDzxdb4Wtrm33thvGmy0kkXaohFPIh/P7ZxIavnBFxvIXw/WkgGWPmcM11WBv66oGuwcTcP+g1OyoCmlgqZNdganLbHaTrl7+9a4c3qKDfjVhlzEwjFfwL5hCVENU5cCXsPeuzkc5otAnKWUns4hP4HYD2CdBTxC4lNJxqYGqkbBirU9477ZbmwQG8Kw5kcIFacS+D0x+ROQcLwCVjZKJPSnPfCKcswT/CTRaexO/l94QGCtIWctidzK/AD/JxLZPJVTjoqkeP7NFw33Z/F5MSHINmtsor1RqYmFT0IvO5BhR3Sljt3X5QBAAWzmXS8wBYi6vhNZlHX0kiCA2N/jU8ND29EkSWC0XLUlbNtKqB+TZimYLEj3ulU7DqMMrLefHmvlA/md1Zv5ItZPkzC/6Jev821bhP/PAvySslAxc7Eaos1CaBna/FhNlk7/PFDL/8NVSmlBPrZ7JPk8cZY2AgPbh9Bfx+xD0dvFRW7EepmAFrtB125KRLJfVZaORUu0oqn2WC1jMRARWZ2IKmJHRfiaucqcZzIebBic3NXv8O8ehhpMLWzMkeuJc9n1qfkc05jn+H+cIQNbU+4/4QXQQTLJq4z4a8/Tkrq6/GE0a92/Z/pVwSMsQlNT3jU3iDE5rS92ag0/fr24kYlRtSJsjINyDVwkDqRK4hAskYaibqVKRCQ0lqM1P1eXgpMy6tzYYFJgSJAm9UvbuLcoeXATxBT94iqzY2PbNjCxQfUEsHCD7s/hp5BQAA6gwAAFBLAwQKAAkAAADxYZtI2ytWPxYAAAAKAAAALQAcAGZlMzAzODM2YjVmNzkxMWRiMjM5NTg5NzI0Nzg3ZTdmLmZpbGVuYW1lLnR4dFVUCQADZq0gV2atIFd1eAsAAQQhAAAABCEAAADMdzc7+r6a9N8vOoUslvnnPn5qaXdUUEsHCNsrVj8WAAAACgAAAFBLAQIeAxQACQAIAPFhm0g+7P4aeQUAAOoMAAAgABgAAAAAAAEAAACkgQAAAABmZTMwMzgzNmI1Zjc5MTFkYjIzOTU4OTcyNDc4N2U3ZlVUBQADZq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAPFhm0jbK1Y/FgAAAAoAAAAtABgAAAAAAAEAAACkgeMFAABmZTMwMzgzNmI1Zjc5MTFkYjIzOTU4OTcyNDc4N2U3Zi5maWxlbmFtZS50eHRVVAUAA2atIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '22e448f.js' AND file:hashes.MD5 = 'fe303836b5f7911db239589724787e7f' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad67-fef8-4ba3-9ea4-4a68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:35.000Z",
"modified": "2016-04-27T12:15:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = '22e448f.js' AND file:hashes.SHA1 = '83d72dcd020824f31db7caeb6257bfd0067bd3d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad68-4c00-46f1-b717-4d66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:36.000Z",
"modified": "2016-04-27T12:15:36.000Z",
"description": "unique .js file",
"pattern": "[file:name = '22e448f.js' AND file:hashes.SHA256 = '0d8d9b83e595cfcbc84f392f4c7270e6acf2fc1c14b23e1ac69b23d072b62938']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad69-a874-435d-a3f2-4122950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:37.000Z",
"modified": "2016-04-27T12:15:37.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPJhm0gxZW1NaQUAAOgMAAAgABwAZWI1ZjJhZjE0MDljMDQ0YWFmY2FiOGRmNzQ5NWRjNzJVVAkAA2itIFdprSBXdXgLAAEEIQAAAAQhAAAABLq4fIDSgDiqnUaGtM49Z9MuW2349L4Ff7NUpjBIto2qgCnQMWzb+K6j4lVcF+lT4ZLtJTqmH1f5RNNctJpc3nThvQ6/A5VzSyV+h769TsmCWodd1q1r0dSMG2rfmo7tKLHmCox0fPgfXW9l+oi9qapHOr4SEf25bUCTs0XIFz5j4aIVtoiMwqKolY1Nlj/Yo+68+8mP+ELj0OlmGaCLnX10pA+aYZC2o+Cl+47zHXadUwJmrdk8v9GL511n70xjudCjkKDaV1amWJYBB9dRBFPrIcgJhAQLp31qr6X9yh9eOXGBVxCYD85++lKk+kBRVJYll8XfJMv18JZjzCjXRHz8qXWwNPT1I/WtUDqlPcMNqkj9c046K02P9/pIswM8uzFhnR1lecgpLZ4ypX3Te12tVTPgp9NwR0E2/7iCiNnpXlmVPI180jLZXZ/hyReV2DvA3li64f+GQt1pOamp11W7ox3uooreVLC39rV0khrProDPt2EZyK3BqVft3SznC1m/nyd2gP6dNQwu6Fq8+GDsHmzsfvr1sismtM7VPPBpwuGjLh2LG0sSkn2K0oVWMmw0pISij180XCiio0qdkuJik/lb0iBVb4tovj5MCXp7CtomzteH3eh4XbXkM/zCCZEHAiRdZ1z2SJw9yQ8kfmWqJgeXgFmG4uvn9wLVUN1hRaC1Zou0uI19/a5l7R84/hC6IF+8ITs/93J8Xm46KhzMccc147tSIfnj7CDAOj2FDHy0btRunKE+tY2ei0wHtdhrFH+iwa6vI4pLW9bpEVAZyQejbyWBz+Cb+hY6Rrd7/J74RNXbIsyWEHAG8dZVJkwLWJIpkoQQpsD58hQ1vOPlT3OK4ka9erU6bIIqsTXTIUjS+P9wLRlyHG59bBWPkHF1DnN+BTwHRo5mxZ0NM+rCl5la2NVGSvJWrLltZZnlMKHiT7p3B8QZKJ5dWWfe2TRg2wVPwpRSx3v6IXOernKxQgO9doK9oN4Ix1bkcYPXjH4/KGeYdEN9KV9eGbxcp6R12PAjuWPrRhWzfBHwmhILFI4biQacWdJ3qqR9Udyoti/kv2Ytd17FQAQEC30BvXFiW9pvC3t4pVY4GgW6COfRqBArpCO20lhGVtjCLgEXVgqRZWXymUDeIS07PykQaucKROeqfNAOWHWjP1Bti73UPGDNRnTgkQ4rhypcV8EhHMP0zkrjapHrK7QEStLOLWxK1cc9itnuLd8oj2EHFdeJLvR2gIZ6eZrd2yFYCqPoSLUg7r2dSBQcZToA+dqsdmaBUqK3L3N7muVoRRo/9K7vzGr9Hqp0GIGCXcpls1yGNteeeCfAAeyaIDDWwMiYZiEmHm5RcQ5Emq2gDEltvTA8VKm8TXZcDhx6HQA1+gTxx3bn0j6/56rMamZ5aboHuYjqNIkYiGkfxErZ2Iahhybeq9tZCbwd+RmMWYp/VO0hYdK9FO3SmEGUIY7nvE8E5LSYF7lsj1Rb0XCZ9GgRwrWUB7euJXWiyYEs9rdPS/OjBockBjBO6hMaBICMwgTJdLnJFr0iP5nA0CjE/WzfyNjHpyTMuTMXz9oRdJEeCjoeJYdcXBLAoNHutGuSSHsjBNOqnAufHUUFrGFE0L+kQ4SiF0By23JX8x8G+kSO5VD3XORD+jRf/lTh9whFGGiMw5HeSNL+/qVtCowXzo7czH/6ubcxG/6/HBmbja3IMAFvg5/VwrelE6ANSCKBb1N6P5jtNQCLXFNv6drCNCpSkCfGNgqgWzPpdPGbS7rtwGqEgRVB40JNPwuSBp5fEpasc1eqOmg4CgLpWhlu7LgvmxvDn7fu8DzvdQZbEZnd4jOp/kUPBN+rRvpQSwcIMWVtTWkFAADoDAAAUEsDBAoACQAAAPNhm0hceyKqFgAAAAoAAAAtABwAZWI1ZjJhZjE0MDljMDQ0YWFmY2FiOGRmNzQ5NWRjNzIuZmlsZW5hbWUudHh0VVQJAANprSBXaa0gV3V4CwABBCEAAAAEIQAAAF14h4sWsMu6PAd1X/bUJSgcUrtOwwFQSwcIXHsiqhYAAAAKAAAAUEsBAh4DFAAJAAgA8mGbSDFlbU1pBQAA6AwAACAAGAAAAAAAAQAAAKSBAAAAAGViNWYyYWYxNDA5YzA0NGFhZmNhYjhkZjc0OTVkYzcyVVQFAANorSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA82GbSFx7IqoWAAAACgAAAC0AGAAAAAAAAQAAAKSB0wUAAGViNWYyYWYxNDA5YzA0NGFhZmNhYjhkZjc0OTVkYzcyLmZpbGVuYW1lLnR4dFVUBQADaa0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABgBgAAAAA=' AND file:name = '26a3185.js' AND file:hashes.MD5 = 'eb5f2af1409c044aafcab8df7495dc72' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad69-550c-49a7-bcab-43e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:37.000Z",
"modified": "2016-04-27T12:15:37.000Z",
"description": "unique .js file",
"pattern": "[file:name = '26a3185.js' AND file:hashes.SHA1 = '9a7f36507c96e1505b50a95cf89c35bfafd24806']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6a-7f38-4f27-9fa5-431d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:38.000Z",
"modified": "2016-04-27T12:15:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = '26a3185.js' AND file:hashes.SHA256 = '5e5317f0b1ea74066ad64c5487fced7287839460dcf7006ba92c53d231032f15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6a-f6b8-4f94-9167-4cf8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:38.000Z",
"modified": "2016-04-27T12:15:38.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPNhm0hJPzt6dQUAAOoMAAAgABwAOTE3NjM0ZDljNTYyNjk0YWVlN2YxNTRiMTE0ZDk0ZDVVVAkAA2qtIFdqrSBXdXgLAAEEIQAAAAQhAAAA5YchXpPfEIJFiJd0AMAaU/JoGBvImF3lEqaHSeTp5C5/iEtGH0jsK8k7ulPCQmi2MIDjHqHwoQh0iK6hy1J3WS9q7zkV/Z5NFWhCDYorz8XbmfxbCPTYDF4/PXHWCgOHoPrI9rQizPRKEMAvfypcPm1DUdpRJiSxTyY7JTeZW4BKwRxn0Hz1OKDfZbSwlVA1vb9VQHTfk7zrXNkzbWFGcggh5dHH0/X06kUUNDRT8nMXPzb1BsrKKOJ86HRN25rIR2Lc81k3+S42TVz45PXmR17x8cNDBtQjfRrdVYwVtu6LiF7q/vJD4utQE1X3N8omarJfB3FqQ7rVXYRdn5Z/ohXL5axsaAjk0gTz8QwvUd+abGLkaXpbgT6I40Hthwzz92DeXyyVuBYZa3xCScizHxDwUr7831vcl5VWK/We6/ZqCElvnqfqD8rsWI7nfb+sRieIXvOFA5D4eg2+YqXMY0e7z7JuZS+XP+BtK7rm8KCRiDDPqccXhceLqsr2GNTdJqijHuSXJ333cqlULhNz3Qzwg4zw+mkzP9XB3BqI1Y5Nzwhka5/vYHuWqkvr+fvpAA6zMUPYNt3OA2m/guLg+RizHF/2RGJEsE4nsip2wMJugkN//aAfw9/UnniEoxtE9SU9OzBFIvYyVzMwLqqYqTDUykAAe+XTdYfoKN3Rm+9sDlFbe9GZaE1s/4LzaWTnbIZwFp9uFg74U6czo363gBRSC5aNteyW2V3QVk/c0AivXtmqT4daAlebvmE6SXs75ie/5KKWd7PMzP30Hj0iH6gE4MjvStRlBDXua3OcfQIFsF4wU6Xv/K2DZOgqnxfWpiekNiUl2gkfUIHf8ahJHqFuoQ0+YIteOdPXhTsxhuPpyaNaMRAwAGG7edyulGubUrlDS4z5WSqBRFSCA3kfh1ma6UlDD9Arjn6h6hJwzoZZq/usu1Z0uFTI0unRyAoRupiXLkD44FzEiX+CFjI4KY8Nq6m9KKWeOhAwLm78/ONnqZ5K/1eIZ8vnPULSDthlzsE6QTwXMz5ibMHFFpKpkj6r07SBSgupbm8IHaXmf6cJtdGdqlml/mOE6h44PkzO7th9h1AflM6b2ghsdcL4YmtdgtB+UeHTvNfdzC2A8sWTojTa3oqT1LZcDvI4Ma3ZMBDCiq7xryMYvz77G2FkNeYyF8fCSBOKwgND79Xvnlz5AzauQ0tC/zRLdfSHIMX2myBLSRllPlKEbWaZTqloEnUE1ojZvs2fHmT78yG8cvYGi1zV7vFZb9sdbDT/wiy4fjPIeVzhrgjfwaA/0LbIO6cX6xMxNlZwHSsMCfDT3ctLpR/+3P5AC7WVWoTzlpwbtQ8pcHUTIPQ9/3O6Rb2iV2cZZPIQAT7x6zO5IfiItpBRy+lyFw7TlBhEzDak6NvCWhI3IjK0op46HU1syHWv3k6GeJu1ZG/h0Kl0OMzVEgtjdptZxeraSfYwUA8/hdb6BdGEpGHPocDlMlZ9v23vZ5DdyJr3/d+PfoQOipUHX+ho9Xyg+QYpSM/taUpWG2swFJ94B+e7OpJK6WVigF/QpEoqKr0C8+okL+NsZ+eoKrp11/W4te8rfVpk0Xg8UpAZ/piZ74RnnXRwwhKDVPnfmqWF6VqKtgTwEU/jXLWUVO5KMyjc6TWq4LXJXE7t4onIJf1uyg77yAF9yQHAytX3RZeHyKGa7QclhiyiCAlL8NPOBYaCLLQ1gvssjftA+NbDOgxdZvh9RjQ/kNyRwR+X4dOGVvtZ+FuCNLagn8CR3QJF7tCIFFJwN9B/0vudg1JEAjSCQVCSZX8iko217b1Ugsikha1vHulM08Wwe1kdvauuEeAmvlFsLX+lD2krAky6KYnz9GdQSwcIST87enUFAADqDAAAUEsDBAoACQAAAPNhm0hKCNWnFAAAAAgAAAAtABwAOTE3NjM0ZDljNTYyNjk0YWVlN2YxNTRiMTE0ZDk0ZDUuZmlsZW5hbWUudHh0VVQJAANqrSBXaq0gV3V4CwABBCEAAAAEIQAAACSgBzf86Ebi402Z47ho9ZhVSiKPUEsHCEoI1acUAAAACAAAAFBLAQIeAxQACQAIAPNhm0hJPzt6dQUAAOoMAAAgABgAAAAAAAEAAACkgQAAAAA5MTc2MzRkOWM1NjI2OTRhZWU3ZjE1NGIxMTRkOTRkNVVUBQADaq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAPNhm0hKCNWnFAAAAAgAAAAtABgAAAAAAAEAAACkgd8FAAA5MTc2MzRkOWM1NjI2OTRhZWU3ZjE1NGIxMTRkOTRkNS5maWxlbmFtZS50eHRVVAUAA2qtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = '28df4.js' AND file:hashes.MD5 = '917634d9c562694aee7f154b114d94d5' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6b-eac4-4a71-a2f7-4b65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:39.000Z",
"modified": "2016-04-27T12:15:39.000Z",
"description": "unique .js file",
"pattern": "[file:name = '28df4.js' AND file:hashes.SHA1 = '9003b72bf3570fc11a4cdf874d23c564a56410c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6c-8c84-43d6-8c94-4662950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:40.000Z",
"modified": "2016-04-27T12:15:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = '28df4.js' AND file:hashes.SHA256 = '6095338bb7c34062ef4c974f506bfa0c539cc1a378d1d4621259f23fa17c50f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6c-46d8-4c00-b037-4507950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:40.000Z",
"modified": "2016-04-27T12:15:40.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPRhm0gDmbJYcQUAAOMMAAAgABwANTA2MTE0MDA4ZTNkZWIxMWZlOGVmN2IxMmM1ZGIxZmZVVAkAA2ytIFdsrSBXdXgLAAEEIQAAAAQhAAAALe+399i7b6XTfmYaahLdNUR70uF/Y7ULpx57tmOCXGLVJCSMccj023DXOeHohDQyF8Fp2C1xognp9q4PcQ7z/igEaOV+4/zgr5uasKLYgWDfZ1BhINpfNVM3RoZcwZBgMltNbs2oBlspAySdQguy8EUOSeYLv46mTiv7g67vClPOoE7Gzc1bIxqaR5fwEnHuqCLcpf3ohLUHXJRWTc5bj3CwBoKWGzA2J6v3/5x5XBHTbaidFu6tleEEvR3rPARbWcepGUqKt6Y8joiyNLh6MkQ8RhUO2sZd0/fsxTMPmF3bYnjEm0rURaXCAZa/MC8h7wr754ffoXLsKEKxlWMhLSDJPzFz1JhTI60ybI5m9sMyR3+v7I2lILrGqZDNJaaNj3LYxWY9Ngo93YCH4NHGLdrQxNRqCiFwL6Yf3rIRC0vnV8lMufCdhzGcEVWSI+f6S8VPau5WCsOKCuNwWnlGHs/BxufYBtWCVjwdTuxUmagkebdfZS8sc2cnZhOqQzVuOVyEMdvZnYEFLax9Oi8NYoAPRTyj2X7JPxn5ZgfDq87nQs/paU2IEIJ0CeaeonV5uDY6XZRNyGDSWNVHKMojHkqVWO1vpFiS0GVsNKWD8AEilk8RziFZI0QefHofqv3oQ/S6uG60r64hEQs9HAiF07dV66Xu40DhXfH97ts+INrduGJZLVpOWCyJRLANixCmRiV0S5QClK0V7brGBf37JIZ7rsxbLuqQ0ogWzF5NM3I0LrXNGGx3G8Hw+CDOUkChXvK8+YrxBN2hZvXXON+22PQnamfAaejMuJsFXmmUtu4Las6Z3g99Bq8BAYfShcGg16KITdIcmVS1CbYZZVW+O0vGUA1xEHnJd6Zr92+uUvbDgwaVYvgL7/A2jFvylobH8tp/hoXvq8fSA5qrEhAVTSFQ+XvgSBB4XoRX3UAbMMoP3o8s9/7Qjb0r+N7w8hDdh3NZAgwOoKn3RDu+4U+6iSkU1NJInCb5LIujMKozeD3EKXizYy765Ga5kVZrZ5iRwI2woEvqTFNJm0GcdtVwUtxckB85XNE3VM3cQ5LSDx61U4zP9bsLs8Bf7cSjkqH2MWI25rLBv3p/VXxceirI9JD0vhKf9bUEo1ZMzJMyoaMeMiu2cF7BbuJFigaxr9xve29yoqRSf1KYFqW/Ei4hNLuyNABZJ2DHP6BHbx3/5u+1QjCs5go1MwW3gL8sry4+pjjI+Dp9Wbj0EEHFHqKlUOcVtjrQJkaGkSs/Qh9DpReD6zp3u8uKLjz1Vq2Y7JdcucH1rczIvwc6Mwd5YuYeJBO3MmCrCfUJ5tcyLmYhmspkJ18wyG7FCUMFecGdHBz1kGIXvd6AKrKaJjxlIIqCTJND43EYubXpHgmVc3nW40bIRVCTgfC3ZRMlkxK8sG2c1tWqmBwVrPMlbj2HlIU2lgabOSHsbiFmKXvuYVmN8QZ4RCoVq0mH31suWFUkqxPFRVHgF8JzW5JUuPNfA0bqNm4589g5yQRjeCXhsw5pU90CreYymf3k0n8HA+pmV2faVpzif6b2IFYx6zNy+fuDWurMS/4WArsm5CqwVUPawZUxrCw4YNm7I3wuhUjX/KBQzbjiWPYuR0SKXQJ6hp5o173m2M/zGWHJQMELq4SAwX/xGPG9m/M4eqlHr2AS5SZ/kAgetLtiBVTUwIBaNMpr7hAmTiXQl4ZgXkFz/izXSgmiXqbB3FN5JeZoUo0EBfin5B5rFsqZ1K4No/nrsnzFzkr2uBN0iXt+Fc6CGGTmR7uCn2etFaHkAqLi9yo+gvIquN8sj1Vo7UBAGdKyr8vUnXeRlm1ZoYemAP1hluhYA6U20YL5v8D7j1bR5inwdA+cJlBLBwgDmbJYcQUAAOMMAABQSwMECgAJAAAA9GGbSE3311UUAAAACAAAAC0AHAA1MDYxMTQwMDhlM2RlYjExZmU4ZWY3YjEyYzVkYjFmZi5maWxlbmFtZS50eHRVVAkAA2ytIFdsrSBXdXgLAAEEIQAAAAQhAAAA58AZxrXUwZ86wkUjfUGT2idLasFQSwcITffXVRQAAAAIAAAAUEsBAh4DFAAJAAgA9GGbSAOZslhxBQAA4wwAACAAGAAAAAAAAQAAAKSBAAAAADUwNjExNDAwOGUzZGViMTFmZThlZjdiMTJjNWRiMWZmVVQFAANsrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA9GGbSE3311UUAAAACAAAAC0AGAAAAAAAAQAAAKSB2wUAADUwNjExNDAwOGUzZGViMTFmZThlZjdiMTJjNWRiMWZmLmZpbGVuYW1lLnR4dFVUBQADbK0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABmBgAAAAA=' AND file:name = '37dc4.js' AND file:hashes.MD5 = '506114008e3deb11fe8ef7b12c5db1ff' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6d-e3cc-455b-aaf3-49c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:41.000Z",
"modified": "2016-04-27T12:15:41.000Z",
"description": "unique .js file",
"pattern": "[file:name = '37dc4.js' AND file:hashes.SHA1 = 'ab6e4d62a489de1ab2bdd54d8b71024d6b20c94d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6e-041c-40ad-969e-49e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:42.000Z",
"modified": "2016-04-27T12:15:42.000Z",
"description": "unique .js file",
"pattern": "[file:name = '37dc4.js' AND file:hashes.SHA256 = '21c439d1d7a7653179777c34ddf2afb58928ab313037fcfbcccd4b2c92c7dc4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6f-cdf4-4ab9-a73f-45db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:43.000Z",
"modified": "2016-04-27T12:15:43.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPZhm0glzyHqdgUAAO4MAAAgABwANzdjZmRjZWRiMjEwOTY3MTJiOTc5NGU4YTIzNjkxYjFVVAkAA2+tIFdvrSBXdXgLAAEEIQAAAAQhAAAAxD122o4GyhnRSZLVZJVqPmjUrx1tK4dSa+BP1M+uai3joX4i73hHc/9Om5vw6jyYEU4892fqHqrMOzS5woudF7nwlhYHpf7+Bd9qsmx5yjKOryKQLW7c1YqQUs3CUTpSwjWD1iGyMoUNHSP0gSSbHXhzFlM/06XkmwtlTOX6+A2KjZNENVZSrQ7Vu+dlxNBs/sBZnZJlFY2WiYPdjB0TTqzDngZplCMHxK3AXFqNDvUfTlrNwXRzQwmKstVyjXMu/OjSylDEYuoZvYKRezxpl47EiCAv5rwOcIp9vGEMQearQrFCYVzfkkocNQv4DGl4ta28Byr6Iy8lDhAv04XQADOU9qKwyEVJVk3+OGVJ4OLlm3T1WVvoigBHznz0li9nWbd7opXQ0hqgHYkyOhIFVDV43yhat3O1DqtlHcZ9e56WGrxsdneBv95NKLnjHp4Dhwf2neVqwbZTu2lT2ouRu/Cd99593bu3Gmqbf5xqA7MU0X7MqCpUS3Oy9zTjv3AkM/gPTiENpcY/B0ndyrVUYRkdVH/q2Q9dMGsqRJkNIKeBdAUuyrtdtZLul/dU3RulTB5yJcHlo8E8ctvRV8xZ1JkBOQbrW5/rMvU9ARKwWmmchK+TbMmH2Vu1GPBehoESvcU93yh7n58yiml8h1bVwvtjR/0+62PDODyeoDDAz2zD4j2DOqVuP9hRaad/VZoq29s1QabF7QTA4TMqC4sEfPJMrWQrT1FQImMJssJFo/do7unR1EtzoNb8dgVfFL7XYXME9dsL9HkTwzpK9mrmVAD5yNCOK33zy5wfKmHBUmxq0V+yKyW/E5+4+MT7dbgw6mIAU8s5X64ooMiVWjKDcQMgZe3iuxylCzDikMw/juWfWjzwbpGb98jtzXC6kBHJHo3r4c6cw5liRb62X9vZXAzOGTxUfOqKhIw/0ahgMWi5ZLtKkCFu26WhzfPHvduM6+4TRTfYVtfN/WrW8CXjoe4fljMdTmFGrCBpIQJEzm3ZXC2VvGyCWYnNxOuNuCpUo2dPTUsLMpg5vjgE1VwkIxWJMAGQwL4UK8T7Y6N3Zz598V/Nuq1m0kqfBwpSAQtLU/otUpcKJlPoE+Hv5jvKJnsTxAwNe+48a8YuFJXj21lT/qE2bJijrg/a6ApJH2MY0JS9uEX9d/LC5qiUh5BRmX5W1XgpSlK+B4/8u0Q1kpUhqnPKfzfiACmdNBXbRgLHosruxRnde4KKd65lG0sOmtCdheVgrIYAmqgpTpw7CXtoLp+jMVhbHdnn7JJ3Bgh3tYmpL+jxlWt73rmqacFY/rV38FgOKmDaNoW2xCFSmUCSECc1l0RVq6MRC7/vm6x/eO/WVYuuXOigx7xYHnm+5UiNeZOT0sUdWOv6p8NXPozJzFPaKAUJQmLwa0RoesEx4jpFGg0kcfaKZtWROJKl1XOBPHjf8Qy5HV7Ish1/WqavKntJsuxVswqKC31qZ7tAtiLqPgfiUVRDP5T5zny6E/k5RjCOHc51na6LOQ0BILNz/W72pXRlRZiTUIcIU+VzQCntcZMlF8ftY8QdAXzMDmoQQggRow230BKWzEfHpKkhmxrxbxTkDfv0hQbEq2XDojZaqChZryF27GGhm1tf7Hfr3R7oeAYfjY0TS7QQVpnlsb/5fcTyvpsTZKSqRWae5vEnHg3NWaBgep2COELaRIUPX6gxk+7VtyO+4VApJuLrP17jhZxObU5GpFcYjVZJIk3F7uv1iNaPaKCYahwYN+VLrnT5q9dUw8VpwO/lzKWCsfBpZsT86Vj50cU/UjiHDDiWulpkDXkOJsLRqQTj9+JDVOmnpEpTyRbve43xANLaFLZbo3c7B0qwbLQRarOci+BhGszFUEsHCCXPIep2BQAA7gwAAFBLAwQKAAkAAAD2YZtIN5izHRQAAAAIAAAALQAcADc3Y2ZkY2VkYjIxMDk2NzEyYjk3OTRlOGEyMzY5MWIxLmZpbGVuYW1lLnR4dFVUCQADb60gV2+tIFd1eAsAAQQhAAAABCEAAABM4FRY290ynF4CCf6kuSWEtCnx91BLBwg3mLMdFAAAAAgAAABQSwECHgMUAAkACAD2YZtIJc8h6nYFAADuDAAAIAAYAAAAAAABAAAApIEAAAAANzdjZmRjZWRiMjEwOTY3MTJiOTc5NGU4YTIzNjkxYjFVVAUAA2+tIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAD2YZtIN5izHRQAAAAIAAAALQAYAAAAAAABAAAApIHgBQAANzdjZmRjZWRiMjEwOTY3MTJiOTc5NGU4YTIzNjkxYjEuZmlsZW5hbWUudHh0VVQFAANvrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGsGAAAAAA==' AND file:name = '38ba7.js' AND file:hashes.MD5 = '77cfdcedb21096712b9794e8a23691b1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad6f-294c-428b-a85a-43e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:43.000Z",
"modified": "2016-04-27T12:15:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = '38ba7.js' AND file:hashes.SHA1 = '024aa48a645fcefa65cb19b41de71f452102974c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad70-9c24-439d-ab35-4ab1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:44.000Z",
"modified": "2016-04-27T12:15:44.000Z",
"description": "unique .js file",
"pattern": "[file:name = '38ba7.js' AND file:hashes.SHA256 = '2e5f70f9e1159eb9b039095430ed9678dffae63d98de7845b11ac7830c15f431']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad70-acb0-4aab-a8a7-4809950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:44.000Z",
"modified": "2016-04-27T12:15:44.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPZhm0hNaXbaeQUAAPMMAAAgABwAMmM2MWY1ODFhZDM0YzQzNGE5N2ZjODRlYTMxOTFiYTdVVAkAA3CtIFdwrSBXdXgLAAEEIQAAAAQhAAAALe+399i7b6XTfmRdcrY/wgz4SoaEG5Cebfno4P9gFzD5RweKoEuAFi1UqvwhhSyfhKcsomSdvZ9yL1imWU31UcKohkCfJcm27/lP+vMbTz7JMkLO783nSYSxmV3x22uGfFTpCOutoDIQQ13enH7Pc3MOAipWkfwI7eUaND1JalStpPA5c+G3qHHXlV43T6iL9VnZLTPIg5+Z5U9Jh+k0TIQP0LceZ9iW/tFtBJSgLZvCpgnB/ukNeyr6Tr+w78acNjiiXAz0Zr7Mshg/sVOsKscKZSr/p3rl/OIfkwp6Sp8xWslq8b9ykUP74ggfR5cR5uJtMMZFZhp/qauFcuk19xFg0o7QHmSHT2RwAUC0erNWBtQxVMbL3L81T+3KcJ+CAY0nTiJVT9HMLUuKv+s8tPPLD+RR1EuByyQ3Vx4/U4ijaojGcscy1XZc/0N3amKjPG9FJrBDjNnLy4cLQyAObFezxFdVVY6al4mqUVD3vc1EAUlQ8CJa2YAtFr3jq1UMC5OuaXTROlTvQUveNIdRcY0TEegdQJe88pRxh5zqgZsASJ/ia5UIGwPb8EwfPGBgek+9EN3KqtTDkfAdrJ3CnUlHVmPLovLZQGe5jikbEWgjITQfnuh8g6W3U4H1X7bpvWOedYiwyES4Z9BhF+93C3dkrIdB4k+6rxa4ydscO0lEL6TNlPfDJzaRu528WICreO5eggzaMnBQAce0vWQhRqHe+44RAyaA4TUNdnbDzh0+YwYDFa3XZMmbDpRF9u6WcPgmQW2mbejGiiaOtXmY6MlKCLjmiPs/LGDLgIDeqTYU0QF2Kc7wVcx9eA+cTT2CwIiqyh/clMLs9tfv15gqEqMaFZhRO5EQ8fmQeCaSzCzMTziNKu/gtCl8MUghNsQPUIGvPvJebHb/UYeTP2aST64uX3YrXjWYKm2blVK2UYFDCB5oCUy20Qe2vKNDDTd5MrA9JBZMpR0YpXH+K7bhthGuFW0ZEVn73yM/UP/5KgW02vCUWu2AIiDAZoJ5C834JBhCEvOaA17LhnTYuhVDKiEJR88nqaXD2u1b0OqWoUPnyp4jaKt2USZMYLEOr6WvMFR5D09DBL/JO9IqWXJ1w72tLLU48Xe24KUQ1e6TdYNOyyctLtvg43Ysnz/EOlxNG/0mg6+9dK0s6klmiTUIcwbsfgyV698gplpQjB3/RtM3t0/AYKA88rocJR9FvyYKSchdDxSswhlkbHs85Smw3FxvMSc7Cx+76g/EnEAZQFT4S+JvBNdBOSyXMU144hUpI9QQNqxN8Sy/vV9DdC6v++f4Kst9GpdziV4Xvb6Ef9nYz3r/4HoXS/DrsFQAVSu6lBlbhLH6xDAyYWSFH7DhCzmdH87ZQGx7QBe+aMZ2uRUKk81cCwyPSOBOG6M2EnyC61gToyJ8jngRNvnrGTCZm7bsPCAS0R/tTrLQjS8tSusbVCy1QteGn35Mkghb/jsxSn24h00aoOdwXf0aD1HL2GCcTSS8JfVZ4EE3UEeq91mh8FEkkcDzp6UpczUksyRIv/Ms7j63peBDfk085ekm6DKwkoefR4B0ECJ3Dbi+JNwayja29DG5UE4Q+zfK9ZrnN9qtQK2tcMlIiN9sHU9BKe56AgdvCeZlY/7+xXvMRU6CZO78FVB9yvjwGYDJHgOrVobRce/05JNmvyZJML7L4UwaqYHDDAc3lewlMQgrK+XM+qh5IQ7NSXy/CgI+NTQSuscMOHYF75Ynr0ij7+L7ppnlj38CW6duqZJ/NOTevypC2osfwNHrXSyPeFP+PHB16S0QTmSQb8YGEExHYFEAz2LGV20ZM/wNz+IxVEEodsMgTSfuwxaF5uRs6P6zYTDvrPRej/4PBUajUEsHCE1pdtp5BQAA8wwAAFBLAwQKAAkAAAD2YZtIGFpQFRcAAAALAAAALQAcADJjNjFmNTgxYWQzNGM0MzRhOTdmYzg0ZWEzMTkxYmE3LmZpbGVuYW1lLnR4dFVUCQADcK0gV3CtIFd1eAsAAQQhAAAABCEAAADnwBnGtdTBnzrCR1Yl9BjxxOGJR1Brr1BLBwgYWlAVFwAAAAsAAABQSwECHgMUAAkACAD2YZtITWl22nkFAADzDAAAIAAYAAAAAAABAAAApIEAAAAAMmM2MWY1ODFhZDM0YzQzNGE5N2ZjODRlYTMxOTFiYTdVVAUAA3CtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAD2YZtIGFpQFRcAAAALAAAALQAYAAAAAAABAAAApIHjBQAAMmM2MWY1ODFhZDM0YzQzNGE5N2ZjODRlYTMxOTFiYTcuZmlsZW5hbWUudHh0VVQFAANwrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHEGAAAAAA==' AND file:name = '40ef409f.js' AND file:hashes.MD5 = '2c61f581ad34c434a97fc84ea3191ba7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad71-3e98-4aca-bbbd-4d0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:45.000Z",
"modified": "2016-04-27T12:15:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = '40ef409f.js' AND file:hashes.SHA1 = '05aa3bafb25ce8df84dce60cd4f9c7c1d054e3e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad72-44a4-4823-b1af-4dc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:46.000Z",
"modified": "2016-04-27T12:15:46.000Z",
"description": "unique .js file",
"pattern": "[file:name = '40ef409f.js' AND file:hashes.SHA256 = '70871c1d159b3593f10fc9480a0411c9c151e0bec8dfc615c80c58d9d5ebbea9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad72-f7c4-4ed4-ada9-4d3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:46.000Z",
"modified": "2016-04-27T12:15:46.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPdhm0g2VQg3cQUAAOYMAAAgABwAOTBmNjY2NWZkYWJhOWYxZGJlYzE5ZDIxMTNmM2UzNDhVVAkAA3KtIFdyrSBXdXgLAAEEIQAAAAQhAAAA5YchXpPfEIJFiJO0w8iI83Sj7mQ4OrQll3JIUCVKbqfZcpTHZXZitcAb1aq5GggXKnPDt2sdgLXZa0cwM9dB8C2GzEQyz5xSCQ7QwPZfUuxcjyZyw028QE3jdpz6gU6IZZQ/4PIMDACyQOjoWJRKeMJgUX5NYfyZt05ofVuOvtuCEO4fVCBiLW+h8El8LWu2/jUSz3U7AE7HH5CKkv/kaAfqOwrB1iQ94tZa2vhNOUR+HHQhlYtMvxItXwiop+PoEMkUYvV/jT3sbo3QXCfPlmKHahP9p6Z5LwSkRxD2zFzV6B2OhjOryAKHI4QzCIpqKtpTLsFOYJTc1g+gxJw7PHNgr6QKtk6zIMwsO/6Y5EBFKguynZ3hXc8JPWe668SSLl61L3xHuavfP9zqOk8jXtVhNl9F00eEyfpSnX3n1Y9bbw3vzbz8NxVETIrRjUtmwFgpLWeAws5fnIkzG7jeH5HluzwU4kYp2Yds/hpWGKbMXRQPkGjfBaiEyzBZx8rHENSJgFSuagrPXDeYZf1fy+rrsjpKDFQpDrplAz23fyNxA1lRPk2GRKygwytW+7pmI8Wz6rVZ9bc7/cPtyh0k03g70FwyBfUcWiqo9muKaHfKTObc5868c+a3fjJ90hLy0FyGie1zO/GTC3d6BdrS3AiJ45riNsHEihBuINvHdHQMq5U7sASP/Y1Dkosj2858IIwiIPnF5zeK4xhLEcrihqaDCXCadQtcWGAppJN6GfHHU1ctpU+/V81H10qT+CPWcY3fACip3WPGJemWB3VQ/ucz4kxkA0MketKM3/5VToQoyvcwFmCV6cGt16LCtuqF8g2yEJFlSNlubcEInb5U6P5q7Qgaf7aXn8DHgcPdZWMUEHIl1XV1zJmP6RUDfzQuTmDdeOv/c7sgnvvrB1oCsNLp3APry89zUf0TIElHiD0kkxDA/c+2K03wJQd1GNGkm12eOriZuJwJE8uaYa9HRn91gpQs5s667P+MUb4kpOROMHHW1EJiaHMgdvNk8i12CwY/6oO3LtzMk/O0q+8015TReLnAQYt7ipwZDYOqmQ8xfGuTrs0QKQoJuzQ5dTA08FJ0T7EQU0yWaCgF/yaz3QTDW6KHifxGwQPr2w1yRIpHAYt3njeJ4zCAqZ/uS4p4pkgC9uxueVOc3Mf9hAFt/NsPVAtUWZFzVmaKh7LEDx13wqGP/I/lkTcvxqF6gcONBi2mQHEvV2++r1ipT4AOLPUdBo4OxRKaYKKPqDY3DJDRioFCucaQt3hCU+/5W/LQNuBu7R23qc0NczpNLNs4X1dOoEnpzHHEKEcDSW9tE2xYVcO4zaGNSHNfTwN6kysb1g4W5RTgzz2nlw/ZJo+ETtMvx9BXYmBU+a1GLxEOql4FyPbh3h2R16Ry9k7vCNaSbDsYwjWP61m37cVDTOgHOKNqnAwYXSgTSBU2RRsspPbOIpxNbFPWiyKbGGP9D5qAtCgznG0IJsiiCJedGtDWZCqZpN3dqjDR8maqFVQXinCYwFLs3vJEI1JL8hxeM8CGGj4ksCZfJ1YYAg6FFPyhR8VWzpvANscAdAXUECZ6YKanJqwQA0HNBDVE3a0Z1dpNrdWidFMz4WCoIPgECC1hOesB32BYnuSL8SsdCxzeFC7skaXv45AtdbmtosMkgRNYF7qeDtdNKk8fZEmCSdyDIwWQfvJ1up3kGLXsY1A7gEVxJW9rTVL+UY+HhT6mL9hWGOR36mwG8xuHZz0TdKxy3p0uPmNjl9efMUKAPhOqfVrueo4rcN+MZ/PO3o6j8WeChx1YHrjuAjyMbyxe18l1Vh363s48D1v9X08ftZ8qFLebqHqutDF+gIyEYpP+krgmj1BLBwg2VQg3cQUAAOYMAABQSwMECgAJAAAA92GbSKO0QDYXAAAACwAAAC0AHAA5MGY2NjY1ZmRhYmE5ZjFkYmVjMTlkMjExM2YzZTM0OC5maWxlbmFtZS50eHRVVAkAA3KtIFdyrSBXdXgLAAEEIQAAAAQhAAAAJKAHN/zoRuLjTZ2XQPPOUPu8s48YintQSwcIo7RANhcAAAALAAAAUEsBAh4DFAAJAAgA92GbSDZVCDdxBQAA5gwAACAAGAAAAAAAAQAAAKSBAAAAADkwZjY2NjVmZGFiYTlmMWRiZWMxOWQyMTEzZjNlMzQ4VVQFAANyrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA92GbSKO0QDYXAAAACwAAAC0AGAAAAAAAAQAAAKSB2wUAADkwZjY2NjVmZGFiYTlmMWRiZWMxOWQyMTEzZjNlMzQ4LmZpbGVuYW1lLnR4dFVUBQADcq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = '41f530d8.js' AND file:hashes.MD5 = '90f6665fdaba9f1dbec19d2113f3e348' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad73-68f8-4c03-8179-4ade950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:47.000Z",
"modified": "2016-04-27T12:15:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = '41f530d8.js' AND file:hashes.SHA1 = 'b800a02b29ff3bf9df93b52694b1167439197341']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad74-9b88-40aa-8f6d-4b22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:48.000Z",
"modified": "2016-04-27T12:15:48.000Z",
"description": "unique .js file",
"pattern": "[file:name = '41f530d8.js' AND file:hashes.SHA256 = '08a1f917824237ecfd135b1a745b662c0a660c3fe8ae9afe393e18b378c8fe5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad75-29e0-4e57-9244-41a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:49.000Z",
"modified": "2016-04-27T12:15:49.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPlhm0iBCrLbfAUAAPcMAAAgABwAMjg4MTQwZmFhM2RkOGVkNWRhNzg2NDVlNGNlNzc1MmFVVAkAA3WtIFd1rSBXdXgLAAEEIQAAAAQhAAAABLq4fIDSgDiqnU2HvoUokL/sBBjfAZwtqBDA9FvRq0Iu1ytyJq1DP8p6FY5NPPLzZdoqoC3jhHIuY2jDhrsKbHbzpVyPihwb3n3Nh6O9TFW8et5syY6N6jiatsl5+OBLfTfnbP8hC9Ti3aeCptukocoo6bLPIW4YnFTPek5mY6Rqfvmv9nxjk029+Pkghz2kg6JbaW1H3AoBG7FZl4dCSquEDN/jGNElx/i94LibXGws6Pf34heP0I+gdQh+vqINvs4ct/Rahynf8M9d41+mE2Tzb7lPOunabWLdR63tSwNpMoJQA2hoMIICzLgA4IbgPTlV59NHPH17NZS+emZrqfZA7mpBXOlq8TTuaGsmPCEhlPA5W1VV8lhS+nuAOvDCALquB1EU/zPCOA+aV4kga9+ZmxBez6jc5gadCRyImANAmYqHpOr2y78asah2t78kzFAwVbEt3YEB3LsyNMztILan33OPsTe4Xs4zdoowxR7FDuZfQulpjNBSRxNOyCIPmagwipcpH273dm+tK2U3817ABIYYtELGicZG6YxM/II8VGIBvQD9VzJKR7r6CQAZ3LiAVg8bWsbnP39F1htNb9jBO6NCZ8UYNpPd5h5kSXh5NYnhLAZNZvafiX/Fzs8GInfyOsl70dOykPEsqOIXusFKUrXhhpr7C0yEbhF02EmCbWC6FHwM6VWITrHCCYAedsil/KD8JoAThUiNpKHJZ9MRabIqkoUUEISBi2DggSZI6dgLEtuZp2KJ3IGn47xLK+RbtNEd39G7Kw/RWXwJQ5YNI2GaOipYzdyB94or1xT1sHADgNOJEgk5C7iv6wSzZ4Uydgh3IbBBmGzhtBe2t5TXZx2FyRJQGVhHRpV2ZR3ZDtq8sA/Qiqbvyyl8a4pykjbXsL+U9R57k/3N3fqJWoz32BJxwRnZnTqVTH2Dc/G7n57WSfSLXbTtkVV9LC0LrtoHptYD658cslOqWpACvCVpF3hJY24eOBZR2Qeyn8rV1E04jjexIzuTeKH7zdfKSOmxK6wkCr3KikZkcETYrYy9LmjnjS8cbJw6RyIhKCBFAYHz0cPg9o3qjtU+COyz8s59gwRwI7/TY8ZqDAssmW7epo1kDLiBQ4fRIKd2P75Qh/fdwvSQYKjN1WV0tPN/N1QmkalYoDAWHXu/SNGBU/qsf+jSjWg3aMLW9rV0KhuZYt9bHnlN0CwxCfXsl9O0vdRTFxBt51jUSEV4yMExPrpdM2HzJarM3sq7oSRxyfXtCss22RZ96k3y/ezJk++7O0W3WOXVTk7x7ep8yI8KBobnA7rTZW1qyP4pOMsCaEgXmnrRMfy4cXA7luZZN4RUC/4Q0KBl5w3Qp3qB5b5kHLbp8NKFmP45+Jfopxo4ykdi1U25dJgKp2qZIOdQzKlcdC59xy4FGfXPbMGZP3eUCUJTaWETPKDrZyanVPiSt60iyKkorce5Q/Tc9ys0sIiPeW9mHmI18iiI4Rge3UPgO6tKUznTBf+ixWS4FBADOiZExClcThpnO46MaTGJw379cPdm4Zg33EepYmCk0OJaAEmLbi8gZnIUOKd2kzzGISJ9+vEGUpiFo2Yp+xNW3EnMS/ejsghyimi3mJlYAyE0ofcYPyx1LrLAly/A+9VRubpsYFk5b7ySX8Z9wJZqDEZuz2GpsT4fVDk9ngC9jVyJZ0lowyGNLBWOcRZn5kVOByY+FlPQjFTAWpTyi7q6wJGYQnQxPzSkOllJwIMWOUyaYOHYBhsPW2AYVdnb+2bwstU9iXblsjF2ArCAn9ZKP8wPGmQ4bBwizcgjyLsfWSNL6X5ZFCiDIvZA05DvL4Zs4MyQHTQL7ZKgnes5ucrosysERk7+19KSqia9OtluUEsHCIEKstt8BQAA9wwAAFBLAwQKAAkAAAD5YZtItbwi1BUAAAAJAAAALQAcADI4ODE0MGZhYTNkZDhlZDVkYTc4NjQ1ZTRjZTc3NTJhLmZpbGVuYW1lLnR4dFVUCQADda0gV3WtIFd1eAsAAQQhAAAABCEAAABdeIeLFrDLujwHfzbhFzkeY3o+gz5QSwcItbwi1BUAAAAJAAAAUEsBAh4DFAAJAAgA+WGbSIEKstt8BQAA9wwAACAAGAAAAAAAAQAAAKSBAAAAADI4ODE0MGZhYTNkZDhlZDVkYTc4NjQ1ZTRjZTc3NTJhVVQFAAN1rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA+WGbSLW8ItQVAAAACQAAAC0AGAAAAAAAAQAAAKSB5gUAADI4ODE0MGZhYTNkZDhlZDVkYTc4NjQ1ZTRjZTc3NTJhLmZpbGVuYW1lLnR4dFVUBQADda0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAByBgAAAAA=' AND file:name = '048a35.js' AND file:hashes.MD5 = '288140faa3dd8ed5da78645e4ce7752a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad76-cd90-47bc-8abc-47fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:50.000Z",
"modified": "2016-04-27T12:15:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = '048a35.js' AND file:hashes.SHA1 = '955b8c6680a7cc4c00d5d54298bca1cff2e3de87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad76-a898-4928-a7d3-494e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:50.000Z",
"modified": "2016-04-27T12:15:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = '048a35.js' AND file:hashes.SHA256 = '27668875468c144186132894e3d8e06512386f70ff91390db96d26a0c074dbb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad77-5090-458a-a9fc-41d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:51.000Z",
"modified": "2016-04-27T12:15:51.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPphm0j7T6mcdwUAAPQMAAAgABwAZjA0MDk4ZWNkNzA5ZDYyYTc1ZWQyMGM2NzQ5MmIxODZVVAkAA3etIFd3rSBXdXgLAAEEIQAAAAQhAAAALijzwW2LKwxiNAaA1AaNt9tBPY+dXef/n5DWLrOlFJhO2ygjMETlVYGygCFOMTO1R6W3NR14LpCLjbHpXLnM3IDecXsXOC17aDtUiJZ6aeEZ+nNIOX1SraLRiBt0cTZ/kGAvDvOQn7uWtkmFesYwzFZV4yIJD2aX73upCdQ2pBfk0mbZERUaEzseJ4WTRR1z7w4QsNbDZSBYAVIMwjX3u3LEE9agIRR6deIG2XTQX6mF10tWeeUaBscIgae+mxIB/OfA30N0wTuTNfoPEl9FVk2r914Gz/da6Z7qJ1f/SphqlqOlkurxj0WMF1DilNGW0AmlV5jVCQyWaIRXe0r9A3CLmnJ+hV5EKhEkTzHCQOuM7RhBvn112WOsRPbRiVFA4XEOHsTLfgfF32LS8B+7mfLKzJQL4VhJLE9NyQMDK2Akis5QKlpcaR9Y2zuiawKHWef4Mh/6f8HCKywjWBZhBKTHIbBAOKBAUkVXiPFq+rd/xwTwruy/FyrI919qRfnuj2AaBjQr5lu/KXGjQpbnqMUkWgt3ks6tw75EGmQ3/b+NG2ZhWuBrY12UGEakfk9KvX5Q44V2NxItLUttGx/oKetlWmlvlEoqu+cUCk1ZXO8XXnqCSzy2A1+TetLJXf8kWyVgtHihb2eBqbhZyDh0AqT/a/1QSLZE+RbXkz2iYKj3Ebz2S5cD77+UnJq1s5D6NwPqtFPJxYQPmQkcf9XftsVGQ4a0PJJLwpvLE9ZRUTlOCzanIkYxIuGVRjj6ICzshfEgM7KQIgMu3yniQrcN2OjRrPRdDbL6L3C7NUfaJbg9OCNtOmYsr2XVP3Q3JX4i3DS1dAABiWMLaFqvnHOe5M0tsH83bXlv/BfWh7LJG3C//Sk6lWa32uLehvGfApJjBO+Jd7+oleWjOZB9ONdzLFCmrG9xKvjGIGNtE3zA5Kce/DL3dQYOTsa6Nkvxmn/4t3y+nZMtDY4KnL96Hzee62y5ZWTySaetqhefARm2I2vUKjoOMNvhufHivhbFLdG6SCoLmz3l6NTaB/kRScbpIFQyy1jdT50trYZjXc4EgK0T9znAljUoq7YRBqUzFzXJ4n9CrbNYfkbX6dIwY7HTFcInUOR2K4NGZBV4k9IK3vvblDiYmrKw2BrMSHZn8m9q3cdQP/7/Ykj1aaQitgTFCClTOK8+RKUCaR8hHM552nZ35Hn8UhMYj0eCvgHDUvvqky8QIMdpdlJkwXu5fmXfw3accS8x9SctJYgkEty4h1QxVPMmxi5s3d8qfhXcNdTZ2+s/iFfb85664zkuGhaO/0AGUvBapCg1Up4AnNpYCWcTF3OSzcYBnZuM/Qie+p8xljS9To9gMEP99G8bPVk+xwNYYZAZwy49Pg/IUzXhfTW+nYxXrZWkVeE+Zz7P7Y/AgFWTP5Vzlk+p4A/mEcUl0K9c/dHG8Xfe58LmkY6ko59yEvWWI4idIMFKF1iVlxX25/UsVFLVzQgoghQiZH56+oBRpofnu2REAAiOapCuRFVJkKBbnA+mJ7NlDNFuO0U6H8lngWHfKlYlVm8Y0s787eshmULcPC93IIgJgjyQcRYWVGcl4BzgUVuz6RwYo5ag/7UfrxAWjmVniMif0DJvss1I0PfVaMIbLNLTQ3HaF/rRsCeJ1Ly+CwyE0jkY99jVv7m6aPiPPW41a/ecllBg5S8+5bnbC+gbl1BYopaLZFlfM147ougMMMThfMrUUvNvANaEVT3KaDHh8wfKwbLXYRjikMO6Ye6pnVB0EKqn4nuTRCZRhYvH0J9uDSg/qBS35wk/jzmCo5qNxfMuoxWqkB0WOrcXohT2AbWlGU+65TXPNrOQk+gtNHPXRUPboT6kZ3fTpDRM0VBLBwj7T6mcdwUAAPQMAABQSwMECgAJAAAA+mGbSOwZifsVAAAACQAAAC0AHABmMDQwOThlY2Q3MDlkNjJhNzVlZDIwYzY3NDkyYjE4Ni5maWxlbmFtZS50eHRVVAkAA3etIFd3rSBXdXgLAAEEIQAAAAQhAAAACIodDgJv0p8nPufCiX1Ms1GM8KaOUEsHCOwZifsVAAAACQAAAFBLAQIeAxQACQAIAPphm0j7T6mcdwUAAPQMAAAgABgAAAAAAAEAAACkgQAAAABmMDQwOThlY2Q3MDlkNjJhNzVlZDIwYzY3NDkyYjE4NlVUBQADd60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAPphm0jsGYn7FQAAAAkAAAAtABgAAAAAAAEAAACkgeEFAABmMDQwOThlY2Q3MDlkNjJhNzVlZDIwYzY3NDkyYjE4Ni5maWxlbmFtZS50eHRVVAUAA3etIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '51ae35.js' AND file:hashes.MD5 = 'f04098ecd709d62a75ed20c67492b186' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad78-ca24-4cb1-b397-4803950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:52.000Z",
"modified": "2016-04-27T12:15:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = '51ae35.js' AND file:hashes.SHA1 = '538a4ef3766dfaf09f6c3fca5457eb3fb1ff0408']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad78-46e4-424c-b38a-463c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:52.000Z",
"modified": "2016-04-27T12:15:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = '51ae35.js' AND file:hashes.SHA256 = 'f2f2009ebf69ae999c5e689b06c6c30732d51054a094a938cd2481aba163e5d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad79-60d0-4a44-9582-4cfa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:53.000Z",
"modified": "2016-04-27T12:15:53.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPthm0gzjHjzfQUAAPsMAAAgABwANjYzNWExNmQ1YjdmODU4Mzk5YzFjNzgzM2FhYzZiYmNVVAkAA3mtIFd5rSBXdXgLAAEEIQAAAAQhAAAABLq4fIDSgDiqnU8fOpMlsdbg3/XCe3ykmOc6+3sHwSrMBSGiii4ZqdpPhGAk21GhoOS5rZH4dW48kU36qSUrad1PzZrJ3Pn8wyRmPGBKKGQBifiMABEcqXH67g32GxjxlAFMJ9A/UMizvFwIyzM7mFe3o0ysJZt2+skV7yB/jb1nIa4henG1S2MqD5Vo8qVkxYy9TBDDu1Zr8d0nPB9HdOS5mYEv3AVDN4WWhxmjd64fpqRceKtSpiRyO7kB0c/0tc2XmTG3/4TBcyLuHVQn7GFeVvXAstjXJ6t0Gft8qHnv9X7hr36V5bW10m3yZOjV5Kz1670wTTWBbt0C0RWD5a+pCBkAgo68kt6OlC8RzzruiqSZOgEjg7LRSS8YXUeLr6tbRRzl4mioxeKuA9r3QzNkreHli3TYwZIjy22RFf8E1J5g+s4zNXpZTGRiKvAH6q/TGAOKNPt0q2SblhAoxcUENM+FNfTn+eWG5yk707HqwTqxcCRb+htGq3pn9SDGLPj6SlXgWCCU/UTHgHdsoNtOnrzIpdLmC5JJ2C5QWAN4zbThorYKYUehRqEeoKkeeUKT3QPyczXUOZ+AicNo2hh+orzS/hg1uJAeqaX0yPBiIjl/01+jdPFMF5nZF4AmI1s0rGJlTL3BcvXV9H8arfc5r90GQTxRwVLoVJa/XsloRM7lcwZNnXn3DvsdcCfEUe9X56iH9VArt0ytLAEsz3aDmrNEqJmHHFoI3ZcZTeKPdtVoaG+947CXzkb+3l58wLLs0ZVIru6ojjgzFf4qMlwd4GAh7cYgnf/R0dZLnC2jZ8tY6tjJrsFotXdu98lht2YqZzSTRYrcWsS7QNe2JdK34A3cAicQEuHoTURpbRl34HEAMwq6rSsLUWMU/CD78BBHEr6kFR4M88703gEHKjy4nlyjUYWYqw1GaaWBOanIgqT/gRylQCyQ+ePCoiBuocc+hH2x3rrql+/vMZkgsvAPZr5kqA1WnieITLNm2O28IMfBGIhFpMvBxsw8Am81b2muMHZC2GckuRlVXANNs9COyD7vlJBf/h/3f6bRmm26gqao6dGjfI008ye+7ze3UPQtuW4DOdLLwzVYj2xGIeLGf4Gy+YD2GsVQIvTPCDeGmFqw4rjojiXaHWiiL8NoYWa5ghiaClNkeuIZAgJU85FuUx4WrdWYljJMLf7Aau8zrjMqmkHgYvmmuzfSSa6T36c9ijX3gGEY83ZfhWB9QAg1/6rHYenrowtVfyvX/3Ro3ohUGEX//2T4rxH48UxcWOxhEuCYhJLzB0CmeU2n6AHuocfSdrfIWLHaDpCLtnG9SAKfgHNilYEjnHI2XEsuAYpXySVPevmkG6RvEt+RsDg+JXmG/NA/LDn1luCs7T02gUZ3ZZYlLAB826HVQh6eBFuw4G8xtxNCQTwhSVuyWka06r/9xZSh6ddkAG3a2UorkyAbHUpfiTz4uzBQiPyla/dMqfHm+4mAgI9AlUAKzy6CNAKfxqtRjOGh1yc0qoGSkfhrszK0+qoHTnExpkQvTiAo4lGSCjmraT/9TnbZ+xBBtXcJMu4D2e4CgbiuS9n8HhlfPPsx/T1U3d2y6ZZ9bhFZDEOgPZzY+8FsL8jnOImlXLvnezmEp3S4fi6lZoiyusHac/AXzvx3muhUFZtJeWCJeQvHeK8xiOhJoNueJE5K/soBg59RZCHoO/kXchu85mAmYOIbiBo7GBl2ETiYpZt1i72ENV/Ef31Zt6gtcZpD9fJjgEv7tfVlL3NHoKZyjtGLoAiwBtGYLuQQn3UXONU1qumJ8dgAnOV7FvXFjvAzq86dKrUsZ9fTf2OLbaHuGCoSuOb+gykAMWqs6u+4jRyQavndEZWuseeFOFBLBwgzjHjzfQUAAPsMAABQSwMECgAJAAAA+2GbSJJOd7wWAAAACgAAAC0AHAA2NjM1YTE2ZDViN2Y4NTgzOTljMWM3ODMzYWFjNmJiYy5maWxlbmFtZS50eHRVVAkAA3mtIFd5rSBXdXgLAAEEIQAAAAQhAAAAXXiHixawy7o8B30EoRs2yW6nz6h7SFBLBwiSTne8FgAAAAoAAABQSwECHgMUAAkACAD7YZtIM4x4830FAAD7DAAAIAAYAAAAAAABAAAApIEAAAAANjYzNWExNmQ1YjdmODU4Mzk5YzFjNzgzM2FhYzZiYmNVVAUAA3mtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAD7YZtIkk53vBYAAAAKAAAALQAYAAAAAAABAAAApIHnBQAANjYzNWExNmQ1YjdmODU4Mzk5YzFjNzgzM2FhYzZiYmMuZmlsZW5hbWUudHh0VVQFAAN5rSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHQGAAAAAA==' AND file:name = '51f3e71.js' AND file:hashes.MD5 = '6635a16d5b7f858399c1c7833aac6bbc' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7a-6e14-46e1-b4a4-4ecd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:54.000Z",
"modified": "2016-04-27T12:15:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = '51f3e71.js' AND file:hashes.SHA1 = '061656e07d03b97efc6f914e11d262f253a64c1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7a-989c-4da8-be64-4284950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:54.000Z",
"modified": "2016-04-27T12:15:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = '51f3e71.js' AND file:hashes.SHA256 = '569d2caf2e59ee852dfc08280ae42acce33a81d9494c8abc95915613fb267489']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7b-6284-407a-ab4b-42cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:55.000Z",
"modified": "2016-04-27T12:15:55.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPxhm0g0bVYiggUAAPwMAAAgABwANzkwM2UwOTI2Zjg5ZjgwNTM5OTgwODNhZThiM2M0NDhVVAkAA3utIFd7rSBXdXgLAAEEIQAAAAQhAAAAqkis8Bsg+R95bhzE8s85f/eTkqDryMNmZ1CTd3dPEFHt/DY4FrIeLKv/VZlIyqauHm1rbvfPv7sNwfnl5mfVg1V4cS5ukBm3ILWg89WIuSwYvjHcivioVf50uOAousB9zUMzC4enBPvNPx/7b3aiYwCIZeC4rzEIx9APWiqa3ducSVsLzDqkRqwJOaSjNDg5j8jjgR6nU7OG7Drjxk15SeCb/rscC5XX93HdKxmj8+lX5jcWWtzZY7XQ8eoBql1he6XyAEJ3EfNsMcjaGr4XdfSakhC5Fx+o4C/fV/FfsH457D/iuvpr+gU3OTsRQ8udgDadTlJXd/EFH2pBYHd3Y/Jm4D9ngwXztARigOIeVeLcloyThs9XwxBM47t9bcYwHl4Cuu0mOeYlTBytw7PGODfKGioeqThlX8pp6OtlMeO5NBNEAIFnjLLrv2umQKr/pKDblHdq21Sx8x0R4yP8omg7eemA6yCH7oJPEUCkImeHv2vJynT8dvPmkCBUZzIYVLb0VkQ3cCodIRCZURXTmae1STEJbG5rPenqxnMBdVZ3feztdvGnxPH3NM+Gk/XJWFsV0vCod4RztJ5zx2RiO5p6BB8NvmuinALTm107CDn0mVnCTlB+xnEgj7ACtn7L6TzRbe6W60EVVMqAoQNRzs5ySkC1LbYDDSqALT0EbaQXRU7u5OrvgLPiouMLXNBeTjutm6G5DnSxyRmUa0qZHc9o6+5Qvka+OJTMYfRrFdP4vvPQG8mwPxqqx9FAJCjBp5T9CX9Lj895ixLNsuJ8yhivbzUEVQWQSY8Vul6sOgj+9pgPlrn0fiFIsGU/OsmQiyxQ8sLGAKNOwEfFK0LGA2KzxfmQuq75UQx0Tsgrxsb5/Cvolemk2vU3mkTSi/2fmkNACq+dW8U3uns0HyaH685wpuwCRJrAOmjb7+/WXhNH8gs8AOyYsd3JqL6qhEky2p2gHV9p+ExoBVHa8MeSSvCCUt1W+t5Pw3Jy5znk9G6OHirmo9GxnsL0JHumFYnkNKcdeIUqeExOJ1pION2hdIO+N8HJBnWAqegy/GkDU21do0BlNQpP9ICXTvekTqooMcWQBzwUdOG1fg8H7+xEuYpwRYgtIj/GAgVN19+S0c0T7ZSBJ5ZyMY/QRZw1CVz25ZPC6ElrmM9zVPQY0ELEBGaUrs3cMa8zz7AI9bZeApuXLxo4/VXCTc2xQa1M5dOV1HszTkBscbpBW6OGSYFPgSZUnpz3JlKCPzlOPnztKGAwHcJ9SVgBZJXWNGwgLLO5Akl66WITZY01EXY6ipKfDgTz1NNNK93IO2WYo/gKw+JWEBPeCMAEnOtBiwn5qmw7SPrnZaLxMbHsfvB5brwp4epyRywVGWlLjjTu5VaMWnABv0SrzrqsX6nJQX/YdlvIhlTASLxEI060RiZJNOpwwWVS+DZvccyIPovoZbiQRzM6yUxUdD7vpNhpXuSypxU2S/jYN8Lv46eIREM/Zs4B8teQra7ms2JNRV3TBunmU/01zybEJziobjvVBJTBPIPExvFO0z4PaL5Mc/SRyjjB7D9NcWm/X5uwlSjg6xOw8uVzW1L3TxQzQb9QYW3GB4ea7muHRVV2cG7A8RSejuR59T6LmfRjqYxH69ixKw/zv4xe7zjqnPS7S66PkWPWgsKefJ4xKHn6aJ1djQCasDeqViGL7ZN3DParpS27fdcqb5Wt9djU8JM44yDFjOkSVZICUxz2eFGIkt2tBKsvbimT0vDaob0ErwQOMxeqhvPZ5wz0IlqQabP60jwJitL00mCxxObSgkGlZP8BGGz35Kd4eZSQeeH8TGzcTSgbIRZo6KdTDf4+5cKIKF9ZXGfH/S0EWk1SyZmAURulyhNdG4Jlx2TsUEsHCDRtViKCBQAA/AwAAFBLAwQKAAkAAAD8YZtIOsVi6RUAAAAJAAAALQAcADc5MDNlMDkyNmY4OWY4MDUzOTk4MDgzYWU4YjNjNDQ4LmZpbGVuYW1lLnR4dFVUCQADe60gV3utIFd1eAsAAQQhAAAABCEAAACFRKiZ0oXh3VUMK/Q/oHuprj+PGP5QSwcIOsVi6RUAAAAJAAAAUEsBAh4DFAAJAAgA/GGbSDRtViKCBQAA/AwAACAAGAAAAAAAAQAAAKSBAAAAADc5MDNlMDkyNmY4OWY4MDUzOTk4MDgzYWU4YjNjNDQ4VVQFAAN7rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA/GGbSDrFYukVAAAACQAAAC0AGAAAAAAAAQAAAKSB7AUAADc5MDNlMDkyNmY4OWY4MDUzOTk4MDgzYWU4YjNjNDQ4LmZpbGVuYW1lLnR4dFVUBQADe60gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB4BgAAAAA=' AND file:name = '55cc92.js' AND file:hashes.MD5 = '7903e0926f89f8053998083ae8b3c448' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7c-2530-47a0-a506-438b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:56.000Z",
"modified": "2016-04-27T12:15:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '55cc92.js' AND file:hashes.SHA1 = '9907f78486b57791c0829e68c1d327b7102ee925']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7c-b6a0-46d3-8736-48e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:56.000Z",
"modified": "2016-04-27T12:15:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '55cc92.js' AND file:hashes.SHA256 = '4f02717150f420d921ab2e64b63537dfbe6d1c415de83a673fcbc59eb7624579']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7d-3780-4cdf-a46e-4a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:57.000Z",
"modified": "2016-04-27T12:15:57.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAP1hm0ib7tXGbAUAAOYMAAAgABwAZGY4YzEzOWQ5MzQyOGE1Y2VhNTU1MWU5Y2FjMTg5NmRVVAkAA32tIFd9rSBXdXgLAAEEIQAAAAQhAAAABLq4fIDSgDiqnUnKzKUjWwwUM7/M3xRrOOTYj94osqsJfxYp46PNEDdxtMOH4YKXsIwP/GZHIwlAH1K01WzFTA478XTAy25NfTo+1LCO2qD495/iaT/azQSDslO4Cb34Od169JcZq1UxOBZzBvTdT7vuu14CbVATTCxUdVULTY0Ln9OCREqLtyUy03OErAXVlE1eNi0Qwk2dg1kaMI3ONXcJuXWyWYxg7Uw8hWmGHHtH2Nzd5jTSlUKNdQWphc2hT3ckINcheRLTDfezSK/LfbKGNd+ci8Y6ShuKGXTv4Agd5mkBDsIgwtIeig9bhVB+fAF2OrKybWoe65KRi1/7UxPDhABiAiR5TrdM2YsZrF7hBRAN5pY/Jo0We7wCRQbmkHVENqCmm9drmqPU/8stYyr8I4luiSmYD0bxbkJSVPniiTA8xFpdbrI/necPr7t3y+WUQKH6XoSF7a/X86Skd8Uvat2U91EYfbe6UzJMgj9Wi1MEnGiSFuxWamNn7EDgPD+0F8c2IEuNd5oKVpO/VpEEHdLUxAl1/G7auJLInBPBNj4p097xoOH2IdK7EV3PSLQMELdBg9nMlvQ/eF46HJqE69FcWHPl0kECXYFgsb2/qgAJvDQ2+I61GJR2MVUSAu+odtWujc+OcBIZF1thym5jz7O+/jyYEMcouQJEzC3fZdQ0Wigx2n61h27Yu1VN4V1oTaMwpxGCizVm2gfsIN1yNZSL/w+pbE4a+qsHGoPDFRJVbBSMXFypIGDWpB3B35g1KzJWIh4hmL2OICjmPUM+/OMxCAHFiOIQodstoomBaDCIC3mcscaNd8B+qLBK9W9XmKRM5qIpSRX9T6lRASvUzZjV68XfjBDZfVH4NbFlcZRdcCCPFEbYYbBeXBoi/9EPbIGBeGbrp8yL5wT3+kfPoFzLD2mm0e6qN//n6rd1rPfLGQfDKN8b9Aq19PXEuKeu1GB4lWn355r3fKnehAg2FW6JMUaQfv8LLyaXknRxrc364pkuax8kZjnvzZh2C2OqzmeROTu3cNED2WgwxZyfOP/8u8Vw8QM/cSaUJZkuvNoTGvSxzd5lBUtkN7m4zPNnsmc00qcxgwE8FsOt5E8h5ZZZmeLnOsyjyjOjbrH7HllHdnbVFnSS01c17RV23nUU/U8ZD4iM3wlwWA04uG72QCPDs7F9E8skeErzOE3+NhLk+VgU0zj1Iq/aqpohtMTTtv6Ru8Xmqor3/qMSFbtzxw8XVkhsWNl5vAqqY9yGiN05dL35PKgXhm6+fJGgJ0/5kv/2D2VAObXzflehgaaQvTi6snCtYHFGovC2+2DUwFyWr7po9uM+SIi11M9BvXoM8S28KMZNTInMMdTXTxfonfyL0p0Za2UlIsBU6Kc5H2Z8dSrQsieNlgN7yIY+zcL8wXD9EgNbNM5CazKj1saEBpPNDI2bsCw+qgHthkl8/gIpnEoig8/7DKct5pXCb8pR+rx5eFNFECGnrh+eIBMfVe4EJSc7mTKSAtxZXNrxdhkXDgBf2XrV/gCW6ASxYemxi18dGIlaSlNRGE7v++WsZEnLG55rfikqsvNgN0+blKbl94ox3O5CqTz5kyBn1pM8NXTxvGqY27xFSAc+gEBCM+OU4TRpAAu3W0N+Xz3dcdSzRCYX9HBdTF1D9ap22WLIoXa0D4BpfZjbT5Ut0k8Ks+inS6o/k9rfBjlZOV/2OAlEXQw1PaUyc82kI65ef/FPo42mD7hwDClOPhv77uvd/OfWY/PjTIThSYE0ipbCbMY2PvJ065MZkfzcWg1BovLLk0WnFqTVfRGcfTIYyfK+qjgymurynb5YICxrl8fFmVrsLuUNi5B85gNQSwcIm+7VxmwFAADmDAAAUEsDBAoACQAAAP1hm0jOmX7bFQAAAAkAAAAtABwAZGY4YzEzOWQ5MzQyOGE1Y2VhNTU1MWU5Y2FjMTg5NmQuZmlsZW5hbWUudHh0VVQJAAN9rSBXfa0gV3V4CwABBCEAAAAEIQAAAF14h4sWsMu6PAd7aV6NWqthjhQvzFBLBwjOmX7bFQAAAAkAAABQSwECHgMUAAkACAD9YZtIm+7VxmwFAADmDAAAIAAYAAAAAAABAAAApIEAAAAAZGY4YzEzOWQ5MzQyOGE1Y2VhNTU1MWU5Y2FjMTg5NmRVVAUAA32tIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAD9YZtIzpl+2xUAAAAJAAAALQAYAAAAAAABAAAApIHWBQAAZGY4YzEzOWQ5MzQyOGE1Y2VhNTU1MWU5Y2FjMTg5NmQuZmlsZW5hbWUudHh0VVQFAAN9rSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGIGAAAAAA==' AND file:name = '75a73e.js' AND file:hashes.MD5 = 'df8c139d93428a5cea5551e9cac1896d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7e-423c-47b4-9ded-4eb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:58.000Z",
"modified": "2016-04-27T12:15:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = '75a73e.js' AND file:hashes.SHA1 = '3af8c1b75ac65df97ccb3149b7a5caff54ffb4f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7e-8b58-4616-8c9a-4292950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:58.000Z",
"modified": "2016-04-27T12:15:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = '75a73e.js' AND file:hashes.SHA256 = '580f43d5dec09849287d5c610ecc117579ae84b5dc3f59bff14ea22c56fe40ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad7f-646c-4436-9fb9-4f04950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:15:59.000Z",
"modified": "2016-04-27T12:15:59.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAABim0jiSo1AdQUAAOgMAAAgABwAMmQ5YThjMjdiM2U0ZTUzNzg0MmVkNjg4MmExZGZhOGVVVAkAA3+tIFd/rSBXdXgLAAEEIQAAAAQhAAAAcPzUOjw7Ms0JeHmU97WyEhWz1U2nAm0vllr8hYWNdoWVWwJjYIpDpd30HibCOcV309EM+4oYqAIrRzsXh0NOEJOzVZOPklUOmF8gCm+o4dHce9ZF8onvVhTLWQRvXUz8aHM7NexmvoqOzbD3OmNEPVisPSdX2ZQXlHv76MsRAnnkHPa1ja3JImJuTVqXNYXt0rP/Uvdf40/kBa3QP7xDztRkDjAcbTBQFd8RDn3htCDOscsmEFxlFyieNuBrv/AdVxkOKlY8ilEJGG39lYI0+vDnSB+Db1Xs1TbzLNsT5GgSjGN888TSL00iGvERcdEJXdGluIO+5m1R2Tb6nj0i6aHf0mCxXGU0MBwW4J7qECPizQX/o7PhNSOiuoic/kVF3wGHVR6JuJA2GlQQeDwA2wnMngRmw9QtyaZ+Nmqe174hkNK77VpMKuPIqU+gD4H2cSWjMiZw7Ve3FIdQiRgR7QC9aRDSfHzX4kSwico2xs6X+8NJSK8sseeVjdLavre3lRMstxnEHTHNv/KXuObvL5S+3Db24oYAvf4IgHz+B98SglcScGfgjLLII0+qEufVV4iY1nO+1IUbLq9yntB5xpkjGtgaXo2W43ayDXBv2Q7RNeRm3nrBuUO5KczClSz2dfiUfixLsnjj+6yuPC9Kx2wOIeqHPqXCReid9GK5WLwRAH9Yo/9FhIxFOpzE3FsAmb6Q2ugjTexr3a/o7ObZ3OKhcSbugYh3a7jIjmJipZ0UYtpUAYK7ZyX2h0JsfErpL8W3i3m0Bym0b+xQsAPqjpF1sgU8QjVBm1dMaQ3TmJcgtNYt7NVSOSAXYDFlMCRsihIO6eXGK8QZMTAa2CNT+v3QKnYch53Nb+hKJ4GsYYlswMSvaE2DLsaW2AlBKPR2q8YlvwOUTBkKqSGtO1i9d5fWYuza/Z0BxL2bWyLOmouO1emru4y0U7gPVHgisyjczzllIvzqLt83AyFnU1HVDYtMZKw0IwOH1O76VWpcyHmyXO+lhrJj+19SC2zVW3D4eTg2xYXYBBy1tLEVkfpOY3YKhO/QQdNvvjfuEWOyiHQM9hAFSkx+1h+Pa0sssCYud687kuCcVKcIedXDFRSGBtPom+xjB5Q5cy/YuN/+D2Z3uci2Rw/ulOg+JSrMuJF+bpm020bkpiEMPzjvxDDnm9SbHgNHDkgcmJa9jGmUVCso6D+cQc2jd6Km8Y0Dd4F73CYsHw9sXCdqxBoruUi5LrUTM1Wp94CdGVMvzFc8O+PJBtvqpj5G3Xq6/eaHfEmyKsGWb3t6qBWj2dACNxn0uWMNRgAD3uGxYc29v1ymJDkxrfbpsksGdpFCOKlygd9d7EkH7gAUZ/1GyYeIVD/tRbuFTkhhYFzBtVO9FOqhtJR2o6r2LeBambLKgNro4FAEe5jUwS8oTLAx1v8T+8eWmNVfwGFvGHn0N4vDn64bwOT95sCapHBPjIxIrcY70nVZLJaqw4zRdC2d+bFI/rlnwljek5cGD4jBGOSLn2P6DY+aIWRjZjwLaiGHPz7l9hhcLOaCxaWp328UonlqoCKhYSr9ArFQn9n18tgOdGohTFRe0pnswWcxchKE8nt7hTSQIWpLSdeF52HHTiZu6J2HRJimYo29otOMxZHeOjSKZFCW4CAw7YNZFJFDy+XCeObLKFxrAlSVEpz04J9GVjopnoGvROyPpJt4kvOUjnu54iZTxf9s3eC2xXWG4zq0K01vp5o1b5PrCt0zICXd5VeFN5YvhlqRj1Y2yibGD2gt/lnHSxAUFusJW6eIEqYNLqKMoQ0Es3k/g4ZWBici8z9HUKJeuolu5l+66+IuxvgvE6F9/PtRHU0pMCBYtPhy5wj3k46xrVVQSwcI4kqNQHUFAADoDAAAUEsDBAoACQAAAABim0i+Ll/qFgAAAAoAAAAtABwAMmQ5YThjMjdiM2U0ZTUzNzg0MmVkNjg4MmExZGZhOGUuZmlsZW5hbWUudHh0VVQJAAN/rSBXf60gV3V4CwABBCEAAAAEIQAAAPdoIIFeTerv5JHwcnWn/UHzAy6CNRNQSwcIvi5f6hYAAAAKAAAAUEsBAh4DFAAJAAgAAGKbSOJKjUB1BQAA6AwAACAAGAAAAAAAAQAAAKSBAAAAADJkOWE4YzI3YjNlNGU1Mzc4NDJlZDY4ODJhMWRmYThlVVQFAAN/rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAAGKbSL4uX+oWAAAACgAAAC0AGAAAAAAAAQAAAKSB3wUAADJkOWE4YzI3YjNlNGU1Mzc4NDJlZDY4ODJhMWRmYThlLmZpbGVuYW1lLnR4dFVUBQADf60gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '78f40c3.js' AND file:hashes.MD5 = '2d9a8c27b3e4e537842ed6882a1dfa8e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad80-6c90-44fc-b46f-48dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:00.000Z",
"modified": "2016-04-27T12:16:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = '78f40c3.js' AND file:hashes.SHA1 = '16c5d8a5a64ce3a4fcd7592f8c60a00422f045ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad80-6164-4a1c-a60f-4838950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:00.000Z",
"modified": "2016-04-27T12:16:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = '78f40c3.js' AND file:hashes.SHA256 = 'ce1a3ef6cf3f740596d75cebaf7293b1b19d673844758349120354d475a4541a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad81-fe10-4862-b7f1-4a67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:01.000Z",
"modified": "2016-04-27T12:16:01.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAFim0i/QCCCegUAAO0MAAAgABwAYWViN2NkZTU5OGU3OWM1YzBhNDk3YzdhNmZjN2JmNTFVVAkAA4GtIFeBrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1FbiC282DoGnjPb8rc76fGdbmITVOK7re5BfRFBjVrFgISna4i3+sxqWMWF66U0FmEt0DhSlRWaNsoiJss8NnHfsGMVWq+vvO+NeaKp5gJb6vAq3MTKxhALn8ePDdS86I1t43yMUPvQVC/opVKEeSDTMkOICZdyhyYre97WtwUXX5Ec2dFlVBDYfv+eDNDqgYMz8+BvcHYckKBrwnN9PFRhkRY5OjAPq/mbKjWZBuwDRmt6sogVw1SEdWkcGR8WtjiVg733PXfdGHYBpTaoACqHYib04T25lLGMKREt0cck952mgly0MwoAijptv76s83yqGr8W4ZJwk08aMxMC0EiRulIjIZNE0A1NMPUl1F4vSbDIW8/u0wFKrcdzgD9VrYji5vT8xdHpm3CsnsfbMMWPK6kqOdb2eqYm1c0CTRDRvk7YqghfFrj/Nt8wLWbGEXRBgKX+7Y1pHd+iekr99ctA8ZutuBhnGQlQhexhG+7ZZY79MvRaOOPS1Gj2TT7LSMLeftO2s1ZlMAJ7+05xun6D8jsuCo+K32U5A+qVKzCqPnPeaSHa9o8wyex+T+LPyQ4B5BOkaprYCL5AYHee+2foANYRbnTsi6ervpnt03LELErLisrE9lTsdIsgA+eimDWJICrAAgyXbeIXafuZyN6+rYnHSoEeHTyPYbWeYtrQ1hJfHtADdWDX+3X/z1C7QA6wHaZTn8DUZOe6ItJz424cmvt5pSZDGSI8EFlfzjnG37XO4uVUBc/2gg1sBvX7XPglhHH4c3Nd3RdBBRJcRG1e0iLdDUdu6WBisgyz6fJ/mXybD4ENkYeRDRqvY8bLH5EVrWDlwva7EcgoBptHkYNMPoD9ux1oApVuVJ+TSnV0HAz8eB4a/jnYeSAre93van5Q2eQ319U+SXdJ9/DkO5pdFs1HdUJJc4+uJMEoT2XK7oO3FyCtps+9HRkuRNHlSx7DzWTC2Hn4nTGu5HAINan/IjpDqdG38lHAal1iRjIVcGIkjSDylaE1mpdC4TedDozBJ+PhkjPJ2NSuG1Zst2N7SHqW0DhfiFt5UYlP9W5PsjLBSfVVOpk7+xCaOQLNrhHn+LlCCsqe4tmtFbp+lXnWdms83tMjnuzZ3TUxwqL+pFQ1gmN3A4/RzfSDAcTf/cA2DOk6weEJ+KvvTViGV8V3hVHWhuC6S+ExWwSFESyhj3Gf+bcHaSt5AWEGLpiYxwy3WcGofXWlEXm6H7xIwYLP/n39zWOmmfFAoTsXbI0gCk/P29Dvcy3zY1/uCoEa712GISL7tnzhNvzIRufkVZoMQCTKcUEdE6UtFVjDrdUBk0Yq0wuhV559iISB/ov791gmsfrUhHLriXAo1Xep4xdCD4YM1ZwqKeddpTzJ9u+rzLCXacjCShPWPAaccBEgqJqmaIOgsN0UT8eOcqV6bycO1nAiZ8qKkmfLJL2SgP4xymEOB27+N+Bp4A8dA4iMaVlxYQEI2KCEtNQT0lR+XDjtWHIAxPF1GKNPrsp9jsVMCAruIGrMqv90QE/OZt6sEsnDw0o4tyyfliLppFf8s+NBivVDR2rjNG/6gV8C9Dft1DeyoCrpVGbV5JmvFPWsvA1ekzy3w6UczyM+H/hrPZbXtKusQaDh9dWkoCgDIEGQyS1QI9hp3Y3lUj2huJIpg03tlq7FXfirMbwgYcb7NuBWCiUlTYllmglN+Ff6fN2YcPSOQHNQulFyBDvO+5NOV3yE3hZos/lXIt5hw2lh6VIVBt86MUrzPbQqOzFMfZOQS4EsYh8r0tjhwWwJ6Y0j97qYEItnPfcsYYLdZDRjfrcpmg+mU1bg3p4nqVoh066u8wTM6UxSZ30GI24cwpDZ9YlBLBwi/QCCCegUAAO0MAABQSwMECgAJAAAAAWKbSG25OG0WAAAACgAAAC0AHABhZWI3Y2RlNTk4ZTc5YzVjMGE0OTdjN2E2ZmM3YmY1MS5maWxlbmFtZS50eHRVVAkAA4GtIFeBrSBXdXgLAAEEIQAAAAQhAAAA3bYC1CGgzPuv6M+T4t+SAFqi5aXjb1BLBwhtuThtFgAAAAoAAABQSwECHgMUAAkACAABYptIv0AggnoFAADtDAAAIAAYAAAAAAABAAAApIEAAAAAYWViN2NkZTU5OGU3OWM1YzBhNDk3YzdhNmZjN2JmNTFVVAUAA4GtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAABYptIbbk4bRYAAAAKAAAALQAYAAAAAAABAAAApIHkBQAAYWViN2NkZTU5OGU3OWM1YzBhNDk3YzdhNmZjN2JmNTEuZmlsZW5hbWUudHh0VVQFAAOBrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHEGAAAAAA==' AND file:name = '80e0e4a.js' AND file:hashes.MD5 = 'aeb7cde598e79c5c0a497c7a6fc7bf51' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad82-ae9c-4a12-8d4a-44c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:02.000Z",
"modified": "2016-04-27T12:16:02.000Z",
"description": "unique .js file",
"pattern": "[file:name = '80e0e4a.js' AND file:hashes.SHA1 = 'd127106ca2bd46f731f039bdcde2d1077ec57d0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad82-15b0-4dc1-be0a-4bcb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:02.000Z",
"modified": "2016-04-27T12:16:02.000Z",
"description": "unique .js file",
"pattern": "[file:name = '80e0e4a.js' AND file:hashes.SHA256 = '3f7abdca6ae9bf5273763348d4e444f685abc7fdc92f20206e3c5f0afe298f79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad83-e35c-439d-b63a-42d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:03.000Z",
"modified": "2016-04-27T12:16:03.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAJim0joC0ccbwUAAOQMAAAgABwAZGU1Zjg3YmVkMTg2NWRjMGQxYWRkNjIzYWUwMTMzY2NVVAkAA4OtIFeDrSBXdXgLAAEEIQAAAAQhAAAAa+uQTJQBTxJRqe4uevdls22xexqpD/mHCZsBLv8NsfyczBrZd+WQk0arolxfYQJhgi1UV/Jc/u1oBJ2p6tfKHkqAnoo+lRTqtbna+BXKLZYYA9Hy1D4bOhj+W24OHtzJxY08MfwNyuNeHvxPjaMryeeQ+y//3deB2w+yiOBlHkEpBA+bqo4Fr1cK5dWjPLPuGoqg/oDLR7ipNBbXjYyorY/2oR3xmQQBt9ALeceT6gf9xE6wa+SSE3mLGa31X1Q0cFOkYTBDiMmtZphP3/skkBfU9Vm+LM8b8PEzV7ZURPwJU5QO+79uOueyj6anlPMS95pAJW1WIZgoZ+o+Y7BSW/kxLVbiyiRZPrauMBvQqN9Sa+fk6jWDKYpDKgG7/cqeNyytVCc8QTXHG7k7zse/A6+zDa6EAybBD6QTarScpi0DzkN8vMWOzm3Ag/TiFj9XoMKtHixzmEwkM95mbaQqnPu8JA0P1EcWRRGhBE1wXR3ALQOOMh5M2OXoHfpSi6EJI2Lq9SDERAxZYS4naJME+NjrYBQh+I8EFDNywwEFi3Ejr59SN0Os8s0HfjMw2592UNoRyEb3EE2758hFekjQMPmecRm4xnJTEEm57tb7xe8N2W7G5a4+bLdOTYj9kELFIqfSqIElxjSPR1Q2ulvvZPj7XWod5eCm33NrRnqcunn7dJu5NaAJ0N50iSU5zKcFRLF3RST2vUUEGpk2iRM9IPhSi4pe29OYgGxz9CyF9N0uB2WAYtE3f09syZe6tpg2eRjjFwrAWpC95n7t/DtbPkjehyDUqkAERYhW9N5om5Ari0a25BkF5acYSS1+6BVrh1i3GuPDKdYhPCXW22Pd2WdEts13BlMbw8zLRSwdB8KTvynttbc91PllHJ4aK+971O45ib6tBVwNS7mDf0yktIdj5w9kJKa0e9gc/OOvNmdDh/xcox48CUIlAtmGSFw54MYpihwW1KtmzUE9s3o5lYK9ZJFHhLVidiabATpKTiKjtVAWhCaHWvgzhMZYl+joZzEYfeDXQxiwabi71xfgzFoP4eJrd4xKvK+wGua7hsoKcRh4HIx45tgXzUHm3yze3qgcxeJ0L0+tc0ZGKPeAlUlS/6hmAYSdlKVFRXuPKs28L++p5I5f58hPaCEhkcRq1e1B6RSJithTSRUTDYP+q7amEJKgvBrI8PmsxwXM8OEbftjJQrZONyclnyoMtnkjZybMYbM3Aos32eDa8MM7Xt3RrsiLRRzxv6wkFYVFvSoWcmKh9yDpKFaJT8npZ+6ELRimq8pSq92+gCqMcQOsRJw5jRnVoEHmoq7E7BtTX7Z2PwyFzzSGcV3vFR3vV9FXnBbwwt753OpEm1Yx+O8cqHwiCXAbQDGSQyplyTEqXHZPgdhixKaj8aLOfKc4TgaJyM4qDOSKdE8Srn3la3U1vfYN8zEf/gZNGQtU0UdqOfEYfmVmenSjw+uKTT86hTIn3cfq9gwDdbd7Az58hQM6a6Tkim3qMfB5G5qiLO7jxt8QJwaQBIDgfK66ZUcGpp8rM9ifRi+ITiap6/9/1rS+bkVRgOHP0U5PtGnHkLDWHmIERhwFEnAjO1HPY+YLlLYqW7f+6JThmb2ZlR9l9SdFftAL5SMFW5xv1zx2UBZ3iqPFLvCHdnBk8BQR6W/PksvThsa1LemreXrEyxWIfWHfpY1hriy9iBye1EdyighYrdaG3L+Wdf2BDjPfJFE8dpM1ws9JDzoOYsicetDnhldP4XXNBEMst01RVK+kCrQI9E0NCwUQDax7cxUzU+uv45CZQ0V5A2lMFWk8M1Sjb/9Xhr6WO61yN19w4qylZMz7LhrEood2gZjdIIubnf+Rq+lQSwcI6AtHHG8FAADkDAAAUEsDBAoACQAAAAJim0inq+iUFwAAAAsAAAAtABwAZGU1Zjg3YmVkMTg2NWRjMGQxYWRkNjIzYWUwMTMzY2MuZmlsZW5hbWUudHh0VVQJAAODrSBXg60gV3V4CwABBCEAAAAEIQAAAAalBWvWAEXc0gFWvlKScMDEb5rzewTfUEsHCKer6JQXAAAACwAAAFBLAQIeAxQACQAIAAJim0joC0ccbwUAAOQMAAAgABgAAAAAAAEAAACkgQAAAABkZTVmODdiZWQxODY1ZGMwZDFhZGQ2MjNhZTAxMzNjY1VUBQADg60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAAJim0inq+iUFwAAAAsAAAAtABgAAAAAAAEAAACkgdkFAABkZTVmODdiZWQxODY1ZGMwZDFhZGQ2MjNhZTAxMzNjYy5maWxlbmFtZS50eHRVVAUAA4OtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = '82a83b40.js' AND file:hashes.MD5 = 'de5f87bed1865dc0d1add623ae0133cc' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad84-dab4-4655-a957-48e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:04.000Z",
"modified": "2016-04-27T12:16:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = '82a83b40.js' AND file:hashes.SHA1 = '5e146b15679feb33c4d9a8d209a8c3f34ca3f43f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad84-84c0-4ec2-921e-4afd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:04.000Z",
"modified": "2016-04-27T12:16:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = '82a83b40.js' AND file:hashes.SHA256 = 'f23765873ef6603f79a279ca213f82adf37fb4b1d9eb5b4805d6766be9c94a87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad85-4c60-41ba-a7a9-4bdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:05.000Z",
"modified": "2016-04-27T12:16:05.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAANim0jIWTeTbQUAAOQMAAAgABwAMDhmY2Q5N2RkZGI4ZTgwZDNhNzYwNjUwNzFmNDI0M2FVVAkAA4WtIFeFrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1FSfs/T/0oQUf/xMzMTUZNTkWzUd6rRzLWJICKHMaT1nlmDhJEGVSlQoCjeOw1tbD6rmHKtgeeDicX7Eyibb9eKugXh8qP9YIa0c3AGE+3HVcnYVrBU6SMqSFd8TQbxvq7uWKm3V0nJdmR5TfOI4HsUipeZoOa2LGO2lbjVP+uHtpYKA81E2pqX9J4d3NWkhGVUXith5qr69txtwtBcQU0lKYeFHYVVMj0IW+C1HqXhziQlx/k0IIHwzcOX4/6yAC6jtLYJlOhclUzqgJ0iepPMJuLPEjkb5JS57o2EDHP8iMw3z9GpPYQLsY5IZB2qWjHujzla5QJq8hwqS0q4+UTMC/FJqnnMeC9COSZvjporVeO9xEy5Vc3MEOQoSQAUdITlE6rN2knuW9Jya547zwiW0hODgmYllCjxl/h9V2znUUBh9UOR7lTCDM+jNjbob4UlFzoxVCBoPAitOwfx1fNIru/cUqmkr0OFXV8uj+WKTGTt9IGKujxPUX7nymRz0jD4Z6D6BPJftvP9WpiKUeLjnzEE5jggPRkKG52n2Rt5h8TUQS5gxkhdVZEqF9NP1Bv+qHzCdIMNUeK2Aw61zCwUiNaHPcglEcI/ZyjsZtEVdFcEWDuXvuI/3ZUEZb94UPiYd+NoB1NVbsIzosIykno3YS1Fe4HB6l7wmN3zEKHOl/PrbxMZqxSJYzWaQZToqgupPTaj0prPdxNxjyhBrWRQ6tjAxLtgPArFbG6Wnm5v41/jCldeYYWAusg9qvzERj9k0XkIVXnqFNxuI35TZDb6bDJjLvFTwLZQzzw6YsMIfMnSmpYDjRoiMizgHeEXG8nO6MwZW9sh14Kpj2PJT4mNgXXkvYOrEUxJsTD8pTDwY2MIH7LQR4AfxZh2DUkROxJRf9JXO+LnL5MC9mUrqLWYasepEWaFUoXYQoJd+kmb/G6RAhbZH3HrA60PJdv6yu/qFanTGRbUYioLIcy02IM1eN33ALsNXmAxoEboUkBCYeQZSIMfk/rEkHoiAKzZfvSM/+fTVSlMW2ieBu0mZan6P/HwA72SBo7mRaL/O8O82OyjKLPAbOGa2llUSc+3RK+UdhiLs/RIOk9KsuSg16Rs/xh7/aLk0qp0nGHpJ9QIAr5qHTO/IWYdnPfvZ1ev7nR3jMF5OxOSvkdD1RczepVWXW7RatBRCbNr0URgBTmJp1h0yZfc98RhaOWAxqRN2wEIBIgZF/4SSwfenAsLFdQPpsMM3SR94BF45yzgtHjSayY5HsY2QbCPnQ0Aeg03/KEz6N0vxWE2ali64TZ3w+esBvqYhQ0zJlFxRtfaFMJfFJuUNbyJywEClL25huI3eNF8imc+/wF8YFMXXWb22xoxDknlBak+K7VUymD71Q1FT27+T5eH3yzoECLRyGBnNbWw8AkuHCqoDc/W++Y5BVvVSskoq+NqfHNWzXpnlho3m0XTanqynqYcqB8aupHxCU6kU6eZg25F7c29NLxY7F7DHNGjfO6tTO+edNsha6v7UyaqiGy/jdPRU9dqaOXpyozb3zedpDAazstNz/DZzjFCL7IaaQkfloVSUTxliohcFvNJt+Za/sNzh2J4/QmfGI+weMIK72OW0RyIoQa1tesLjobVrUBhrcZpzhrq6UCYhsLuqEuWGpSly9rWGk0IB8KRaPo2cJfiV7Xrx/nBA0lKEjOXDk1f/guyi9rhaEhXhrdrXh0h9mzTpPqERrPkXQcAFRCr1SpKXvXltf/ck3t6HnreFalFw/+tIqHBX4vzo97shMGjG04Swmu/D6MvTJIm9UL38bAwRPppG6u0OUPwBF+LB2oMzAc39IHvf8JaLe5e4UEsHCMhZN5NtBQAA5AwAAFBLAwQKAAkAAAADYptIW0hkExcAAAALAAAALQAcADA4ZmNkOTdkZGRiOGU4MGQzYTc2MDY1MDcxZjQyNDNhLmZpbGVuYW1lLnR4dFVUCQADha0gV4WtIFd1eAsAAQQhAAAABCEAAADdtgLUIaDM+6/ozf587Yi8gaZgxK/74VBLBwhbSGQTFwAAAAsAAABQSwECHgMUAAkACAADYptIyFk3k20FAADkDAAAIAAYAAAAAAABAAAApIEAAAAAMDhmY2Q5N2RkZGI4ZTgwZDNhNzYwNjUwNzFmNDI0M2FVVAUAA4WtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAADYptIW0hkExcAAAALAAAALQAYAAAAAAABAAAApIHXBQAAMDhmY2Q5N2RkZGI4ZTgwZDNhNzYwNjUwNzFmNDI0M2EuZmlsZW5hbWUudHh0VVQFAAOFrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGUGAAAAAA==' AND file:name = '82f2108b.js' AND file:hashes.MD5 = '08fcd97dddb8e80d3a76065071f4243a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad86-0f7c-45c8-bf8f-49dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:06.000Z",
"modified": "2016-04-27T12:16:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = '82f2108b.js' AND file:hashes.SHA1 = '43733d195e7fd2bfbd900b9c67aed727d9367dbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad86-33cc-442c-96fb-40a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:06.000Z",
"modified": "2016-04-27T12:16:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = '82f2108b.js' AND file:hashes.SHA256 = '48362eace40ce7b742539dc17e5f44b052b7b62484e8b3a8a0d8c27103cdd70e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad87-9e7c-472d-96e3-43ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:07.000Z",
"modified": "2016-04-27T12:16:07.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAARim0ijEDVOeAUAAPcMAAAgABwAYTFlZmE0ZDI3ZmIwMzQ2ZTMzMGZjYzI4M2JjZjU2ZmVVVAkAA4etIFeHrSBXdXgLAAEEIQAAAAQhAAAA8Hhz+nNVhXjI+Fj/leWOkdrLSGiK6oXBySsgNF/c3G3tY89A9tCVW1al5a3THaTaGPdXXoxctdaeu4RdRDEFQ4MCHfi0HxRjphTq4vHN6oz3AvO2lDoRE+Y0+zIcCTlMpyj5np/kRLjNUARaSsyAO9YZ7amxmVQs2hpQc7SL3zi7M88B+2Lehehik4CbE/sZjEMhiu3aoO0scf+2uUyaocYfWwNLApTAj6RXrQVdZgp6hKet3aDMge7iD2jh52XY3BICpipNwXe6SDhObrIw/SMXHK2FB+nAErrjLAH255hAWEKRu/w7Yf69QpV8980iCpnnMCtt/iOg/e5FnWnsi/O67wCmrwWSg9eaM3ZutMYGeGLH1AFEGPYC3FX518xf4wl+jeRXqmvX96X/hhi6m7ZeylFwDUKkKYj/mg9Sn4xJ3rDgPaAFeoDQAgpBaRSNlF29qb4g6mHCFDq4ZtzAtE+Gj9kTRtle1ZFbXF6FOYoKeXIpwzJChqFqPXsx9/7zgd8hwJOv3vC/DwINzNmjr8ZlOeTRf76+xXLn5fL9071/F9MyXCw2T8hbf99VYW1ArAKcbQ3AoHT4yz+iSG3YeXjC9J++7qc7i5/Fch9yc0YiywxGDILo2gC0NtHnriFKID8SB/H56h60WhPr7XAyY3wzJ82rtRXqgV0caPUriuWOd7NtXynemklTZ37whRezX05tGF6m6BReDLljANAwW6+FL5pIKZhXmYdP+n0fwnpWu2cYOKdwKmFgCaT8Yy0ZkBafnWomBP+sZ4JKZhcWQjbJAJOHyG7qtM7aggKUSSrhJk/lL/Cekf0Ti9MRP8p1kF6ghOCM39+V1bGh7PA+igIycNZwoVcDe50wQfgc79Uf1/D3pdxcyF9YJ0rOX15KTpmdxrBGGHe8C+Bw6twXzDgrbHqJxyWW61Hzl6UApl6e0GY9YNJbMMbsixzMO3KEHgN/aeqz5A1STIcMVzgJEXVT+3o5wlaanib8/oHARLY4U0VTEou6odiBzl1/zijFP+Aq7vrcwJF6TQMkW3sEE7HKyLn5wxTHgakEURnHarJmiJ0uew8ye6hPUPwYqwJxH9S9H7oQ1BPPRIGKHn96qbLuGhhDEHW2Mp/SlcTg+2UxER+TYfFjlTJZeKel6M6LQloFY+HzRk4XZoRQcL5DEjSgT8CAR9JZIDH58WlSnVjxixk5eKPpvOWT4pMOOAOQsMTnratfsL49BHTJMxH5me7CAhbksKUiVvFPWZqoGsv6kG/OnwE40+YiNvkQYp3ye7Nb61kHoHQ/HNlaArFm/Ak9ZJ5p9nKHx5cbFVWYBgJjBTln6r6FLJExJku0G7CfsPRvxLMbQpE8o3tAAxtyz8LmYCeSrySWfrUdVMIANlLcV0GL/gY2HIyhSSlezb36S+o0Gv7LmLEcph2upWzWPZ1SByYzhSkQS2LlOdin0cNGWNwUrkHzDA4OpWv5q5T/JGIi/zE7pUgqLAZADnHZLIYAtaaimNUipHvQUMWCCvgFFAcBbfYIpFoKRfkB9MZElYCdsK8xydt6GX5rcOw9dEK50o2tGMhPG+l6Vh948P0fFtdQWiw9mDCg034EJHy8USNl3vHlyspFgio/XCzRnfntZgbCLSA6I6sdTLd1BZrMSl1NEX/EfM7HLqNMGMAvEEaBK3Nk0UHpa/3u+Zv/gyPJWxrvFEsmzI8eOfO5GB+XsZYDXFxVqEss7y0F0WbtgrbBtaUMpT28Y8J4QJYLiPeWpJ/So9axXfw4UyMetyawEUdgstySFiHasiSeu2Av3PrSsWf630Q8t+KZWCRLhAcYt6k1nMss7vrZVthe2IgbVW5W/17emGkKa6CTPQD5k5ctsvvBijVQSwcIoxA1TngFAAD3DAAAUEsDBAoACQAAAARim0jpaNhTFwAAAAsAAAAtABwAYTFlZmE0ZDI3ZmIwMzQ2ZTMzMGZjYzI4M2JjZjU2ZmUuZmlsZW5hbWUudHh0VVQJAAOHrSBXh60gV3V4CwABBCEAAAAEIQAAACAK/7X8zRHd7yXJjcR5QM7axEin706iUEsHCOlo2FMXAAAACwAAAFBLAQIeAxQACQAIAARim0ijEDVOeAUAAPcMAAAgABgAAAAAAAEAAACkgQAAAABhMWVmYTRkMjdmYjAzNDZlMzMwZmNjMjgzYmNmNTZmZVVUBQADh60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAARim0jpaNhTFwAAAAsAAAAtABgAAAAAAAEAAACkgeIFAABhMWVmYTRkMjdmYjAzNDZlMzMwZmNjMjgzYmNmNTZmZS5maWxlbmFtZS50eHRVVAUAA4etIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '83ce4833.js' AND file:hashes.MD5 = 'a1efa4d27fb0346e330fcc283bcf56fe' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad88-31d4-4c4e-88f5-4db1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:08.000Z",
"modified": "2016-04-27T12:16:08.000Z",
"description": "unique .js file",
"pattern": "[file:name = '83ce4833.js' AND file:hashes.SHA1 = '67db23bf14612837c4f14118516de488289cc874']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad88-7674-401a-881f-44cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:08.000Z",
"modified": "2016-04-27T12:16:08.000Z",
"description": "unique .js file",
"pattern": "[file:name = '83ce4833.js' AND file:hashes.SHA256 = '4e1190ef9dc26244ca9c8493ba84a63e76725c34f8faac7fa77541ab94a55b5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad89-d0ac-4e10-894f-4e24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:09.000Z",
"modified": "2016-04-27T12:16:09.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAVim0gfA4U0eQUAAPAMAAAgABwAYTdiODFkY2IyMWJmMDI4ZjkyYTFmYjdjZDI4MWZkZDdVVAkAA4mtIFeJrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1FKXISrTMrxt1MEFTYSMu3JKnuA8euXKCcvNOCOsX4vjn8Bzjkh4hooYo7x1Wp6iitjMxrQqb6eK1mVlglKlsNCMYo+AtOi907KaE+76OM2NYXwWP/e+lSGdPNB8k+UY+Gvs3uZtR84qXvOviabOaB+Y97jLM7UGSPxWf/M+2/SkGMMLyaNlHj/r0rHR+VzwbMduS5Xuej3q3aUhq/Jg2ox3H6FbdEb/CFIhdpSHkitek6kRkibkut8slRR9Mi1JdUHru21Ryb4gxdthpBD1XLYymcTWkclDYFv9DZhSGsvv/r1DU9BOnK9yT8g0zuFYofqABPvUkJvS+yE+JvfuTLuq695+1DLxOHKGmWwusj7jK5R8ePZcQOehqRyT/jVRbXrGtzNLppRyb9SUitN0tbm942e0Y9Z7Z/B/9EaIuPXa1IJo2wkc9Yy/1S1oRzHTFSupSxnP0xbE9GTQAg4jws0NeXIPbkLNYJZyFbkTPMUDb1dc90lPnaXBgyvN/1me5v0VDRSrIlmRGAsCCRwiLR0EYUHlnvratI+9gA5OKkhwR8NSFSClzB021kRbw4nFmmhbqJMrY9lsynLSc7VWp5ou3W1rgfAsSujzcSKM+T+oq6Ecd9aOzLfUhEYO2AAJiGurPzk3mQGp2ZFi0OIrFsiMI9FUhi5WOppabP6cg0NRrug/twxaMsKvTgwjo3HgMgq4WzGdAObP4+s44jAg5NZnbtus1SSHVD05FxXi7Vr2yZurhZiFh9i1LH4uATtqYXR4/7LeOsaWo0GS3knWzMxkv5MlfvNydHw4qlFsAQwgPBp4Lp63C7rHikhBRbhlT+FSZZQUOyBvgmYCP4ssXwqb7BQ+ylheyZs/m1oqcxw3TrmFpkSmrbpYBWVFGTSjHENq9j/spppy56/i2mWkutAvR5HJ7/hFtxoHIgX1UyT226uzNR4E/k8xC+xC+Ht+yhaKqmfuT4kgQb8gbBcE7fCUiZE4b3rGNsIjI0E7GF7AwzLxwdA564kd4joK+3fcGMa1NxKO5xjp/E31aJCVoCNvAHkeYqr2DnlOVyLdTviAZfJ1XBzT3ygVlDRqbWjpE25Ax0qVK1b8azWKSUtq2I5I3it20kBncfZ4itfR5I+Bauo/I3pXuqYeS4SZWR9Or2JqtfCQgMtXM4BPGURY8m/Zf4BZ6wbGTYQI4C99BOKYZrhSc/US2A8LUXdSYOQ0V4g4RshyAb4TwiGJjiwyrj8t2Yfg2Vz3DJcV52J5et96KnuJg5drjDgu1GMN2GBEVnyvUU388WrdJBu4FJ51nJsEUCLikGfY4Jg+xNad+XAkBIgHYsKoWmkxdLCXoukN2jruz4xtLG4oB4m2peFNfCdPY6dU3BOYPv0koWL4YqQjKiBa/05KDC2rItCPXWUxfrUgh5NLPANeDau6V9pgFQgf2kGWncLenDaTc96ZtKRgx/pvW2Xw1JKla9ZahabtO/pMSd86W/OtFONox1ChkOMCO78Z/IqCdDf7WEXhgNEawSEGIMOzs0ZN3vXZlAI4uqFB0kyfx+Xkj7csx3ASpNO1iyABtc6RcjkhrP60k2AEpLV2D/nJluJ971wS/71T9AnakAmEUC9h38XvLZhg/EdSsmfQdd8Pw3ik0pKrOqJEygAw09PuryP9okjuBAsw23cLNVQij8Ak+QWiCfP7/I6GdFOLBkpDPtSAlYp/OR+lCmjG5GS+8P0cfN5Ahawxx5yzDCPCCHMScRSMKZngkUsKB1vq3C5Q7nsQLUdSAdkO66bTnBsZroFb37FTmUvk2jD3E9U4+UoWDJ/gvP1D6jwi7ecEZiY+89ReQZVw3haLGxlWmjFVvan4X0G5KO6iUEsHCB8DhTR5BQAA8AwAAFBLAwQKAAkAAAAFYptISh+gkxYAAAAKAAAALQAcAGE3YjgxZGNiMjFiZjAyOGY5MmExZmI3Y2QyODFmZGQ3LmZpbGVuYW1lLnR4dFVUCQADia0gV4mtIFd1eAsAAQQhAAAABCEAAADdtgLUIaDM+6/oywZqQ/dZQC8Ov0HdUEsHCEofoJMWAAAACgAAAFBLAQIeAxQACQAIAAVim0gfA4U0eQUAAPAMAAAgABgAAAAAAAEAAACkgQAAAABhN2I4MWRjYjIxYmYwMjhmOTJhMWZiN2NkMjgxZmRkN1VUBQADia0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAAVim0hKH6CTFgAAAAoAAAAtABgAAAAAAAEAAACkgeMFAABhN2I4MWRjYjIxYmYwMjhmOTJhMWZiN2NkMjgxZmRkNy5maWxlbmFtZS50eHRVVAUAA4mtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '84a8a2a.js' AND file:hashes.MD5 = 'a7b81dcb21bf028f92a1fb7cd281fdd7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8a-a1e4-4581-b6ce-4779950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:10.000Z",
"modified": "2016-04-27T12:16:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = '84a8a2a.js' AND file:hashes.SHA1 = 'd16bdc9522b25ba5f0199682ef886290f012ae0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8a-24c8-4c03-a844-414e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:10.000Z",
"modified": "2016-04-27T12:16:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = '84a8a2a.js' AND file:hashes.SHA256 = '783dcafa624846d9b6f3559415573faa6be1581b840191fbfe88e8066431cb1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8b-fe9c-42a1-8d4b-464f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:11.000Z",
"modified": "2016-04-27T12:16:11.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAZim0jxX70DbgUAAOQMAAAgABwAZmQ2ZmFiNDdjZWNiMDkyNjYyMWI4MzgwOTg1Zjk5N2FVVAkAA4utIFeLrSBXdXgLAAEEIQAAAAQhAAAAa+uQTJQBTxJRqeqtVEu2BIe3PW/yYQ8FZw9Zd0bCHg30MDDYgFSuv5S06mn5rddGF4JxnxN0dyEPDyBFXSU0sK/qV2eKIin7m5OA4UVwmlV8ri31LklNg9mo7vheafGLf3BGnKfTVOwqPBRI4VrxQMlsU+pihDAppQSaXXWSzYUVySS83wUU62MyvSmlnCU2TQHlccv0zrjOkUL1Wh2v4ZYRdF9QFvhC9JTJDH97uUOmGFJR2W2iMwapkWCvVJADxZoGic9++FHnvHPpvVKKBSWv65y5MOSlPc4tKcOCvwiaAGC5ujfsCcuHEaHOevpiP9Fc3+yPvn8YUSryn7AeuCa1sxAZD3HVzDMNfYxD5f16JWNRzCyquLyegMIutxBg+5Dins636/srA+RkDXfLE4KhI7U3+k+4n8Z+DOk+JMDPMZjnm67sSun9sz4Mo3AeNktqJX25K80eN73yLj+BJsh8IGKRapNfM3F1Lj25XBZguYETmXtkqnXLH2ZxzHBeytqTDc/Y+opt4MDkM/wZkrNBWOCvpne1eVWn07CYjW5sW5w50qw/I/kJkoHOkeu7dy4UigP31L6WQqOz7Zk6tFo0oTdpL5od1Gh/k1yxpr2D3BrbX0Qt+SB9NIBf4fyahG0/EhhBzI5O/R0mhWY7zUOR56vxRCrXQXmHDgIWomvEehLWjuznszx1Bj9QC9TcvcJJxjxOTb7s1wzt+hc6XSYm8fmisRITXy4KxjQk+fL4mPko42GWzL/zG6X5aK0n18iBm9muujQINAHtDw9RDyhvBBi1HJWltf2GeBkKoMYD3gBrqDxM1QPCN2waA5OTZq3N7PJuBi4gW5xqIG6labzp+6u2EfTuaaFrim7QSvtgEo1aHqJRfR80VXWovLOk9/kfsNCWzKrw0ZSkZFhDf0sNgEV7w6ypTeTbBepoDUmb4tmcGt4dYfm3kH39+G/C9vE/ofij3OEPLMVvI93EBb5zat2VS3KK4TzYVgAAsGrRnHguvo9iU4JllwijLwEwISEOXtkPFlptO+YLw1eTLMNRdTswKHqRpdoZrgIztMlw1TiggDxznTjags8dmgR/3KmR/au/F9+Jidbe16AKHDLHCx94qDvbIItXGqlfVjuq3F2pP+eZ3YLgouZ2jlB7r7GIN02bpcWPlfZ2fMCFeoNAjNdXE5cSdpFSlZAJuFtAjP7DhpKqfmPdL40KvPLZkn703uE+mQUWrfTg/42XFPEu7Q02B4a9N5jkkxErZQ/9vcyy53k2skfBqwBs7j1hjFXE9JbhWw+tZmfSCkPqspBz9sDKKOa0Of+e4UUPxMgHfkfJszHyPTLdRriuEwpdzmUYBgV/ZpELjayseBE7AwSrV1ve1Ql4FXRnueQZxjMrKZOSFv4hV3VsKla1vsdbLXziq0D1YImoBjBonRnNyt1EZJUNcVEaivpOn0ulzlpDIC++aSUT6bTnvgTTWXJFeYFSEeSqvnO2ynPpDLdZRKNOyoJqQMcg+if93jg1FMSzSmyOrCxTG70Zb6r1KgamaOlkDwsVxfAzECGZGrUF6XOD79vMEMpC+6LcDxAHXs5aorqBy06INPJbrhGL9WDq+FAp+WGf+azVPf6D44XTXh5fF5YzAR0HfYW+FuP1BKiMeDC529mKZqYBD8JKrzXNE9TFXz7sMsPc2AIneycnna2LX3ZeuIYunk3a4/U4xscLbwIF1utI6VBcO70eLyWeAG+Bs7PGTNa69PeF+VPXmuFpIvkK1cZVsHGl/vZksLZaPGYhmwblu6kyBQlpQJNQ4YmtsvO4pyZUAzzNJ+59k+zKI/Xxi1vmtrvZxhU0fCs6T6oCWyGAaTl3te7TwlBLBwjxX70DbgUAAOQMAABQSwMECgAJAAAABmKbSP9LExgVAAAACQAAAC0AHABmZDZmYWI0N2NlY2IwOTI2NjIxYjgzODA5ODVmOTk3YS5maWxlbmFtZS50eHRVVAkAA4utIFeLrSBXdXgLAAEEIQAAAAQhAAAABqUFa9YARdzSAVIt+60zMOn69eL6UEsHCP9LExgVAAAACQAAAFBLAQIeAxQACQAIAAZim0jxX70DbgUAAOQMAAAgABgAAAAAAAEAAACkgQAAAABmZDZmYWI0N2NlY2IwOTI2NjIxYjgzODA5ODVmOTk3YVVUBQADi60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAAZim0j/SxMYFQAAAAkAAAAtABgAAAAAAAEAAACkgdgFAABmZDZmYWI0N2NlY2IwOTI2NjIxYjgzODA5ODVmOTk3YS5maWxlbmFtZS50eHRVVAUAA4utIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZAYAAAAA' AND file:name = '089df2.js' AND file:hashes.MD5 = 'fd6fab47cecb0926621b8380985f997a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8c-8c2c-45b8-ac0a-4844950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:12.000Z",
"modified": "2016-04-27T12:16:12.000Z",
"description": "unique .js file",
"pattern": "[file:name = '089df2.js' AND file:hashes.SHA1 = 'c1249c31431f462a76c96fe1e1825274dd429a14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8c-3c4c-4f84-a869-496a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:12.000Z",
"modified": "2016-04-27T12:16:12.000Z",
"description": "unique .js file",
"pattern": "[file:name = '089df2.js' AND file:hashes.SHA256 = 'b8c6acab14c2d817f78f698fa542929453bd32a235003571b16108ceefca3344']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8d-6080-4abb-9eaf-4a08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:13.000Z",
"modified": "2016-04-27T12:16:13.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAdim0ir3gtIfwUAAPYMAAAgABwAMmUxNWU0ZjRmOTg5MzNmNGE1OWFjOWEzOTJiYWM0NzJVVAkAA42tIFeNrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1FAkQ36q141875QN1uTOErMd/Ll259PHfjnoSoeFcUPcji/9TjMtj9r5G2W6/b+v3xNcwhd/jJtIv+JY9UVy19lH6vvLXpynYwvNZMAO4Ca8E39+ELnKI/wIFN1FUC85Mz1Dr1u9+ie+ae9lDgnR26T+YZ29YzvyWrrX5s6pBrFe1YGpi1JU1T48G6YOmNP8PwgZpdkI4dMS52jbx4DajDMbTqUrcJ4SBoTaUHOMg+kvQe1cOQq30SCLoWV+j9lAvGAp1YYyI7xIHDdXqIVBuQQ5ylWOuRi4ZXAFoo3wLNfj2hszzT4vuCzsfipbEjwOmdKdTnL+QH0RlI3rfYvEEzhNgsdfS7usFDfsNh3M3nNMfws81lre/D/UtU36J04V5wu5FaJuc9gATpJ1QlMKAvrj02FhMf/1loKiM2cF/wiwQfHYHPghgXKDHJIJi/5etTCqHjnS8uRJwVquSHxcz5R0hItrMvvnGZjOh+9h/OpTYPtI1O4LfOrg8Gsy89duWdliJ/x+Bc42NngoGLR8gYDuTni2EtX8w3cFEzWuP5y/cwYQN2LsNXwlEe/ls2g+GvjN55O8hfhG73F5Ew23+UDm0BkWJ2Il3S+05UgRlmwrNphpYaQ9oQsOJnahFys02UjggCz3NhZLuJfVl9wMdBsJvgUzrFzV6pov25LDowF3IPyMqEQdxgV3EBaBd7AmbII2WdKEmu/gcx4l2sFeAWQOn2trtt6dqtfv/hCo/rf2RM+moWBSry9ier8TVXyZ0z2lGOqtm7HLbs+fjiJMCYD7p+Ey0l45wGmTHxxbvlUEOBKSEB1mK7yoMbD3wHkaFDOoIBD5J2Qm6O/BRHlcrfr0sQEvKwnDo6xmKQSVoml0PhqZrWa7zdOiecekyoJg5MiRkB1usuKYsaNomKSXCmS9z9fW5KRdQiAr4ZSAo8PW48No9rMd9Kk233+FUgChrcziM3d5q416FUNjy/gRs6mM9MC46o/Q8i1IMlrsFtn7sYjZ44ZTg2Z4Ltuoan31ihegTbUsewNiTyZp3spaQLXUIoesK3Zrh3oCm1QV0UXrTkg+JRN2V0x93sm4iTwTPlNjYEjWlbMdzi5dKH08A9TnZ0PfS7hsDeYSLh/Zwdqf3K0SCe68loOtRsFQkG70N7antlKanmRm/frWZP/3LaqVimUl9DAOwtHIO3ycA/RWrHGyB7qbwGnMnjaJS2YtTHt5iWJSP4zLQXOcc1GMDw2plWdW5XxJqFdIbKQrvlrCtODOr0YCA8+bg8m7w1RzcvruB0np9xjadO2YricSAyU1ez6nv3iDQ4bNgQXsNgvTK1WKbJrFZWdWc+gXrLFs2tEqD1xOxRJ/QQlGymT6c/uRXU2pWI56ju+ViYE2zTSHfPUSlkbgeHGowfBpBj7AlF3ntbD9iIvaYckMHpf4l4X4bSkonyJnzVbIaJ221EvNZV9eanFDr7Xbqj8FY4MYHNc5IksIMCr+kTCjPnRTuSUqb/GeaKsvCZQFaZ0HaBEZi9JPFcgmrZZ4wVN3BO+Ba97BPAJ4ToFybPgVaVdgoejRXTfe5NkY3hmZoxwr8o6Cqifq/jB7mMsXAM5wFfs4n3xUSRM9u4Z0NzrrH360VxgGfcnXO+aUrgBLRCNGbAuWlpAL/cAIDBTQDx2pFXkuS+eb3PF3e5Vze/xDaY5Zm+cu+0GCdqDz6yybzkZcQm+U3IHNcbvj1seYtLuWCrixJ90yhoYj3r8oDcnaTyqQIQfbDAUT3v1AMf7NGABpBaLoZVNWsZCcqaUuej35Sy0UT5YQU3zf873Gz240mp4pWp2qUKVfVEFySRUo8vQxEQAze5uoioG6ekC6ttipT9iBJhgPvuJdUEsHCKveC0h/BQAA9gwAAFBLAwQKAAkAAAAHYptIZIq7DxUAAAAJAAAALQAcADJlMTVlNGY0Zjk4OTMzZjRhNTlhYzlhMzkyYmFjNDcyLmZpbGVuYW1lLnR4dFVUCQADja0gV42tIFd1eAsAAQQhAAAABCEAAADdtgLUIaDM+6/oye0JrlBMsTh2ftBQSwcIZIq7DxUAAAAJAAAAUEsBAh4DFAAJAAgAB2KbSKveC0h/BQAA9gwAACAAGAAAAAAAAQAAAKSBAAAAADJlMTVlNGY0Zjk4OTMzZjRhNTlhYzlhMzkyYmFjNDcyVVQFAAONrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAB2KbSGSKuw8VAAAACQAAAC0AGAAAAAAAAQAAAKSB6QUAADJlMTVlNGY0Zjk4OTMzZjRhNTlhYzlhMzkyYmFjNDcyLmZpbGVuYW1lLnR4dFVUBQADja0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB1BgAAAAA=' AND file:name = '92b329.js' AND file:hashes.MD5 = '2e15e4f4f98933f4a59ac9a392bac472' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8e-6618-4e28-bbdd-441d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:14.000Z",
"modified": "2016-04-27T12:16:14.000Z",
"description": "unique .js file",
"pattern": "[file:name = '92b329.js' AND file:hashes.SHA1 = 'b1a9a424d94d7635189f1133add5aea228160a32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8f-78f8-4a5c-90a2-4058950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:15.000Z",
"modified": "2016-04-27T12:16:15.000Z",
"description": "unique .js file",
"pattern": "[file:name = '92b329.js' AND file:hashes.SHA256 = 'e1d4703c7d9fb325d6a1d16f7c338727eac0ed8c85e8aa4634ee815714a7ad19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad8f-d858-44f4-a530-4345950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:15.000Z",
"modified": "2016-04-27T12:16:15.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAhim0iuOD7eewUAAPEMAAAgABwAOTdkZWEyYmFjNDE1ZmM4YjE2NjlmNjVlMzU0MDk5MTFVVAkAA4+tIFePrSBXdXgLAAEEIQAAAAQhAAAAt3M2GukvDn8xy3ciBMRB5O5TM/22EodCPlESxSBtG8sAzRA5WUERTIbfuQ8ZqVj7omf17haKR6kvTVk1ovUHu5/BOfefojq6NlbQjwNwBMichv8ei1p+tVW2cwRrmY1Wj4IV1sapGrIq937+6G6P9FkfTt7i9cfL4+D0rWxjwY2zX0Z3CWqS4uoI8kVTepS+pbmcVYwnOS8MDeur3xlHy2QQTNiYBjmcFuhyQ73I3+Pj/1KNsZFMLUBTFwASbSuw8LmD0bkenWrMfcCeqjEgECtu++6uCTbiWor7tSNTue3FzP03k2GZVEkOR92J2wyJLVmMn1m4v+ZwlMwRFpUEDhEDX4LRrZAbHiN/M3kveHsLaDKlaDhbnr1dV8rVVYAsUVcCyjV1s4VpW50axKj1qbjNIaGEBGEnPM63myKnVtZadUCHWCcPMza9jo84DeEo8sXsaghrOSWdotX570suq2DCc+ULq+oueetotW2f13dRezuKmwbhVNN5d+VwYNyvLhO2Oz5dqaG8myCVpp3zdsyYWBDfU6KVcpzdT/ngfn7tpAj0EIcdO9K9qLY+irx6mAWBk1/+YYfwUvutttceUWiI5D/PDmfvz1+RVIzPgI/nk/u35jsT7ogSluz2IjcyR17wIyyLK0BZubIeOLcqQd3RqG4OqdT+1Jacqcyxlak9CdYUMDMHrdhPLcjFaiY49PH8SFF5FWVyo5KAi956mR3QYqGnPKY1lIC+C4PLQauSBcRfdhrgTEVxo5jyvxkW11BEqB/aAHNLfFZA+gm/fGiAg1zON4cpJkkJRmOieWmY2Q0iNzmPvAp4/V7wj9u+OrDkyGNsXlsG4FWS295+D3C/YIWFkQhjY/w44QicuNjMaTcGek8nzQy0ySVe3qvbHjx5qinrW80lDL9OexR/zTT2FpHVeKl0aogbx1/l1is+3DPLAtS6iUOCQWzNAzHmHLB7XCtUJ1Pfgi3/m9I6HJt+LpJ1zbDKE8kcArvm1lpMqWhL466iDGevIzXmBDgSqjBJznAD5E3Hb+jOM24qbmSCrCnmxGGNokCB85jwQjoo2uSFlMWdV71V+lW+9qqo+p/fg77Uf/E8U02QzjnRm1d/in17nqNaPjaEnCAgPvi9aMnGRru9k2UzjRBQvhUx1ZxSvgRL4FddMpYoMhP7nnlhBv2OP9el4i/xveuXmnVICezA4VXANYSfRyGKoewqLRi/fMQxpfK/4g+yCNKIhMyOfmih17+2HySMHXj0qjjXqEUl/de85sJo5Ou5F6qPWgbWywiYaGlWVdALsdU+aJrIuxS8/4OBKeCR69F3ih2U0BhFNeKOs5KvmzschVYA78+K2XjjQuW5jrPauHf9QUUTfcUN9qw143uGcoEnM5dH9sGG4uDmLRAbilZghrQs0PXSf6d9yGMJ9xW6D0yRzE23PWRvK//Mfx1aJYIKNni6Ozm6zl81dGcKjADN2c1j4qPjufMxde7Wc4mDy2yxxrF8I1WoVNsKQZLHwoeKXY8ezfikPvKcVCckjgn5ymJg+zPLjddw1eAu8ERXQZCgS5JXRbqso4tf90rGdPH3XWSM9pilDk07clO5afureWSvx/pEDdsXmHl8GZ6ZDrlkHL8vDheLEr5ikYaJSVDIbcKA2336UzFNkRg/IOI7OthIn+V9VTDmqfnifx6Zgu5+qmRxMBM6KqKi+UnNd1N5IHKk+2tjZ0XTBt4np/jI7lEL92bNlt2T8XKcmsNYKY7uc/zXfiMQb4rIjPa8uJ8kQyvBA5CTdxswUnc8ls+3tpdCBIR8cV/Ojo+/p8bNmW/Tf3eWSPH2dkiEgIBmED85ZgIhR3oB7ZV8idQbE0GWrGk53lkQ/3eHJQAToZpQSwcIrjg+3nsFAADxDAAAUEsDBAoACQAAAAhim0hKYDVgFwAAAAsAAAAtABwAOTdkZWEyYmFjNDE1ZmM4YjE2NjlmNjVlMzU0MDk5MTEuZmlsZW5hbWUudHh0VVQJAAOPrSBXj60gV3V4CwABBCEAAAAEIQAAADfUWFq2yqhoel1ONqu0xM1/IznHG0RqUEsHCEpgNWAXAAAACwAAAFBLAQIeAxQACQAIAAhim0iuOD7eewUAAPEMAAAgABgAAAAAAAEAAACkgQAAAAA5N2RlYTJiYWM0MTVmYzhiMTY2OWY2NWUzNTQwOTkxMVVUBQADj60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAAhim0hKYDVgFwAAAAsAAAAtABgAAAAAAAEAAACkgeUFAAA5N2RlYTJiYWM0MTVmYzhiMTY2OWY2NWUzNTQwOTkxMS5maWxlbmFtZS50eHRVVAUAA4+tIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcwYAAAAA' AND file:name = '97d4ecd9.js' AND file:hashes.MD5 = '97dea2bac415fc8b1669f65e35409911' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad90-eb28-424e-b28b-4d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:16.000Z",
"modified": "2016-04-27T12:16:16.000Z",
"description": "unique .js file",
"pattern": "[file:name = '97d4ecd9.js' AND file:hashes.SHA1 = '4f7ca6886d25e97ac256a39a735fc95c5e222e0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad91-d670-4afa-9a12-41a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:17.000Z",
"modified": "2016-04-27T12:16:17.000Z",
"description": "unique .js file",
"pattern": "[file:name = '97d4ecd9.js' AND file:hashes.SHA256 = 'fd10c3848b89d978a0b22afa4cc0e173cdd5de651ca62c09c44d5e9b94b83519']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad91-533c-40c1-8e7b-4475950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:17.000Z",
"modified": "2016-04-27T12:16:17.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAlim0g8ovuueAUAAO8MAAAgABwAMDVkZGI3ODNhM2MyZDE2ZDUwMWZlNWQzNDRlYWJiOWJVVAkAA5GtIFeRrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1F6BC8aAl68zPJZs3pTZovClSjx4+ltleXlGTPx8NOinVmq+RXA4/8eykK8iCaz4skCPdx9xGBaB4Ml2Ax5RWuQXdhLvgjwHogwH0kHSmuGSp/6pPgd5QlBhOqM/JVM3lp6BMIu+mXszPfL20yqHSiGh9a30d8ZeciQoyZFqOaIKx41IIWZIE9ca0Zwu0HfIS3rWcNwvZdWWTPbrPBc2oAcqBdbNRYQRp8I8wBwD1rNdGCwmvpgHMetbkV6yn0LRoT8B0G4eCeKBPLs3TFzorHmaS/tjMX19VX3JyKpXhUDRqbcOc+kwD5D6/MPHI5NOjxYJdwNVgWxR4z1gQpcbuIlXdYfezGAHQPXT63pca28k54d4xKSujL3VRNchMYZ4GFjOTzjB5G6P8YEWqxW6FtjrpPqV2Ka8tjBBt4NL7GQ16n8CkXbALSy7yPms/wVKoiTQTgaqEzTfZ/ddbp4XDQHz4LXdvpS/k6P9nkeOmzTRt3PU5CMeQMEVxaYYFwGfqFjgQ9xCIb8xpga8OmevtP7xRccVYdnZgOIf1D70uCwRQGbepvnhHmT42Bmx3Xm8QOazcMfUXpzlXvgQZe5dMxmAO2Cfu0fBUwl52z0A1PnK3IvBq+W9APP9jlzTwpgKyla0vBzLQjEq1+/PETKRE3iAs/YppqgV6iSYOfpb6ET3k57p5e8eQBxN7z7Jeom4OLnET0US3Wl5Z0zAMAG/uPUwcBVyyWOUbZAvRzS5l16aawI73VRB+KmBSMu07TLhvnZbVEUbDIJkbY8AX9PVR3f90GNB29Lv4QSM3QAJpj5YMU751PO88wBJjTmoWbz1Kt4KSWMAcES8ou6Zs0LZPzMufXlhDif3uiNkZKSkJK121ajlUvc+RwIdMtpFbVOkiF0j8DD5hiCDQvxzmGOdAAoOzUIz57b6NxolnY9RGp9zBLmllxLuqdX4LITT91XAG86yzkeTL361FnYnf1qblTzAy0vUc5kINPvxl3bko4yh3eKKA0zITwAY/lhDwdrJhJgJQMlna1eFjAxnKo5fNrejFWYtguhMqjM2iPbd+F96/Uu9wy7bExsxoXmQu22dkWrkvE1rZKtsNA7o8AAA5urqSBQ8QgfjDDtCphF0xfFSbo81X0d5CIS/3M+k8TVq5nHEsH220ZFtPzAy2bl8nyzEwYp+C3oY2p8+l6bvB4gZz7KUrXPILsfqh6VYfJ2cL+kamX1Pg6k+aRBnjwz3Mf1FLR7YXSgf7/44e6wc+qePUZ1AxgYK1ul7FDcjUzQWrXz2wv/+ziRjy1c06eY0uGMHck9iZihCeAjYD2+hPQSzqZbjV93AlIZddFKUSs7msGSq3hoEqnJb1msPUTTInDezzRM29is1VU47dUnKKLX193QLzlxrKD/suQBJ7tNL3bBclvjFlQvYlnCCdCgwoAt0D2BlT+DhDaYvrmqyE0pl3aV8bfFKSHYuRjdLLU4usZqR5KKaimvZeKdj3PpcEht39Ls6Jnv06gqwTNuCYT1S+okva5cZwJE+l3E0XRucyyEzWTTCzdepRhlEiHKTE7fqLKZHJeMYIxz7cuEYq6HykMt+1lGhHGc52dXxq0wOPCN286xk7KaNO2unJF/8ZHlT6dmyWam/mDIpadIVXv97oIyl5jrpuXgsnw8el/2D28Pjwiz4ZVSTEEQGurPh78XQ1zW5jJQejJ5nysSDConxwljWb8/+OikDuQLbDbfEwdXAKBW5aK7nzN4CABHxpolbT7rhJAEC276EdeG69v0bcemYrZe5VCLZVgb1WFHsNPC1DzbaRxT353JVHKLuSOZXk74YXaKnhBvKxOkOUsJzhaWwzuOnyLXmZa+Sc6pQSwcIPKL7rngFAADvDAAAUEsDBAoACQAAAAlim0iB9/fSFAAAAAgAAAAtABwAMDVkZGI3ODNhM2MyZDE2ZDUwMWZlNWQzNDRlYWJiOWIuZmlsZW5hbWUudHh0VVQJAAORrSBXka0gV3V4CwABBCEAAAAEIQAAAN22AtQhoMz7r+jHh5hJok4Aa97EUEsHCIH399IUAAAACAAAAFBLAQIeAxQACQAIAAlim0g8ovuueAUAAO8MAAAgABgAAAAAAAEAAACkgQAAAAAwNWRkYjc4M2EzYzJkMTZkNTAxZmU1ZDM0NGVhYmI5YlVUBQADka0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAAlim0iB9/fSFAAAAAgAAAAtABgAAAAAAAEAAACkgeIFAAAwNWRkYjc4M2EzYzJkMTZkNTAxZmU1ZDM0NGVhYmI5Yi5maWxlbmFtZS50eHRVVAUAA5GtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '120e0.js' AND file:hashes.MD5 = '05ddb783a3c2d16d501fe5d344eabb9b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad92-d18c-4d5b-9036-4a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:18.000Z",
"modified": "2016-04-27T12:16:18.000Z",
"description": "unique .js file",
"pattern": "[file:name = '120e0.js' AND file:hashes.SHA1 = '45742d37b5cbd6f64bae0d2775a47e12fe3e3e61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad93-2618-43e6-a029-443d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:19.000Z",
"modified": "2016-04-27T12:16:19.000Z",
"description": "unique .js file",
"pattern": "[file:name = '120e0.js' AND file:hashes.SHA256 = '878c25cc56787d6a5a7e0116237240ffa9e0d96e4b0a8d1d793d6d237525309b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad94-1660-4a9f-91c0-4beb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:20.000Z",
"modified": "2016-04-27T12:16:20.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAApim0jL3zWXfwUAAPEMAAAgABwAMzZiZTJhOTNiNGI1ODkxOTk3ZDQyZTRjNmM3OTA1ZmFVVAkAA5StIFeUrSBXdXgLAAEEIQAAAAQhAAAASTa/jzuaYOWRPHKvPp2zybcIgiZ87ThpXnLXyQ128hZyqpQ1V/zRtW1APM3C3nU8MirDgQvVw6Ov4BH1AFFiVCiWaEurVCylryG8bSDltBQggCJM1KlaJZSAmZQoch2Nr/aHqan0XkJvgzjJ2FFXc0OaoBvFtC3CRPlZnaco3CcpnXu85Y59LKcfcWLjjgJuakDQqDmJKu5XABAlYZCagTynpFNmh6JKUyHxebDVNg52kNXhaNDouClwwevDvh8+T5t2RBNt/Nl++nB3DePOsuWy9Zf1IuZ28eMQuKlx0J12UfZvAU8AkcERVjJE/AjIAPcKDzo8Z5WOd4fUmNb/jrcOSW1958PNNwFk/DxrvpWkUTZe2Y7fupbyXIiy5fYUmniN3b/XEPRWWoupNbEMjsU515ODVQr2bPrlTMGbxVj/Ztw++O7BhBbrvAol4GwZPfykzAODO1BacRAFyIbsEPQTlAXZGM6NAeSgDRMTQxetyX1lmekfYb4EtuqaYOlKoaq5ZGz9l+ujC0JHB3j/iusFSXImtK/jVzEvGJVM9LJojX5aC8e0Qy8yj8R3hsrePd3og6A8wn1LVtiZJ5WWtSjZkKgro8AsHosslhqRxdIH2P2u1NjieUShsx527mGKM4UFbg5fHsxx745CAMVjfRSQRA64L6e3/Wix28uQCKb2Of/fSVfu/qmD6lX4ppvsRU4mZZuayR0bKU2IDEFqSuGdwf4YaMQPYnNv8780JLL0KoYA3fMXmV3aOiEWP7hOZGWJw/MwIgBUdLi4UzyyfzQ3fdKsCAnRzcJapCOSS1ueUCJ55lbddFlVZ5Wjx1yW/LBEtUbxM32KddmOhkoErHvYH/lMJlBZ9SVgCHcvb/cOpr6Z3Vfa2MVDy2NH270Wm1FopyaQmUQTHeHOCm78Ixd6V3BEruSpGEJxS/M1qoguGEPfweQxs8jSAD260kn3NoPGQEPvE0lyF8nF7eK3gnQ102pwaDLZIpaIbaeRWwagPokdl6kG/Qresh7z9cSRHAMv1KAVd9/CVeN8CWjh5r5oxHD7zmKWfPkTTNFRC5seYcx++V8UVN1OPf63YBsEMCrXislwhc8o+EEE7BLTlfOxBHaMWJSWti+k48jVaVY0TGQc1gwyI2LhFRBgpJSD0z+mpMtYvihGze0YbgewwpfgIhec/N7FYluP+91z8WHe1usK+kj7umTlvjYAgKKHKprDw9+ePmmmB2s1rUQQ+iLbbGH/rMZ2UJ4QyDpL1JtfrrOTt1y1457JiWHaH/QsNmhBgXbfzqEyUliJ1FwKYxF6KAMrTe5WY1AoWsv70nyPWJUWvxcbqkdKDb00VjUzRABDqG2OjCk/AePl7H4mwIEgm4y8DHS0a76B4GM+FOq8mPu+JBDZAW6ApdW5GQJhD7r/voa2Gnr25Knh9g2GQqUGM2uBj+OKV9jSErAJzh5YfKVKEuJK2xt9KjZRdfVZTQmKzHDmMquw5G+OaxqcNt0t15iph+Ry5S7svzNF2TWBGVHsWeA3Fg6n58Jh0litPUI18Gf+2Y8eXRLHxGP2OOiBzAX4oxwnduWKJbHYsAqSe/xFgh8boO2m54oxoFc+oOoheNo5OGy1IqFLYXoSUFs3vheqBgZNrCXZBlP/Cq9yLqWyoxxJQlNgbFeGwLFG5N/d8+zCgJdJbDjrUTdOg0HnKfCLyIFYKP/mCXfFqs5+yuV+K3X5rTKumzn9wgeLq78SnzS1anDM7mF5mOxbIjdicUOJUSzl9FeWPmIpu9Pt4rEo/BOH2KzqEfNLLHw8PWzTEJoIfJBB2/D0PQvDe3U4dRFzxHsZQpIDXyqNuwsl1NoAyCkjGA5DX2ndspZOGW/SvAAvXqySX5k/9io7UEsHCMvfNZd/BQAA8QwAAFBLAwQKAAkAAAAKYptIDt1YnBYAAAAKAAAALQAcADM2YmUyYTkzYjRiNTg5MTk5N2Q0MmU0YzZjNzkwNWZhLmZpbGVuYW1lLnR4dFVUCQADlK0gV5StIFd1eAsAAQQhAAAABCEAAAA3INN3fonN0jODJU7wg+2b1C8v0jJ0UEsHCA7dWJwWAAAACgAAAFBLAQIeAxQACQAIAApim0jL3zWXfwUAAPEMAAAgABgAAAAAAAEAAACkgQAAAAAzNmJlMmE5M2I0YjU4OTE5OTdkNDJlNGM2Yzc5MDVmYVVUBQADlK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAApim0gO3VicFgAAAAoAAAAtABgAAAAAAAEAAACkgekFAAAzNmJlMmE5M2I0YjU4OTE5OTdkNDJlNGM2Yzc5MDVmYS5maWxlbmFtZS50eHRVVAUAA5StIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAdgYAAAAA' AND file:name = '193d87b.js' AND file:hashes.MD5 = '36be2a93b4b5891997d42e4c6c7905fa' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad95-3838-400b-8204-4b25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:21.000Z",
"modified": "2016-04-27T12:16:21.000Z",
"description": "unique .js file",
"pattern": "[file:name = '193d87b.js' AND file:hashes.SHA1 = 'cc36d406df1c970f8ef1eda60047000181616136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad95-478c-47d1-8184-444b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:21.000Z",
"modified": "2016-04-27T12:16:21.000Z",
"description": "unique .js file",
"pattern": "[file:name = '193d87b.js' AND file:hashes.SHA256 = '73949eed422bbf33f8f6547957aa191abecda41ce45eb439fb765ce155690c2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad96-99a4-49eb-a95d-4e1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:22.000Z",
"modified": "2016-04-27T12:16:22.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAAtim0hKTMXScQUAAOoMAAAgABwAYzY4MTk5NzFiNDMxNDBhNGI5ODA4ZDhiMDdkYWIyMzBVVAkAA5atIFeWrSBXdXgLAAEEIQAAAAQhAAAASTa/jzuaYOWRPHPkqti9Rj50/KIXGZknAeuMblCzuxnHwHnQQbgsAi89UhnQhemT3xLhMxYbRr6yu9pQgyk7s9eRQcCCfHZhY3l94OP6TSjcpvQ2LLzf53+14k4qNCHsLJLZgLsDc25girQ7qPnxelkIs/2JCCPrY/6UgOwVebj1QO/x+vsM+K09Z3OCmxru/Tqm7Br88cGtuV16TVWQp818MEKuSejh6Fh2FZR7bK/vCE3YvbAsf2qzJdfkQbroqnkWFq+VxvwyMFTyUmeHUCoRHrVKlgKCcpqTYOjbg/c2RhCwMhh+7KQH66teD/ONeaRpkcRV/5S+GjUVNHZP1iYsxh7tv9/gqAIcZSSmCJWMljw4IPkhXxf6FdOMdDIFy2Qrkr5jPJ0k4S8pYeJTrZXJ05wRDQV0gAMx3LnrYz9bgd8ISVAdQ1MCqJXQ8Ia+QOI7CfeYmurvUAxEaOX0CTFNMnqq+YYz2CbOp5N+2PWzyeA3hOrnDLOPm6NWRL/Gd9r/B6DYUyvQ7xODg42mIjXiTJJnj6Sek6gL20Nh6frycir9vN3Iuw34V0op9VBQMxvt/ofmCGusAHjlKZRYJz2WJpIDdiiI0uS6cfANmEbWP41e7pT1+ibQcr5OHYVDq+HwrIJv6IJ7dX16jhtjMqiqKZ4ZobTgQViXCmTAaqI2iQMKc4umpCSoCRgWGMXiWpdJBxB/LCEK9qyhuozfMo8OrTJU8m2J6uTlgX8AcfwvecryjCtknt6jxCUIUofqcZ/ngoxPiIZaKjK9wPx3ebBZuA3rkZNAI/bsFvHc/57cS4oc6VQAafiJcEopRClGDnTXRxvFDys1Tlc65R0g42PqcO8P7UHlzTS4jrE9Y7mobyTrIqxbrMeh1va9vt/XWK+oY63PMnpk27R1tTaINDbAJ7/BSCki/JoxTIDgMcRw3QuzPLd0O+Io5m8ASGLcWnjE0PH7Ew9w1FYl+616wqLFBBOD9NWkr75VhxgAmo4YQEhOzDvbMwLWcsGrttxq/k1AXhvoeR9Fu32KwbfvwgxNnEf7FU9GVWtKzadVS1ecXCNGXKf8kURXML0kH3DXgZWgamE1HfIRds6QTio7+Pugok7ftJ4w9VfmdIar91UGkGQFABFGmAB5KnDkDgraYN4oUR43yTzegQNT0x1fPLdRmiKG3eX+6XRTQfjw1fLhtVD+yN5uyeQPgIra1RJd+KdzlFU+ee4F2orDtUGm7ZSJDnIfqfwIdVpnGqlAfsxzmMf55jNBCnVzvCAiYW2VrmDCExh8P9cT2GRopDNqsHOWEVUObjdhPjyN6ziPMsMQJ8uHHx/DxPuSaVrcsq4jgJkpTUPkJ0ZuNyjlvsPqgk7c4qxLLxFHw40hAT0FInbhEk5gNXrIu6HIGH8GhGoOLFiD6yQTOqB8Pnzm3gHtU/7AudgTTEha6n8d70s0pQtdmSPNlqtvub4R7V4PHxb73gSFmmYFmaBtm7UnY+2RSWgxU6DuXSr+B/qGU9EcOzfCUd42BsqV1dAjjyyg0CnvqbGqP/ZvDg3SL8NJ+n+HD/x5uJLZwUZ2O+r8ErYRclcw8ZjLW5ybSGidEJ2Yml/hHQqNRLvvhMI1heSp0ZUdUxAWs5rRYyUWHqkJ1+oNh5PuVG18pfxtyXHBZ/3V7+CwN2jZrR0KID7oxc1uHpvj4ojb+Zgg0cYZkLu2HcHn+Tl2Uh7LOmyI38kHYb88voLcJZTctkLt0aP4ZvLZEuZaAQyU01h+OGuxBAj0zJpk9JfleUVae/ziVjzi9TmAj21VhcyrRjedHhSwVS1FchF6tOaYHsD5m2lQdbFrk1TwM7Br2mDUKQ5qr8Dd8gwcpEqhHFBLBwhKTMXScQUAAOoMAABQSwMECgAJAAAAC2KbSDJgX3oWAAAACgAAAC0AHABjNjgxOTk3MWI0MzE0MGE0Yjk4MDhkOGIwN2RhYjIzMC5maWxlbmFtZS50eHRVVAkAA5atIFeWrSBXdXgLAAEEIQAAAAQhAAAANyDTd36JzdIzgyQLqxaECvQ5K24E91BLBwgyYF96FgAAAAoAAABQSwECHgMUAAkACAALYptISkzF0nEFAADqDAAAIAAYAAAAAAABAAAApIEAAAAAYzY4MTk5NzFiNDMxNDBhNGI5ODA4ZDhiMDdkYWIyMzBVVAUAA5atIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAALYptIMmBfehYAAAAKAAAALQAYAAAAAAABAAAApIHbBQAAYzY4MTk5NzFiNDMxNDBhNGI5ODA4ZDhiMDdkYWIyMzAuZmlsZW5hbWUudHh0VVQFAAOWrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = '298ba6d.js' AND file:hashes.MD5 = 'c6819971b43140a4b9808d8b07dab230' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad97-eae0-4864-99e2-4c58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:23.000Z",
"modified": "2016-04-27T12:16:23.000Z",
"description": "unique .js file",
"pattern": "[file:name = '298ba6d.js' AND file:hashes.SHA1 = '00abc40c388d21f80c9645d4dac480341fba75f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad98-9464-4ea1-b81c-4443950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:24.000Z",
"modified": "2016-04-27T12:16:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = '298ba6d.js' AND file:hashes.SHA256 = '54446e2f430c43cdae5ab20a36f83b6444d9750b8de03c10ca79080f0fa327ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad99-ddcc-4401-b8a7-4570950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:25.000Z",
"modified": "2016-04-27T12:16:25.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAA1im0j6fZkEdwUAAPAMAAAgABwANjMwNzQ1NGY5N2QyZDRiNGEyOTM4NjMyYTA3MjUzMjhVVAkAA5mtIFeZrSBXdXgLAAEEIQAAAAQhAAAAd2qgm30Sfhfw/AH+uUEXJxCR1vEqUewcnRsYh6zF+8DMtSX/xcAzJzPzcyQgzUrVoYpM6Ib5Kis6xqHm5/EKgCj5jROk85oPIVVRi8n1JO3N8r/YsSWicfI5fKXvt5yhyw3eZOCp7LtBJgZMLjBw4HpGEgt1GbLOcoLhq2S0LyCbn7iFKjCQ/eWAyy92cpIa0Syd0RuDvuZCOpHn+qDA/ZxL8s1gdPVpnP7VU+9++dWaSQZ24cnuZvDwFv+7M5kLIbLM41RzX1A27likV5pTczB71vvkXPfVnTI8qTUOrp0TtCHYgfkB3avaDMc4TFNkvOFFIvrkJzcl/8oQ5UPEKSPp/1Y8gelVF1KIVlJEVoap3hQQYCbTssXUOuqSXqbozywILF0J0w20sddmTKBVh6n5Lz6jqn0x5PxtusDI24J5iN0lRk9bOGyXgh/+Mvz9s84K+vC7Y5DlJk2RrIkWhPbErfu3wZAOD0LW6tiWor5aM0COzP+qpq1FsF5PkLsP/pd+asuxYTHayhxb8DxrHs0D37BqkX6ovlCp56g1YSfSposJNcyHYUutw/2Kb0Q1ACGAzJq72yQc22NJt8eBDc1y4iLWjumD8llQajF1lu1aHWmn5C6Ke4ROw4xogpyg+YIxR9lgnrbAyqJ9o5dZcyOo9/+4V/iZ3O9jc+pf18aspBpxm3gySCp0NJmIjriQCN2w/3QX0DgHekGYYf3O8jSMw6Q+LjaonWtfhH4S1Bixgz6Hmu+6zTeRtaciYJ81lkBk40RbzsY9rv4GbepdDTfQ5wewsEepu5E1QeW6rBUNc8ccWLoaNHAsEaEPGFWx3Zzj5AE2Sk1FJTxlRfAy1Nh6x0sZmwXa3iP0YapkOLLaSVE0JMteqMNGR8kEYVDsxEOY0TqKYTP0ftxtsHa9l/pVPDW25SLQS6aQNW+O/pjK9qVfmXZDbK4UbcaOJXqcWH4ehX0P5fbl8edPTscklJpvFiTTTE8vyikR1WngKCiGsizjssBacZ1P3N9w8NNJyRqmvwpK1Q5Pq0T4/6yCVYN6D0ooJvnZPN+6En7ttY2WaopxtlTjtx/JVtZhlA5+PNlSCKChbZJJcyXufqGjk9yfRFrHHilxbXqyA4ChlBhOplivFCTGsuAhWlfRippdmXpqj61SxRB94eHcgClczneOFmG/V1SPebOm15cKjdP/DrEeEyhrwQi+K5p5h9/6HzCz3TWUBxndFSAx+Nofcfd9GN9+zOcQxpoUJyDz4z6pNK3DXWWInqbmEkDYl8/9J1TZhZs/aIRg1uBT6nFk8Al3oU6lKTuyL4sO24G4z9iFCCuRUgcMXZc7rQvLstm1FIr2Iuz+0R0C1Pxgn4bqBbMQCBNXUrpRIxidw7jTjK9hB8AyxSA7b7H7FxOuMefyil49Sj8DuFq8IDcG6mw+e5tANwkWBTnN9YTdiEB/pwXlOfjKUIjNRR73LRYfkLbCV/7gGFZty9YVmIG+5rNiPmKz37biEQ12y2VctbsOtxDpmRDJQqwJ30XCBsTZ3RpYkqr0jWwO2j/IB0Q3q3ypeSkvKuciXl8pSlcQ/hpu7W1SOvj3GhIPpikcVbfcg5vOCCDFQ1Seo8akeDqzNBsop5sV0IJ+++7Oe5vZOt4caa9QPzDY9LSJkxlY14vOdRHwB5Z5ojkJyal9tAT+CGETjOQfuEANiBXpU2PggpmuLf7qA+lf/huncX57vKWt6pBOCRpX+Vva5E+CVv4n0sm7LdcxLzCUF9AbsoquP1m/eKcPCQ+71MiVPE68B9J1mEH6QvsE7ia8ii8lMrTY7BzTLMVN4FrIypxyZrl1FXy8ICSKygRUGdUzzGtHfyZeM+CfJC5KAFfQAFBLBwj6fZkEdwUAAPAMAABQSwMECgAJAAAADWKbSJ6cG8IWAAAACgAAAC0AHAA2MzA3NDU0Zjk3ZDJkNGI0YTI5Mzg2MzJhMDcyNTMyOC5maWxlbmFtZS50eHRVVAkAA5mtIFeZrSBXdXgLAAEEIQAAAAQhAAAAWwkkdTkAAgNVsM9XyfFV1g4OCEqaKlBLBwienBvCFgAAAAoAAABQSwECHgMUAAkACAANYptI+n2ZBHcFAADwDAAAIAAYAAAAAAABAAAApIEAAAAANjMwNzQ1NGY5N2QyZDRiNGEyOTM4NjMyYTA3MjUzMjhVVAUAA5mtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAANYptInpwbwhYAAAAKAAAALQAYAAAAAAABAAAApIHhBQAANjMwNzQ1NGY5N2QyZDRiNGEyOTM4NjMyYTA3MjUzMjguZmlsZW5hbWUudHh0VVQFAAOZrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG4GAAAAAA==' AND file:name = '347b340.js' AND file:hashes.MD5 = '6307454f97d2d4b4a2938632a0725328' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9a-1640-413c-b955-4ebc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:26.000Z",
"modified": "2016-04-27T12:16:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '347b340.js' AND file:hashes.SHA1 = 'bd70425cba16f242b78ceb91a4898340471e87c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9a-8c60-427b-9ebd-4087950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:26.000Z",
"modified": "2016-04-27T12:16:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '347b340.js' AND file:hashes.SHA256 = '02ad31f1b90bf75e34caddda33d9b7f51283f84c140fe44faf6380d5c52eda07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9b-b3e4-49c5-8515-4ac9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:27.000Z",
"modified": "2016-04-27T12:16:27.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAA5im0gWB71deAUAAPEMAAAgABwAZGY1Y2U2NTVlNzkyMzE0NGMwMzljNTljOTczMDg3YTBVVAkAA5utIFebrSBXdXgLAAEEIQAAAAQhAAAAd2qgm30Sfhfw/AIercmubBPMTOkVAZCXMpWQan7dGdqtjj0Ce3JSqmj7SUqJz7Mbu8go6VEuN0W9IHC7LGAKxJIQeTgwOfXYnLFH8cmt0HOG0DDuFBCtcqi1K0CmKaXH/8FiGigKoFoRkwHDIBfVh9MLMTXNEaOGEQOhOWmDnw5KFmOQPfb8Vc7tAFrgZZrAc+vgFLLCRJDyWAAi4T8eT6qXUWgW6uEo3Fp3ayJodXdg42Qg1Gl+8JBJn0INJ0AHoDJvWccvL7Y1BiF10ZcTLitIr+ciUC76npB5qganBMwNMj0hQK7B1BTOaOGIg2ElWFKMP7K9HLy6pftdrMbRHU2ztyLbz7j8CIMqkQ7VgSRfE1WgnV0u0OZr3u07n2Ed9PZGASwI0oBzS1xRf2nnjw2ibXHKvU/D+kXC2+Jp0x74K/f2i/VP+EsN4Vw+iIoDGx6o+BTmdzsRYKpbtWV9nI6coXcaogo1AnLY1TkIulqCkuyhtKlgA72TDHUMA/QfbQdQrqIhfpsOw9Wjsp4Ax0bRXNOrqlfcRyxK+Loxz3M8GpAEgTRsvDOmL23w+WT+MsLUuIeWF7UNujgH43X9aDHsMpi2N4B+tKp7K6287lCFTjcj5FguhTPCrKDVH1PWMOPzg9MdFxDm9EeV8bkV32esK8QLHjAYbvPSPL4+987r3n7CBi6wWkp2ObjHWJUL39rNwzg/CXrFXdRcyXqm6MM9hxZhzh8SLSNwgK7TH39XjuC1xeq1WJ3EIB3sRYkSZpc/5R7t+9LhKJs36gWH1y0Nip+j2LBfIzkRyy693/MqxKjL8cI8/HOBHYGCLAvYeq9/b5koGzplZzzPQJpOzRFfYWF6BOYVHPmzPC6u4wC+TIUS+9IJNhyOKKgIkzzZPCcVkXzPiKLjKaPKD27qkmE0R/kUiNntXNriMbLz/zAMBI8ST8DdjQtzs+wm66zKh3GmqiPWTYOrjU52SdK+jSb4Q+iG+dbWJsP/RspG4K78NIGgAgwWwmaElFA7CeYb/RA0q0Vy6//8Z4umVN2uwzvVuLKo49BstAnxEJuvz2KKcLkln3HpBWwaCBM6BouDhNoVbaq6mG4GpUge/NHGb2N8iSjNbn3aK18dxihOCz0+d1kM0wgMrv1t8pux8WRwnJvVfKNNEkaE2ic7LcqRxL6ny+8T+IvyBfdzM8h/6Y3F8HsSP90kncKDOeXrjVllBAL8br/4HsFDP8wH/Q9tE+otZUFwGX5yoF+Qk+UHOeqyHGPkL4ldPYhgvyKgyy+MnAJADkbDvl3+g4EO+zFYaVee2DzIuUjJXcOegyNU/2mRmuMW8MCqoTJbynzJjKo5xrAHELV3dfhNdIl8UkVfvf+p4DFBLoFJ6UenzqTFM+CJ4Ljfr7jbyhM75tk9gszqpsxl5RZYJv4kHFNsGDg4tjTANusCK81bleSU3NyquzjOKexfWNfZd6oOO4hCGveQmzqeF525SHbCdPFk1/wNOuCkJ11rpKyZVTPO9d/8MG3SEEtkUlECJVst84rIMGN5CQDLeOsH/7aIt/qRGWK9SXjDaKBJZdvlgKy+A7LNk2GBDOl6ydC78u+QetYUYCrB9J7JEsQ817xzXOGk86akVRGMiOauHOunncGTdZXFjpjpNDnPLCEonTQlop0xwFJDZetOAzuKoCjmAJsbK6TFk3ZKAtoeqlUiM4sJWGHKS/1LWtFLeDLgm99j9HuyDBI8ZJ7LUNc/NdM4Q1oOGbAN+a6Qv32ZGLJX8Oy2Njdg6NRz5urP3szy0sd/7MxDJh2rfvBqRIZmYo1u/rRKdtxP1yWOKI33AbyoR58pR4dvRRGdDgxmZpHpW59ulTLScdn/hD0Dnh4+XFlQSwcIFge9XXgFAADxDAAAUEsDBAoACQAAAA5im0gwJ7sfFAAAAAgAAAAtABwAZGY1Y2U2NTVlNzkyMzE0NGMwMzljNTljOTczMDg3YTAuZmlsZW5hbWUudHh0VVQJAAObrSBXm60gV3V4CwABBCEAAAAEIQAAAFsJJHU5AAIDVbDMMwjFTWZ2j7u3UEsHCDAnux8UAAAACAAAAFBLAQIeAxQACQAIAA5im0gWB71deAUAAPEMAAAgABgAAAAAAAEAAACkgQAAAABkZjVjZTY1NWU3OTIzMTQ0YzAzOWM1OWM5NzMwODdhMFVUBQADm60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAA5im0gwJ7sfFAAAAAgAAAAtABgAAAAAAAEAAACkgeIFAABkZjVjZTY1NWU3OTIzMTQ0YzAzOWM1OWM5NzMwODdhMC5maWxlbmFtZS50eHRVVAUAA5utIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '414d3.js' AND file:hashes.MD5 = 'df5ce655e7923144c039c59c973087a0' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9c-5eac-448b-8f1a-4a30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:28.000Z",
"modified": "2016-04-27T12:16:28.000Z",
"description": "unique .js file",
"pattern": "[file:name = '414d3.js' AND file:hashes.SHA1 = '7773fc75c36b5e06ea8752cad72b9f75e847dceb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9d-008c-4665-bc8a-4e5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:29.000Z",
"modified": "2016-04-27T12:16:29.000Z",
"description": "unique .js file",
"pattern": "[file:name = '414d3.js' AND file:hashes.SHA256 = '59a227ee15d13f532d0a79909747737d689f6a66d2b34467f89be7f60e934d87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9e-f6f8-4f6c-981a-4733950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:30.000Z",
"modified": "2016-04-27T12:16:30.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAA9im0jLQ8RNfAUAAPUMAAAgABwAZDZiMTgyMjA4NmIwMjg2YzQwYmI5ZmNmNGZiOGM3N2VVVAkAA56tIFeerSBXdXgLAAEEIQAAAAQhAAAAa+s6TAdlTyzAOoiqb6aibMptx7F3Jp+5jkCUzStB+aWEKJQ39gxDJVRDBguvMxc6SgtgZg27+TZojQvbYFstpCeFEZIYxzZnLbayIsfbaPtDtUye1+RUMZJACa0Hx0ySf5f80xW/vg10wQGAQzbmwMxBV1DRsVaPq8W5iJ9KwQXQRteBgcjLnmZ/qJb1dDq/HTILvni2He+owyhDU4GZmxpGGkgb7Fukyrj9qbgM3PU1/hKZJ8Th4dDCp0QDvI1efXsiXqXVoPSP0kKTiFe9NydlnqWVZXCF9SRmDUiz6UZfVxNO0NOtEIT/p1D7xSZm5WAtAke4dbdTDqEcu/2r30Q+N7xxVU6xuZQTxNIw3TxUnDmK9otIwLpmMyR98D4RBpZSHcYzgbtbg2SJvaUTvr3y9k5BLS8geFaMQxuletx5UG1uvIZedhPLxA9kMBparJHM5QFGaVQZO4lnZ+kafqq2jEAaZw5x6BF2xF8dc6si9deBCatCksOhIPx5i3E6hLHfRwTx7lgH15xx8gPY0c79+yaHCS0D9BwNSIffIavZDn59ztBBdP4dmzjilQweG55pZkeTgsDHQ5KM09KUo07hr9QejFgnyfEAk1o31wZJd+qn0yc0AxXSUxjaPGo+N6nm0ABkExz0BCucBoRGv2txATA29Dh36Z08s3C6c/vM+qbD7ltGtyZN6w41fIS77UysiaOjsAb9MavMjXOUNgcibDlJvMNUsFA/Vn3Mgscxj3+UXs+4Mm2BAlnmCEAuPGno27IiL4EsDRuf5ySNDFdbNFq2dNQqc74RBTJe58eDC7K9nXsfX8wlskNHhADu4RNIpuyDDouojl53GVVx7VQOoPrlkfCuGemmcmAAl56i/WToe+uEAtn5foBgxzX7D34F6CLHJg3JdjHp4mBrWV06hs95L0ofRQjNM6LgZ2zTCsrfUM8fW6Uk5TOR6T3tnvR+cHn3Y/UGdBW1Onsq8WkbnP94qC8e0fyzgrpAdwJsogKdq/4AKekimPfu2jJqcVInGPYo9CsXCa902oYycl7X7PaniISmvnTb91AUI9xf53aqSeQJcYdjkpQxuXeypiig5pSZK2Mw8CZegMW/p96Nj6P3ZR+6XLYt22SEU2j/N0yUgHDmJWStYNFyhFCJZ/HjyA9YaYzaGFfsb6FezdbCQhhi5NTAYj+IHaUrLwsPjuc+Wjg918td0Pkh8vpUlO5TuRe40S6oWvLQG3KvyGU4fHfKXaGG4qhiIPWj988jUSmHkzyNOk6f7vvoaA+Y1SdxkZl3Vtbm4eLNh+pJPF/LLWmoBE/ODr/+PYAic3R5JjnDWEK63AusQRYclmbyAD7kCFRXHvQxbbMxeeweoi0Xz3FL4Cp+U//8NE0Qql222axco/6vEHM1kjS+vdHde9VDI0ISfqonOhO5ePz7hmxOoObEZk2Xzi2tZ2rNoRBWkQjED7xE3JLHIY+I/P5EzF8OFcCNIekcAlIIHyXn14ROWgxI7e4ZCIIXTuxRSuVAD/L2SU2hPaf7LYYkko/2ROO/Q2thtP+vRpjzf0kIc0YIGLVNvB2oaApIbznZmKTmoRmkaJ6f+74oa2q8hGo4v+UITyCozR3dlulQMTKmO4bdW635HpL/hM8D8BGdAcndnGDQZTVtRybXf6qkDUweRyMfhLu0wqdSE6xoIcDZ55Rf47xxpYBcoIRqYU8rGFsA0dtefOjETC50oBS7vptkvhYVCylqRGKAMDtTlefH4TLqHLQ81hhd9uEIaTHaFjOFQKkjYviXHe9lw+87q/PsyhNuxQnq5j+X1sxePYka+mn6nLh4MT3bnqjfKzaAxGrxyRRsaEAOIwT7Xtvmhpht64h2BrKIT9JQMAq3UEsHCMtDxE18BQAA9QwAAFBLAwQKAAkAAAAPYptIE/Ud2hcAAAALAAAALQAcAGQ2YjE4MjIwODZiMDI4NmM0MGJiOWZjZjRmYjhjNzdlLmZpbGVuYW1lLnR4dFVUCQADnq0gV56tIFd1eAsAAQQhAAAABCEAAACOlPMIJhUuzDkxRIEbzV37Wvl/VwxRilBLBwgT9R3aFwAAAAsAAABQSwECHgMUAAkACAAPYptIy0PETXwFAAD1DAAAIAAYAAAAAAABAAAApIEAAAAAZDZiMTgyMjA4NmIwMjg2YzQwYmI5ZmNmNGZiOGM3N2VVVAUAA56tIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAPYptIE/Ud2hcAAAALAAAALQAYAAAAAAABAAAApIHmBQAAZDZiMTgyMjA4NmIwMjg2YzQwYmI5ZmNmNGZiOGM3N2UuZmlsZW5hbWUudHh0VVQFAAOerSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHQGAAAAAA==' AND file:name = '429e703d.js' AND file:hashes.MD5 = 'd6b1822086b0286c40bb9fcf4fb8c77e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9e-2814-4cb9-919d-4bf3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:30.000Z",
"modified": "2016-04-27T12:16:30.000Z",
"description": "unique .js file",
"pattern": "[file:name = '429e703d.js' AND file:hashes.SHA1 = 'be11c580e5703451b051268172e519a7243db8c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ad9f-f434-40ef-9043-4ea0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:31.000Z",
"modified": "2016-04-27T12:16:31.000Z",
"description": "unique .js file",
"pattern": "[file:name = '429e703d.js' AND file:hashes.SHA256 = '38fef03e595b5b1c214f3f3acb81702df3156536f5e6ce4126ff338b27238d7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada0-72d0-4ed9-bc26-4f6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:32.000Z",
"modified": "2016-04-27T12:16:32.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABBim0gfd+PIdAUAAOgMAAAgABwANDkwM2E2ZWU2MzAxOTBmZGM5YzE5YTZhMWYxMmEwODVVVAkAA6CtIFegrSBXdXgLAAEEIQAAAAQhAAAA/ML85RW8IOD4XkWICU3dG3BCFebbhZpdWpYyBK4+QezAkiryT2GFRrRUOQS0xnPLHoiSGbzDXYPqEanDx0amJG8fexnqCD7/V9OiajQIYML4RlqmNhB/yRQNl5HIU6/GbeE0S2ncdbtS0GrfjiqYiA1Ah75pjqhdb5yhXd1/s1PDwRSU/39UAdGXTdI2La9OyG4h2NjgVN0f68VPWB2tlwnDWVxGZTz5X6/pAHjImD0zQfTVOpmWgBTS8Ay7FvNRz5jG/dUz2yXvLQ+1CiKMQ+SZ364jaTaLkwIxqEB0eQ1LHpwdD159fbcoJjdrbVZBmM7R8TfSekC7BtTMOPhAh75bqS5t9deWn9A4WpiVMISlUq/CDgSHHUdjOcGegBMRq3/Uosf4J5JDdb7AaiuBqE2Y8b2DYW1bqesWg2pKLy6MAY+TF3CV5GqYbFUatCxDT26W7/Bu6ZzFboAOBddAaLwJspSmxHBQFdwIj465wsUO45hBkSdTyK38I3cNGO12GAoQrgIFLOzuk9+9+X/EfWlOMvpiFDzRxLqlLIK9bH1pOk4PR3kMNrfHOAcI7R0T1W4bMvH8BnOr8uJ2lEIVh96fVSlSPWkPDcJrkDyhRRO/1FJ5n2ssk3WKpBpFBD4acExk31u7G6xLi7tH7p9x5yQ9o/GV2QizlcDoP5qLYRwqgcsUPKTxtl8LLPqYdwVGjfsyvCdcYS31nk/2GWfamnSgOqdGYej4qbDRNxjJ+oTRfsWUSFALDAGiJE04I95Bqmh6yBc4OfrgLcCvfErEnBhXQo3TavsMyABO6i8NdR8Jqz+5U6ycnQAVopjwygg7Ugba+ic+vL0sbPRtGZXPs2jt624Zq9ObDdJ3ks3LlfEzrV4XF7nSfj10mpvnsUNB/h9PgjbNhPNphlNj6RgONEb+Tpm1u2lMix18mI7euClms/eUW81ZSHteJ7RLp6ZWEnTxU3wd7rxvdf9YIpHzwOQrv00OIqCiM5bzCAjXdgOwCs6wfdpxY9TAV72oMOgjflTq5e7SJBsRjoVLvPX+7bIlR+oLBbuM20mLjn8p8gynkTaBauSpUoRzd34gPVARpqazC443tIKkVa+dXDlb3x/cTIfd2GjQYjb4MJRrlghrRSv17x3HJncx58+ePLK/i2hnmU9fMRtbmDdfCJ+ALKU8C1/tpen6uVGpPMbuxCBAds65J0PX/qXjr2AYHiYIv7qTHAiKoiQr0NwkxbIFrsLggrocQ/oVRyQBOXrfJw1Ba3L2ekFAOdamfV0jt4k1ZOG+BKT8kK7RW0nrYFV0++bugm/c6YQdGixAUUYDpZBUv5qqxBDtDDWlGv6Wa6VYfsrCEZXvq2ce9vaPjTvTBJRyck22KFS3nujpwPTwwarclSw1+c/mmx4YuK2orq2lcIYIs/nMGo46YcMxu9UUmG5CT+ciGmUqNXnc3T6F0Q63l0dh4/eb+PDt/ASvChPvg3RMHMmdFhERO/3PoBofcU9WzTlPcP4ZGr2l6QcTHHZHTEVk+NH08hFClt5G6Lm3rBVZA0fwh3oAy5W3nqT5JOlW9WezJCr2av6s5mtX6doAzcW2i6JK+s9sJJLPsejXfO0VZaV0CdDZpao41feZRFEc04JeH8NH44Dsjf0OdejaU6v8DmnmpfGhOd7YK60IH45sBtxBbN4Zb4hku5XtHaAdfh1TUDaSOrmO4C2S8V/ZGJv9VvaK6Kcm1ToDA3UscVdkbuRdf1tpCVORLrECbIAw82Vo5wONyAm4kv3vBE4F2F9rC4kJISP0mggLOhIKdALqbN+Ea+PmO2diATD456Ita4N9dOcumBzgziCozCxs3pICLVc2rqNiKqLW0l6M6uLrPVBLBwgfd+PIdAUAAOgMAABQSwMECgAJAAAAEGKbSPjVP5MXAAAACwAAAC0AHAA0OTAzYTZlZTYzMDE5MGZkYzljMTlhNmExZjEyYTA4NS5maWxlbmFtZS50eHRVVAkAA6CtIFegrSBXdXgLAAEEIQAAAAQhAAAAs5lPRHAm9CKrt6+HTlrBMS/lLRoV2YNQSwcI+NU/kxcAAAALAAAAUEsBAh4DFAAJAAgAEGKbSB9348h0BQAA6AwAACAAGAAAAAAAAQAAAKSBAAAAADQ5MDNhNmVlNjMwMTkwZmRjOWMxOWE2YTFmMTJhMDg1VVQFAAOgrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAEGKbSPjVP5MXAAAACwAAAC0AGAAAAAAAAQAAAKSB3gUAADQ5MDNhNmVlNjMwMTkwZmRjOWMxOWE2YTFmMTJhMDg1LmZpbGVuYW1lLnR4dFVUBQADoK0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '435f80cd.js' AND file:hashes.MD5 = '4903a6ee630190fdc9c19a6a1f12a085' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada1-9e40-4cc3-8029-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:33.000Z",
"modified": "2016-04-27T12:16:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = '435f80cd.js' AND file:hashes.SHA1 = 'f2e0aa976502c835d0c23173101ce8f69f125060']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada2-81ac-433b-a28b-4438950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:34.000Z",
"modified": "2016-04-27T12:16:34.000Z",
"description": "unique .js file",
"pattern": "[file:name = '435f80cd.js' AND file:hashes.SHA256 = '238d680d23f80cac7348f763df6709c5ee1172b099c14fee97553affaf6c41e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada3-e6b8-4381-8867-44e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:35.000Z",
"modified": "2016-04-27T12:16:35.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABJim0i/nzovbQUAAOIMAAAgABwAYzcwN2EwZTk3NmEwMDJmMjc2YTc5NmQ4ODM0ZWMyYTFVVAkAA6OtIFejrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1EWRPZpauc1A9WINpah9wHN39XsZMbNeUksol6KEw7bt5kaIEgQawqAUffZ9TdVaSifeLix3Mqsc+VWYIIwr7tD2wuk3pZmX5w22MxCnExXEeCk8ZJTuGJ7b1uMiY+m1ainZ3hFW9tcgZ3rsM6F1McTjs4VNF9nnNlrfydkGC8uzNJ7I1bn1oSu/pLvW1AfXEomPkJSw8ZvMdW1nSWKi7BzBbh2iAMBxdQVCQ/gks6Dtu3FF3ZgVOma33JYIPUtar+PvX/FM9VR4rvD4nU1TLmUWA+bHjw9tJpyucksw6UCaj4YeN3/arZ4cWuCgxiTswUx0lkRa3BWac516pJ1xJ1usnzZ6xrVhZO/1TNhLXp7xTsvycYLr+lO3k9kwQduTQiL426wQTztVB2X2jd+gpd4gPG6iFje/PHB33BNkmD2cMt1+kRCMsWpgmfRx4R7TQED/zCxOUqjBIyvDcTSJsk4RuTKPJpGcIZAVvq7HfB9GkWhBoNcLpQw3VABk6v+c3b2gtDm9dJPNVk0HNTZelfMuZwTUD7XMB0SuOIbPaOXVYV6UaTILreUlLzuF66x0mULQcId5B7pX48hIbEDx9UGGBBJz5pflVvVl0f5yXOsaIVjtRpD4MaD3FScBnV/zBvMvPXzZ0qhYmBPc6CuTXDV2BilVz0loqd4G/EYdmoOt88csSZZCG48D097OTVL1faztKV/5eIsBGUsO6qMwLNff0PTpbtTXPK1PMTwpkQ1PwwTOOE9M0JCGJ7bM/UsfxxUECcLUz1sqpjoo4TOkqsURVmlPvQxd4F0yrGFUUtFjVWxhhE+d2Z6CMGiJxcaGWBVjjELY0sJY5OyTxqG3vvu+J8n8Jl1NosSgSxwf1k5OzyCJlTHnuREvQ/YgtiG4f9yS4xcXzvK7/hKcJ28aTDg24HyErM+toS6oI8NcsHNHYjUHTTjKsW+DC/hkoIUgsA2ZrUBvw2g/2FSztT6mElv7GY9FhK68LHXwUSb+jqdQqu4hZUPsxR/Yn+kKfIbuXtTdbQsXmC4UBH3VtIo9Jektx0RfyBNx858J9Ws4rba1E9502ewluRXYUyM5LEQ/41DNFrjw8K/3PQty8DPMd+pFhXKSyJzgrJ7t1ToOoqJWuYGRd/fdsPWGplmqwtApRRN95o4xikFy5TXBN6N3AnCVXrWpvFdh5E+mWnipp7r8wQLTT+jm+JFNTYwPdkMZ2o4rmKelId4vOcprhbxEd9X+/ArqSBFRyne2Og60Pi5y+8regEB3pKG5pghRc2uyL0KFZnMRzHUmjxgyQUqJsTksr5rUbY6D+W53ZM+B/o8BiBIQBxm1tMgR0B2pEi9GXv/qbuwAUaU6hGtck+1+5MpDj9g3MfwwmD2KXdaN5SAsT91QPG3liJSBbgtWh9+2fJbUpyzKhH4YlwoHN9yjYEB55fqDRqsCsYBD3DIhUhR9m3jYIRSSEuLcD5+U+og0LZpLNvzhh3MCa4C7UHSIBpYmSXnab217/KVhgdcWjfVbnuqWU32uukLJ3KXXDZ2ivuTYfaH2PqZwBhur0Ddn+vi0n0ywtsDXvLufW7KOnpW96717c+x4WiMaEdNPmccpx3NYvQnXUqC34O0zIIjwXKYDDju9vkLplcHJYE51ghYZHF2qUZFPzNmBl18PTrx0qYPRCsjwvvq0QxDtYjKKDeIZqNdV5Dk/1/1W+KjP5/CoTteMt+h8ZAuOd1jHu0T34STCfRQUJcgFknGQwzrr0O6DUrmX5wWHmqvT+EQ5RUYkO/SH2dCwyKXnBCULRLnNlGKKbUNC18aqZllXPJVHJcru0ilGqwRkrmPditaLkRKj5Tr6UEsHCL+fOi9tBQAA4gwAAFBLAwQKAAkAAAASYptIhav3wxUAAAAJAAAALQAcAGM3MDdhMGU5NzZhMDAyZjI3NmE3OTZkODgzNGVjMmExLmZpbGVuYW1lLnR4dFVUCQADo60gV6OtIFd1eAsAAQQhAAAABCEAAADdtgLUIaDM+6/o3NmjGhXrFnhAIv1QSwcIhav3wxUAAAAJAAAAUEsBAh4DFAAJAAgAEmKbSL+fOi9tBQAA4gwAACAAGAAAAAAAAQAAAKSBAAAAAGM3MDdhMGU5NzZhMDAyZjI3NmE3OTZkODgzNGVjMmExVVQFAAOjrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAEmKbSIWr98MVAAAACQAAAC0AGAAAAAAAAQAAAKSB1wUAAGM3MDdhMGU5NzZhMDAyZjI3NmE3OTZkODgzNGVjMmExLmZpbGVuYW1lLnR4dFVUBQADo60gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABjBgAAAAA=' AND file:name = '457b4a.js' AND file:hashes.MD5 = 'c707a0e976a002f276a796d8834ec2a1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada3-e9e0-493f-a047-4915950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:35.000Z",
"modified": "2016-04-27T12:16:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = '457b4a.js' AND file:hashes.SHA1 = 'd00ce4dec38e379e557451cf3cf79bf24957fb38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada4-36e4-4e73-8ca3-4ba0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:36.000Z",
"modified": "2016-04-27T12:16:36.000Z",
"description": "unique .js file",
"pattern": "[file:name = '457b4a.js' AND file:hashes.SHA256 = '0a5d8efa11abda2a2ad2b90cff3867f67192789234e3ca56ad10e7c40ef9913e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada5-52f4-4f50-b28b-46d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:37.000Z",
"modified": "2016-04-27T12:16:37.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABNim0jCp7nbewUAAPQMAAAgABwAOWFjMTIzMTRhYmFiMmFiZjVhMTAzMTI0OGIzYmYxOTZVVAkAA6WtIFelrSBXdXgLAAEEIQAAAAQhAAAAa+uQTJQBTxJRqf+nQ8EyEpB76KUFysbnYYXU83HD9xoEyhwk79MBLo24PCcXF4GoypJDQXBf2ng7vOde0PYhCoZdHRYJMiDU5ANgigcSvRcABxL4Ie8MtsC/7wy9k7IbmJ0uuXuns8G9sGlaAwia8FaGFF3Ga3JI1otopDQFLb5GbgwCsNo1AIDHltjSm0xbKymU0jECIvDjx1ggb4mQ2mkGomoIP17ZJvI+kUdGgstQ6JsBGMTL3/IzAWdvSI4L5XLBfJ17zTl7TMIlNenpkvB2HQUBzSZpiH4ecFpGM5e5IOOC3/8t8/8COV55Olrn7A7d2c/9gYpKBcdYY4YaPV0yslrquyXMUuxzu0EgzMdGDYXnJ3lZ9HlRV090PEm46hXgWSLitbPZfyREXG7u4R5sWY6Ds2dAgVD50fORUWmTpCQdHrGZT0vZmJC4fwvrD2EVCn5dtr8MbfNvow7D70MMHiQm/7kHCPjwiVdaRsDUzbWLu6Y3e4oCnssoKVGdHDCJkdYhuLmkjAVCsPad7D4m66GR/zuoJGr0rmC2NmIdSMsA46W6VCkgLazX9A5j3r79mQcBWqNl1vjJSxgMU0CnCZCUsLDQoygCHA6PPzjOApoN0QV75eWhWX+xZyrDB1yOxcX08r0QHNPfGfSqU+Kaz1fU4XsqSHNueDNb0A4uqVxn+tRPuewuJ8tcfT9ZOfdxYcHBz4DHi+lDqlbANcp3mOrjxWBO/7i37AkG7Zi5lexLEHa6CTK30hmh9lEuErSzDfkRJZ3eA4vj+VpxQpQoTl3/TNH3siX8eZ0imqy6rVxV9l9Jfd1BjLW9cOnb9PDBiTE53PNa257nB/PQtz6KsWtYW6/UIfOSY3lEApvUw/8UhyhN3wmPxr9VeR6xbBq5U3Vs0huzK5H8tzRa4xANDO6s72nTuDArkks0ZnCdP5q5n/ov8NDe10Hkk7OegCeYIgu4u2kguX30Djv4a2K0TK604TaF5uHr/xD3xJwJiWENkqNILePSaUXnG2+ei/hSSJj47bj9sHeIu2cG3SJwqG25eBck9atto7Ij2IpFLJC2DxmQZT4AnCBZGAvTyRnOEBzTi6dVZDZ+uxzf/Xl2J8M6MWmH5yWCDFG+vL0iVhacMw6gL8LDRWLwQjmR+vbdI/0znmhdeVBl2EYy2mXRcIEUv1AER9igW9KC1n9+H5rncLR6hVF5Mlp29YH7LguSk3lDhxVkic2JAKb92gzCxHQuHFtSO/UyQneUD0JPhx4jyJW2pglTHWxLxRzWO6OYK7CXMqxpnQoOgiuGS6kBdNDTxhA/1h6cZE9yrIwSewvhOpJB0qUTgD/cdSkwZEYBw+hFhDl4v/d3su0l8SC4x1rrIb2Kya+Zu0ys3dgTtLG4C1vIpQjCiEbQPPVEWYWcT8Q4I+Z/FId60vT17zW6C6snWpSA3x1JvtznmR5BOko02kj3yalIfjjbfHDGsfGlYbweHW9UX0S0JdyVn/nXIIKK6wi40Gd6H4fP9RV2g8bvxl9sXk3GvMysdtAYNvwD1ATOzzdxd55Pjnnx6kGLDhSjdiwcJmAOxIlkf0J8e0c8BeX8WL/APHCSULM2cT2ZBitULHnTOY3KvGLKocz5DaTvufVHWIA8wGco5DGE5YhpObEv0tlAJRhfPdg7svWluXIJ1mIFzz8zBtmhUtWCcozM3TiOQ3Fz6KmOmst1c107ZQFu5YkIk0WpW7GkXXgN3oTGTvFwHGTu++rkKTuDTu58ziAEOE6tw2K3HZms4ub+BrleCdiDC8rd0jyMjZREqnJ3u6ZQwKdoyb8bgtvmB0Cx1d3rZQxJAgJYcyJsMT3V6fuTFfkW6hppm1lSIZiOUo2ECub7dv5QSwcIwqe523sFAAD0DAAAUEsDBAoACQAAABNim0hu/8CmFgAAAAoAAAAtABwAOWFjMTIzMTRhYmFiMmFiZjVhMTAzMTI0OGIzYmYxOTYuZmlsZW5hbWUudHh0VVQJAAOlrSBXpa0gV3V4CwABBCEAAAAEIQAAAAalBWvWAEXc0gFHgvRmAbPtx+0wqMZQSwcIbv/AphYAAAAKAAAAUEsBAh4DFAAJAAgAE2KbSMKnudt7BQAA9AwAACAAGAAAAAAAAQAAAKSBAAAAADlhYzEyMzE0YWJhYjJhYmY1YTEwMzEyNDhiM2JmMTk2VVQFAAOlrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAE2KbSG7/wKYWAAAACgAAAC0AGAAAAAAAAQAAAKSB5QUAADlhYzEyMzE0YWJhYjJhYmY1YTEwMzEyNDhiM2JmMTk2LmZpbGVuYW1lLnR4dFVUBQADpa0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAByBgAAAAA=' AND file:name = '482ebd3.js' AND file:hashes.MD5 = '9ac12314abab2abf5a1031248b3bf196' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada6-79d8-444c-a03d-4444950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:38.000Z",
"modified": "2016-04-27T12:16:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = '482ebd3.js' AND file:hashes.SHA1 = '6ee17935518992153ff0117b587e4365257715a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada7-8234-4543-a416-4cba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:39.000Z",
"modified": "2016-04-27T12:16:39.000Z",
"description": "unique .js file",
"pattern": "[file:name = '482ebd3.js' AND file:hashes.SHA256 = '684d82f2d03b11467ba60d075a0065804ce05b613017aa7ea3cac80c5fbacbe7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada7-b9a0-4e64-8ed2-46f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:39.000Z",
"modified": "2016-04-27T12:16:39.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABRim0hT2q2TdQUAAOoMAAAgABwAZmY1ZWZiY2E1YTQ2MjYxYzM5OWRmMDBhNTE3MGRjMDdVVAkAA6etIFenrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1ENbr9dN7/TsaFg4yjkYMUDJOfsUXkxl1NgVRxpprYMggERQfWlOwO+RkDt6uJaDK0hcPPNDeomvz/Drlzozjxx5JExUq9otbH73J2fvkcOgj4JPYl8jfvL5sExZWJzCRXSwTYRVZgHyS96b6+bQuZSOhFQ6I5kB9pvS85Uu2xvvWYFo4hfHm8Ms1bCyzJup5IEZGHSRaCNUoWkl97i8GUaiR2BJmSw/qsLKBfNmz0LU7TI1iTGQWxeKVq5aeqHSGgUUvtG3gfipwrRuvwEVqFH8URbxKeCzkqHrVCenylmWIXcL1k1SIFr/bPLcVj+04EuhaGFNsU3GWtboYn975zQGQc4lHL3nLM5mFzs9HlCJSvgLwoyILASv/q5Jr1oTTL/WEKco45HTk0meDyPwqcFZsn4vZzxRlgSuPhuvltLBzt8a5wD4trTRO7OuvUMpOcxLS4fv2M57rO2zVYXGX99b/AXJBSZUAo3xk8NptxOAczWtB0esBV2W4ysCG4GUpWDnc7jJIBbu/GbuR1ZSPtH2TnPYl09VNjJDdreh2M4/8TuVXsYcn+vAlQSJXhcy89lssG1BCuCGyckbBMmzn82Ws0ODSXo4+cRa4Zz1V6VUFEXiH4KwBPqHOAezlZE7GHt5lam1NNnC57YZhEo7OdttEJzIvpMVElYValFOE+NePSooTut4E5s6EqGyTBVwXTFrTSGL0vgjYWj/43fYfhWecy+Vnzn/5LjUxklBY4msCyiHZUCHXMmJYQljXqwTogdClYI23tTbpI7QVOrSXi1BtwUXXHF7WGH3LUj8djTsmOasXWSJfiTs78u81V6JkgK6WaosoMbuEoLbHTQHD/8GyCZAf+/o04Urj/qymUJWk25zFKyKYlsA3tc/hp3Xk5eStNoMoUMiU9KtZ0dEJOIRUNIL+woPxtYoC9oH8WdVAk6LwnMp9GBq2pq/M9zzZi88pPhWBruQmEQ+Kc2+mmvvbI7s+t+3/9KDRVFHD6NZPOAjwtnN9DDOVN2ewpfD8m9ZWQYwdLfdYCWRluDXMPp/JoQJw0yG2rWkBwn0HO+ls0AOMNQdBn8bqTbjp8D2Kn+agZxg89tV5wGRzxvoHN1jCKxwk6pvQDnZnvq19Viq+PLlSlXZiMryFmqun3YzCiccKoAMA08IW7HfEr73VyshpHikdGm30ZkfzP+1dHTX0ZKY8I0sFGI85WFLuvjdZjgIHlhx4gSKNM3xOycR/85wVdgnSsGbhyjsGWrt2nzxDMdrVfZ95VBclZhtjYGBUZCmjiZp/iiM/Pvewtmmw5aGKc5UmGszULrFSEaX2LUR4vuXADbuTxgVsA1STwL3KQfMJcQtgulh3WWGMdJOuveOL2b8S3IA/1FpKaPWYF/mnW5VuzS133MH9fkMxtYk9AHbrtMI4aCpzTUR8qNWrexibeaq+P+kUsKn2O4QiVp5PcuddxA3f4SbuFOM9rDPZJYeuG6hZO1SaTMkEwvr5DV2r01gavMIOLnZ266qMZ1qUnf257lzo1bDVKTu+k2cmulM6OQrOsIoYyF/A/W+9EIYcBw5iv2tDKDvfTnk1x2R7m7vFTsNwPW+PIA8iXVY19MhwEtq9OS0YEkcltBgxL+1jh1ilgrz/w/3RY+Pf6ne7144UC/RgBvaadUYG/tzFKU2ssQjBzMTtgt7unke8gYTDEUOFVSkFAqoorUVUX8X0SX7ieeNUjZk7Ox9Lon4a3vdatPtPO5paOPQvOASFb7n/ASC8mu4lUtgMTfvSKAFSSoi9oTEc0Fl+vPh9J7nxMcwn0hFNasiaY4m/rEhh1VwmiIcTuvJQ1x7Az8+B8zs85dgAXbWJk5fHnRQSwcIU9qtk3UFAADqDAAAUEsDBAoACQAAABRim0iRmLf0FgAAAAoAAAAtABwAZmY1ZWZiY2E1YTQ2MjYxYzM5OWRmMDBhNTE3MGRjMDcuZmlsZW5hbWUudHh0VVQJAAOnrSBXp60gV3V4CwABBCEAAAAEIQAAAN22AtQhoMz7r+ja3uRnl8IADc5dxQNQSwcIkZi39BYAAAAKAAAAUEsBAh4DFAAJAAgAFGKbSFParZN1BQAA6gwAACAAGAAAAAAAAQAAAKSBAAAAAGZmNWVmYmNhNWE0NjI2MWMzOTlkZjAwYTUxNzBkYzA3VVQFAAOnrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAFGKbSJGYt/QWAAAACgAAAC0AGAAAAAAAAQAAAKSB3wUAAGZmNWVmYmNhNWE0NjI2MWMzOTlkZjAwYTUxNzBkYzA3LmZpbGVuYW1lLnR4dFVUBQADp60gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = '549f377.js' AND file:hashes.MD5 = 'ff5efbca5a46261c399df00a5170dc07' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada8-b348-4afb-8b22-4b5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:40.000Z",
"modified": "2016-04-27T12:16:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = '549f377.js' AND file:hashes.SHA1 = 'e307d636d19ac1624edbae93dc0c507ea737de32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada9-0008-4b22-80ae-438f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:41.000Z",
"modified": "2016-04-27T12:16:41.000Z",
"description": "unique .js file",
"pattern": "[file:name = '549f377.js' AND file:hashes.SHA256 = '7e5f4851383ad3cb2cba784e13b723a86c44116e0846d0278ad6237e63f1323b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ada9-7598-414a-8541-434d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:41.000Z",
"modified": "2016-04-27T12:16:41.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABVim0i3lylmbQUAAOQMAAAgABwAYTM2MWM0MTc2ZmI1M2VlNGY5ZjMzYTg3ZmRjN2E4MzlVVAkAA6mtIFeprSBXdXgLAAEEIQAAAAQhAAAA8Hhz+nNVhXjI+EkcH3HAOyqoOexBWhtzt9HTvx2z1q8zrlQ+gw8E6JrQLCWobpIcGWaZ3jwFp6Tx1UWtgLxis+mlFQoskqfn+ExbCca72rClg5YDbpiLKg/c+bkdSPYKAxQiGq6s2XM38PBxP4DZVTWiXwK6tpoEXDu1rPI8Fj8KsBJ+QuOduue7VI2FfZ6Rl5XoKcZewFkEhetiyRUoJgiDjeJFKA5RhkcOytw16yQiYaeVsp5uadvEZ1yWruZag/xcMGSCJIWwQVakV3LGUi9U0c0K5o7xNLfwavuGl1CUn0bcEUVDifFL7uJOtagvoAQoQPIc/VCba2QIkhjU6ZIVxh9HULjyFlZKMEIYA37dNPGV4lYzEZtqHJYFlDpwp3lqCthi8/JmfjxNNMIQEf90xujWxzoabf5p7Ecfr3t00DOVcqIXQJsDkhiz8x7Y5oYlylD1LD1+T27gOK9yS8h61TL5tmXcaHLT+A4NZ6ns9xEpoDpAHnXJ7B23plXp/RRp+kGONvpjcw40CUwpXbv/MQspOFbeVlpCX3I24sV2eUpTKUMVZztjcsJ9n0GhimI3iTPgDluouznmuzmc3vFQoE7ScxZOkXKhO8Lh33Uy5TvU2tv9GfbRl1FM3tSnrb0MvC7IxSClW1n/F5E+h+OxR3RfZkycxSmY/X/t0M20EvXdKKsrDCqtj4K5PEAN6SnpTHb9BBrWCZZYBxXiaArrvVvvQxJi3q+mUF+/ShRrXTVeIqI+1Mjlv2LWCh3T04DqIzhd36eWIF+kKZqb82QRBmicpVjd2h6gCCTI+Lr0EIeoHUoa1IG6MhvawMd8GVPM2TfKB0mCLUZo5c9H8V36OhAISFAWLjQWSZoe3dEA8aLm/qqynwopU+R+6JmsYI2roQlqks6/wn6s3DIoGUajwuqGWEik/X2BDKNVrPvY9+2NKz7RPJm3Ot1rWGAOS0IocEB/jaAiue16Q5otLi+u3ywZN0FKlTCKqdhAGnBXY6eLqAgHuCenCJqzu2TRfgvp2LOP0kxGIPN6AowQnkls7mmuqHvpAVfi3EAJDip6Lnu8T0ta0bXy9uHth2mgQxKHnmzm4Y/JlEfYAMLfExQPI/YzUabQLC3Dz5b3nyXjg4Z0RwXE9eyh2DoBlMZF0SbJzGHef56PHTCCaSkKfg6m2W5ZWh33lvzLuU4a1zm2zfKSvV/2h+Y2D4R92/PCWIxpDHwC8rJFEVBy/iuMNHMRo2zK0om9D/HcEnKRnvjJCfqTaNetIyG7BECoDhRuWkCZ1BOu+uSeEW2MMgWEjaj/iO+N1xEMO+WRtUOtrBt13GtWsthkOF0U8uBlwGKpPUNQWqGjuX7glLfpiMv+XxoPtq77a19sSgpP+r/fYAmQmL8gkUWpctes3xS8uxCx5jViZtuNmpmyDvh5KA/arSvhuzHje8nFVINdE8HEhwLKa8pfLoSai1NZOmB45+CdapDUR3QKEgaO/i+lHtiGWQTBoVhujQCWnys0VThkL72WIpb1tY8ADuMRFz2unLrxbHP9nEbID2yG7XgWQMM0zhFmOKtHalntO/3e94WVDk89xCGLHzOP0m35/X85inRo9U9RyTu92vCKM7ttzC4t7uaP1Ab1qibfD5MoEOCKifKDTyPF7mEbgPfbA6NU9GU4fe0I30Mm6i7kcbyI0r5nZfsgdd50t+dIOcbLskeVR5ywGARvkuX+SY6ePAKBxAjjrBBKbhV8s8pdCol7wiT7jRORB/FfuI8bEmqneCwsvN0b45FIrQ7gqcnRpmI9w3iGkwUEWS1uSXcUx5R8Ji5Cf3z6O7oRoge6X3218s/mfXoxhZhyfq49oeAtJJZtUEsHCLeXKWZtBQAA5AwAAFBLAwQKAAkAAAAVYptID9BzXhQAAAAIAAAALQAcAGEzNjFjNDE3NmZiNTNlZTRmOWYzM2E4N2ZkYzdhODM5LmZpbGVuYW1lLnR4dFVUCQADqa0gV6mtIFd1eAsAAQQhAAAABCEAAAAgCv+1/M0R3e8l2NoGLhJ+Zt+W41BLBwgP0HNeFAAAAAgAAABQSwECHgMUAAkACAAVYptIt5cpZm0FAADkDAAAIAAYAAAAAAABAAAApIEAAAAAYTM2MWM0MTc2ZmI1M2VlNGY5ZjMzYTg3ZmRjN2E4MzlVVAUAA6mtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAVYptID9BzXhQAAAAIAAAALQAYAAAAAAABAAAApIHXBQAAYTM2MWM0MTc2ZmI1M2VlNGY5ZjMzYTg3ZmRjN2E4MzkuZmlsZW5hbWUudHh0VVQFAAOprSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGIGAAAAAA==' AND file:name = '554cc.js' AND file:hashes.MD5 = 'a361c4176fb53ee4f9f33a87fdc7a839' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adaa-b370-4b80-8857-4ded950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:42.000Z",
"modified": "2016-04-27T12:16:42.000Z",
"description": "unique .js file",
"pattern": "[file:name = '554cc.js' AND file:hashes.SHA1 = '250d0d1f2ad99714399e6653bdde722b2bcde318']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adab-11c8-476b-848b-4527950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:43.000Z",
"modified": "2016-04-27T12:16:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = '554cc.js' AND file:hashes.SHA256 = 'b31168c5cb3138bce6cc5dd7c85ceaef3902b5f59e01d32bef7c177c548b7d8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adab-e384-47f6-911f-471b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:43.000Z",
"modified": "2016-04-27T12:16:43.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABZim0g6oj3TbQUAAOkMAAAgABwANGQ4M2UyMmE3OTg4ZTZhOGM4NjlmMWNiOTJiMjExMjlVVAkAA6utIFerrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1EHt72wlHcp/1i4m36caHM2fXsNDzkxUC15LUzpmkQEsJl8efTPx+VcdHZHRxjjwz1/tYjdBn1Unl8V1rt60caNw5xoAA6B2xTRlGsJetcbkWM58f2mmyCbOyO68LA0tbvDEYH/NzhMTW36Gua6163ujIuRz11ss2UYEMcS+whejCHMWYXH9H06kKCvLBpkcFHXNrkiuBtsJy9hBoKDtsEldS++xWZwlm5fzAe9HFX1iyPCaBUbE6ahLzqs4pl7wqiEACE5DiXgIUuQq50Gks64QNp/L0b6etQcQhJJzZGCI+cH3ga53CywzybC+LiMJt/eCvoitRSccFzpY3Syoglh/Kj5ZhEERXGbciz1+y60bimQW6VimsWtc6XjFg2dYoCeyqsBU285wQUt1/Pic+NuZM64zJVsDIyf3oBvaKviE/mtZ7b4Khc7NgeQc+dBkmtecwmPjB1yHcXXL2ESSVJ2rZqkkHyMGzVBHknqPwEZkXCYrtNgwZ2V/phibLIdlM98agnjmlktbcHzqzNipHYNBlyLz8/q9p2yTqdIeVGweYADebF9XXuiG3GMO3xgY4sFFY0LibKiaLrYKoIaBVsZNN2KhjNdZDmz5dY/OO3+LgnFKdtb2D4LTQJI9PhUN/a9fB64Sljoa6SowNWulPF1K1Zd8cHTaDUzsCGPs/D7PncmD9QSsK6NEopNnYcKUYoc4rxdB65P8jmTrC4vWkty2bYMXN+JEkUo1xjW8nb3QKtdif7nzV32EIHrTzlW/KVdVObSoM9TxwArS7/hSdRolTZYYv4wE6vaVFN8diCArp5a9JRUs3AEx2PKClYpnf0+NciKY697u/bOA2LV5OvpjdpwhhxH0vL3txXGSq+knvc7bm0z2wK1bi7MR7VoVyALBhI0TcjGcO6Hto3TsIfKdBdHQgtiTZwr9h0f8pcbC/my3Lw6+/RWFfrBzbuxBYqJ/r/IBR22KK8I66GtsBZEpe+PyeegJp0ND5yNLQ31JQMKdlUw7ta2AYzxj92PFRmjtvQd+HtLnDnnf6ptyCzubILC/cymV8vTGFB0k+kBh2qu8CB4EU2HdfDa1PEoH0giPMMDRGNfCFFPyT5PaZgRSX47G3ktYnM/N99THxm4uVnUFhjP+CPC6VGpV4kdT/+SqFn4FVHBJtfTqTHOGf5vgZtNMmVnx3uV/WxxI5KvC0uOZ7sVnFxsBEra2wl7iuoRCCj5v1MUMUCoNdXmHfx+1+UJk0LidCo1pj9AZ60PVgnas/PRYwZs+wGBl+/ClglD701d9pEr67uZTIzftFhZwceXJYyifGe5+sMzR9ETrte14BMT7ohEDxwwgiqpPIc8rusGpeR/QiOeiu8Zpl898H8Lspvy45cPWcNRski/N1qVkrEmwhbdtrzD4eeBW3Ptv4oVteFrkvItrnfiyCa07uTXSyzwPuT+XGN8jTxQmj6N2gHtODfUwN2852zpF5zt73kEnFWPt3hiCGnHP8sFkqLUAQk5uXonFQTWL+y0KpVsjXug0KsFMp6myve0CgO77C1vWtA1Y66HaTq1YKcx+0+woUU6g1ySscZzhOR63EJJUOOfjN7ZWlk9PbbdHrvpgM/GazgBoeSza647B++0MxKwaDGBeS4dpxIm+qt52xuqMpP4u0X8f8bL5CuGo+SkdYlY2VggbXsUB64JH/9SO2OQqtLIqgwOljnPbQYbuLu9gTPl8nqPCKV9hE+Mn+3ILb58lcsa/uAkXQzAnf9gyOFdOMk//hZTQYyI1KX9GNGDMVxknDoWb0Aylzm422zkIK+lNrbc62ouLdqFYLjUSL082a3ZZayOsnPIlURatIcE3UEsHCDqiPdNtBQAA6QwAAFBLAwQKAAkAAAAWYptITmEONRYAAAAKAAAALQAcADRkODNlMjJhNzk4OGU2YThjODY5ZjFjYjkyYjIxMTI5LmZpbGVuYW1lLnR4dFVUCQADq60gV6utIFd1eAsAAQQhAAAABCEAAADdtgLUIaDM+6/o2CVwPxsVSRaw14BlUEsHCE5hDjUWAAAACgAAAFBLAQIeAxQACQAIABZim0g6oj3TbQUAAOkMAAAgABgAAAAAAAEAAACkgQAAAAA0ZDgzZTIyYTc5ODhlNmE4Yzg2OWYxY2I5MmIyMTEyOVVUBQADq60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAABZim0hOYQ41FgAAAAoAAAAtABgAAAAAAAEAAACkgdcFAAA0ZDgzZTIyYTc5ODhlNmE4Yzg2OWYxY2I5MmIyMTEyOS5maWxlbmFtZS50eHRVVAUAA6utIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZAYAAAAA' AND file:name = '660df31.js' AND file:hashes.MD5 = '4d83e22a7988e6a8c869f1cb92b21129' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adac-d15c-40a0-a789-4855950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:44.000Z",
"modified": "2016-04-27T12:16:44.000Z",
"description": "unique .js file",
"pattern": "[file:name = '660df31.js' AND file:hashes.SHA1 = '5a4b49040b2fe86c599d835303f337a999fbec18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adad-fb30-43ec-90cf-4e22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:45.000Z",
"modified": "2016-04-27T12:16:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = '660df31.js' AND file:hashes.SHA256 = '4ae68705dc40d37462d11056039306b3d45d7c580de1f3854b354eabcae4ec95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adae-50b4-4143-af5f-469f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:46.000Z",
"modified": "2016-04-27T12:16:46.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABdim0j9KKziewUAAPEMAAAgABwAZWYyNjQ1NTVlODFiYzQxYjZmYTU4ZTg0YzQyYTIwODdVVAkAA66tIFeurSBXdXgLAAEEIQAAAAQhAAAA3aWzOOj56mOGVE/IV6JjsC107BiHgNSirtIKypm0pc6Hpv56dJoJGPwmHf8Mqzl+ZyujoXGbtCB41Bz/j/xpTrl9XkzxeJwvEnGIkfQaxZewACFG5tXywH5m/OwTLJMvel0gULZFCOScNinFJJctTp+SZ3DHIJqQdXG1E1uxjgcYKcMjlPwvUgK/lCjfafmjX2wNnmiLjT+zUA6yX28r2FHROnD0eAClYKcD/HHMgBnL9B2i/vvnh1JawHMnD/d2Z1DV9OUMdGkHUGYCrJ23OMC8/WPbzMPsSOf/WWI5Di01EODUA5IKol0ft1K5WWyaruQELLWJ/HVHiXPwKa2tvPTOobiO91l+ooadUqtXnbY7IUenzRY7MXe/Kb/jZ6EoDK+dIHPfTxQmqyrxT0PrU7NYQm0Juo/grrK7tOftb36MducimVwtdHczPtW0lCZwA2j5gwC5bqKOdVyOMqsx1AVoKNUlCcphBz/wzgdirLQS4yWop0RCqwbGk1dAZCVgkaRSvAal5HDOQXSXn4zf/Ex6BQfa/mZHAGIyVlvTYgZpHtivnw7U2xVyUT6sTrzbjpMNNSK/Ua0EqpJbAiL5jAeK+hTQSTj2WfLC8WEGIoFXO4g4ul31fHQjZLBj1qG2gihe6k7qaCYQoZAMUFyU52Df5kQrqdEKj01IQK8Htwh56c5JTAcFAdHhTL+1LRxJQac4RN+F73o7W3ucIPyMgEr1IabEH69TADBevNL+zjUjVM7vw53Ay05RVy2SmSMjLvhsqYey5JwjI8nngAfJci5KJ075E9zFPuta32ikCuCvSEU3sVfVlPyshlGxxGRYKsrEBebKOTcGcJzfV084LRpwMwsCwKWZajZbctzeAWDywOKOqNkm9bjvjpplYRDWARo4NQS+hvxBsZFuuWKcWKHjSgF0K8g0XAPTLaECj0xwKnFXKm6Ca1kEiIPGpLXslkVBsKDFfMOVSO2a4di2qpywZBWu0Jf8RwwAsvCYDLE46GOTKIGTQPGmWumld0HoqKnQb3AVQ55WMVQy+PjR1zkC31Zi0KhvjlXd6N0W4SRlQJjRSVnnnI7tFLTxQGI7pZ4TCihT+kmoZHYoRqp2nwipBeAhnTYEfKkVk3iIZln/9sMfh32KzSoM05XB9s2mm3frnKEWDaoFMLrmitSXUYqm49poqk6olzLw4WIQBIDBjKNFXPvOGPxTX3zikJTy8xulMHAjJL0Xw2wu1YZIUmlJgv9F0e0BaihNu4/gFGqlolu/va3YqslgcRn7yDmyIWqBZRbD4UTvIv47KxwHqqYB17RX55pALlYpeRg4d7HUoaMzQr/9r4Hr5EEWWZWpDopi1XGdwXwQaMf3TdVaiUfCwIxnp6RqNoqK4iCVx15kn7/N02vwq9BnSjnw0eAK8r5x+yo9waw4pLaGCSOTdXMsYp2Z/O7bxC2AHh4gKh1oM0JWEzoCS+68PRvQbeu+Br6hEgBb/ILQCY6kMAGSfbQcNdc9hO8BuLI/fJRGDZ4OIbcyfn4Ru6juoWWN7jED8mYlChPz6TrdGiS4f53A3kyO2JbHBmhVRgTwL6erPaf4haitLy4Cn8JCfMwz++7+l4lPHHoTGguWWgydxkz0LTEpEqUju33MwVIG3WFmGrZ+D2+J2hqup/YcmSUOewVycZ2OSqomRIOAt5i7Lc024IEArnozdjTfKlCIZ5xwEdVFNc7/dUdK2BccWe4xfKTjJtC60CAbBIfZEQRPuHWBRSZJ55G+Jy2m1WwsA71Mu/HvnCk5+2wQTnWTKU0J57nigtDLdyJLVe3Gnzvq3ec6KctzRXgjTJDY3zQ8nAhgG7UCoBPcsX8GBbkc40PEwkIlm/dChzOl0Km2MtRQSwcI/Sis4nsFAADxDAAAUEsDBAoACQAAABdim0j/OK8oFgAAAAoAAAAtABwAZWYyNjQ1NTVlODFiYzQxYjZmYTU4ZTg0YzQyYTIwODcuZmlsZW5hbWUudHh0VVQJAAOurSBXrq0gV3V4CwABBCEAAAAEIQAAAORuxm8m3ttvnbrsYmfk6oZPcmhB7tdQSwcI/zivKBYAAAAKAAAAUEsBAh4DFAAJAAgAF2KbSP0orOJ7BQAA8QwAACAAGAAAAAAAAQAAAKSBAAAAAGVmMjY0NTU1ZTgxYmM0MWI2ZmE1OGU4NGM0MmEyMDg3VVQFAAOurSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAF2KbSP84rygWAAAACgAAAC0AGAAAAAAAAQAAAKSB5QUAAGVmMjY0NTU1ZTgxYmM0MWI2ZmE1OGU4NGM0MmEyMDg3LmZpbGVuYW1lLnR4dFVUBQADrq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAByBgAAAAA=' AND file:name = '745d144.js' AND file:hashes.MD5 = 'ef264555e81bc41b6fa58e84c42a2087' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adae-623c-43fa-bb81-4f91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:46.000Z",
"modified": "2016-04-27T12:16:46.000Z",
"description": "unique .js file",
"pattern": "[file:name = '745d144.js' AND file:hashes.SHA1 = 'd372c2685dbc399f9af2e866b01fd91cd04db4fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adaf-b87c-42e5-a662-4a83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:47.000Z",
"modified": "2016-04-27T12:16:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = '745d144.js' AND file:hashes.SHA256 = 'e62e5763c663b9fe8ad1309841c5e8031f1323b7efb59824663d43e084c1cfc8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb0-5ed4-4161-849a-4925950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:48.000Z",
"modified": "2016-04-27T12:16:48.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABhim0goFZqFcwUAAOgMAAAgABwAOTRhNDkyYzQxMjc1Yzc5NWIzNGEzMTFlNjI2ZWFmZTlVVAkAA7CtIFewrSBXdXgLAAEEIQAAAAQhAAAA+sYl3JcLxy903iN2DzqwuTliWpSF672NLKzHCDmZXU9RXglrTK83AxGf92uUsEYYo3R1jANDrHdWFvvNaeFhI5JsWYMeVezWDGCc/UqdBoOD53wcOXKVkgTUwDaiK/IGwoJmmiT5Bvuneqnw4Qj9dCkGEAxsZKpTJ6Si3cR3I/NHQP28X9cC1z17uEC+XOueeiUvbPDEjfC1qDVQ2h7wMfJen6W8Pc7Fp8V3uwSYR7Sv+80G8n4X/cR4XtRgD8RgBuKVo8gFS86/Y54CO1E1ZdiraVgcEjlMrRCvYu6mjP2tFDHeXTs6yy9M+/QNubVig2qMgU+KStn4Q42g8JRslxPplmL1XkNSNX/xHGbE9CfoxW6p9mGVYhG1XKs61T2ThNTTcYzB4TaUnkIi1P+MI8JTEZykJKs28qgm6rNGlpzljoNiisnQzYvUN/PuoJGOPqhhtZFzfnTh0GTiAIRpBytRESJO6QWfPkASGVTigccdc1tb3KgrYZ6mDMB0GL24A0F6qR2dbByYg/p86XZgygceMPqDE5fpr4zhllUZerGcK60Jyf7Pa/5So+AIrsw3tj0qu8D5zmautM+WwjWog2tJ/Vx2NSYVtV4o+7ej1A0NIYpE5Ztlg9yDZ5cRe7wv7Ggft6BLVFAJIk2njuVBxZVibo832I+FslPsw9St2SUDN1pZ1QFeqao3DV9qqDOWZJwQxfnoPR5hpgcahjxjKve4hvS4Y6y4f4PpyaoQFCXH51B9kWW/TEzqIRy+5jZFlouapsc7PYOMxP3kfmi6UU7hUQ/DxcSD1ScIGul27DtORv3SZUR5gPZguHJhce5US2SVr8HKv/xg5PyHIz6xKaLYVpwjCOAS51EsNBRzio1/WZAvfVLCWTzARysJpssNqIthB11lZJ8unk/BmA7wA2H4Uq4E3hLIp7TySdKbRxuacBpku+OBfGIVH77yQsqP2aYjEzdNCdz+yCbIkSfx/WTTdmcCsbbQDrnXqdR0+MWyKodWpxMvbTO3VoiqgWXQhDc9+4U5rud1PdAwZEy3tWNAATPF8cZGDjZsm39lCtzaUSJGnYyOb+KZA16pGxOP047G1rkprLUgFM34VFN5fpbZ/gF70xwHvR7FHn4CELwglLZoHnHbpzfwoDeUUglYj7Db+8OvrLOyZ/oOgeuplZoQkMZXl5MLbJBnTmeRmopBziziL54yzMdeSdi3+FyoK0moj0/Rir5YcQfHutD0BcPt7F+JqFwUOigw3n3eX/R/C55+imc45j+8D+wVW/PHsq7wJILhvjH+c8ZxRfo8AYtTQUJniVQns8JtwODhHTRtUI44mtYF5TrB8ksmb+Vz8lER63EIXj2sdigVXgNO6egCq4ci8xrWKbCslLCW8JHwafstwJJOpCcPfL8lPzaI7GSEXC5E0K+8gEqa8+1o8LyvM9eXkvBYPDVzwAR1GF5rOAyogF1Gu7mDKUpq9+ff/cnHP+d7BCqOV3ls9zGjfZCdBLPMhQElkQFtuTPucDuy/yhFdeeCUkS8huwc6hX04aVo0nm52sKhjM+nfFRk7m2/Rf4oz8zq6PHL+++l0cIwqFWz/DQjgtRiVWlz2OVKrGP7wFtuI2bxdDqGdABWIpHuBownCLcKsMo7CKW6QAaoZTffnBPqYdaZFbaSvkcyan1VnzQIu44Bcm2J6BJIMQ6dNQXd+QyphpyHzjC5zQTZXtc+dfn5a4csNUhpUq5Aq9a8DRp57WDx7NnwfGz8RM/c8gN69wdKIVk8kq5p1WDFsZwsrtfRj381R3bT667GJronXknpbx3Oe/GFjSS+qVrySQKt60A8aojJYgk3QJGeiv6YxArOSJisqFPEr1KAHDb/UEsHCCgVmoVzBQAA6AwAAFBLAwQKAAkAAAAYYptIWKhirxcAAAALAAAALQAcADk0YTQ5MmM0MTI3NWM3OTViMzRhMzExZTYyNmVhZmU5LmZpbGVuYW1lLnR4dFVUCQADsK0gV7CtIFd1eAsAAQQhAAAABCEAAAB3G+u0rc0+dUM19IDEdxrvLicbnulp8VBLBwhYqGKvFwAAAAsAAABQSwECHgMUAAkACAAYYptIKBWahXMFAADoDAAAIAAYAAAAAAABAAAApIEAAAAAOTRhNDkyYzQxMjc1Yzc5NWIzNGEzMTFlNjI2ZWFmZTlVVAUAA7CtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAYYptIWKhirxcAAAALAAAALQAYAAAAAAABAAAApIHdBQAAOTRhNDkyYzQxMjc1Yzc5NWIzNGEzMTFlNjI2ZWFmZTkuZmlsZW5hbWUudHh0VVQFAAOwrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGsGAAAAAA==' AND file:name = '822c6aff.js' AND file:hashes.MD5 = '94a492c41275c795b34a311e626eafe9' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb1-a5e8-49a3-b55d-45c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:49.000Z",
"modified": "2016-04-27T12:16:49.000Z",
"description": "unique .js file",
"pattern": "[file:name = '822c6aff.js' AND file:hashes.SHA1 = '6dc33be3bcbfe8e93655ecdfcb2d9209279581f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb2-6d44-4845-9031-4638950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:50.000Z",
"modified": "2016-04-27T12:16:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = '822c6aff.js' AND file:hashes.SHA256 = 'f5a56df3bf05e33c1c1f7a5a133d623080c9d2317deb4d09569a4e3b416ce368']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb2-3f34-4737-9644-49ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:50.000Z",
"modified": "2016-04-27T12:16:50.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABlim0jBr6F6bwUAAOoMAAAgABwAYmMxY2E2ZGIxZDU0ZDdlM2U5YWZhNjM4NjNjZDU1YzZVVAkAA7KtIFeyrSBXdXgLAAEEIQAAAAQhAAAA+sYl3JcLxy903iKrYgK5hU4ADKXhxsh+sHCWxRxp1lLtfLsq+JKkbzCbZ48xVmVtIP5UcyPEROfX5PGMLQGcAm34J0hx4jcbLGKr4YBSPj9R4TSZm4Kp4mkzjN6OUo/KklmxtU43uLRJHgwcH7pdJZ9Ru7kdlbM2WU05ve2kRzlw21nk8dfT0dZk8oZ7NLohILTBc9ODJaRrc5xA037vmfyyFTIyZsHcpHT8KaEF9MLeuDEVcOrWkCFMoXv0JHNQYxDuX4QqCjSze1w+fxcSXNpLlYEJS2iOe0oSvNbF+fYGs5VWF4O8NyywqyWL0Dew2qZN+DneU70JhOoQobBV2S9a6aHx67nD7uvBNVzj0nFWIoSEzr2T0J/fYTeKynr91SRcW4DNwMildpP3fQeZrtNq8MELktg5SIoO97qM7vk5tXG2vYavcQYoVDJvESK5FqOcIb1oEhaW7eLpMce9UfvNJHp11gnuzvx+IQrC0abe4WS+6w3/ErJQKNVOu5qZGvtuA3d7zADWNLlWivGjzXcGIUDJtS4D+Z2VmyRB/NXy6DS/1r6V54oBDi2/fCHcWO+JSmHtUc6vjomREnTvFOlSGy/ekcYLzzjsTk6MhQASmI15oP+YMfqYZFhjafLBBseI5P+ppxqCBurF4UUY0ZMIfwqURX7aJ4edW8Dvr/MIc0bLDum1hVBiyy67CgD0zINMPUfhxfucByCboQNxtiryNyHHLGIdgJaKyygFbbdP/h/uDQMvCQZTA1Tjpb9aKGGXUedMiP8N1dVdPgYyNg55yuFCGdp/nqUMYbPD0SGkmHDyIRy1zh8ybOZHxoDl4psOwV9ri6sDSR2nSQ3EbjeFkKwOL/sP4zCkVoaY4gq4NerRt5PShVW/JG1f2aUJdjmXfEQkfUfCkteQnAqQfnQXhmHFwj8mVGSli2vCc2m/O6+rHFX6wORfQ7x0t8+W4agt5nor8a1/SIAez8ZfYrhvWjhm29fhvmelm8l+P47QhwE4WiNKIFnszn6t2gJSVy+dH1F54eIVlF7T1idJMO4sQoCvlzrhV7ebdRUQZfuTZ4VjNmcyVQfJHpkrNUoNKifKYaN3N6f+YKIhYuld8oneVv5GcMP6fxdM/ia9BARRl2vS89pHtHcMAICHOoVNYs0+MfSG4RvPFYGNIzuHq+/yBn4q0Bvk4cc61DANFn6RP3NKJj16GDvlsVs9GaWBzNmKp1yb6OF0gwuP0BMhhkel/xycfXgA+epkLxAJIQ/XFPaTber0XTQDMw2HLDmoXokV4bvlplbtwMOJ5msBjcC0sREZjjra8lPYfHK9Vc0gl9BPNRPHfJXs5eDSb16S0KQz5dIm5YxnzkLPQHUNag0SwxLDjCDwlJrF0jU5q3PmsY6ubycCU2ey2lTi2Jd8Y1ieFZ6LBxyefCzX7i/eekVH+Tm05jvUu3sgVgxe5KQAK/WOxZntncI4HtjhCelMNeLte6rfjcrBLqgMcISpZKY/rLZVEMA0scqrhlHzz0Zzb8M7pxixvtahxZEmRSBXlJKWAgd3yjW1EZW0U2thsQmVGsAI8Jm6rL1GCSZCRtyn+p+7Ch2rGOJ/FKjJ5po29nHNBsvhvgu3YFuqwJic72ggs6juCkbN9ll3QkP2dwy8GXQURXC/PK5Y08RCcyXNN+iwOPwU/GcGmLGiu9CzTBCYhJlHAUl4ClsY/bouYecmo0xN+dg52uHXcFYcmzw7KSq163T/1iWacRpDhXQZbFVr0J9r1DZJs3HdLEgXjPxiBAa9gIkwe1u8NuErOsW/jmfkm8UojvrSMb+4506Fdu02CL+gPsc1kF2e6TWOgUt/Rq3iw17YaFlozWalIn5QSwcIwa+hem8FAADqDAAAUEsDBAoACQAAABlim0hLyWygFgAAAAoAAAAtABwAYmMxY2E2ZGIxZDU0ZDdlM2U5YWZhNjM4NjNjZDU1YzYuZmlsZW5hbWUudHh0VVQJAAOyrSBXsq0gV3V4CwABBCEAAAAEIQAAAHcb67StzT51QzX1PuD0AuA0aTCqTe5QSwcIS8lsoBYAAAAKAAAAUEsBAh4DFAAJAAgAGWKbSMGvoXpvBQAA6gwAACAAGAAAAAAAAQAAAKSBAAAAAGJjMWNhNmRiMWQ1NGQ3ZTNlOWFmYTYzODYzY2Q1NWM2VVQFAAOyrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAGWKbSEvJbKAWAAAACgAAAC0AGAAAAAAAAQAAAKSB2QUAAGJjMWNhNmRiMWQ1NGQ3ZTNlOWFmYTYzODYzY2Q1NWM2LmZpbGVuYW1lLnR4dFVUBQADsq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABmBgAAAAA=' AND file:name = '848f603.js' AND file:hashes.MD5 = 'bc1ca6db1d54d7e3e9afa63863cd55c6' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb3-98a4-4463-9291-4673950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:51.000Z",
"modified": "2016-04-27T12:16:51.000Z",
"description": "unique .js file",
"pattern": "[file:name = '848f603.js' AND file:hashes.SHA1 = 'd1f27f3b276e1d916b56b74900d8c9494ef0cda8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb4-d3fc-429d-904e-4916950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:52.000Z",
"modified": "2016-04-27T12:16:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = '848f603.js' AND file:hashes.SHA256 = '695d757dc0e57e99b08e2f0872a24799e9e8144175c1abf92bbd13bf6765414b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb5-e598-418f-9489-49b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:53.000Z",
"modified": "2016-04-27T12:16:53.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABtim0iNzNH/dAUAAOsMAAAgABwAZWQyYmMwYzkwMDZjZWZkYTI1ODAyNDE5MjZhZGIxNGRVVAkAA7WtIFe1rSBXdXgLAAEEIQAAAAQhAAAA9cVj5nV7ldzQmHHpSW/EVspU+7QyZtSJazZwb3oF9D7tqd3Byy+FczNQcCbh2mAMuJnicP74Pz+xhLCnZoSDefWCekXhgNgc7OkHtnRW+9sHgNtgnD9a/m92jxn2Kj2AUR0z1T0oRmszGKW0ErGtA+CfZFnfYylfPAY6jM6OC2oRsCDAXNyjGNwWtCKt4G03jWzwn/+v8yAM89QJyn81M1Ip3zzwxhg/Xqu4scLuHUEbNJE2hgqD9gAwqRMuHOZ8IhsC+slDFuG6YnJ6SxQCyJlFDqaMOe9Nv2f5gKsWj5Jjoftbqse/EDx8jGdzao+haExLWmSwHX1E2yrwA5qG+hef1UYj9vFwSJU6z9UT4K7CMrb1p2z2zfKFZ4f/B7paPaxPsGzsiorhBnzVxL3gnIZuYyjDvlGxhV1biujvAGO1SVKXB6Z+WY+i9t34RU30Kq7KqeEuY78ceKEtzCLNCADrk4syIGhK+tya3SQCedHK65vCugbCv0hfcwCT+CzrDZJ5aM5Kt6G1fg80+Z4QqAA3x/pPe+Qhut7V7DBztJ5ghuwdsThkD1Xqf3OlhhO/w0H4t9GZGf6UtKBEWKZ7jzISDi6hoPgWVLUBni6O10hRSvSm5DbzisL1nNE6ZzINiplaErubqNd7xkmoLNOdMnctYrFfKI0eCPvW/YIlu4M8Iz0K/cJL/3f1jmXSD8rgBeBwmVLt6Y4c//HwkCt3LEp7wG3gLnI6Ii7cdmCuAk+8mGDPjPf8eitXuzfJNP+3htDUsQqVt93rlgu0Jxasnzu4nVwdAeC5iI6kp8U+NurORYaAPmORCGVRGvJ27oJsq1pfzKhwfDVoqf9NICwC+Xk0qJoMgLYf+U1V6EUDaJaObPl7k6Wo4ej3+Yf8S6ZqhQBEn5Eto9IxVa71/WM1kN3CzB/SaaYVIqYZB+CZeUlC1gRA40l/Db29wZkHGYy9iTzrbl89vF82jpYhoHRix6+a7Xikgn4Q7oZKHLGSGu1GmNmdoiOVHr/TZRGixwh+QzyKcnjCilYTZmWyITUARUTqDo3RAQT0DtD3X82ZOt+p5hJKe7NT+X0/v86aoCmQPA1qojZxVXr0uevW+hbgVpC0HWG9c69XVTiuGkRkcr1DlfH+zSJQS9SiFPYznPU8bO8yKZTbraCzwocCzk0ngTcTUUnlEcVq3SEsm8z3f3MOXauI+U9xwZWn/nanFFsLfDCP3dCc6iiDVXsHvOiF++e5sIxo9b5vETpqx8MdtZtkS2dpMbDum6fkqwCfXuENd++Q5TRPkaIDATJvTCv/5RVp2+Ei7cqV09rGTQQDBsaxjHgb0vqo9VIXDcwfnjlILRziWyKuYrBf2UTHFUdL+G0LZtaW09zB5a1F0ODSaHfRlzgsx+l04/IgShI+0Tbbkbdv6+Aoe3C54yDuLW1dBdYqFy7uhIKXqw6eglWJ5QmSJ8mj0hTPfcgoe0HxIYiQFIUQbmhfYuOm2THJUJgsUR/DOkUAtljql1zghZo0dc1T7yNU6LhlofCQ/YVSNb0iS7s5Jp392/CwBwcRjl7D726dFwf8apEsVp35WhHV9N+0uyruHrOaFKv8eN55vCPcXV+ok9iKeTGjxYgDwWpazor3tsm4hv7KTnud5EnmFq8PaRTyZPBrIBkqTvW/T7IFN3aeMg7DsAHKoIXaoHZ1F31cEBFGjVr66X0b5CIc7CSXn8TYZAVnAgd/JLoLh/syOZzx5e8NjuEGBGxiL9+BrLCpbWi8PW4toLeK0kxL+Ad8gqsGFdchCNqSLMUg7A34uQek3RoG6N6mLY1jNarkpS8uN3u75yKThfcpb1xsR+49B4LgEzw8byQAdx3ITd53qBdRaFBLBwiNzNH/dAUAAOsMAABQSwMECgAJAAAAG2KbSJ68BJUWAAAACgAAAC0AHABlZDJiYzBjOTAwNmNlZmRhMjU4MDI0MTkyNmFkYjE0ZC5maWxlbmFtZS50eHRVVAkAA7WtIFe1rSBXdXgLAAEEIQAAAAQhAAAAzTPeoo+HYaK6fDPap03NlAoPUk79FVBLBwievASVFgAAAAoAAABQSwECHgMUAAkACAAbYptIjczR/3QFAADrDAAAIAAYAAAAAAABAAAApIEAAAAAZWQyYmMwYzkwMDZjZWZkYTI1ODAyNDE5MjZhZGIxNGRVVAUAA7WtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAbYptInrwElRYAAAAKAAAALQAYAAAAAAABAAAApIHeBQAAZWQyYmMwYzkwMDZjZWZkYTI1ODAyNDE5MjZhZGIxNGQuZmlsZW5hbWUudHh0VVQFAAO1rSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGsGAAAAAA==' AND file:name = '892ed61.js' AND file:hashes.MD5 = 'ed2bc0c9006cefda2580241926adb14d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb6-afa0-45d2-9386-48b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:54.000Z",
"modified": "2016-04-27T12:16:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = '892ed61.js' AND file:hashes.SHA1 = 'baab853dedbf86924e534f7fa487287ae62b1018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb7-660c-4e8f-9506-421e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:55.000Z",
"modified": "2016-04-27T12:16:55.000Z",
"description": "unique .js file",
"pattern": "[file:name = '892ed61.js' AND file:hashes.SHA256 = 'df6b08f38c12c7157458e58f8fb14abfd30bd05842255bc7f53ee6d0a17b9c1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb7-c944-4b6c-9716-4b42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:55.000Z",
"modified": "2016-04-27T12:16:55.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABxim0jLISrXdQUAAO8MAAAgABwAYjE5OWZkNGM3NTY0YTIyNTNjMzAxMTZmZWZjZDY2NGVVVAkAA7etIFe3rSBXdXgLAAEEIQAAAAQhAAAA9cVj5nV7ldzQmHYi5ZXsUen6hzh7kVcNuN6zhQYKZkYxe9ghirGwsNX6ha/MBg2OXFuzITPx4EyAzUQHlucmNnYmP6S3P0nSW+7bt40J4qjd1CDAMWtIY1yVahUlJkQCKxI4bmbArN85exju3YuEcjmxCqh57IPF6eDpADkX+SfcoIUwzDSmvpXCfrgRNLL0ShHlGugPKozp03yi6pXTEMN7EKHwqoG5aRa2D7TN0OYe4TA7qv5mZ021jl8ysMxIA7Rh68T3UTfcH0brbiVY2neEPbE+4y0tvS1fs1gweg/g1DdExMcUN/CONjwXKgcWxXJ2p9SjS6bJ6G7QnA053wP8FtZAqUA5CINDWeOFOA6v4+I8tHvR23B9lYvh2rexc3N40JZi97hC3Nb/MYy7vmouQCpRC8k3Hp0BBZ5TykySFMM5vNGtS6YN6ENFc3HnBzUUUsFXXhb4amdq3+mV/kLyLnyoknmpydz0Vpkpr3GgxBa6kpQbUuMX3yKwqOpJ8gZkQRat7ihdi5b3duJd5B2aMNoy0BRjBX+xnJjvLpiOgmP0GfnuCOjWsJDVfyb1CpayyhFcw4bu+1BkcO1gyJa3Nr5rn6vX/5B33s8rdkUPD7key9tAhouz3t7hj4WQ0MtvUgxZoYZm9u/txQ8l2Ur0dskalZhjJCAtoPYIp+x7UMVu7ANkVPYnRgnRqpH2ncE1rE2xqSzo5RDgygJCRfRq3WcoUFGnhEAvXYNjAA/Q/kfinCpSq3Gt881utJR1jFA/7qduBWyuE+sBt99wan4tqeKgM4yuUz83PZyCDPEYbfndXfR1t1upbEfrFfbEH4jSsfbc7MA04MqgKbUIk/SL2qu/yL0phwN7V6rAfaLn8W9rCy+tJ+TSQP1ATz5mvC2S6ZwzyWlT1hselMfPRqcwm1fSzsmamgt0SFJi+MG50IlOhb53bPVxqFKDJjZdQRrXPsvKqBEgbHMWRjnCyoaEQl2NPg7jEs5/KcTzvmvc4E42twnQUCKN0qXibtIh7kJw5Jc2IPawVg69S1Et4pkn3ApSErlf8KT42bBe4lufgVdR++nTVBNge9DK7xou8gCa3/4iYUVFNEotuAkz+X1OFoyKv+TSF3kZAKkngQPfy+5vdMSZx/hVFrbgLWFx/wP2WOUu+nhqMinkQmsc91yPayDNG+NW83CBZiyLPfLn5GxG6snrxsj4TzfPGTEQ7UT4smG54KQLP0vXZDIKEnuZs7X1y8avO2NiUc5m8FevX00nw44SRo5C5PkRsGkm3AC4nw8KzUCx3R7HGK/hqCsY2kYAq0UuMfGAH/SGH7VeQjZ8WOi6dp5igmDQRkRDbnK2vbwmAoBwyIlNGaCEaTF6SKFHL2b9EWeYSxh50iKesQ0gB77lRYAr8LlgD+gGopkJYAtg6irBALOLy6rKhS/u91bNlBrNsyUt4EqrG9xncLFt20ZoY1/rX6UqwbKl0VwKqtv0d+TlnjhPVLoxsdZVawkxcVkaYjUX65pMpVzxjlD80b/ev+7kEJhX6tGuIm2NMdRVvYUbk/MCzJf1ZanWOtLorncXesCsMDEu3o33SjK6Zlf+93wRwGbapyBmtcPp/E1bWWazZgs9HXDxZia4itJ2RrKUk5rjz07ZdhU1lfe81KKG7m0prgaZPi7v/t7uNIAcXapdNLqcIndzLTkcSc36UwivaAyWEm12GrZbPJt+68zBPfxwdNLCYWscMOlpXDAI71tUHADvPkcrjazula/jeDnONxEfjCqnZ/2r3NjPpc3I9C5yXdxxCPxVfFqXHz17LBLpVUAxIfdtzGwjXquitbLnDzwBEvfIjq6w+y2DXwne5IOJIss9zjEmmHuuzThQSwcIyyEq13UFAADvDAAAUEsDBAoACQAAABxim0gLGIHrFwAAAAsAAAAtABwAYjE5OWZkNGM3NTY0YTIyNTNjMzAxMTZmZWZjZDY2NGUuZmlsZW5hbWUudHh0VVQJAAO3rSBXt60gV3V4CwABBCEAAAAEIQAAAM0z3qKPh2Giunw0h9HkXq8guD+tJYmrUEsHCAsYgesXAAAACwAAAFBLAQIeAxQACQAIABxim0jLISrXdQUAAO8MAAAgABgAAAAAAAEAAACkgQAAAABiMTk5ZmQ0Yzc1NjRhMjI1M2MzMDExNmZlZmNkNjY0ZVVUBQADt60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAABxim0gLGIHrFwAAAAsAAAAtABgAAAAAAAEAAACkgd8FAABiMTk5ZmQ0Yzc1NjRhMjI1M2MzMDExNmZlZmNkNjY0ZS5maWxlbmFtZS50eHRVVAUAA7etIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '993dbeb5.js' AND file:hashes.MD5 = 'b199fd4c7564a2253c30116fefcd664e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb8-7294-4fef-83df-47e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:56.000Z",
"modified": "2016-04-27T12:16:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = '993dbeb5.js' AND file:hashes.SHA1 = 'e13c3892b7ca363012bb516e0742cc7408a5f3a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adb9-5818-44be-b958-463c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:57.000Z",
"modified": "2016-04-27T12:16:57.000Z",
"description": "unique .js file",
"pattern": "[file:name = '993dbeb5.js' AND file:hashes.SHA256 = '09c7f049ca5ec0e5cc138c2a39ec201e160c69ed0ea67a1308d32671b5b9ca9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adba-cb80-4fc3-9d8d-4bc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:58.000Z",
"modified": "2016-04-27T12:16:58.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAB1im0haaK+TeQUAAO4MAAAgABwAOTViMzBkMTBmODVjODhjNWNkNDIxMjQ1MmQxYWY3MjdVVAkAA7qtIFe6rSBXdXgLAAEEIQAAAAQhAAAAJXRtmEwXi96unTlfNh/KoRGcupRzU/MGcAggd1OiuMbfD1CSkpA3EvB6PfEmRAeDxCINvcKYFB8YuSx+PcEwaRDT7mzd28B8mN+ODc7ud+HC9GMIrVj5LAFCL0QtZQ/PMHbH/kfXsyUMDPgKWUKVNvKK2K0GL2oucgVg0Pmb9IydsKmE9LL1jPuEjk5S1iPEJRoaeI+6MjW68Vpwa+Vz8oGlhF518YVii4R2UUSfSvrj9lqdxtvsK6y6TPtCqnavvnCtEvEXCmPcd/s51VuyHOAxI4WI1HlSlmUzOprpH7bsol8CzFcnyZ1MbFpN9MJWSgwx7CpkK9yZmUfPHo3S0GixrF/haRsLX/HgaqMpm4PIO485cIu1MJX8mq9xQd1DvfLPi82Z8AjHwFkVgXWtTNo6pEtQ8gAnvK6dweVT7pWvbiMgLK2J7jD7SJTeS9GKdtTupz5nZL5vtbKEMXtO0thahaNhKFU9AoNTWMnQPNkGTSi5FAlNJ7+LC3SlVr2c3J/EQ88PVplxtGQuFH7k+jHhGzJ8NoLcHgkY0Auu0ZQHLbtkmFGx9ECeRWEiv2PsG9MKge48uQNplRGdz/tNbJ2SmkFPfDs+/9icsEuoCUaaZkvTCduXFvZyCEx2GFWQkBcXysd8LtwuTbQnzUKLA9X+zDQXR1eMYBGX/Syxbj/mlaAy5ZXVeQ2lFWdhe/JrzVNBoEHNVI/1+YPjaJG0ctGbN72zfc1TIDi75zsWCed8uAxhSARxehqN1UTgWBjQFWrI5WPDdOS8v8TEAcMWZwIBvGqOsZlSMeQhkkgvRUi5Gym4KGCRf8FWS2Gk9NnOvH62LxlMvewuhHqH6fXqPUpuQuElPc82nvMlS6/zwrWrYtWj70G0gVWwzHFqtRCKvxEt8W6p06SpXeWZBKDyqxaWWqRGHa5MHJ70Np0d2Wqq9t454EQVRxrEP0mOwa/IeG2YuGxdOlxStoljwK9BSAQf/797jMXMY0foWwTeD1n3JXu07CxOn57QNt61KuEIZrLNXWci459DfxpXGRuupP3rseGHjpAdFu/0jj6kF7BfzJE7Pha4sfPpLAZBdu7kvEdO6mGOxZyTc4lt2ldLfEj4A8O/M4dG2C823gKV6/Nt0QYarnQo44I4J3BOQPO8BdAWzcZBAYTa87ei3ukbkEiXrobk4O+X7H2Hj1XW2e3lmisg5HhFkkn3ueFs+bVDFugRVl8neRBuHjk73qtp/bM02PdO+TRnU/9937v6jFTcuKHb3ABR8HhnTHjO6Qn4btVkdMXNIpMQgZWwmhBeizOKpqVFSpJrrpXpBVp6apT9FhAdfiooPS4ke74QoNvqsLA4YpAJsu67EmWFavGJvfGMWaUKZN+CC5baGP0xVJHckwlsS/6ibE/rVk0dTr0oQvCDIUbEBjGKlBjhSyOFpIP2xpifRmRGqe26IPMNfTh1fSSj81lrwegCp1PLyDfG00jTsiWrc5DZ+ppuVIZTXtLTNvi182S051DAk2+MSGnv6SSMsTCocM6RKUcko91VkPSC5OjUtehzhb4hqcY1ZSd9MerP3Si9QJiLZpjBwEMmftKO4/NbHvxJx4tTutBBEAW0dDwbyBw++05RKkdbFQliNh/08CY2JTcVgxX1SnrJK+HIQfW6RSHAdZ0WKZgok4cZOPSyANXw9HYfH5bUD/sk0SEhHrp7w+QjUK3bQeZ/JD3oHqR8/vd7eow5Wr6QxMcNt7d5usPG61PrjWcQq6iYKVuOHfp+c3agLyKHopT0dSQnamf28nNIdgZEbZeNXRh6NYx0YudznPiefppOaKkthE+D+6q+wLXT+NE26R/fwd6jqArZ6Ag8fuDL5WGCtFuhQZgMMoS9UEsHCFpor5N5BQAA7gwAAFBLAwQKAAkAAAAdYptI1RYPNxYAAAAKAAAALQAcADk1YjMwZDEwZjg1Yzg4YzVjZDQyMTI0NTJkMWFmNzI3LmZpbGVuYW1lLnR4dFVUCQADuq0gV7qtIFd1eAsAAQQhAAAABCEAAAAQmOZe2DHYQoGY/ZnhHk64EJFtPaWcUEsHCNUWDzcWAAAACgAAAFBLAQIeAxQACQAIAB1im0haaK+TeQUAAO4MAAAgABgAAAAAAAEAAACkgQAAAAA5NWIzMGQxMGY4NWM4OGM1Y2Q0MjEyNDUyZDFhZjcyN1VUBQADuq0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAB1im0jVFg83FgAAAAoAAAAtABgAAAAAAAEAAACkgeMFAAA5NWIzMGQxMGY4NWM4OGM1Y2Q0MjEyNDUyZDFhZjcyNy5maWxlbmFtZS50eHRVVAUAA7qtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = '1274e32.js' AND file:hashes.MD5 = '95b30d10f85c88c5cd4212452d1af727' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbb-08d0-4564-8265-4331950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:59.000Z",
"modified": "2016-04-27T12:16:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1274e32.js' AND file:hashes.SHA1 = 'd9620672897e449c646de7fde13967900cf61c1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbb-e8a0-4bdb-ba84-4c40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:16:59.000Z",
"modified": "2016-04-27T12:16:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = '1274e32.js' AND file:hashes.SHA256 = '093f3fa00bf7c539c1ecb63a558e3c76b92626e4c577add2878593a142a9f9a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:16:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbc-ad34-4b02-a9e7-4107950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:00.000Z",
"modified": "2016-04-27T12:17:00.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACBim0gcyvS7eAUAAPMMAAAgABwAZjYwYTZiM2I4ZmVhOGQwYzYyNWIzODkyZTBhZjI5NjVVVAkAA7ytIFe8rSBXdXgLAAEEIQAAAAQhAAAA/t1xij9W/Gk2+u3ae0adfEUcNKF1TeXuWVXy4jIuy86HM9HZkMnBZj5easqbHW3kHJG5lv/mcfQAuBUaiDtpl38JbBNRTakfg9EEqF6YYjQ+hJHRWt3tlriN8fbhRz8CFUde1Ep0tMRDHKRJj99lsXMVl43QHG+mqfqHOo0K2gzpwltxDQLD/InDOE2h4jCyK4Fcsk8ooYb/ZTsdxvB702NMnGRJZc5cB79wnVv1V+liGLfEPnfkfBGd/ZDApKKpAZST+Ke0uQsFT7M1ENUh/KMFodkNFnyGjwphfCDGSn4qNSZwVeDFkRH/4lrm6aAVEivVF+6UhdEhWxKXrXSuEZbEtPQldPQOwyqbboj5pxmcn0naHRZbq4QP9zPePuyXxUP4c15Oa8He2CDDd8zieg9DL7/95Iq4wAccAWxdLevQIuRtJ8h8eFwqC2hdWIpg4yj78JxdIPKZ/Hof7fQPRwn+mn7ZjxYZdq4AAmnTGjyngcwk5DHiY+UO+cUfAGYatQRbCKDcVAFi9gQz18EZXUARzVRyYCIve+sDwPJXb1TgnC4MFI3RxYicrLp6qWlWANG+abGwyWkQzDqb1QYqW8NJGlX2XjKi4mLrfq8sT5/b7/B3G2eOZcvHQURAxvWU74njNHcjM2p4TWo/Qkr9xL4fk9TxnKF9dSByXytLvzQkIDKROWbK8+ti2y11moLD0/OaV1RrGWxQuMvDrQbLb4v/W1ARI8lAEnzqOTWmBSfAIi9WmTDqFDwpMWTISTWcvjUjKapRE448RFFsZQxOGIagXqe+UXnFjJVzWnS5BaHtu2QrNA2xi/e8IMiRajE9YZasVP3Iia4yP8LSXFYE2dwPT6N32xu07jDtZZ+RTQCZrk2R0uc8f2Su5+ViuOFfJH9riTZdeyCa5cj96bmY9xwgetndm/doxBa7qP7pEjgx4dtWpPw1EY3LMUpDiyqdIrvs+wOfdbEGG3tdtw64yJRxrEsf4XCZrJtLB9a4fdkofLaliU0S8hrJ3QOlrK2vIYaYxEiWmXMPeoyWoNKSoWBWd7vwzAtEAyU/1XRf2IJD4mL6wunpXyYEYCmbgmPU/lA3eQWPYtMa6a1jptmlSdwRXrXgwzGMnI3b3v9AS3npDQnQzZVIEa3+DjhqLB/JB6ZN4vgvuOn20DKPcuuhKHL/AS9NwgVNI+5p0uwHKcM4F4JHGANR9TDJxFmR+KpTFw5q6/1+rNc+6wUZSOCbKRy6Y2Hv8DxFVGZPhPtTQCNX5XcwMV01plPFs/J+4NqZB1DZHddBmh62TlBPJZPzpT+C/oYEAtrIhtA+dlRNanaKjs14zYlnI0e4nkOA2CxVe4PPuhskdG5IXmg28xHhvZbKDk5zNILeP2M0J0mM4sZ7kqNYpydb9blRTx1ruw1+w6P93V6UKCERzrsyCnHJnQ3UsXhK12FcsJQQ3n9HkSAbmANS9iVk/AFgwyeLmTg0s4yGl6ehhgW2kHKr4d+/G/9QjLmZkoIfzECL5f0n5z8MkNEOCMF6ZB3cToNGlbYkoCGliTOCXnQdNnbD3cGMCNMqQUVer3ztl9m2HHaAG5fiwmniPTdYTd478xsEqPQ+9imMzIdtSju2aC0yxRNquoA9Ap4TuyLlyCBvyKEsBlsCc3ra81dL1RjuzrBiSxrFwDTZ203EkyBJMM79gTOz6R4OqVWOps9UxRccqNq5eDoUN9gi1+q7Zqv4SW6CnzMP7SAb0qFVHyAnoHwgXj8oSgfFAui54WvH7r/VVINAKiFDn5092jf0w5hmtRAG7jT/mqsslBipw0MhA/oI6/nJnaUWEJ9teGjAKegCPi77x9MX3qKb+HspnA6oSAWvfUXd77rE8ygbMB9QSwcIHMr0u3gFAADzDAAAUEsDBAoACQAAACBim0ia4AJVFAAAAAgAAAAtABwAZjYwYTZiM2I4ZmVhOGQwYzYyNWIzODkyZTBhZjI5NjUuZmlsZW5hbWUudHh0VVQJAAO8rSBXvK0gV3V4CwABBCEAAAAEIQAAAHA1W/jzgS819N0ebXmQLhhwNBr2UEsHCJrgAlUUAAAACAAAAFBLAQIeAxQACQAIACBim0gcyvS7eAUAAPMMAAAgABgAAAAAAAEAAACkgQAAAABmNjBhNmIzYjhmZWE4ZDBjNjI1YjM4OTJlMGFmMjk2NVVUBQADvK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAACBim0ia4AJVFAAAAAgAAAAtABgAAAAAAAEAAACkgeIFAABmNjBhNmIzYjhmZWE4ZDBjNjI1YjM4OTJlMGFmMjk2NS5maWxlbmFtZS50eHRVVAUAA7ytIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '7345d.js' AND file:hashes.MD5 = 'f60a6b3b8fea8d0c625b3892e0af2965' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbd-53e0-4ffe-a430-4b36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:01.000Z",
"modified": "2016-04-27T12:17:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7345d.js' AND file:hashes.SHA1 = '6af018d880d54ac5b0882b453d750de19c1294d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbd-8504-4046-85bf-404c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:01.000Z",
"modified": "2016-04-27T12:17:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7345d.js' AND file:hashes.SHA256 = '0f55d61059f0351aeb747a9275efc6c9ca6458d908ac96329841f69b469c8b4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbe-4700-46c7-a087-48cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:02.000Z",
"modified": "2016-04-27T12:17:02.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACFim0hye13icwUAAOoMAAAgABwAMzk0YWMzNjBkNzBjMTViMmFjMGJhYTUxMmExZjk0OGNVVAkAA76tIFe+rSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1Hbpem4tzOAggBFBuUTuZNzshM+E/ZjPOueXOBPOA+wTyfAcWrhMh9Mcr0iEbbUqNuWMci39zpADwGfiiWSaLV7UCxfwOHODzcqGoXblDXZvYlGdspv3LlRQkzI7UyAmfQus7avpwT5cvUyQQpVoPpvkH7FsteT4Cz+YgDdJXykXxiW0MRaP1PZN/6z0J/9dP/sMNkqQ410uGSQsv4rPgX5PVsWjaA9UOkCBQ+psCXBDFCu7V9Qopnr/QiVBPJJU3PwJAmCgiLN1H/ZfUbZAE28cA7QqFtWcQBMJkHzXHy5QvweBUgfwCwCXMymtds0+Uv0YfRHkGjsL8u1yhc/3Lgpr0fcQ7nyS7JZILtJ0ulYiZ8i0E296jfqo4uC0SPhD2wuzks0vYpd0RMmjBxdTC31zNDT2qhAwWBHlxMJuG9sDEY0h+N/UYGxjP75DexIDrnaNuFMV9Sbmh5sHSHqUYA1Kr8vmLuPGrb4ChKjX7ifTZp+aXh94whYDjkQTrXyZpLhdRDxivWwAGX4rp86dWS5GTDC+X/S7oEtQc4nZMJwp86/BuEYx5tBA3rhZDDfU3HDZaY2M2B/gEa4t/1DgbChwbf+vt+MwHdf2gkXT3ru14GSGehl3JNFouoiWlFZEcKF1u49uTEkfVTvSsynNXaGP+2E1ddxPPa9Cm9C+oZT7p4LBJZ5wpR7ytoTtMuuKHsfOLO+TqNg541tsShaBjNi5gjAcmjFbLqw/iai2Kp1DyU39bENYJHrvjNmHg9xecaIaMj50G7sCEvEpIlJ57FVNHkg2C+3ur3s4zjZn4WMftyDBbkX42+Dy7yWYvNSilTtW/c0VlaqCNpo0emkaTIrEMOmaAwJ+UAjxqjihWNbvYBubyK+h2xiHiPH2Jl9rlSysNz9OJo+/obXI2PPG4uZhks4+rNGYY7a1LZ56Yf9TXhIzdPK7lsHwgkgUjO8C60bkpnmjcKZVreVK8nht7w6TOGDMGrnz7zvgW/KOl9Rp3Fsp3duX3PmmurkPIfcjBauMDZrm+pMlzYP368c7Fj6ZltKqh2D7r1af2wf74Bjo6s3GXidnKN2PESKTLhMBN4sPPgZnzlzw7E2/k0b7qEPRbBKQLKzyEdcXd69NigNXOvowW8zuLtGISAyP0ZZ8jK0MiYd+xPmpwgC+k/2sh++uMfTyFIRmA/oZPGYyPrP6P86uYApRqN9B334wwMxF8wvurUSmDNLv0z+/fUNctBqHJoV0Tsct8AzkjZG3leKaTxaq+D6fBpru3PfLUbxV/pzRMp8qt+XUgOLZhBAigCu2P5/KNSGn9LqW4AK7emrbanXnQ17D0Vsu5kZLMA4T6svY1z21a5No1L+EqbHxCrSq8ZCtjaF1mMTXQQQNlGGENQEkRkkuQCluLTQZeECMQSPYvB0xYdQBIh5VQIQ0g9erzgZupr/TBvuxZ16wEHGCIaekzvRIGoVxSeYZXvSDCBVRWKkNOgRKP2z6nGv6qwUxK9SU7/KRvOefy2ysCzrDscqZcYxlb/lashKhU8uy95oFgASqL+Kx9QgTUweWac/tYtEQgt3y9FM1PaSInOi06ZW/j5GjBpVLllmOR5GUvYUCE7XFpxN8ARsba5qK+tiwIrXUH4OkTq1dasRrxHGzCfYd+UPLK0iZGT0BkCcKEhz5mindLv61yvtJB2Lh6zEu5R4lx8rI/L4r3GRST41na4HBlddnkestK0XFsi25zRCTxK2BSjXtZgjZqogn9XDD2YHp5GIB0WrDd+bNOvKKFRmdeUtFJeqc6v2ePEPPxpFtMZIMnqdFzguDRPOm8kqiPh2+WLfV0H2AlUFfVGz7Lr5C0tbigJfdUEsHCHJ7XeJzBQAA6gwAAFBLAwQKAAkAAAAhYptIgDFLexUAAAAJAAAALQAcADM5NGFjMzYwZDcwYzE1YjJhYzBiYWE1MTJhMWY5NDhjLmZpbGVuYW1lLnR4dFVUCQADvq0gV76tIFd1eAsAAQQhAAAABCEAAADdtgLUIaDM+6/o743TMBTMTfNX6fZQSwcIgDFLexUAAAAJAAAAUEsBAh4DFAAJAAgAIWKbSHJ7XeJzBQAA6gwAACAAGAAAAAAAAQAAAKSBAAAAADM5NGFjMzYwZDcwYzE1YjJhYzBiYWE1MTJhMWY5NDhjVVQFAAO+rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAIWKbSIAxS3sVAAAACQAAAC0AGAAAAAAAAQAAAKSB3QUAADM5NGFjMzYwZDcwYzE1YjJhYzBiYWE1MTJhMWY5NDhjLmZpbGVuYW1lLnR4dFVUBQADvq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = '7364a1.js' AND file:hashes.MD5 = '394ac360d70c15b2ac0baa512a1f948c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbf-bc14-4304-b631-44c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:03.000Z",
"modified": "2016-04-27T12:17:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7364a1.js' AND file:hashes.SHA1 = '9e0a2492fc348964b95b70a3e8b81ea6a56b6e26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adbf-1e0c-4d0b-ab49-4d66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:03.000Z",
"modified": "2016-04-27T12:17:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7364a1.js' AND file:hashes.SHA256 = 'dc18453e59c18388ab3f86712df1769b7563cfdb35b2a741fdce432e76e2ab38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc0-63e8-4507-a035-4733950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:04.000Z",
"modified": "2016-04-27T12:17:04.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACJim0gmebkHbwUAAOcMAAAgABwAYTUzNTY1NDU1MDdiMDQyODFkNDE3YzBiNzQyZTIxOGFVVAkAA8CtIFfArSBXdXgLAAEEIQAAAAQhAAAA8aO8EYxvq5w3E3kMbea1TrQjEc+dYiJesw3L/989ybgc5+mGEEy2GfcTN4IIj5ik8zxdrScS7Zqp4P5VAuFDjaMPnKkd9MVjzK9A4ZDxymjr77KEN0xmPk5Mkhd3wv8ydIycIHe6kGvtXUJSJ43CTUSRZHw7+PgrX3rRnyhSHYGnydbB3L5kOJsDKKb+Cp+EEL70hWPzlldHUGo0FQXaEyw88ogSt9iklyH85N9EFHe/OKxmTOrl6WUSY3/egrFMrpNi/ianFAALjr4InB0nFAULLZxkozeDgS7AN36OPJdoZbMWq9+b1QgrAOg/2YxzjlPcOxypX0U/ksAp/CriWdg7Rr17YXorKuOd6iXWTrMawLsuCxTTBhWTZ5m2QicW/PYOMhMQ8Tz3haFFafMEXWOUw5+d4Gf6pgG4EngSvJTMGpH7pfMD3R3LnqlQobhRN5K7dzaCNQbYZzI4PVdGw3xXZ57Rt0TipgxRJiRwRGwLvBBLyBvvweC0rlF1PqTHWCsG8XYcKDUcJzR1N744LXqFw3AjFxZNwrGoQUgiR+NxdjopjusI0Lpior3mNwckV/Px3znOCouUMknzm5oXrNHb7FPeksg7epW8pxDNCKPOiFJaa9ZhXaiWL9nV5JoEF2o4RBOlvx8tPDfVljs8TqLzKl+Z+m+tQ9Y5p2Kvs9ZO6vHpvvetlxCeDUBRzbCWn/BIRkX7ZMiqJXLe73jwsh8DsrUibIDmmhni0I/VjHjBrtDYwe7CX0s85Hi7rfrfmbQW0MA6zkYKYoqHJSsdh6DcO4OXz5yZG4uFcuNu6stYA2us016j4AqtrKelww8pXOhbovtSzkOA1jAlZi6FX4Bp2M5SiMMIl21qfwlAmxbtBpkYk+UqZPP5LQ0aiczXBSgEdMaBGoh48PM78p7b0Def2mwiwzBOJTgaRTErpQEj2o+kSYs2QDW8phuwjS/wOgF85kHdn+8Cr3s9OI9X70VMNKBtY8LCp9inr4ZJrmi162rY2tYtEW68Zxg5O/8g+Zd6/eB6fp00iZpynJLrADYf0G21iq85xH2GR7FKQ26TI6LbrouCq6qDivDqpbjn/fW9fVC6Q1KYHzoAeju7MQykpSmGfWk69t3hxm9ZMQgMNNJrFhSnf2uf0+et5vytbmc1tDtO+Y5ZfvZZgolk/vvXRHMgtEXf2kB1H/QmS79UWNKx/G6sihV78ipN5ErVBs+8Gbpj5JCS1hLy4HfLENPFH4YPAo4x9nwWrMeeCyjkZhF/N2wqoji70n5PeBRXCN5yN2pb6VrKunDNys0995P4t7VQH0m4E8sK5FiRBsHXOVIUggex/8XnnrjQ2jV2HTkD2ov4m9VuISomEmVYLuyPQHoBQ/whcXySf/bIHlquICK95iUdz1bIyM8aJUYw50TuImciXu4bIyMyFYuEZDNVIhHYkJQdWeywQf66VVFU/QD5m10BuSwQUkWChLn6gTq/yt9Z+bojnqokqF8d1bovDqEBgsHyj4fj/5n7x9XYWblTBbu2wqXgM14JPX3xddKQ32j5A6TCAWEjapZe19lBOwaZh0FgTCqkt651CmlEvHqshMs1jZdN/ah484rnM+WLJh6dWuYDSR8cRZJevCnzbKdy/y8i74EvD4K/2OxczFYyDdfadGXqeRFyt49zun+qV5hkbsDGQIY9as8c8WWL2Ha+c2seKQUrgHNTGusLENOjulctojUmXaQ+qal3luGJ3azUwEAPrMi/i2EebENb32sCFJgZjfTf+nn++1nz8Tp+NbYFUb20Rq/B5OvH0bdpFhKWZJ5oQouJuYQeocFWAyDqY2uOSnRVLGIPfSrczcxFls9I/3Cwo64/LEhQSwcIJnm5B28FAADnDAAAUEsDBAoACQAAACJim0hjsozfFwAAAAsAAAAtABwAYTUzNTY1NDU1MDdiMDQyODFkNDE3YzBiNzQyZTIxOGEuZmlsZW5hbWUudHh0VVQJAAPArSBXwK0gV3V4CwABBCEAAAAEIQAAACTq8XvFrMwUDfjtvBtmI03LHew6gPUyUEsHCGOyjN8XAAAACwAAAFBLAQIeAxQACQAIACJim0gmebkHbwUAAOcMAAAgABgAAAAAAAEAAACkgQAAAABhNTM1NjU0NTUwN2IwNDI4MWQ0MTdjMGI3NDJlMjE4YVVUBQADwK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAACJim0hjsozfFwAAAAsAAAAtABgAAAAAAAEAAACkgdkFAABhNTM1NjU0NTUwN2IwNDI4MWQ0MTdjMGI3NDJlMjE4YS5maWxlbmFtZS50eHRVVAUAA8CtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = '7927b3a0.js' AND file:hashes.MD5 = 'a5356545507b04281d417c0b742e218a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc1-6924-41a5-a035-4741950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:05.000Z",
"modified": "2016-04-27T12:17:05.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7927b3a0.js' AND file:hashes.SHA1 = '2d2bae1473216e910301798557788baff99cdd8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc2-1f18-4aa5-bcc7-48ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:06.000Z",
"modified": "2016-04-27T12:17:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = '7927b3a0.js' AND file:hashes.SHA256 = 'cd9b7db514202035fa113f3138ce5c18a0f9bd37dfc98e7877424c08bf526825']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc2-b260-4194-8189-4ea3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:06.000Z",
"modified": "2016-04-27T12:17:06.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACNim0jGomRdeAUAAPAMAAAgABwAZTI0YjgwNDQyMGZhMzQ2YzAzZWRiYjFjNzg3M2FmYzdVVAkAA8KtIFfCrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1HRqQvY2e/yN5xqWNr0l8MF/rK7ICsCUFzQUILNsXH+YWCMc7y6Q4xPCD8jXk2IB8GaFnRjZDmtle6jfJkgfbYvVUxN0833tYaqItVz8Fiu2fWlo/WuNRARWSj2pRqMtSTHpUHYAWL5Zc1g/IrB7xp4fgvYJ/QNhqe3G+tMmhq8twenAGF4ZO3iDEiQPUwl7nUi2VapSe0z9fK9rX/jrlSC7VYaSXXUjnldB8hyyQU1GxMjYGSBCHL4hDxKb7SSB9Cx4Ls/Qu83Y0B26FNCdX0EJ91f57tWw4Id+GurYKQz9By1hMN5nO0kdB3XqzeP18JYLDxBJaaeSSWjA4faqeIIAfk7JeO2CGmwoiMIiPmN8b/ZyVoNXajauVM3a/RIWHLIh8h7J9v3sOzVHpU+5mW1y2hbYJudgDoGY/K4X86SZYxB6ihItSlDsl/h+Bv+6s4AAD1GKd2Y1dlFS9OLLx4w9ENQtEQPNmXkgjIC+IO/BCeiUoq/+By9qyMZhscUWjks70xH+TkSD7MstnnomvlGL/K2uwQi1KvoLgQDIEoViT04WvnRnhBg9h4FOCHF0223Dkpd5ElCyE7m7BxK4c8UYblhWAqIvAP1IErubW9Z/MS2uOByE3YlnzP/BW8Wm5V4mkABkescsaWpECEcqCgK/Uq3F2eGquRCBZRjvqe6fxf5vWxXBhRXlGXHJJU2qNNeBCwJXQZT2Sx5TKHh1BuW2+1Qj82aap2jHZaMuYxsCV+rdJsTktHMx/8DERJzN2KzbGOwiKwnr9DD7qGvqveTqbIAoBPFd+B2/hWAeLYuBsxJ4Am928wsZlHk7ziQl897/ZgEy7xXU56retQ3Rjo0cRB5YjBQuSnI2nqHwjlZJnYLPExtgpC/+8Y0M9zb14Gu7bXoXo74bOC3Mv21tHA2nHYRiaRvRbnNpTMLW81ccozd2xY3JgqdKSDIDEsr97H7Yt/dhbG/s53CufxICXvnN/DKZ9eB5etrWSahi0D9jtSeZOQTbXZXdMoKtZ9ERzYNkQA3ne1YOtYKWnBTQHq0asgGMHo334FpCrmlWeA2v2cxrx9p4pA1AR15tP86apfKWto6DyelVVx1jF+nossQBXU0Iax8Tl5FTWWDTLa8RuFAuxqhkDCJNlzMv1P4ZpINkNTZqlAq5Ae04BvjA5r0gjd54YSgUsEHe31C76qPK1YToWrIEi1vlLz8Efb3NqHZEI7PJZb8vB4gDQjtcE27RzpTk2IdflyzX0CpUNbgbsMeQ1c7CwtIdUPozqfCsxjYo19bZEglMdw0sNJ3meA6o/9LQqXjciCwWuk95FS2I3gEBYgP7HS9fiqaYkD8BccPlERmgSEQlVidoDrjV8n3+tG8KMvkbBkOlwYWpAtslfHlezntCXcRBmb1SJh1tTSejKdSecV79q+cpr8wOX1eOhdKK9IqXMF3egN+kZOFVeLg9yqXCjfZ1996o+gRmCrtpD2V6ru8QHht0S9jWam4TM85gFdLs/7mbiY0Xy1Zuo6F71d4dtaAFIY0bN1aNzImX7QkJ6qqcm23lGjngZiTa/60bLAekjC5JAKtTbylEPrqmZSOGW8ilehWJZ+ywIR0utRaUQvqs88i189f8LZdaFBTSCWB/LH60UCIaq3rRlqxFJVKOvjCzHW2alepAwaKPcWmAk4oVrhqk1D9YiKpu4cM7mrv5Sfehe3n0OTVtKj8pDZzHXjEVtTvhFsycrSbIOsamAWTQCDoTFMlLVSSB6oOOjD02YneUEDH353GATG3XBoFJwgjgGrjV07rNiss/skae7AZr7/NLNN9DpYc5D/8jXcoLniT/pqk+N0zJfSlp2szP83ZJfQv4nLNQSwcIxqJkXXgFAADwDAAAUEsDBAoACQAAACNim0iIiCQRFgAAAAoAAAAtABwAZTI0YjgwNDQyMGZhMzQ2YzAzZWRiYjFjNzg3M2FmYzcuZmlsZW5hbWUudHh0VVQJAAPCrSBXwq0gV3V4CwABBCEAAAAEIQAAAN22AtQhoMz7r+jt/YugHT12yaILvCFQSwcIiIgkERYAAAAKAAAAUEsBAh4DFAAJAAgAI2KbSMaiZF14BQAA8AwAACAAGAAAAAAAAQAAAKSBAAAAAGUyNGI4MDQ0MjBmYTM0NmMwM2VkYmIxYzc4NzNhZmM3VVQFAAPCrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAI2KbSIiIJBEWAAAACgAAAC0AGAAAAAAAAQAAAKSB4gUAAGUyNGI4MDQ0MjBmYTM0NmMwM2VkYmIxYzc4NzNhZmM3LmZpbGVuYW1lLnR4dFVUBQADwq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABvBgAAAAA=' AND file:name = '14555d7.js' AND file:hashes.MD5 = 'e24b804420fa346c03edbb1c7873afc7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc3-c290-4d33-8886-4de2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:07.000Z",
"modified": "2016-04-27T12:17:07.000Z",
"description": "unique .js file",
"pattern": "[file:name = '14555d7.js' AND file:hashes.SHA1 = 'b9307afa9e6d13d555fc83028704a8bd0ac3ccc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc4-c478-4b6c-a2a7-4339950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:08.000Z",
"modified": "2016-04-27T12:17:08.000Z",
"description": "unique .js file",
"pattern": "[file:name = '14555d7.js' AND file:hashes.SHA256 = '7968e2e214e1dc1c205628f8cb6cf0ed2da544c37c4cff5de0ce2b22840028f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc4-97e8-481a-8a94-414f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:08.000Z",
"modified": "2016-04-27T12:17:08.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACRim0hQREWPdQUAAOsMAAAgABwAMzEwOTk0YjZmMmU2MzgyZjFiN2E1YzI1NjZhYzJjNjFVVAkAA8StIFfErSBXdXgLAAEEIQAAAAQhAAAAa+uQTJQBTxJRqcgy6HACmtcvoUTfhMJoUW0qBUtG+lZWi536RhnA24SksQ69la7FpvLKiYsIfJEXfkJhY5yAuY6OOfgvKmwGhI8DjraPxtCy/GM8T1XHKo3JMuuK0ArSQMYmISxO9IzaW8loqE0sthxDquC7/5yHsoL64KnNmBRlz4hD2paXOopQTJAjd5EUP9sXmmRbOGX0FPgjXTKdTwAtPmDa/f0nJrbwKhYQtMsGOQ5YI5cqE7RptWxxiu0IVcm/2FVniUWOgzHY10lIKzPgCSUJ2voL2eV/1Gz6fp4bpzGryr7nHQJHKFI4IP1pez+duGlHBHvUDEUzUSQkwU68JFdOXsG/RpRtv5vs2/O2aqgxT4VoD6XDMlV5gY6fgiqgKy7haD6RJAWeNsjyiBe+aWU9/BrmU9/6HktyN8BwkyxSW9q1gVfkMCdmEN03BjnR1C+nJyk13mo35zrbYYH5s/BqXw3iX90ElIlL+PDknJFTlhXlSXH91SY7NicCz7M0RVYdSchy+uk7Tt4jYcA8b31t0HobzHkthoxSZNNyeAa2Y4pYTD/Z5dsKBskg/vZHfVbvNiUNgkSKu0QSrSMJ1pRZZ/lGebvk2G8SiOiQ5jsIrf+lLHy1/EIgJdGB/HKzr0duw6mAxgI6ZTxu5BPGKz01bLimSq/+q55nw7bPPJA5Q5yYkhc4q+YajDiHDAg2soSu4SjYNh87ZV0dGWGKNv44mkplZJrzMfQYuIQZ9x2x9CZJ5PQA8nE5hy/T+NTt90E8gsnPDJUNCWgmOdVqyljvr6mDVXBwGrSvZ68Co3IRxXJL15LU6LHp2maSsM46e44fN2LRIRv6lUPnzrL0w5VwG9BVEL0k1vT1JpmADywFlxNY9xFVVj39xtDf9lCUuur5xzWiUpMarMZv19/OavbGceqXTsUxPKyTU++lXoDRIdSbKUgfjPNfLyr7yZLFLKBQFpwoceEwWJgyPftGhBnPA/pmTeaEE2qxw42j3ZB2b7H5oKekEoXbJFUA3rF5rLi/juC2Z5p6BUWX1nxmJnDjtguGfdcY4dwa2FJUFdVnFu85dv3O+0j1FsFq+RX/U5fHY3+HxugNmSL0dxNr//vRTnvL8RYylVM1E3M4P11MVwgqp4EYJJZvvKQNp6tzfAqTgsR5+tc8zvdcOso5+W5lKJrI3RkwTqFt1fswg+1xZxaQ3OQUjSUf9bi/lBnu1cD16ep3G+4tZ4CHZ9ahzro4py6OyZ0GfYMM3fQS8y1rmLSORZyIwXx3nDGVeYLxXihjhlHdkEtXLug6Jq7i680CNp9Su9Ddksnc5SLXOaMVB4G/XLyv1XGprmzAQWHUNZyE16ruU1IM8/SkyjQcH9wV3/yQ4dSApVqRZX8TsysuWiqH3C/ulMM7XvKvkOVw5oby9GszCW9N1KZMg+XlCwQiljRiJz3rvD5EuR+grTonx5kVvqiG81SL/QJAthYDQ52LwcK6JJuEzkGl0l/g2xlDggHuyAiYXIKG15+PgEbt0/rMvXrZxU56fyDbVCmNafBhTe/KNgAPBjveCSRgLeUoJzsRSHIS4UFExH8yfjBVRiyBTqj1Ru1uD7/CRly/9jpepLiSiBwkp482yBVTOaUXwaPIToLpf43/G46OFkGApVKfMhEW4mkNug+mTHvkBwTHmTqrndAneW991Mb6yVue5W6IiMR2Ezh6RunXQIBIYzeyA8h9v6UaKMwHGp5RyRt+xeSUFvFPVnzwrzhBR7dyv3ZwfnO1MroxtgymhcK1v+xZ9OKXl57J3EFFh1zPzfHs48N3lqSkgXC6oSRV5U1JmpKx7IX07dlDcESHvmpnw/KDANaBL10MHUBU91ZAhm1QSwcIUERFj3UFAADrDAAAUEsDBAoACQAAACRim0iG9q6HFAAAAAgAAAAtABwAMzEwOTk0YjZmMmU2MzgyZjFiN2E1YzI1NjZhYzJjNjEuZmlsZW5hbWUudHh0VVQJAAPErSBXxK0gV3V4CwABBCEAAAAEIQAAAAalBWvWAEXc0gFw7bSHbmV1w966UEsHCIb2rocUAAAACAAAAFBLAQIeAxQACQAIACRim0hQREWPdQUAAOsMAAAgABgAAAAAAAEAAACkgQAAAAAzMTA5OTRiNmYyZTYzODJmMWI3YTVjMjU2NmFjMmM2MVVUBQADxK0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAACRim0iG9q6HFAAAAAgAAAAtABgAAAAAAAEAAACkgd8FAAAzMTA5OTRiNmYyZTYzODJmMWI3YTVjMjU2NmFjMmM2MS5maWxlbmFtZS50eHRVVAUAA8StIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = '15709.js' AND file:hashes.MD5 = '310994b6f2e6382f1b7a5c2566ac2c61' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc5-494c-4238-9517-4fd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:09.000Z",
"modified": "2016-04-27T12:17:09.000Z",
"description": "unique .js file",
"pattern": "[file:name = '15709.js' AND file:hashes.SHA1 = '78e6e727cb42e2c63689e2dc746e68da1f7d4e0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc6-50f8-4f58-9590-4ff7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:10.000Z",
"modified": "2016-04-27T12:17:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = '15709.js' AND file:hashes.SHA256 = '64a573f96cbe3f9a8127b04e85e8510cd0c4d9e37423e85078a6fe09325900d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc6-5778-49d0-9a63-4ec5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:10.000Z",
"modified": "2016-04-27T12:17:10.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACVim0gInK6KdAUAAOoMAAAgABwANjYwZDgzNzVmZTI3ZjU4YjJlZWJmNzcwOGUxYWUyMjFVVAkAA8atIFfGrSBXdXgLAAEEIQAAAAQhAAAApP0DWwH4ZLys1HK+nRDQX9kgE0c0eqTMimri0/o20etcLRFn4qJtZQPRVL+doGixP9W7nixc94veQJ9yV4jPom7ayHZjksLZJ34nCRb5WNzbWLEEFJG/ImniCDEnoWJGrNntsnurYJRVB7clNx82Y0uh7RYAiBDFS+Pf6KiQNvau2s/5O1YeNa2OJxzgW5OgVJ59g6ptHZTNGIMSJO5kNvIvpeVI1bxX3u6ZEfTy8Ikx3rKH6z4OnoX1xCQ/dnRYh58C26ymNKQhjua+1XNtzWH5CQtwPLDpX6BvmLVjdjTyVmCTKW97keOGb1xBb27DcxgwYrxCHo6Ze7I2aF/Y/RLB7R7EiIFdgBD6Ncbcxhj6QrpMCtBR1yl4haw3cPbhIEFIoTTy7djoq9k1My39SwZABkrJHrWemnGsD235Ln/yzfDVkI316+j4kjkJaXQlSPgpb8hIy4+/lUVfkBiXlnxjYLdtyPTsGE0cUeMvkS7Z7vmgDCDPTli9Wv6yISbBbSW4y+DdR11gG562JOkZKJa3AZuX7AOLKn4YR91DuCmHE0aLgZKEo77RnvimnL0JRUs4SNyoZtz3KkxpJW3k2ZPqdsHT/vkU0EJ0EO+Ydu+uOd9zxd5S2Oq+DsE5nSGSby++mFrAOW92C2qDw5pgZxhAwJyHW0tmn536vVBVYiOWbrvia8hIjBc15s63Afd4sFYb71ePK1+Ns8pmI1l6I5JiqGQkZkuq0NZmeg4eqjjNtBAcnSBJ1y9ey74MQk4dSchrz/DzItMyaTPD4upJLbv0/idt/2hO5jMrRwjgi6fnfu1apdlcfN1PB9SooBjHpkqHVkuXwn8DeoUondpinZklEN8uUHxfppBTg8cY2uq4gSykVxEEVgeiPuiJeiNMp3lPUmUB5qyvsxiWw+qNqQlqajwuwYtK62iPiI4I1aWy4ku968n0ygdPNN1XTkB6dXbtOTnSMekUtu5kfZV81TRmf14xHCrVV8W0zbmcPNR97cFTx/Q3K8XM+3AOB28CQsdTYD7zQ30S6zqh1/3S46dn65D6QU205ljaGkQ5JiaLWe+6ZnIcNw1cFOM+8mdHP0DgYlsDfmb6pBnH+mxlU0y1fHkB5ECcLPINVp9HE531ACvSEHjejjjRckdvX7AMrs28iBsvs6r9IxEClrxOAs+Lt4eY03He9GT8d/Gm8QIxVPZGLP2qCNQ/kuNjfA2MZ+iNt7YQ9PXvHsWRXnBN5Xu9cbgM46SUdcSBZfbeTCzwFGJTWXKWmheTDJf3/UXxI9s+3h2jR9F0TuQISLNlsqAIC2qNuG7PLm/k5bMzim+Mj4iUthqyyMTNaC5BJbxD7cUbnnJGRMUKCAE2DUm/tsHP8fysdLRhMSrZoeBiorreA23ZcZO4RbgLK0aAux8pN+BQBfBc1NJMotdKffzfYGmYKNABzvVj/2MKdUP1mPWgUHgEXZNe9u4ef6IFbh7iHGwc5+9S9j5n1uCbQdFvwJdjCWeHUclGSbIwUCsPtNCCScTYnfKlZNmxi8ZP2jB/8/ZpfBN3D6RbFPHzR5I49KuV5l7TIsB6q4FRFKoECa2Xh/60Qq04Y46OCWud0rbIW9gpodb6mjsUQcSSublwby5Uz/KSBpdgN4IZfArxJLJyutN+YAn6HWVNGsoAV6iQXUaSy8/4+eLycP6xtegXwING91QtHdOsklqv1IIfuPGpODKvbMMgSi63aLnTiRYpmEKviGeJuUqFea4TcqYPYz9RfgjYBu+V+xy8ncDTcDEW4Rrw381ammeUT2b/+08A7C7pB4njD5pwshMuKx0R8Zfo9ckFeQ4yxed75zf2lFT0+11tkI8DboDHIg2KZzvSxowSwFBLBwgInK6KdAUAAOoMAABQSwMECgAJAAAAJWKbSF0nFLQUAAAACAAAAC0AHAA2NjBkODM3NWZlMjdmNThiMmVlYmY3NzA4ZTFhZTIyMS5maWxlbmFtZS50eHRVVAkAA8atIFfGrSBXdXgLAAEEIQAAAAQhAAAA3bYC1CGgzPuv6Ot8AI1b6RZZ8VBQSwcIXScUtBQAAAAIAAAAUEsBAh4DFAAJAAgAJWKbSAicrop0BQAA6gwAACAAGAAAAAAAAQAAAKSBAAAAADY2MGQ4Mzc1ZmUyN2Y1OGIyZWViZjc3MDhlMWFlMjIxVVQFAAPGrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAJWKbSF0nFLQUAAAACAAAAC0AGAAAAAAAAQAAAKSB3gUAADY2MGQ4Mzc1ZmUyN2Y1OGIyZWViZjc3MDhlMWFlMjIxLmZpbGVuYW1lLnR4dFVUBQADxq0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = '17896.js' AND file:hashes.MD5 = '660d8375fe27f58b2eebf7708e1ae221' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc7-bc80-42df-878c-4338950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:11.000Z",
"modified": "2016-04-27T12:17:11.000Z",
"description": "unique .js file",
"pattern": "[file:name = '17896.js' AND file:hashes.SHA1 = '34fa6be9edcb3200958285d6949e7e780bd8db13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc8-42b8-4f1e-9caa-453c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:12.000Z",
"modified": "2016-04-27T12:17:12.000Z",
"description": "unique .js file",
"pattern": "[file:name = '17896.js' AND file:hashes.SHA256 = '7b80f6683777b30f4e0d1125cdc0d2dc3618edda67019f61662eb74036dd6cc6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc9-6494-4dbc-bed5-4f68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:13.000Z",
"modified": "2016-04-27T12:17:13.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACdim0ieCwtTeQUAAPEMAAAgABwAZGIzMWFmMTZmZGQwZDNjM2QwYzE5ZmVmZDRmNDc0ZGJVVAkAA8mtIFfJrSBXdXgLAAEEIQAAAAQhAAAAJXRtmEwXi96unQNuGIMBTLdkwuh1c4KHDTIOXjYQ6deZcwZIzJJmVvz0TSCtcsLBnUmNFor+CXvI3C8UpTqCd9Q6hL/6s3MpkbW5O83a4ITQFkAieepHZkNDPdho0tjvILXoupfHbrFVauKtVQB1ZPMxHwqLWDXljyEhqHETdYT0Jfy6OlDv4TFXtp3KH0umimsQ0MvI/JzEzAbL9r6erqTFubilFCZEfiPeZuuJx8ExdbY++XNNXOBTYSM1glac9fQ9znjqpYyI7KtPxly9zStPe7FL5xLWzLVhpTsonnAluKcNBIhCsMHklPWMEZiXgVlV3yjY/9EcHv42nQehxlgNdHT8rpi8WzkBszidoab5gIRd5dMZQOP0NqH3cSwxTMoItjFoiIh/WJWVJN6hJGiZEH9AnPttL9kK2NwBO8SmHaRy4mETBQY4GgjG+AJh5WI45BN07jSvku+Xn2bJ/+Tm52pucGfTp8P/96uukMyVgW3jf6ZKq6/MvnsRbUJlgl8JBFznMT9F1EPKlnRVdzq4m7tNZ08tBL/9ocnyJGMo33yacqYcxsP3x/SaPStZXG6WcDDbGotgATPT0V3sUDuca0PwxkDQmnxPVBD4qBUsOHevW9guB78iEKjB3+xh6Qq8TKCk5zLJ/SSo7gx6yOrhaMJ4KO8ULclBC3U3ve/rV2sOog0TIcl7G6cu/YFBTflhmDxMPJ1Ah39PdtQm49sMaFun1k+pxAzXylNpwIGc2lCFbWw8xt4cFZ4qar4GqIGraverueNgu6Xhf2V1hSsDOtW9YdfCDhS3G/ypESqYZEk1wBwBlf2aTHJdtpSnB67GeBV/tSn+eM1EmflGxtzDON6kOLsS1vDlkgrB74KidLVOrOMBT+EY95Cy9ZcKSUs5ii9/YY6NbDpAeVvU/4UIMWAecX9q5SjpZe6XIlKBNGiWdqVkj15jJHj8pgzjWqtnXx1PIkaOqwKxuFi9I79g8S47XA9N87QbCoYR1zpeJAeSxIcLLJV24BlQNBZ29UsnDIgpXz1VbFB3jJSsaWEMRdDJLJ3Uji7uhzTAhl3MSW7XKE2jqUje5MJo25WeXr1vcvepIWDXN24h9zi5IsTdgZShOVMLmkpOzqF4BYaC5EMilG0G7JBB7xW5rQScBmbQ22zz4FKWzNlpGDjIM86pveskGPoixez7RuBZotOGGYyEyh01TvNkvtLwfPr4QEELYwHT5avlZJy3QTmkuYLhBGapsGa6va/Dyom2MjKKWMBy6TpoOZMLtacxBAGrXkaYTn5V9qV3x1lofz861JGTntffKkoISRyg7uM11NTFWckTr7sngw8pjlIEJhEGI6PQ8CVBYfe5XCVgUPToHSh2Do/3atclAqLU15jUL7s0D3K5KoOfNhDFEGxKNQK83Wd6tBa1h00NbgQdPO4TT/9+9Zn7mcsgjLLxDqFVqSES8P38WbyQHu2uvm2XYQ/wcKvfNlG7hQ/lkwEY4HyoppKurWa3xeeZat5mZXVzSs51b2sofTmSQmAm/gZO41ZXOnJklRF+R0aZmiDZmqlgSZOONI2fCijJD5bl7APUmR1b7Q3AFn1En9AlGRxffo3LnG+b8HJVAjASWb6TjU/AnIB/tnvf+m+MwBpmc+3S7gJCCvJ2Ilumw3DzjXh7YxvP4/N1PkH5ye39VUAeBzntjp20OK439KRrKHU6oqXOH/4JvQyFw/RAwC/Cjw6hc816ZmkmkQfN7usKACmuTvyItnOvmG2jbbUZISGV1N2tFm7dvLt0+IOgoQ++2xQZTgb7QWuTUBv2FgeVKclIzbGCQHu0IzFXpZkAyqoiDsbdNDfQfEPbAlxusBm5xu0P5G6AaxhqFglwGpYBUEsHCJ4LC1N5BQAA8QwAAFBLAwQKAAkAAAAnYptIqpWmjxQAAAAIAAAALQAcAGRiMzFhZjE2ZmRkMGQzYzNkMGMxOWZlZmQ0ZjQ3NGRiLmZpbGVuYW1lLnR4dFVUCQADya0gV8mtIFd1eAsAAQQhAAAABCEAAAAQmOZe2DHYQoGYx6nDlmPAFCMrQVBLBwiqlaaPFAAAAAgAAABQSwECHgMUAAkACAAnYptIngsLU3kFAADxDAAAIAAYAAAAAAABAAAApIEAAAAAZGIzMWFmMTZmZGQwZDNjM2QwYzE5ZmVmZDRmNDc0ZGJVVAUAA8mtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAnYptIqpWmjxQAAAAIAAAALQAYAAAAAAABAAAApIHjBQAAZGIzMWFmMTZmZGQwZDNjM2QwYzE5ZmVmZDRmNDc0ZGIuZmlsZW5hbWUudHh0VVQFAAPJrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG4GAAAAAA==' AND file:name = '22401.js' AND file:hashes.MD5 = 'db31af16fdd0d3c3d0c19fefd4f474db' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adc9-8508-4ac5-a9e7-4ba0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:13.000Z",
"modified": "2016-04-27T12:17:13.000Z",
"description": "unique .js file",
"pattern": "[file:name = '22401.js' AND file:hashes.SHA1 = 'cb3d593665fc4369a545db7acf154261bd4643fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adca-79ec-4394-afd3-4c2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:14.000Z",
"modified": "2016-04-27T12:17:14.000Z",
"description": "unique .js file",
"pattern": "[file:name = '22401.js' AND file:hashes.SHA256 = 'dae922a0450cd9a16007f7b606ea167d0132f7eb05b3d21d6f7c44b94be6ff56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adcb-93e4-4e94-80ef-4f40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:15.000Z",
"modified": "2016-04-27T12:17:15.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAChim0gEyqMQeAUAAO0MAAAgABwAOGJlMWE0NDE2NTk1NmNhZGI0ZjFmN2U2ZTA1Y2YxYTRVVAkAA8utIFfLrSBXdXgLAAEEIQAAAAQhAAAAa+s6TAdlTyzAOq+xOaBffN9CdNZYi2iAbm+Mai+iFk81tC+oxZYsgmGGOFGQrpmnwWrDGbDfLTtGNNqjoqyAppG4tB4btxcDNKrPaoVwxKXZIMh7k9CO2S4Je7ozimf0h8YEmSIA+wCkhrjUKUWLDte4hLnFKNh9TQgzsUq+VZoY7VokZgADqW9GxFcYdc3pj1v/zJrpFTU2FmKURXjtlbBxxpBY4AHGLqfuMCoou0DMNzvnnyQpds1QKqyfZ2yr+hZTSC8X63ZfxV2aE9lfekgj167Z7kswUWZ8SCCjSsuvDvZJhB7iOMFbf4/6Kepu0vaHB16EdvTXfU09OcdgkFvbJTLhsG6hiSwvDLnGHiGEUXf1mAPIV2hX4wqWWdqW3i81haqtniEob9KzgJwOSuQYLSt5l+cP+lwatDDgsNjII13Gbh5l3MQQ3OsBoYcPWIy4G/7c4vsp1Jac3kF1wKBMZXEkQaz9+pGtxHP04kMbdSm2UJgP1SbaujgodS1pBk5tgyIPKpqZFZzOwIBDcYm72+lf0McAX6+CH7s2WENms9YKK6HW33CstQlrcVSwnypXSaGWgwAa94aPaRoer0D5XPqtgYZmK+0VG6oD/p5avdHJU3cNULNQyCgejQdgitwieyS857wEW+bpqN3jTmjoz5D9JxkVe0CXUZO5pIwlPwqTtZnDoMEYyiI7s+9zfZq5P0z5PMYmAGc/48ryXAv6F/7cJv1RWio/bNl1xa+b21zoGt9OWn9hWJf8o5gt+nQ3qRUoZBafifeWF5m1W4sjAcsH5JoonJ2jplevmiBGlDHLu7/o30ymYptSUjngC4uziF+KGZc0zQTAbI6iBCfH21D1htG9ZtS9nXcLZJnaF1ZCu/XAh3U11XLC+DsA9evJmjVUjLiTdIkFUfnX0QApJvkkhPlVJVha4p3Ndp+bOjnY3AhZj9W8Fm4B33Zf4PYXSlz4WAxBIyg5io+sMT54Nm+ie8RfCp3SVl6wu94VD3na5RLidlbjc4T0l8nWQuStwWmhJ//MegI5R/Edwmf765/R18mWhJDsrnXCgA6m7/834ID7tbMRU5XPAQmpAnfbRJT4q72tCXlaOsvCm20DMnferbNRgXvMg/tUUhYtRDJ9nfzuAU2mgvRw9SlPBu5p/PbKcQv74Mb8J4gVfoqgzATUvCrqWQm1fZd/1iaKb7X+3fjWU/3oW01b6XfdunJwlI8/RZqwpUO0/Teh93bDQ/Okr7fzXQxwc7l35kUpQGnwRMInLP5qXuwxTIygjN0QBhA35Lz2A9NRZDnJq1BGzCqJ6Nw0tXvBUQpqfi+fMV0llli14okM1J9xz+eljaRd0ce3v0sAzmJAWv5+TFKejFUj8Gs4pwmJSyE9LXcR+YG9iAcIsZV3I2Jiukj1MeZVg2L35m+L8C3cikX9tnCNvFn2OtgOhyRBM7vdFbSKatZq+TEEvUjT9+l4RmyVTBVCpeOIeCBmXgpdIK2jNr6aSTztAmBhMdxbfOCXM3rB47D9L6Q/aQmxAGMUGSZ9dDnset9t6FXR353nbIpb+5ZfG9ttZwsWKL0jRzQEQpm5asFCIZpiy9co0nIyJX55o0Hov0IA1VMWkDvwj09HKp/q6gcN/uPq0j5SmEQQ88ByF/xmSXz3IC/gh+UYpy07CcL0ZtpdSAJQ/jNyLreK7N/RGQJPlLY8Fnetgic9ghmRpbUHwzJqaKbZH93F6bZaremo/WpRAAO8SE2uQAQXLyxFnWpg7HmoPO/SRB++nh773PdicP+VJ6PGTM3gsoXPdL6h+jFZMfd6P1Lbr8WI78eO2pMxNYWSJfepUUtbiO4+1HAGaa2TH47lSuiQvjOBiW6ljOhbQ51QSwcIBMqjEHgFAADtDAAAUEsDBAoACQAAAChim0gn4/8MFAAAAAgAAAAtABwAOGJlMWE0NDE2NTk1NmNhZGI0ZjFmN2U2ZTA1Y2YxYTQuZmlsZW5hbWUudHh0VVQJAAPLrSBXy60gV3V4CwABBCEAAAAEIQAAAI6U8wgmFS7MOTFj4S9RbTPTtckpUEsHCCfj/wwUAAAACAAAAFBLAQIeAxQACQAIAChim0gEyqMQeAUAAO0MAAAgABgAAAAAAAEAAACkgQAAAAA4YmUxYTQ0MTY1OTU2Y2FkYjRmMWY3ZTZlMDVjZjFhNFVUBQADy60gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAChim0gn4/8MFAAAAAgAAAAtABgAAAAAAAEAAACkgeIFAAA4YmUxYTQ0MTY1OTU2Y2FkYjRmMWY3ZTZlMDVjZjFhNC5maWxlbmFtZS50eHRVVAUAA8utIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '24877.js' AND file:hashes.MD5 = '8be1a44165956cadb4f1f7e6e05cf1a4' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adcc-b890-4c47-9e4f-4ede950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:16.000Z",
"modified": "2016-04-27T12:17:16.000Z",
"description": "unique .js file",
"pattern": "[file:name = '24877.js' AND file:hashes.SHA1 = '6581966efae7099f6e60abdca02c4a8bd9eb7747']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adcd-3d7c-4ec3-9612-4dcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:17.000Z",
"modified": "2016-04-27T12:17:17.000Z",
"description": "unique .js file",
"pattern": "[file:name = '24877.js' AND file:hashes.SHA256 = '5cdb625edf3415d9a88a1ceb81eb9bbf8b7aab265ffabf72f59844ef8a075d34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adcd-6cb0-4e05-b692-4ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:17.000Z",
"modified": "2016-04-27T12:17:17.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAClim0imJKYPdQUAAO4MAAAgABwAMjBiNzZlM2QzMWUzZThkMWM2YWI2OGEzNTM1ZjliMjZVVAkAA82tIFfNrSBXdXgLAAEEIQAAAAQhAAAAdV2+55WV1TC9TEJe73agtqfwbfg6vLWWqTHQdI7bwvM7BeL2/LZdI4OyRmqn6nfja1Opg2a8UEFOzq+M4i7uAl7bBkg9MTQ8Up03OtD+DuQuajWhdrLltFS54oLPA1x37FERCADUeKNL9nx58Qxn7bQhg8WSanx50bD95n16XQYl+JMOZQNEjolPYnP102WPsAweKvs8hXf6L3ABKMaOx4MKqDwqAnnn1+0Drs9ba6CIUB2IU3+qF6O/GPYu4cBD329f1JfhICPnZRKGXglLGLM2n23pbQgJf0utiPCyJwO3YE4KPEBAhvRzXcSRu1kMxok2CIgYd62xTsH8FBxaHT1+d/opAkiGT/4OmENef5Wd8YiJ2jSHtB7uBrJu4MxH86gDqehEmCCwdQe9VmSLOes7vavksNOsFgjcYwcpxuynyCyZVdLLDK30LVO9411zInrbtoOJbkXof/9IQu5FC7gbGhS/ll2CQJYUNJF3CjiTi07k03i0tTGb6eWZlcILvSYdWhhRiqnv54oOjJTWb1HwPbhBhV2HvF+r/oATo2hRra6TVUY5Wggw2EKw8Rq7zhjxdflxolFjXZe0lJqqiVf3wg/FtWpiknvAxEGj6Ox9pnxTLUHMt1N3uamPBHx15kBs1ObnMRyNIF/3eEvpxh2cJqZZbEi0KcEAOKRNGCTqGI1oCKozq47EqfZLmjpH8VqGtaP1pt1B4OxTY/iimKhEdGfCqiW55uiW1iZlpRoxUkT0vIQFMfYEBuLT+bsDDZzC903Kudf45nXRbaqCfVPzlYq8r6m5JtB3H7wd3YOkSPtoePiRjCHIvSww/PYrsQTga6eFs8oynTHBzZsw9ATdxEyOesY2FarUwqUB3QkrpqERRO9T8fWszPkfqsxpGfLSg3tfrrM2wtLol1tGsemSs8ISdAR66ND6niKWOOGHqO9n6sTxcACVCBtKUQzY5FzdHDhWzJGJtPwkVfkfL6oJxTrQF0jcawoEQriTbLZB9Ktybn2Fp7R38f4pZDsgD0AXgix/p2NJd/jC2h4xCE2kgF6s2pzPNyhCT5cqTq0H5cxYHynRzdj2pfV4tqXPWVvELYMQwMWYIvdu9m+6LswJiI1UIHRAzSXMJb4QddZ7yDYjOZoj4yYBUXJ9dezoBTvcu1YEI+ftEGLKIhxzu0eCdhrgT/VQk5+Ka9glH+iw09ZsXVNk6NlYPpB9ZGAxIZH2g2FfiFsqUAB+wTnruyJAli2SNxCyiXgY6yNWPXvSCYR3Q/CMf1oY278Lp7AnFKqFLJEfALpkPGY0EQimfizUFKJ660gXxVA87JpggftQWJx1sBDR9kRkDQezZoiMJl+JcDLHFYNvNWB13sZ4VJZ04MLLRFPnlX4emhYyD7nP1YbM8oH5t4RZkpC6yfZCyvSOOMxc89vUsePjAcdeUyQLPOCTspIvQWhCVYBMDbZnIoQiTQD1cIqFmTcfJ5BfJcC6hRac1wSqnzvmWunRFrnBjJ6tIiMmIAzU6nBPl6SylxZdVbrGkOgP0rHGPlcEZ+a22ULO5AqvSx7dDP7Lzmfn5rLqLmbHEH5SjAde1qzqzM+4LKY9G81KxlcUBsmqED8Otm6vxkFS4gI53eb7mFwaB1JKXGsaC/RmUCnjV5qBDm987KG9Gz8zXPnVrmfblkaJN0EqaOoVFNc2bJdHyZuOAUkPFE1PFz826ERZqq7MJ6iTudOpvcBuagBdzU8j7EOTKc9J9TyLRNuGPM82nim2CYI0upi28ik6FphhVxAMFclFUsqV6lcysO7JO1Dy+u3fEUQizpfzFvqntPJasgQ6AzHL8s55ki4ez3WqHtetkCdZTCOwharvmFx2qmGU6VkhUnNQSwcIpiSmD3UFAADuDAAAUEsDBAoACQAAAClim0hCSYHLFwAAAAsAAAAtABwAMjBiNzZlM2QzMWUzZThkMWM2YWI2OGEzNTM1ZjliMjYuZmlsZW5hbWUudHh0VVQJAAPNrSBXza0gV3V4CwABBCEAAAAEIQAAADKYxO0KRn2wdVAucNjcpODxwpd+uYBZUEsHCEJJgcsXAAAACwAAAFBLAQIeAxQACQAIAClim0imJKYPdQUAAO4MAAAgABgAAAAAAAEAAACkgQAAAAAyMGI3NmUzZDMxZTNlOGQxYzZhYjY4YTM1MzVmOWIyNlVUBQADza0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAClim0hCSYHLFwAAAAsAAAAtABgAAAAAAAEAAACkgd8FAAAyMGI3NmUzZDMxZTNlOGQxYzZhYjY4YTM1MzVmOWIyNi5maWxlbmFtZS50eHRVVAUAA82tIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = '89030de9.js' AND file:hashes.MD5 = '20b76e3d31e3e8d1c6ab68a3535f9b26' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adce-b65c-4aff-9ad2-4a5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:18.000Z",
"modified": "2016-04-27T12:17:18.000Z",
"description": "unique .js file",
"pattern": "[file:name = '89030de9.js' AND file:hashes.SHA1 = '3654429842a885925c01ffe3d0917d24ebefee0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adcf-8688-469f-aaab-4197950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:19.000Z",
"modified": "2016-04-27T12:17:19.000Z",
"description": "unique .js file",
"pattern": "[file:name = '89030de9.js' AND file:hashes.SHA256 = '02c9ebd8f8e531e0c5594ec00311a9ef3dbdeffa346bb92fbd41068f37b1abfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add0-cb10-44be-bdc3-416c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:20.000Z",
"modified": "2016-04-27T12:17:20.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACpim0iDz+zjeQUAAOwMAAAgABwAMDllZDIyMDA5NTdhMWJlY2VlODY3YTE0YWZmNDA5YThVVAkAA9CtIFfQrSBXdXgLAAEEIQAAAAQhAAAAzYmk+JCiLs5T4LblspfbRpcNjg5xPAiuzsGwFslkalwx8gs7fPvPgA1Dj7+iZyrIxF6roY26msfpxNkqVdvXv1gKWbWEVqNr6lLzkMn7JJ89DkBo5lcpnZMNEZf2fMJkLq0PAR3Enus4KhZhjD/OQHxrurYliZN7d8HqoGJW2jX6orNUx0NX4BLqlgP0EOpH55PlylDGg6fH6g6MuU+2QKfMUpISC7e917GnMBbyefd2nDVaRMN9ZqMRRMF0DRMoDsx3sR0qEjmqvAxECpQ3whUvBG/VGW9f6BKHPfOXHzxZ7rF9L2Tkm6J+L0Do66VwKRIp+lfeOnn1p2h9UMX90qpTqwLJWzibeTqDJq6LLxRnIzW2L6RpYfZoptKRRdRkPXO+MQa841pvDPLccKc5ZiWKO0TWp9gYPolS6CZT4uGoU90Nfo8U5W3gJu6xzKMXbrnWeUAyZ53+bfuXmv83o69YmqoJx008eQcpM3ait4YEq3cQkDmA2OUnWWUbyGVoeNMQtfACgJ39jHxbreqLzYtCdICIdQd4l54FKw6Q9gOc0MHlgNH6n2gDvOzm6EsIXzzd0ekgmdL/F4Ew8nSBkXoTkYm3WVmqpseWAd8aJM078fVG5vbeWfrcE6Qy6d5DYuit4He/EzABtpV1YOe2G/XhKulZGoOfbLnSS3Z1U2R0h2GjfG/Pu1wzH5tLAB21DqEa4FBBV1TMuzGG6PubSIufUeRu9eHoNK4HCUIy5Qpp6qUMLWTmZJ868F/FDOqQ6jTLAMF2bcM374+wzvMtS9kI15+mYufI+ilKaVSfmZNsymXm5YCoNZrb1HbKy6Si8Tq1ShYpARmdecSDG8AAIYXrvXRstxQ/74bo9YWvSG2MOsxgpXjLhtnKByxkxnf3eF4nbbdodlV5NIWZtVbyX7ZNSSoTxgCER+BIHHt5T1EboD2UlHTeoK6Q5MqXhM1+2bEVA/+E3aRuw5faqlKlDrdo9/sbj9tXoHhSPxctDaZySf+UsK/Rs28KGb5eGCyZOaEKBBMJBz/5eKPOkljVP6L7O/L0Pde6sqcLZC7jDZUVeHD1hAgXBn+v4Lk4V9h8RwP5o9j0HNbmOMiaGqO8wCJniWQYDGRF1LEQ9TIe74Xcrv14Ze0GqALoRE4CqlIn12FKccMsFYA+/5krxRpzPiNwc8QyI0Gkz/zl3H5MfoUjWtCNXSOKd5iE1zb3pdV2pv182ZhxluAmW7yt2y66JIPRLhwLe7M6MxwpjankXDIjm24qLUj182yxRYt7kXDqAoiVsp5qxsKAWLm/OkZYoU/lxfayAbWrq8lgToaS1A+rQOCF82mo5L99NNgMwVFtGnSezIYmtjbxj3Ojb4b0iY/s2qkJDnpEh3KDYl3ghL4wqB74OC7/O+7ejUTOdeWkchAsSZg1JmuXvOEB/scv+i34yxvcZLsUnYBmPKhEax9XfhS2JRlGXMTOnwVT/n9HmbfYg0J7/mIpQDBID/GC2VEXqPj62WL5Uka4AsxOIzQrVbno77BVhLSf9YOtEuRqjSzuXyki6DR8wFqu8YbgUMz9vdSJ8Wn850yULob4GMKt54/l3B9Rb3BM/b4sktwKGafFroiYxnFRi53VWKHWVLBBXYH1endM2jjAtCJS/0yH4k8ob6+umpiRdioTx80cJzbC0JxEkLA3iItRwDMCFcmzb3uVNdhUP9C39SdUADhgQW9L8k7ZjKP9YmlFSmf5gViT1Tbrg3Gebs7UbsYhMzHk9ZgAUxZRfw4Iz13WCIclG6hcnl/DNEZL0HW2XJQD6Mp0B7in27+1YmuMGyQRmwS00TwgbB7cNJ2jXAjGplZAgUjrs4ctBlhXxhu1iZQ4g17uKf+GnviaUEsHCIPP7ON5BQAA7AwAAFBLAwQKAAkAAAAqYptIDwvJSxUAAAAJAAAALQAcADA5ZWQyMjAwOTU3YTFiZWNlZTg2N2ExNGFmZjQwOWE4LmZpbGVuYW1lLnR4dFVUCQAD0K0gV9CtIFd1eAsAAQQhAAAABCEAAAA1mYPEom68A5BI0t86kZrmmCj25CRQSwcIDwvJSxUAAAAJAAAAUEsBAh4DFAAJAAgAKmKbSIPP7ON5BQAA7AwAACAAGAAAAAAAAQAAAKSBAAAAADA5ZWQyMjAwOTU3YTFiZWNlZTg2N2ExNGFmZjQwOWE4VVQFAAPQrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAKmKbSA8LyUsVAAAACQAAAC0AGAAAAAAAAQAAAKSB4wUAADA5ZWQyMjAwOTU3YTFiZWNlZTg2N2ExNGFmZjQwOWE4LmZpbGVuYW1lLnR4dFVUBQAD0K0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABvBgAAAAA=' AND file:name = '89274d.js' AND file:hashes.MD5 = '09ed2200957a1becee867a14aff409a8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add1-11f8-43bc-8daf-4d5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:21.000Z",
"modified": "2016-04-27T12:17:21.000Z",
"description": "unique .js file",
"pattern": "[file:name = '89274d.js' AND file:hashes.SHA1 = '06002fa2dd434ce8b97cfe00052135ba9939d825']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add2-02d8-45cd-983f-430b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:21.000Z",
"modified": "2016-04-27T12:17:21.000Z",
"description": "unique .js file",
"pattern": "[file:name = '89274d.js' AND file:hashes.SHA256 = 'a22e32f2b88a6a0b3b744bf99096b528803cc359cb8eb6197f7b94a10bbc4460']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add2-c708-4669-9215-4ed8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:22.000Z",
"modified": "2016-04-27T12:17:22.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACtim0ji+9GdcQUAAO0MAAAgABwAMTUzY2QyODllZTM1YTcxYTBhMTI5YmRlMTAzZDVkNDJVVAkAA9KtIFfSrSBXdXgLAAEEIQAAAAQhAAAAzYmk+JCiLs5T4LdvUc8f6vYmbizGIXEqoAnj6o1P96/oIK7hJhmHK0QXEQheLFdN4C4um5n1Y1iFSkrXfu0OjKTII0rdIUGzC951zKVKHj7MHaq9uqq/YkO5foxSDM5OS8tM0252EBEzvvkQsgq9yL9hbO9kOHtkq3BmJbKNa9vvkN9/5DB5pft/CA++OO47ahahjw7g2j4wZEKiyb8UcmMzHE1bP/6kLAusONz/xz8p15oa5+XaHGpX8kHKQX2bKpMbXcBWksJJ/F0Hd3HIAwEKpZCIU44JTIsumbKcIwo420P241JLa2RALdKGmyY9Vs64hfTgwLs47okLqPUiWjip9I6YKWM/4tKqfx+BVZblxBvpxMU06eu2ZMvOCaio32sSleMAocuWGWI3A97/c3/LJ4N7qlDTu8Bsl0Em3GNvWKyMnlE2i21G9D0HBioYKQKWcVGk9Lvx9MpwkrWEOjIMWVkc+fPN6T/izqejZEeY+UV0POYb/NtRoBi5ldS1ymeJgyu9B4O0qANzr4+iusDEfUsfkdJiuPSIR98pIiY0gdazJBE1mMyBcy1zqTYX3sCCo6v/Y/M2M6JeN5Z2lqN9McJhycx7Xp04ckMdEmknrg+xX6uAGBQ/y76nEOaXnpyTO8t40NH7kXh0+6qcXiFUQc6ydJfTTRJhZ0613QH3IaZTvjYRrPKvVJUrSBsWPRqMrMmaZx3Y2WWeY0nwXNqGuiSnc0T7RVmIHZeRGA82ShybmIGlE0oqowcsYbUi1wxCbARxJ/BFW3dTM0rCFHey+43oBl8+64a41B/TLz0khVXvjffcaWPxGk9h/LQ37ySj1IBzU/QVssWFM14EjFyzTOzOEuW7goKAi6gukPwDoFqB+zohXAhTLjoGCjJzO8SV9pgzoKavDF7tOaf7MBeNrCLPCkxh5zXIKk7VD+E/p8paeUyeDfABHDA+s5U3n0MbHM3HLWdLcI1IVEVkaKlNO+LfouWOxQCROqPHb1yrJrwyhhxTE9k9fIZZfTaz+nQIvglfgV/VY6U63HkkVefVhz/X4cl+kq9jmmkIJdDqWhTum4OB+LlY1MZfPEHZUuL/202EO/+8yGKtJmIS/W0SlRsIDgJtdudS3R+Q0yVygTVj2wyV8t66f4mDkZ097tZ77vkdXyluUpQewvly/caRW38V/JbSGxUYsJQsnVP8PbuErgP32ual81Cl2Mh2Lb0ytJsssjgV1wPMSHKkmCj4qKUUp66qsJeYG69SSHmMBHgW8k2FsKdS3oHScmHar3y23jyN3vwp8ST6wHHVVgV6gEDHFr2kYKqFNERjDkbPN+IGrgo8alizrGcgKUKPTNSwY+t/mItTlIiOsXTsGhg7TixlvFu0HZ8xyieRHBee7rQzewiOZd8QHWldsA5JQQV8DTBb0rD8ZFq7SKwLZgd8I6+AbNsGhSlURCbZfmKhxXmjGasW6yHojdbmmcJwlzKoQJdWl/7btajlIBwWbnn+932iSDSHR1CFctNymJ/nXdllcb719Ll67ypw//f3noaUyFqyEKq+qmLiRm7pul9HGDJXHBu5oPJnMykrQFlnFyxLZHm1dXIZrdwFPnUMgQXSxbFpnZHQjJjwcL7oj8CCrBZVdMgU3Sw1UCKv42LZOgR3bHko4hop/STPtAPa93qaBqzOibGQJfLXat1r2+K6k6/huaxmsyCQjnJKa+HiddYUzNIAQc6uwI5wm1QfibpbqMAwERRFMeAdoBXIWQmzVB6wsNZgD+1hrGQYP+9atWRPjUUiLFJndCf3RII0hz+Y0hRsXCR93AEfHWLnIC21/l9CtJOoqeyYUJfR+f2aHbr9Q57XlawZEru0QSaA0VBLBwji+9GdcQUAAO0MAABQSwMECgAJAAAAK2KbSDWqiRwVAAAACQAAAC0AHAAxNTNjZDI4OWVlMzVhNzFhMGExMjliZGUxMDNkNWQ0Mi5maWxlbmFtZS50eHRVVAkAA9KtIFfSrSBXdXgLAAEEIQAAAAQhAAAANZmDxKJuvAOQSNOJ0En/gVsWg7rBUEsHCDWqiRwVAAAACQAAAFBLAQIeAxQACQAIACtim0ji+9GdcQUAAO0MAAAgABgAAAAAAAEAAACkgQAAAAAxNTNjZDI4OWVlMzVhNzFhMGExMjliZGUxMDNkNWQ0MlVUBQAD0q0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAACtim0g1qokcFQAAAAkAAAAtABgAAAAAAAEAAACkgdsFAAAxNTNjZDI4OWVlMzVhNzFhMGExMjliZGUxMDNkNWQ0Mi5maWxlbmFtZS50eHRVVAUAA9KtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = '94732c.js' AND file:hashes.MD5 = '153cd289ee35a71a0a129bde103d5d42' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add3-95c8-4cbe-868c-41f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:23.000Z",
"modified": "2016-04-27T12:17:23.000Z",
"description": "unique .js file",
"pattern": "[file:name = '94732c.js' AND file:hashes.SHA1 = '22f4673711f5dd9c2cacbde0b8ec1c05c0c34360']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add4-a5c8-4e54-b746-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:24.000Z",
"modified": "2016-04-27T12:17:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = '94732c.js' AND file:hashes.SHA256 = '30075062061a6fd6109c35b3e3289f84a2d4a4a764d27183941531dd8cb43ddf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add5-f6fc-4fb7-849b-4be1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:25.000Z",
"modified": "2016-04-27T12:17:25.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAC1im0iw4fKXbwUAAOgMAAAgABwAMGFhYzczMGVlMThkNzE0YmJiMmQwZTRmNGRkODBiYThVVAkAA9WtIFfVrSBXdXgLAAEEIQAAAAQhAAAA3aWzOOj56mOGVHVhCCXs1wsKFEfDdSkwj3JoXa/guj3fy+PTtUJLJPBGusLWEi6oPcFUs6IQsul+i4Xfw4NigU7bOt27RcBeBo5KuUk08pO/Zwah0eCqUGVGC+AJrHkMsyJdqYSMBwq6Tfo5iyA5Dex68E3dkL7myNuCDTVaokFfZHAm5BCnc6xHj6rPJHxSuBPjsfgBuGqfA/8L+aLveS8/3I/e6LRpi7oTUrn27ZSL1t4/KJYuuhELk/Mk56/HSkwCxdBQODZ1P9eRS3Zx3n9JqerkowFtKm2EX9jMEtT8QfzUasYYrmQ+4Yyq44PJPRp6eJKBPKgjgnxWsSK3WSU0GBZPzLMCJq+zF9AcbniprfOBKwr6NLpvs6s6M8dVwTXzxcER3O0IQ0X18ceguYA3re8aP1wgmINnMczDpAtaTVXj1W6cXWIocmymW2gJFAottmcklJpGooMnKswTnLxH9laqUplU6KCOU8vXXeAw6Yz81Ko3ee4PLM2un6uymiVaresf2KktPngZDFoAdxWR4sEv3MxaV9BEqixOakDjoP+vgV3a37IyGX65qpfNmHGH4WktzWPwJjjHaqQPv5cDqH0RDsZV0/5OTFXoiF+UzxdwxuhWPd8URPjF1E65U7ohNICodNOzM1a84NRntlvzPVNOVG+fPlmxBmguhU8QPyfB2gYJ3ezlQXsNTaKo73xJXE1OS5T8aUpDIwJdDk+tPqtN3KFqbYKR3cBlpxGY8P19sNgeoGQpM8BO9oJEOIOLubmlb2t1psZRQPVZTGTYP26PALHrUq5jgYhdCEm+4tOFizKw+dvR5aDIYZezt8nvBq9q37GDthMqk206VtSz/zigpajs8sNag6FvXYPF2IFZxIr8xXZmHH841eWkGJDOR6qngvs6iQFZGf/kAf9TSoTrj4HwuEVtZeSSwrE6CBA8hzsviXpA7e/DV8bzir7pGWFmqeykoakNDlcy+O954ipAhlmSy7+houi571f8j880DHbgRro8hO+8feTB6/bDpOe7Ore7HjYxN6w05KoJkP7EjGR0Jh8cavqIXwUxto7l2g0gcR2K2e9Rb1OROVokzB3dPvug5XTtxKDU8VjBigvwpPlPjOFiZtyss9SObZzwnJU2XZhL1GA0C74v9c3dql5kdnZ3XcGWtTw2njZhll7M+0U/kGcP4WptGltTchvoTN1wNkZ+/ZKN10sXrkzj5UBeNTPW7WULBFyZ3wlxf+pOHfVusNvkzUjtiourTXjKftDWIkOXN8hc6d9RTjUanUPPURQouuh8LdPS+qCcsFwrbHYgYfkbadBU308QwxjBSuKbQ6E8yaxkrDMHDJRY/QFQohUk7iiCVm3GCq/74Bky60MtZBUqc3QAU8SJ6mv4l72YxDZjAad4fcBYvGq1iAoQCrO9S2Bsfnx/KMz1ajcRKqUFGuCJk5P5eJfbC4ZJuZwOW1yAPj5PFkAIPf/n/mB2bCiVdf7DgPF1llHR9MsbUgRJWT6xgPLY1dzJltDKaAno0nQx5Y60kYjwFpVW+OX2wqXyzXuwxmCLQyF6A5vauyR11HnZw1STvv2he/+CPuxBUvUC/YESEmzlIT2WEz+unlEhbdd6g51cU/C5fgP7PB83O0cPFtslV0DN4qfw6jcmZQB0zzD9t8WCisIgy1vSQr8dQPIL7+NrehmoO6xNii7SS73BxAFCpjSIDjgJUfcNT/BcmxnbNBFrZBOHChnG1+dvU/oEFfI08BQzSMCO6L0PJNCz+WZB3gtdXCxj3AEUvG77SJ1j0CwKy52L+iKms8okvUIITG02pazcuQgIlxG9mlpcRUKfrZPR5CJKjjzZIt76WxKrLC5QSwcIsOHyl28FAADoDAAAUEsDBAoACQAAAC1im0hmB4Z5FQAAAAkAAAAtABwAMGFhYzczMGVlMThkNzE0YmJiMmQwZTRmNGRkODBiYTguZmlsZW5hbWUudHh0VVQJAAPVrSBX1a0gV3V4CwABBCEAAAAEIQAAAORuxm8m3ttvnbrW/zI8J3NlKmDd/1BLBwhmB4Z5FQAAAAkAAABQSwECHgMUAAkACAAtYptIsOHyl28FAADoDAAAIAAYAAAAAAABAAAApIEAAAAAMGFhYzczMGVlMThkNzE0YmJiMmQwZTRmNGRkODBiYThVVAUAA9WtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAtYptIZgeGeRUAAAAJAAAALQAYAAAAAAABAAAApIHZBQAAMGFhYzczMGVlMThkNzE0YmJiMmQwZTRmNGRkODBiYTguZmlsZW5hbWUudHh0VVQFAAPVrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGUGAAAAAA==' AND file:name = '192536.js' AND file:hashes.MD5 = '0aac730ee18d714bbb2d0e4f4dd80ba8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add6-4618-42b7-9a5d-401f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:26.000Z",
"modified": "2016-04-27T12:17:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '192536.js' AND file:hashes.SHA1 = '5d1647ba8b1e3db21936c14a394ba223fc15ac55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add6-cb3c-4b15-8deb-4793950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:26.000Z",
"modified": "2016-04-27T12:17:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = '192536.js' AND file:hashes.SHA256 = '691dcebba448ec884af8a48eabaa8f71968ac3a66ea309e07ca6ba485937241e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add7-cb34-40cd-b5c5-4637950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:27.000Z",
"modified": "2016-04-27T12:17:27.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAC5im0jfTRrKcwUAAO0MAAAgABwANjUxMzAzYmM5M2Y3ZmI0N2Y0NGM5MWIxZTQ1MGQ2MmFVVAkAA9etIFfXrSBXdXgLAAEEIQAAAAQhAAAA3aWzOOj56mOGVHY6ACl+0jbh7NCYAbdws/sBuqtclncYlWOVUQZXN+e96Y2QcsVq17zu8pw5lhT6TMEfltVfoLt227dLHbaEyLevWjssBAbw3PKWksPLhkblL3mAWbfpZg4/7c5eV5aDOEdnsdc8MsOQvCFYulusyHyFGJ6xy5q2g7MB3P2qMcEZDPIDfbVq4wVmrUUu9TMHUvh4KWpUFEfNQtEoYzFDDoCGA3dUnDoGhotjDMV5/DNlB4tsHWjLaHvLI2HP3g9LePDCR1+GeYnWpK/J90fMlPPB4c5vss1FNLxkgCgQfL/uVNkTEdNlz9dWjPnszwZTSmYGZAAMPMNemFrla81CsqAcoK5KiKqQnF1qkLoEVFtdNhZWTTy46vNJtnHUZ6SQTA1asFWx2ZL6oq//JqAXgmiGDo5f/e1GevKNMggxhOGRQJSHhcThu2oVGUpl8d77JTZBqtn3ahH4erk2r0yB0SeCplOezNL2lX8M15f4DFVswG1pfYNoArZxZ5fCvsh7RXwz7yQyQ0QsGsyhhhlQ6F/CGX0OwzplOdGxdc0hUuY0tdDsI0j9wkuzRJboBfMrirprcSMFgKhIBmfBFlaZnmy19q7LcgpXxZnqXuxQNFkl8Hh5Vn7OgK2GXDhth38uurq7gKd5NERzafF4ZZ591XPkAWquLkX9nL/g4m/Smeu3G6rzePFIg9MbOpNN3r8qhbIHZbfvtPeWinKyla2keqg89Ij2DwihGZnNIvRwStpxLqmZxjTdBufIow/1k2RcPpWfb/hLkU2sD5HTMbR2S5Y+G7GwTik8SPODQIoAaOtazagj9Pa5TuXydXhS71wxKDtNhgfbOScWKIn+/c+1oQTnArwEfktjS/mVtcbOaQqCvTPgvzaZSxRL3moO/gnXZ3xHYsI8gtMr8sjA3AjGyHqQzYvAaYBwhL6nOlkMZ2+ahNSvNW3UJQ+6McrLhJQ+WWHyBaPkL4Ognmfxg8Xe+cVw3pAgCnEXtBfjT8GvziUJXM4K09cvzH64sF15jLTQwUsUs/xurl4ydMvKa8Njsv3Uln4gM7e0JazONvtxCCCmnprNUKCzAe0npuEJgXzQCR+oEC9uhmQc8XXATIpHXOlGVY7AbRGpEzsel2aWS5miyWzD28JpFqF4uS8ybhf9/eq2LjABNeXsj+qRn2/qyYrzRJMM6bZin/oEF76yZtLojHNJX5QEaSR5qIxVXDqcYo3YZ+cmdVLWmWdJrxfEv/uLQyFULp+Z36eIWxY6DL+b6zQXgoOk3Fj0ETDVNZAQ3VZToZXWyB0mlXTYnktaiNT62Hd5MIovhuLCbOFgAZP+0MTkrwnLvs5mnmsSku9lJNXOsxAPgMsM/mFaEFP1nJnBOhnYZvTjUp+6ahpmxUYL0PfH1rVAF3V2CpU7rfxnkXNB8t3mtnOddPhbPGBuybEEa9jJGL/ioKFfOb5M8VUq1VP+L8Fdsnew8i0zEtx+3LI8X3k98Cm3c/hfhVMQkdoMRQh/AK3jVFT0INI1E0cy+KNljjFPR5ng+n6e/99X1We9Zw2IcaaXyzaFDtFK/tNtGyjUqxFsmn3GMxbMIBy/Zxt6jeHShuwEZNVAmYOIM+/TMXjMtbOD2Hahey2SptUNk8N/5TCRxfQDo4EU6IMXTQZjm4g4ghhwQqN73P3Qs2aPt4V01ltT1ohP1V340hSa7v6pYY/UmwmjmrjYuvuPqaWnvi2jgwl9aXd360RnvveeoGQ3g+waf9POMFFfEF6YwBk1UZqe2DQyZHT+A9CL+kRyDRI6zmiD6GDZJ/ogzfZF23b6sSCTugRTMhq3Z8ccDfp0QLkSJAzPo+xr1M18ZwolFCgblM1QUEsHCN9NGspzBQAA7QwAAFBLAwQKAAkAAAAuYptIw4JiGhUAAAAJAAAALQAcADY1MTMwM2JjOTNmN2ZiNDdmNDRjOTFiMWU0NTBkNjJhLmZpbGVuYW1lLnR4dFVUCQAD160gV9etIFd1eAsAAQQhAAAABCEAAADkbsZvJt7bb5261aYbT7FDFrmA1SdQSwcIw4JiGhUAAAAJAAAAUEsBAh4DFAAJAAgALmKbSN9NGspzBQAA7QwAACAAGAAAAAAAAQAAAKSBAAAAADY1MTMwM2JjOTNmN2ZiNDdmNDRjOTFiMWU0NTBkNjJhVVQFAAPXrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAALmKbSMOCYhoVAAAACQAAAC0AGAAAAAAAAQAAAKSB3QUAADY1MTMwM2JjOTNmN2ZiNDdmNDRjOTFiMWU0NTBkNjJhLmZpbGVuYW1lLnR4dFVUBQAD160gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = '425472.js' AND file:hashes.MD5 = '651303bc93f7fb47f44c91b1e450d62a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add8-8508-44b3-86ff-42dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:28.000Z",
"modified": "2016-04-27T12:17:28.000Z",
"description": "unique .js file",
"pattern": "[file:name = '425472.js' AND file:hashes.SHA1 = '328d562a2c8b29532d43199c7cc12fb6329a41de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add8-1c78-4403-b73b-4194950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:28.000Z",
"modified": "2016-04-27T12:17:28.000Z",
"description": "unique .js file",
"pattern": "[file:name = '425472.js' AND file:hashes.SHA256 = '030ba1c93958c11e4983348112a793aeb26c178e9a53586e79b05ad2607c5e63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720add9-c6bc-4874-b70d-4ac4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:29.000Z",
"modified": "2016-04-27T12:17:29.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAC9im0iMWqBEewUAAPkMAAAgABwANmY1ZDc1ZDQ2MzNlNzJhM2M1NzJiMzYzY2JjZmFiZGFVVAkAA9mtIFfZrSBXdXgLAAEEIQAAAAQhAAAAXvyD/uZRcyMDxZy7lF7FXJqnrzmxj16W1SyrUhyuEMMQeeFO+yIQHVT2s/1AdSre9m5e/RL32Egr+qN+p8/7JdJGJJumzteuZ4Or3yjRDx7F7395fIlIM4Ho2emjMdhAip3jF3nrMyFP58f36jqLmRw3HB0ms2sDABvRN+EGdzgVB6Pf6u/IVJGuOvNqxaFgqhSyyAhjyIujDqI0EgeavNVmGWIhTSl6LerXxWnra/nAKEnjfCQcLAL7XOgbZCAo8KckuKSu1m3o9xld4Y7apSBKWTl5AtSYbwacnc7KxHsQIKwo8d4hkEXt1ulm3PiMDS2KcVhrBMcYpUhlFBe+R2G48pm7qfu4xGZrFIg0pcoXfks2+KVGRrKKmHSos78I5l0DWQKI2j6SP8mdoUVkuQejH7tuL/v3fIQDVKvTz8iY9n3OL9+aNn2WG7o6jSDXhlHEJUikur5wGTa7zeZIJXGB1HibD4e4ppKalesfD/fmvHpFy8TRFlmJj5ru6oj7W75znFn9a+uaySwoEJ/XSBAuBDKzbC7Mb44GBAB5jSQa5CFB961qRwZLOaBawRnzm2+CExLzqeUZObLXf5MQn+FjDt5/favxADkPf01e7TPbNC9dykw0pJ/keAO0edha/nAolU88j1IEwu3A/KfUqioWSb8VzgNDRPZoR5zJtwjL18um8iNFqoJ86vb4YLlDy4j9iIY6JrHil3QmDwGHqDdfboIYZwKM2gJqbF28frvX3qKKetMaPOzmEzfdb3lUbD9PhnPcIo6Z9p6sVj943eJemzh0/RjfHJNt5SQzFr/NOrapPT8u5Bo3ES8YNgK3O5UJOvBaqy5vdzictQ3VHCz3E9cSh50bpsjEXoJ2LhhWMwl5ExSF4ijanGbiyv8zYJVIYWRDxLA5kx+Qo6umQMiOq64m6gdFC04Jv3toJCbI66HbkwvccKwVXk0vCqLsu+13WXSv5OfT2ygncqQHnkIeWsvlOz/5MdrBdEr2bhXFJmrvwQLsndBb1if7bw3HuXp1lifAaAqH9QaqduYGm4WglKx5Cvd4xuTKO9L2fOO/arvz0C0UFeYMTxeZLT66Fpdq7BQwUX8tjj3o7A2ys5gixoYmQTt40zN4EU/E9IRtvt7wxkVvFwH7IsVzjNchebIYczJN4+Ac961bmpWnWc/V5sqle5O8Zo4BoONiVhlz9WtpDdCbIeG1d3As20GkHbVC5CMCz6rPSZZbD0dZdf2IIlVzukvN+rD7CkJ3b2hTH2SDWqUxnC+r2uRgRqrMW0U3F1NNrUO88Rl+/RMQ3exmEvwnJkNBZ9NogQR42tfZu7o+rjyGEoCQbPA1zI9WLPmNd0KXuNWbXRCocfDJBT/tbjPEURuZGDB+WpdMZwDglwlCyvnAV98qldfDScYkrKwTrTTm3ehxQUvX9Z1j5Z0lKg9w9+EFHlQWG6++VSrJqy2odsefUqpX5OQOdXseitokEeKe1c+rG0vx5GzrHZjYdVSK458fxbF9JLVISP1dPhIEGSGJvG0gD5VdWVxP4j0NZpDV7f940GrW3Vupe4xcSJl2KTJ1AGtcjtFb7GK/9D81UGJbTHgWLo2crQyT4k616lzSgzt8J78l8E1HN+mTwKhQxF4S6zaxy3VO2w9YfgS4lHDo2B1rJ7EP6l78ODfpN7Sn5k2QEo0ZYtfNQRBdnOrEKoYbCB4WLo/HGUkTL5xH0giIMd9dfwqvCOYJTlUyZaUrKp1M/um1f5OUZY9gM5joZ4XRbQQBLe/Vo5J3Tppp5MW+GH2DKuo4kb+DoTWwJ77kvCeZ0Iofnam9APywYsX/IjFkVN74gLFyugktCtxmM2df6AsDrO+ofcuspG0nqh7O8UdBVp5QSwcIjFqgRHsFAAD5DAAAUEsDBAoACQAAAC9im0hN7XUxFwAAAAsAAAAtABwANmY1ZDc1ZDQ2MzNlNzJhM2M1NzJiMzYzY2JjZmFiZGEuZmlsZW5hbWUudHh0VVQJAAPZrSBX2a0gV3V4CwABBCEAAAAEIQAAAPfwDHReZEj6CnPeTk/RxoYHuWoEXSOOUEsHCE3tdTEXAAAACwAAAFBLAQIeAxQACQAIAC9im0iMWqBEewUAAPkMAAAgABgAAAAAAAEAAACkgQAAAAA2ZjVkNzVkNDYzM2U3MmEzYzU3MmIzNjNjYmNmYWJkYVVUBQAD2a0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAC9im0hN7XUxFwAAAAsAAAAtABgAAAAAAAEAAACkgeUFAAA2ZjVkNzVkNDYzM2U3MmEzYzU3MmIzNjNjYmNmYWJkYS5maWxlbmFtZS50eHRVVAUAA9mtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcwYAAAAA' AND file:name = 'a5e6ab25.js' AND file:hashes.MD5 = '6f5d75d4633e72a3c572b363cbcfabda' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adda-6f20-4fcf-9f5f-4a2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:30.000Z",
"modified": "2016-04-27T12:17:30.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'a5e6ab25.js' AND file:hashes.SHA1 = 'b0e05c81828eb950b9a4d270ad371857b3d10b17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720addb-0474-4abe-b8dc-4136950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:31.000Z",
"modified": "2016-04-27T12:17:31.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'a5e6ab25.js' AND file:hashes.SHA256 = '664155a3950db4393a5694d20bed30fd329ebdb0dab32be75ca603a917f4367e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720addc-b6f4-4f97-92af-4ba9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:32.000Z",
"modified": "2016-04-27T12:17:32.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADBim0iDYPbncAUAAOsMAAAgABwANjc2OTJiMDRiODY4MzU1OTg4YWFkMjQ2NjBlODQ2NjlVVAkAA9ytIFfcrSBXdXgLAAEEIQAAAAQhAAAAFze4ECfqkdomvt39Ih0lzShP9pFLz31XdZWuJC5Vtli5B2JftWu2aZIwBFVIXcX3APSNcZhSZjRKfQYOrFaoNJv+wOyzitLhBzCaSBYbNGwvRT6c/SDmJQZ6cd52otWLx0wLLOGE3c+ZxwFSbOOjCiQGqLf6Hc6RHf4RPCyxia1IuuTgiA687xm1+xxZE/od6xlHfJPx7S8MaZj6IPrIkRyetaHxvunJhXqRMdMk5EaS2y6WbjOzFWpoI2aiC+Tcv2kG/hfX07N3uKEtXgvSFlBnK65+aAJtlnL18zXrmkBV/fAWGaaF9JRiY+20W10lo4Qicxdnb8Ci/nvpU3FxEwoaVWV1wAXn7OkWHCctESbYETLLql75KFTp6tyIBKmCWRzWwiH1V54EX7hK8bJryP/CB8VqkRZva8T+3ANcMZhDWM5Z9WDkiIgJIREaq3bDMOtEvIcGi1FmZ4xJm5hNw16jenVCoerUdm5O2Kt7ENigY74l/aMDG6Q7HbKkloWUe1ujLN0IzxtSWR7OLmdn7syBfBt7XnWy9W6/3CzZbd/3Q8ckihoyMho6t4wzeySb6saBm/b+BIu5XX2yvMMHdrwJDWf/FF2S8bsKNWqtFrx9A2GRq4/aH+hOlGJ5pXNgdy1US3HLCVwfD4Fw/l77B/jb+CWHetvwcbF/vCac2W+zTygJS+1oeGeTE5SWcXy4UOvPtl/i5qEn46gslbNBRWWBoMnEUa/aWeTkUTtG6G0RS71fiiDUxVmzvyG+9inrFmAy+EQUDU8FlZ1B5IBdJG4TxtYZlPjMNCymyEAa5/XQyRBpM33EZsrE2ogZi+k3JPs569xSQ1rVGe/+n0jnTyoHg3J0EVu1z7hYImr3OA4MscyakXuENcUqVwvk2BYHEYbNUem7MT+JNDaQzRvRGqgOE4FLJYJ9aa26jFDBeoe7cLLoE0QpJGlqWGNJ1sB4ZMFlsM/cV5gUAbSlfTJxXVz20wiFRKxJTxUEa8uNTd9g9kGQPeOkI/jKbmUlxfjQc7O/KXH+F7PQEcGSIie4l3zL4yDHj9dFwtm83JZKZFCOgw11X+90c7E3jcLTHNZbrmqzUVjSMAcYp7RgQ+POcbR/cZIdRtCrugUrb68Pj/e/FtJ5OQpAHZEgzb5IjvpKXBqRd+QhXz/9gQ6gp6as9l2zfL9wfCGfgHnyWdS/kWKkChIRQqTaj0XKuVHxpSK5usRa+vq/14iP7qqUJomwpB7YUbIZraT1ncOAP5Q/vwmrt7s1nwEUe4rHt2CN8SphCyqQbqhCR71RNB7dRiTFwRc2+6IvIwsv0WsYqFm1TbfRY9TPcMYI4eN01zcN0v/IErqSp9b+akbLB0dbNkhA7TRCYXHTtbq4nHpVw+2snmVJ6itUNXeSL4ZJjhY+miV9DQXjVSeb6BtrGdthPkydVHuEq+zUOBXY9295ke79lGe9RT3ERDsdQDrPdXfiSMxGrKhvZS3xUBtCmSaewCc9D3CXqFGHplCLJfVnCN2kb4+BlLUkL/YI26RPo0saJMWbBjdW+ppeFRqbr0jbcHYvrvi7LNVNeYuOZM/6T8NqvSZ+68kO1y3Xg5i8lpQBRFYNW4nna7xLTy/7aXQhDNMnd0cFUEQuJRhOWUt0PDfX5gTMusezJHmaOQTYHt/29Yly/MqG9grG8gOBBjx+KbfULozHQCNa5bqspuDOMGB9Ia0SYwIv5grkfucN0E5ajU1kTx9bNztLnsjtLzKnQY90tDMsQT2YvN9+RTX32+DYAoqrXVy4WA4X8AKFG30ybRSL7ipDkSRfCXClYgNyNTTHKgalpILLgZ3j9PdXOQUsyGad/wjzNjH/ANnzbqnYy3uiUEsHCINg9udwBQAA6wwAAFBLAwQKAAkAAAAwYptIWGUV2xcAAAALAAAALQAcADY3NjkyYjA0Yjg2ODM1NTk4OGFhZDI0NjYwZTg0NjY5LmZpbGVuYW1lLnR4dFVUCQAD3K0gV9ytIFd1eAsAAQQhAAAABCEAAAC/QOEut3/of40DEjo9U4jxegM0SFKh+FBLBwhYZRXbFwAAAAsAAABQSwECHgMUAAkACAAwYptIg2D253AFAADrDAAAIAAYAAAAAAABAAAApIEAAAAANjc2OTJiMDRiODY4MzU1OTg4YWFkMjQ2NjBlODQ2NjlVVAUAA9ytIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAwYptIWGUV2xcAAAALAAAALQAYAAAAAAABAAAApIHaBQAANjc2OTJiMDRiODY4MzU1OTg4YWFkMjQ2NjBlODQ2NjkuZmlsZW5hbWUudHh0VVQFAAPcrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = 'a56cd731.js' AND file:hashes.MD5 = '67692b04b868355988aad24660e84669' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720addc-99b8-455c-90f6-4e47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:32.000Z",
"modified": "2016-04-27T12:17:32.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'a56cd731.js' AND file:hashes.SHA1 = '74b9f21f8fa1c5f539e173a5721f9e26627c1b93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720addd-6b10-4d42-a43c-4e62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:33.000Z",
"modified": "2016-04-27T12:17:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'a56cd731.js' AND file:hashes.SHA256 = '83427674a03259a49c1fcd5b7ed16ec1461efc635e58b8bf99c0350ee26da4b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adde-55b4-44f4-889f-467d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:34.000Z",
"modified": "2016-04-27T12:17:34.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADFim0hOkUhufgUAAPcMAAAgABwANzc4ZjQwMjBiYzdjMTg4MjBiYzViZmQyODE5NDQxN2JVVAkAA96tIFferSBXdXgLAAEEIQAAAAQhAAAAa+uQTJQBTxJRqd1Ilz8k+cXds7jGadd3jYLzlBPVfiE36p8EpcVdJtXe0xvzHBoeUjS6vBBuxY4bwGVIBJMQkVeHxGB5ZgCGm+l91hZ1v0KKZH9656gvrnuvCyK0JK16R1J4TMiSjhiHUfB2g+bVMQsZXCSpjZGvZxAylx5DrGurdtbu2hkmiZ7S7Gma/8HNuDOSrgv3qS8SyAeeZTxUSXopmmtwIjTn1R4cisipXhVzGvqN179hx9B/iVIvA3i2dkns9ZpSyqvZop5wSQ1ThjDKmR7MjuDBzF7Y7yxFr0Mf9GEx49g3x2iEJeIfHz20xRCg8ITnZ/A00d05n+oR96KJrPLSEdp4Zj8MUKDnkjYZh2KmCI2VLxC2GGebVUhkAgETtufnGLP26dCKAU/qTbZomdQvEUrlux2Wy+ZjdzLh7QDm0idoOJXIW10S/TGpTXmU4v+zQ2EskHHNKG5sYl+gYD7nUmPisHRgqgXeFCe3NTpINfswKPOobW0umbdei0pfkgOwlb698PlLxw4qNireeuP61hIJ6gci5/WGeMZ81GCkc2KsYII5n8f6IgMskxG52Xrxyjh4FzCjL36s4I+Qe06oJTjCvcWi6SDlDlTi2Ed6ADidsilx43Vw67uaWoNrEWB8Ko7DLeLAIH3psHAQ1pE/pslywR4gTobl/IopnNpMj/sgtfwlIxv8CIaNlUXVK9l0qAy00ozH7GVRnBBStSCxpt8iNUnqs56MTRjKhet3etbj16RAxPI1zV67Y1ezcDFvkmA2cWvE9NUrkNipxd28GQhjMd8YcdEQBdnxxLjOMM1W4BrfTp8doA5hfkKP11326u07dF2/KQl+MczX+5IGAUd2Lf3x1WlK4gIGX4SBKKj0Ng3J7xHGd8ry6simuXcQwltghbHz0zcHLlbN0+ffbXkhPCGuImUZwTRDwRwHmMAjMXLZs4mbygH20OHH8DJh4xI0g4X6HD6ufOZNSbneBUtM1UEYfNnc0MEl2kN7l8kV12d1/sMh3+YOMNDHsi/3RO1gJptirQUXOQ3nb+oKdqMlxnSPxmunntP4MBW75XsiFQOeQc36v30VNprxNgrW+EiKwSUHYkfIw0KPKj0vjX2+ABKGokWBRkHvMHjY6CVFBE5O7qjAnb9/WndFywjmarofxMSt8UniAlxVd8ZhT9+dgd0ky6Gz/SLfDf5KJUhMKaFE6n2req3WjuUa7gr/O0qOCbsJy5CEik3aqRiexMxUCF+j+ngRvS+eb83Yye46BkS7OJaEiqUki0ykB5BUNIsguY/C3tOdEQuG5COeMwwOvL1xHCWV0BF+uEYFxbOp0CQVo7MzUJQtsZM/k6H+BFqhA32yG8i/rx5bQ6nZuSWaSu8foUe0bzm6+GhtVFS9wzoiGNVppw4bQrTRdnc1nx9lN3gWL+MHrn61Tf8R2VBTd2j3DiP24lSbXRA28I8EfAHumjVRJEMOm05kmRC6KXgj+j3UkuKHnwM+lOzg0wkqXMlMsAnrmw2I0+T2khAwOSHi5JySWANykkUHyZQ3s+JLV0K+8yj/bwqJ2vefUq+EjCs48PgkSgf5bkMnPg/WEzf9doac2JyaIYZvhlvQnSGwzWkjDsWkC3fNchEvSsQ/e/8lpHb4jG7CTG38mYqO6I6SrXV5lKaDsM5x/P19MPPo/JDYFyBqZfAoJ8o4mozG5vGY0gtr3ejl4RkMODWIakybie9AAyvjZ2nKCjbJwoqj1CDujtS1fCEfkMBRE3hYEGf+uPRmh+FiwvwZ40kXIePWwGne4AA2sB7lu8Ufn3+cUEKlgNv1rTJ40+yIWAtu5fEwLpP+94kNG8gY9GcNLTI+wub9tdhp5T5u61nG9aLm2Kwvuj5QSwcITpFIbn4FAAD3DAAAUEsDBAoACQAAADFim0iUYYeQFQAAAAkAAAAtABwANzc4ZjQwMjBiYzdjMTg4MjBiYzViZmQyODE5NDQxN2IuZmlsZW5hbWUudHh0VVQJAAPerSBX3q0gV3V4CwABBCEAAAAEIQAAAAalBWvWAEXc0gFl3yfYU4WDVeov71BLBwiUYYeQFQAAAAkAAABQSwECHgMUAAkACAAxYptITpFIbn4FAAD3DAAAIAAYAAAAAAABAAAApIEAAAAANzc4ZjQwMjBiYzdjMTg4MjBiYzViZmQyODE5NDQxN2JVVAUAA96tIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAxYptIlGGHkBUAAAAJAAAALQAYAAAAAAABAAAApIHoBQAANzc4ZjQwMjBiYzdjMTg4MjBiYzViZmQyODE5NDQxN2IuZmlsZW5hbWUudHh0VVQFAAPerSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHQGAAAAAA==' AND file:name = 'a62cb1.js' AND file:hashes.MD5 = '778f4020bc7c18820bc5bfd28194417b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720addf-a334-4497-bd36-466d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:35.000Z",
"modified": "2016-04-27T12:17:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'a62cb1.js' AND file:hashes.SHA1 = '335d94d430b1a77b03cdc7f9854d1eb7786c8795']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade0-5e58-453c-ad5c-4ed2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:36.000Z",
"modified": "2016-04-27T12:17:36.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'a62cb1.js' AND file:hashes.SHA256 = '362fb8371c557736fc123229ea15003ff0ed4357be8920a759c9f2934b2dabdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade0-0c7c-4555-8747-476d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:36.000Z",
"modified": "2016-04-27T12:17:36.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADJim0gZVftDegUAAPIMAAAgABwAYTE5NTE0NjFlYTgyZDQ0ZjA0MWI3YWQyZWU5N2QxNDVVVAkAA+CtIFfgrSBXdXgLAAEEIQAAAAQhAAAAKzEtgnMx5SFzhiyKBqAfrFQQ/XPg6A3e2dGxJkCTzH5GlTRHzB3Ja1ddjLYCT07Y7+fSJ9QKXi7wNGLZs5kOPjX8tI6sQDHZB7niRVEbcoARZcJA7eqY61CwsY7TpeG+o79kp4k5D6lyDlh2J0WAp7GeDBzWz7Zbik7mkqu47P/C320/1P6MiHyMZ6XlnKAg4CYMLnAF+v9SfcsCqSc9ZZkPxsjIwqJROXejKPuSc/XIKuCSXMx+tpDOjn3ftpTL7llvYoum45rQHxvnNAQzEwV9l1N3+3pgUVJN4zK5B1a8JggiFyzzXxrRv9kq09nKXE8QflNmUFIxJX7VLalKsqnKFK7wS5RPuOlJfWUPBbwH6e4myJYktFrva9fPB11Wmn4IcNV2j7pEVwHIkk4YrHq22zeSlIgl+TB4tIR9mA2r2sXW+kcLb1mvYYVJ1fbLKBFUopy4Di2BC/EGgP1Tqh/SSWVy+B9ZiQ3mU1bsPZl/qYy0f9rb6ZNxe1UaCL0kzvZgrketUyF5EHmrr37WVE6IWmN703+OGON8dz0EbePmkIkvl7tsgr7pUMnK7v1manQMRQ/eiwqXCEK70KKRWu97aGk4S2ZEZrckqz/0uNTafqUK6PMYTHyr6g665bV50zMmJUeAIgAvZSBVMvVWKXSFYk2xn4NNx/JxfhfgOACGsAecs2ImONxJ5CIUUBhsifVKvihYOXKXYxjUY5QRqJs4/ZYJ7oYif8ZLcEV4zhhsEDNY+UUSqs1GqBduCGYKoI/vH9qQcdB+clUAuUl3UYAiwo8bHALbfriwXAanROcfZcpBUWLYdSTEPgK7GpAOB/v00DfbM9iF3lKSVqgui6rWc+nzF7sQidw9lvtQ6j640+DRpwyRhQW8Yxmx5juHuobCWcCCdOI5VhWhFyI8gf5Q0MyZPkNaBJX/wG3CA2QmZW7wAGv4WggKqN4rkyUFIxG+Hg+giBCo54vZ8dF8jwhEfp9H4oLoFsXsR/GduxwTKww1QmWyX6dyPfEHnG8CpczTZ61ee6IrrFz7e7rvele4B6pxI+ZyQ81JWdG+V5GGKiX79ulE8k2LnpieZ3I2ZerVQdCiwUcz4nfE4Ka1CtXDDcftWPlt7CZBXtY5WIurl+6SCFzP+UpVW5Ki3GNjBYRP5vxjAXsAErP13XNrxYdJ74T4PGga/mp6yZHdZ0m+tcXmLtavaoUrazPecTAr4cpb2DUjb96d2xNa5CyZDsKxBJbU4rJGKwi4gTjXYJQMrZhvQFubaXUdNNBCuEAM496nGnFwcufpVkeoQ04i8Tv3UecZD4OplHpg2d71/OIlqWa7DrK4DBP15RG08YlzF7nZ9A+PEcdwp/FLp5QSWynkHAYEOT7PwfEwrpOvi9Va63jg4qlSMfOm+I9KPrWT4u6+ihhSQo5F9TrXDtA62SWKh2mOXV4JRTVx6cxNbz3F75BsYqH4tY0Exhkj9rVshpkO/6N8mWLAom69OI9IpH9vhylYoRMxvi5+daeK146KFXyoYPzjMy43SQnggQFTjLVZ+nDfnP6dFQfjSxjS/o/BVzuqvT15cV5qUGbx8p0SY07OGg7ai17Hk7ALkhucYMWSSas+bSCDOrdT22Vs4WDn08DnbUplRd1dV8oRTSCPukwmG2XvBQgeKeu9RzADcHlhKEk7GYwz9s8Fyq0H86YXFY8m3mB2e/UIq3pXvzlE7Rd+D77/vyCHwjrQUBSldb6O/qh2jOTZ6kaKauh1Ebk8aczpFDLR7eRy48hq3zajTUWgxHruyBUvwtyhNBYIFQDrhyuETIUowkDOpcvADvXnVa82aAizc4zLhL3awNCR0PmA8VBftlwZBeBKm4JI1JYmbSbGTY6qSFBLBwgZVftDegUAAPIMAABQSwMECgAJAAAAMmKbSJwVv8oUAAAACAAAAC0AHABhMTk1MTQ2MWVhODJkNDRmMDQxYjdhZDJlZTk3ZDE0NS5maWxlbmFtZS50eHRVVAkAA+CtIFfgrSBXdXgLAAEEIQAAAAQhAAAAzoCN1xyI5pcul4/nAfaRPoa3IdhQSwcInBW/yhQAAAAIAAAAUEsBAh4DFAAJAAgAMmKbSBlV+0N6BQAA8gwAACAAGAAAAAAAAQAAAKSBAAAAAGExOTUxNDYxZWE4MmQ0NGYwNDFiN2FkMmVlOTdkMTQ1VVQFAAPgrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAMmKbSJwVv8oUAAAACAAAAC0AGAAAAAAAAQAAAKSB5AUAAGExOTUxNDYxZWE4MmQ0NGYwNDFiN2FkMmVlOTdkMTQ1LmZpbGVuYW1lLnR4dFVUBQAD4K0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABvBgAAAAA=' AND file:name = 'ac60f.js' AND file:hashes.MD5 = 'a1951461ea82d44f041b7ad2ee97d145' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade1-dffc-4436-9cc3-4829950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:37.000Z",
"modified": "2016-04-27T12:17:37.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'ac60f.js' AND file:hashes.SHA1 = 'b11bc501160e73a346e5d40134186ef084b3b84d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade2-59a8-4373-bb7d-4460950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:38.000Z",
"modified": "2016-04-27T12:17:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'ac60f.js' AND file:hashes.SHA256 = '2cc6677e2c8151efe375ce49c939d2e8904353cca43dc7f26f9c5c11a60365eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade3-bac4-4460-a3d6-4fd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:39.000Z",
"modified": "2016-04-27T12:17:39.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADRim0im92j+eQUAAO4MAAAgABwAMWMyZDE4NGM5NzI0NzZjZDkyMTAxY2Y3NjQ0YTEyMzdVVAkAA+OtIFfjrSBXdXgLAAEEIQAAAAQhAAAA/ML85RW8IOD4XmGK5Bf4hfUmBIwD577XR5ASQ6Zt0szASFks9lfBf7Q/Dpg5UnDpY2MNVQDTV2As3p3/C7dbgAkEnbTZSeIn9r4F1Ten539cXEND+tODyblQO3fGaeBlHxWjiDzIUQYSzKtg4H9gJZIVCxUdymm5cdyo3nlMOw+uwaUt9SOO0Zq9/UiDXKEd3skv2mzfyuopAHE8AZas8byC0H/ZeH2jjr+tRwEGZVYMJNg1Iag8sVrQGpB3qToTjZj8IG8TM9FWekU+lbmE9ZPZgXKEs+2F+wBk7jpplL55Fkl9tYVXMZZxYTu2yVOOvSSFLSt6d8170xs0mybv5bMhOWCKgUbW1A2GSbCJrkqGZeuKfOXFL+HPwgvzW5nvYzLUCMIvshBY7saHu9JgA5mHGsqjIaKHT7n2x6x2h4MLZyTJuBBueMaGdN+yT5AVk+nBIG45qU0Sk4yZ+0Q8u3VSyN3H04jxBtzSRt+fq3TpPtkS/lH6Iu0sUTgtPgSzvHzPnTV8gq2MgH67nitB17x/kihi9eg+1x15wrwKFmEOK3sDtQ6+76aqx6/+QdL/22ElPcPgdWQ6tsLau0I0wDCYv4r+w1mDK6UrjDPxh5idFdB2ce+u3SmBOM/ESlU5U2Gd4ygw3IPY4omMl7xiWnzoncqCy1WIm0H/Wzv+sUNpXfKxrGtMhBKURsJf4UXlo8LnhHW23yl/BUBkgd9bDtI4RCbYZg7DBkugJnrJGMOzr9qcXvR8HCtBEkH/g0Yop31FCbXd0eWwqwmv0/G3W3R3Z5urysPO3pY0XZMzON8UzjorF3aTOMQF78xUUsdl8pQYi0kG/gR6wQVpKA1deIy5nQ5WDxt2TlQSTReW3TD4h4i7TfkYWpFqWAIMca0KXefUpEMQloLLjXpVdTC5C2PHxr6Pey7qRv16Lx7+KQPdhTEnOjPU+fCPyyRDPuKLaKGF9bpcxFwppj+uXURCKHDN6sKk9bFSATyJab4wMmc0oXFfFSRFFC1fGPnqLugIxJrcprcq0yFGBSDTarbjIXVVrc04cg65FXz00x+H3W6gY4ZD+NBDdlOpKPSRv8XCAxYAod0MfZSYxnQTlhfFrr43COro2PpfU0CxubnC/IDwZhtYKw9KyKbuYSjoaSNp+N+LkbVekV/WxKb6WRuGffOIBvUc3jTUfRM5oUziGp2Po7xAYHIUWxHVcIwF8A4+0WLpEVtMnslfmSQ9QvIYMFtoOR9yVbKE9QOelIizisgXCHd4fRscroV3NM2+LEKi8gH+2LLFyzxehvV0K8HrHFALG1KyjBTDWp7VITbNDUyPa0xaHZ2eoX9X4qxUBDidynkzwpHpMiQ+QiL9gue3GGCaJBm8HWII400i8Twe1cxgCpFvFEnMF8tR0oeTpcYAlaYh5BnCE9gmz7IkLu91aGL0CBrNBW9l3Fnr2uPFq0m7BRHnUGmi34UZrtQVqU+2NX2VY0MTF5g5DpPeViWBkxUwQ1DryR86gsQh+UtWTOjn01gks3Q8iPmUfJmv0ohxGzYDi5qpIuKDg9UO4ZfWk45fAkk5QDr0/HnGa74oY7xuOybChUg2CR51DvfJbvWuzrsS306qH730SSAceYwYfBCC11yY3aGXHI+exSrgcPmaOQRP+Augvvnn3TJPXre3by3rhmZQxStpdIWSR86Vs7HSN29pC3u/cVe9ZetQqqa3Qb6ArxwYm4QnFZPWWi/Vr5zcKtwIR5I/gVttejxZ9lJfDhxWkJQylKA1qlRNDo/MlNIRbF14sTDVyw25yM3GlxpuAdRq7+2ViLQ1bn+KkuxK+zXWPkYWaZbKAgq8KbqrikWTNVUkG6m2NiglBVtUi2r3E7xxs9cUUEsHCKb3aP55BQAA7gwAAFBLAwQKAAkAAAA0YptIaQD2YxUAAAAJAAAALQAcADFjMmQxODRjOTcyNDc2Y2Q5MjEwMWNmNzY0NGExMjM3LmZpbGVuYW1lLnR4dFVUCQAD460gV+OtIFd1eAsAAQQhAAAABCEAAACzmU9EcCb0Iqu3i+jamTGPWUAL/T9QSwcIaQD2YxUAAAAJAAAAUEsBAh4DFAAJAAgANGKbSKb3aP55BQAA7gwAACAAGAAAAAAAAQAAAKSBAAAAADFjMmQxODRjOTcyNDc2Y2Q5MjEwMWNmNzY0NGExMjM3VVQFAAPjrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAANGKbSGkA9mMVAAAACQAAAC0AGAAAAAAAAQAAAKSB4wUAADFjMmQxODRjOTcyNDc2Y2Q5MjEwMWNmNzY0NGExMjM3LmZpbGVuYW1lLnR4dFVUBQAD460gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABvBgAAAAA=' AND file:name = 'ad3a24.js' AND file:hashes.MD5 = '1c2d184c972476cd92101cf7644a1237' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade4-849c-4b6e-8c04-452b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:40.000Z",
"modified": "2016-04-27T12:17:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'ad3a24.js' AND file:hashes.SHA1 = '10b9db15dfe6d2c427b471c482b6cff7b3332f3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade4-046c-477e-8690-4705950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:40.000Z",
"modified": "2016-04-27T12:17:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'ad3a24.js' AND file:hashes.SHA256 = 'dad9429bc12889d75c39e896eb343596b8ca8e657823927c20adf5e8f7248ccd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade5-d2dc-4735-9fb8-4d9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:41.000Z",
"modified": "2016-04-27T12:17:41.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADVim0jk0QCNdgUAAPEMAAAgABwAMGM4ZWQyNGMwOGRjMjQ4ZGU3ZGZlYzY2NGNmOGExYjlVVAkAA+WtIFflrSBXdXgLAAEEIQAAAAQhAAAArdCd50oGe5ldNnRlRZnNK/qoYILb/DoTD9Umnwucz1NRydCQ1FtAe2oe9ZXGUkIit7wPdjEN8/SbNyscC/gwQvFEV8g5DMfO+BGGlE0LGxqrhhpTQ+2LeBnvI7PFM85UfizcKz1aKHm6jBvO2hsGmZYYPKwq7+HT1+aPctKkW2FJRyjYJ4oKy6dPkoQdi/twS9wopIBT/VtHeaikMVwGNF+1w0/RR/3dVpBSGJxu8KHzr7SNJqfT8q51mZq9Nux3sXeunUTi/nV6J2D0KsxvwCs9EFdsdJnadKLeXzqiD42Ha1hflqvYnl+aabljNOVGJNIL5HTkxlT9sIUdREdt7E5dRgk2xUh70aQwfr2GNiXtug9SSjmK9ju6TPa3ATaI5jFzBdedYPirqh3vHGc1vV1pkn6qcsMIim3yJg1oRupnQzdHvz/vtSL1lopOOK/FrqHQAPeqeHTjkz0STW11ukqgqXVZHi7XUQDxikeQFoIR+EojeoZQSKbSil3VU1gf9UltaypulC2N9EmhwAk0wRm/vUxNNfv7QGUs0JbJkXwkQUSSsORWFvCrs60UdmOdUJ1PhD4bH71pcbV7H57fDEAtfzXdOxaLEsd+SVSDvcvyUdrdNFypcjxS0l0yBUGrYCBSiel7ofBX0Jwbz86xwAVZ0GufJ7KwVGpM+TeqFYPXEybXNqly8uOFPqGuVQXSGaHIoUTrXBHRbqKHWPyjzMAHVJB3/rNXiKuU5u48I3Uj8tGjDwydbDvSXl86tSZq1VDfe6JCw0k32XiCwTeFmDccb41GB+fpOidUBipSVIHT10vbJFYu2zfK0+s34TW0NwfKOVRPEK7ubeH+mQU2YfM9Ac6BQujEXqNTIOKrTEgQVjysE97xUo/+/SHiCTYRmx4/fsDhkQJ9Do7+uIjC2LJjRwTwwJc12rOtp6AyVBDpyltEZZR6f9JLmbsyYNxDUcuIbDhmM+Fa87Jb2Dn41BknAHnYeL1ttyhqeXWvmZ9uyjV/VvbLkmmbIfQv2lv6IFtar2frBgDftYRe1GuUGXyS9j2kMtsaYNsSCTrUZ6jiqYUJ751tDO6Cal1KMGLsCdW+tZoFkQ9Hzki/wxHyjxORfG3KCVs3xtAXub+qTKKAs+cLtAQPpmVI5uCxzzsiSGdbEFHeZDsezg/84Ycg3LFLRelrnfscuOHyAlrPHUoMz9ifhZojtdZZT7AyqkOb1rg/KGVc+q6hulk4LZgIhHfvSt4zaJPikPOZqNbfEmZJ174ZeubvIMCoT3VAKhdr+3dpJQz2UTaaoki4sub01ku7ZQipsb1YfegapbXt9fDm0QDlcpCy4X/OjfHb865T8XMDU4lYj2cL8BzYOxyD6qFCGDTaMl0GtDQTvT1JJXrHOc5d/Kp4ciMmCosHsmL87MXePvSpvIuPi8/+gjZ9jFqVdghpDt85lvkfx32PqxungcRwbOJs9WHMVd4PwiAGc0UF0atZbc1ouEmJaORwZaFeLyQORKXpU9VrL+vdMU1qFyuGmTKGc5lMUuWq3DkRFSlkXAVE8mqAOWyg+kVmGqD3hIaSf0mq+NRbiVKDZWar9Yz+T9nlPXTXKRug2F5Cekp7SUVU4b6sHnirNR3jkXsKgWO+jql4fC0WQ5a0ZiziT88LAhnPoXH19y7Y/ov5wtNJjZOYYbZRn8AeDqXcDeCz+nBTcoheDnbBRKj5ckTnrVCZjGDfShmRAiItgcXnEkCM71Oyw1JRmFLRxFH+C9a2FRFEPYG60zJqyf1Mr/v85kN3tkW+IatGRcKnTEMD6EggnXUcs3hnZCj4kOzK08EBAt1AUUA+2vIBY3yehghUMk2O6NY9aJ3azQ6xTd9uzQ8kdiXpUEsHCOTRAI12BQAA8QwAAFBLAwQKAAkAAAA1YptI9CoqBBcAAAALAAAALQAcADBjOGVkMjRjMDhkYzI0OGRlN2RmZWM2NjRjZjhhMWI5LmZpbGVuYW1lLnR4dFVUCQAD5a0gV+WtIFd1eAsAAQQhAAAABCEAAACpOmMLiJUx2VHK4Yzq7jeo9+pSxCp3ZFBLBwj0KioEFwAAAAsAAABQSwECHgMUAAkACAA1YptI5NEAjXYFAADxDAAAIAAYAAAAAAABAAAApIEAAAAAMGM4ZWQyNGMwOGRjMjQ4ZGU3ZGZlYzY2NGNmOGExYjlVVAUAA+WtIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAA1YptI9CoqBBcAAAALAAAALQAYAAAAAAABAAAApIHgBQAAMGM4ZWQyNGMwOGRjMjQ4ZGU3ZGZlYzY2NGNmOGExYjkuZmlsZW5hbWUudHh0VVQFAAPlrSBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG4GAAAAAA==' AND file:name = 'ae6eb392.js' AND file:hashes.MD5 = '0c8ed24c08dc248de7dfec664cf8a1b9' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade6-8fb4-47fe-bc23-4dcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:42.000Z",
"modified": "2016-04-27T12:17:42.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'ae6eb392.js' AND file:hashes.SHA1 = '50e24f3bab64cc31a9fddd8a9ea01478c95dce4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade7-1aa0-4a68-8f4a-4d6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:43.000Z",
"modified": "2016-04-27T12:17:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'ae6eb392.js' AND file:hashes.SHA256 = 'bc09f01042091a147d5b08b83d00534f66d20a32924ce7efcc58687d9bd53da2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade8-df34-4695-9077-4bcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:44.000Z",
"modified": "2016-04-27T12:17:44.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADZim0geTZsudwUAAOcMAAAgABwAZDNjNWVhOGZmOGNjMjExZWRkZWMyMDc3MWZhYTFjZWNVVAkAA+itIFforSBXdXgLAAEEIQAAAAQhAAAAoc47mXXNwi3GTI68jgVsGcT0LpQP6KLTRIhKqSUFOGR0bPeuHmnagnim8q/H0rEwvodD89Pk/7ZbrkXe4SXlu3lLvSuYoVMn7yvMk0obCwbnY9db7cIo9sTIuIlXWUN6MJIANdjRGGWEauLFXuWoQZoDRfpZ17PaCmmZC4Ub3z8SG9dwUQCHuqIuqZPmpq9GKuuM1mAImHinLobXrcGjEk0ldD9P1CMOWx3CFeiKvZfQweDRzsyQWdoiVTiujA6hVPfiOJ+mGXfhgsoX9s3Vh0gob/xOGbIdLTS51hAR+BxJBRe90bEgSZ9k9Iycz8MQv6OAtaoHPfdu+/E+6EQnMYnII1qQJescqMF3RHSmpwmVSwLX9DJS31aWgcWZLfqlAdJSqf6gS2eIyZ6M11cvvaFzwTy9S28hvkgJOh/MHaSUA6WcDmMs9xKbGiln+D1pO6epRn+syePN01CjKLrrzecu4R4kgo4i7uqCEqwIfUCBOE9F5DcAN7ZHvu9Tl7Oath/BotJPb5IVkd/stOb0topq1wXGSkrYIbTiXvq0kQq0dqTxb6yl/wcsi65gubSG2F8l2GR+WPtkIPwQiRy2OVMPzN/l8+FIGsTP5IakniXepCyy/p3zQsKhkWPdAEHCFQauuXJZ6+JxBprWVlWBQPXMuGYLV9gs0L8XaLLSs7lHB0sf2acHkg9gXv/yi7UWZ3pZmuiB7xvn9c91EM6gmfksCH+Pe8kh1g4vBEcT+yejz+rRiiX8LHZaxFzbMc/rt0PGJIIbTYoOc+WoKyKxNgiNVI2rnM6+bDY5vapBUnt21L2sGu90joOpdIZOO5buUBjpbxSEOD1elSEx4S8P3jzmh444ZMwPFhgB+osatOiPZko9E3+wOZwhIWAbdLMCd6L/ei87QbI3eIFJRiySuU5uX7KLLKXshh+SPI3TNXf33Gne18/szNBG4U/2wVpumx+OHZz2XqnrhHdd1uTvzjWwrVCUrjmSi8GLowpRMPhJlUbCu4rpK79zLdOdKNIu3nUw/mxy9Rzc9VOe1EPr+vHqWQtlrm2LOzCM83aB7YpF5HNwbKzPM9XB/EYgU7OQ+rusfZ6k7kg1V25v9q0LBhhUhRiEbIZavoftG97Wg+lfE3ZJ/EvbRK4QhnfStxq6Q7cNpH1P8zYH+gcOFdWE+ct+V1H+fMWlT5oZCT8P0Bx2V6ZTICza1KqXBUzxmXgxbRSwymH/7e1WZRdbKo5Gz7lH2nsTs0m4OIyLYZFz8slsoc9fLaIk/VDKpBO0PfY1PhaeUgjhPyoXb/J9WAigsQuI+UB/iXhq97AYOS6uF8UrQ4lnSVAKaOv1oSWmPyiPUUH+wtDLO6NDqArqqf3IBwcRqVMrqdtQmdKjiA3uVi1KCwpo4A5qDcIfNfjtYuRkiE14L7+ZFml9NeM17yl7rVa38tOKfhS28V/WliDfJkJf5RbxbITLmj/veUU27OcaqfpDo7J8gqfcBHgpZ/pCl/QM2Kl9RQvjwz5R3p2+DXp1sd1onqMyS4Uj08wMnjFyE3o1AZb1bbFXd3rW+gOJ7KzbPCzBVkiza/J5BkI9Jte9O1P0VO43CAZejUqDiF5AQXBGDTAeUh3nzEE3dxSnqZm+NrPzQcxFJAZ7JRHTKTqDBm+p5mSGpO4foSFic0qhQj9x8Y0LhILGm72ntvs/3NgCdtXSK8c86Usv1+SW0kGKurRZYWfNP9d2ICX95uYm46yAE5aTxcjAeEdAcOXU6oPBaoL4OnXOv6E+O3ZZRf+Hv/cocmZxYT7lACxczKlKt/utkqxSNB0M0xBzp4oPSdAIgB4J8Amp1yglnSmXkd5MLW6fFuIrADXPELeYNjS36J4RSpYUYFBLBwgeTZsudwUAAOcMAABQSwMECgAJAAAANmKbSEJB8rUUAAAACAAAAC0AHABkM2M1ZWE4ZmY4Y2MyMTFlZGRlYzIwNzcxZmFhMWNlYy5maWxlbmFtZS50eHRVVAkAA+itIFforSBXdXgLAAEEIQAAAAQhAAAAgQJ+SIj2mXWQD8lh04Ifii2hAX9QSwcIQkHytRQAAAAIAAAAUEsBAh4DFAAJAAgANmKbSB5Nmy53BQAA5wwAACAAGAAAAAAAAQAAAKSBAAAAAGQzYzVlYThmZjhjYzIxMWVkZGVjMjA3NzFmYWExY2VjVVQFAAPorSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAANmKbSEJB8rUUAAAACAAAAC0AGAAAAAAAAQAAAKSB4QUAAGQzYzVlYThmZjhjYzIxMWVkZGVjMjA3NzFmYWExY2VjLmZpbGVuYW1lLnR4dFVUBQAD6K0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = 'af18f.js' AND file:hashes.MD5 = 'd3c5ea8ff8cc211eddec20771faa1cec' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade8-7a38-472e-88fd-46e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:44.000Z",
"modified": "2016-04-27T12:17:44.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'af18f.js' AND file:hashes.SHA1 = 'aad42ca6a77f11a5ef6caf95ee61bec09b5b4f30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ade9-f5cc-49ee-8d8f-4e88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:45.000Z",
"modified": "2016-04-27T12:17:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'af18f.js' AND file:hashes.SHA256 = 'e57393d6ef4c9504099c3a2ece4b7520637e4932a8cf3c70f2b51ef1c5ac2bbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adea-180c-4ab6-8e12-4a03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:46.000Z",
"modified": "2016-04-27T12:17:46.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADdim0gyx3NUeQUAAPMMAAAgABwAYmUxYzYzZjI3OTcwZWIzNWZhOTMxNzFjNzYwYWU2NmNVVAkAA+qtIFfqrSBXdXgLAAEEIQAAAAQhAAAAoc47mXXNwi3GTI9coU8sSe2YaCH22xQ65QIOVdKqjT6qWej+SNnEwbLzK1Na3stB5DO6QNJ6PWIguXgJOtdO7S8JgIxJYB5FVxq01BDpuDXbA9thWlxvt87ngygGdvO1WoeaGS4/uQ6y1d2cJShFUVSs/GrnP8jSuqS2rdoEW8gz57fog23gsxERxbLMjscBdnRBkVTHAtF8mEz5pQFDzJ90JmzZ6uz7uJdVf0JDeo7pOtqSrqYKIsJmdxeMs7arb8LXKUPeHJz19PvTrGwzu3ev19f91X3/ITfcW0iQbyGxWQF/ckWKllEy5ShMgyMCuxVwKgQp5PaKNzI+iqjiIQ7j7pPHLqSS7ktxuxd26tMH9M7iNxlSLRwi6XcMztAl5GgPf8dO5zpjHCxTT9J+y7LthM1OPwVYzz8odUTzq3ay4tKHRfA53kYxW+Z/bMQB5ibbxpx1AuTYUFVxWzsO/6cY74P9hqdOH1BqQuM/t4UTw6S0Ei7h0oTXw+cbK7V9dTrWDUYWZdTSOTgsE/wXNXWSfBKumkY+wC3h7OUzr+IwQMy3OeeQ7F6BxxMO+mtdwNUe/6P4Il4HqKDXYGxVxSkBe0ilAzJa/nUAF/2xvs9FprI1SaTBaPm40DSDCF8pzEVbK6mfoTOylfDeQG9XOzQ9tyq1IBHMb7x2syQ4OpQwq7p0SDJurOXuu0ECMqoI+mFwoYQZpK2FJSfz26Ld+/ftXUhRY7bX4KkeDfZtReuxRBTDQfwX9su6BvQh7OYiP1QRK5JRLbZR27aDfwkwcFpPBiTXLQ/huxHLUZuiaYbGmd4p8T4pyytyGQ7BG4zG/oMSow1TA6dvCf/1bXZb5w+r1YgCA82ndLthdD80Oyp7JbpFMedcUOJiKwooPCNWEOq3AwPXZkZ8jp8+4iEJ7QCYp7PzWvufg2tCls6hwUCePVzMgh33QrqddFglfqV3jYTM+We42T7DZgjmBkblrizmwhMQkTIaBsKIFXIWIHiqhtb7MkL7v1YxaTHFjmmOiJASXIacSmBeKNqrdrXPES6UqzSnL5uqoDp/VSXfZ4jsvaJJdVkpmuFahF9u0iED2q3A2t9r2OdCJmybW3zW9kOafeF5eqffQ/428fZUoFW0XYQ9ysKxPOZqJUnJsfy/ATQe54ZnhBAYcfx7+u8ursUsPl/Ag+v6G3FaXvylng1oBGIEFhe/rnvOookjDOcO2dhTl82Vnq5hmWzXM62eD3yad5HgAfiF0QsvnSxscoAN0ORpXe6DdR1YmuoOIC1ae92umZ2SJl1JMWNW7m8dlK873BVkOdEtFUAoYN6+ufvf8WCfOfoxDZQbampzIIUW/337YWhrOJiroI/gX4Ie5gR+dxq8sx9/Il5puPtbDJqS17Vv9LFAEsLE76OzZZGYBF6QS0IG1D4ZoEpfVfCNhV8Mw6xnX/mg9YByad9y04vCx5Pn4G8cfGEvBcJYd4BnJnNdl23lPIduxM0pzWm3caRiITP4dRWKx7pON/RNpeWKHC/8QWCywN2KpppQVkD6/7ts4epN4fYGtWICCSiePcYDo+AtBOjj7a/6GP5jbRjJCEuud1YUJJUdjSMzeaGHyEC9YV3VF3zOy8Yhs61nFW+l67yc+U63R+QeDmLIu0ytiTjPYYC5jjKycoguVPms/Mpl7EfkNwGvaNR+cvy9RcZWAeQ89ZZQSBJKK911vBZ+Ty5bjAIul3/1QE9g6J0D+TttRZeUcS9FZNA4kXwcbR801Nh8RjwjKy5HCWO8qSAuysE8hwGqDpa8rXJPkQsJSDtMQr7pQnEyXy/Dkkh0DxZvPJh+PWbD06CoGadvSW4zX/jfe8D5uDlp6aaVSXMtae69rZ1ADfF7UEsHCDLHc1R5BQAA8wwAAFBLAwQKAAkAAAA3YptISq5NxBYAAAAKAAAALQAcAGJlMWM2M2YyNzk3MGViMzVmYTkzMTcxYzc2MGFlNjZjLmZpbGVuYW1lLnR4dFVUCQAD6q0gV+qtIFd1eAsAAQQhAAAABCEAAACBAn5IiPaZdZAPyFpGNQvVproY52MHUEsHCEquTcQWAAAACgAAAFBLAQIeAxQACQAIADdim0gyx3NUeQUAAPMMAAAgABgAAAAAAAEAAACkgQAAAABiZTFjNjNmMjc5NzBlYjM1ZmE5MzE3MWM3NjBhZTY2Y1VUBQAD6q0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAADdim0hKrk3EFgAAAAoAAAAtABgAAAAAAAEAAACkgeMFAABiZTFjNjNmMjc5NzBlYjM1ZmE5MzE3MWM3NjBhZTY2Yy5maWxlbmFtZS50eHRVVAUAA+qtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = 'b1e8ef3.js' AND file:hashes.MD5 = 'be1c63f27970eb35fa93171c760ae66c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adeb-8754-45d9-8c8b-4a4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:47.000Z",
"modified": "2016-04-27T12:17:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b1e8ef3.js' AND file:hashes.SHA1 = '530c0de5b709a031ccb4f4124a6859c094754328']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adeb-db40-4cc7-8ce7-4a4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:47.000Z",
"modified": "2016-04-27T12:17:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b1e8ef3.js' AND file:hashes.SHA256 = 'c3cc9a9205788d634f0c1df7f77c3bbaa8ae8cd08a4b316227f3dd0fa5664513']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adec-f4a4-44de-b8e1-47a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:48.000Z",
"modified": "2016-04-27T12:17:48.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADhim0jaKh6ucQUAAOcMAAAgABwAMTI4YjE4NmU2MDUwMzJjNmI3NDIxNDZmMTVhNTE2ODNVVAkAA+ytIFfsrSBXdXgLAAEEIQAAAAQhAAAAoc47mXXNwi3GTICHZmUSEjBhu326W1lhOeSZpB8IrvaPRNR76JAJoQxxS4FC88XmWU6zK5Lsvl6864ZoZ6/NNWQEFRDQf5vaJaycjWBkMaGMmptJ8dNiLdvxqZllPIVrIJeCRfySjqfe3RRHtg92ESzfSg8Prd0DnK/pZMnJs4lBBy8obbHpuC6f53uJNgRbJxO7CyPY9z+BWlVKOdfIPBXtjsOTSZkhqMt5HN88F7glRCaqayBKAg8KvcoEWq5jyYg3NfqM5sCXLLiRwF+ZVspMfzmHMyCh7PgkSdzW4n71rsOrinAf3v32oWOWDWCcn7CUEOOvZ7KWZlimzpyunTeTM0e7J23UR+6G/srGYc1WdBrjcvUiaYaA7JaYAPmQMk7fcRuTC+iTxtphWUGJ3217hjXRb56cNA5zipeWPxjf+lwhNXXmLdGsJRAks+xfqkitSabxFgPsOOCHVrlaz38JttaEmfDAImBH33cRRhgyhxovW/5pHbEVc835zqr6iSYzruekuxD/zD5e9/PQNEU6MAO9yUKuBpw6omD1ADJiyOEW5F40gKHSCDHb5XREun9VUMpkMvYWOr9sItoGOY8rpalQtjX8C0xRHWRnDVgl7pvvvRXo79iB9ur60fykSOf0ixGXIJ/bmYJM0EUxHAxHqLSM7WRPdp/wkR/M9YzuconUieJ3R6d9fKPvY3FCX2xP/703ueGAbnPf0unEi0ATzbnRJeEU1A54XbqC7iumi1hh4CrdoO0e8yh3r2h/ZG/MqcwXwssEdEOVcqjpbg9rYGghahDWbdl9ts277O5gECTO8jHoJ4bWQvVQ1o3u64OuvKxbrnPTKc/8A4ehTY3q0/srbb9ryoDbSrK1cxHiuhGU7ujl5E7vlRRctnbAdOlrfQ0Py1QISxb7lOCZfWCFEdgfNRofrldWc+2EkY+Njx5y3BEWp+TLU9DdbsFoDSCmbnjZ7yo6JiZXBf9mEAgLFHWoaForNOGRlrs6idcoXvP8QbBMx/lkoKY3w94BcG1brb82ZQPYWQ8CXKPtjXmzXZYwAIOZ8ckG8VpNs76z7xwD+9IIZhcaie4X+fV6Jm8XazNRzWwPAB+sc1EiJPUQLHL7CIP053Hgpa0EETlNQdAtc8+LSLfxDGSmHYYZFcS/QhloeJyl4Pa3FB6yNkwnmki58LtatUhhDBLL98da8Peu2/qXZbXlfzghdEwbyuRKnX1ZyTLEvqjGudACxSrTsw3ctdGqP3Zw5yBPXXvWJRRyIBC14hiLTDsEyEqSoyfOWFhlU5QuFaKMOnhgbuYqVoTUaThSPxE9N44GQgs824A3eRlNnIBUa/QJMB3GBzoDcoDzv12ExqTCDKtk7WnBOK6ebEjSV+afn/A5q+Zr8VGrr7qeQCLBtfIot0U3nBJoD+XPgq8zDb5DC2nv3fhyZtbVIKsFtTaxSTf3pkL+qFB/HLTs/yr7Wm9d9vz4fkcQr5Z6nEdf4kiBc7s7gksG5QKLGTNRsy1QX9pGAveqlzTHQJ+3X6Oua1ckQKBX/2rAdv36UvWUitqp1K4wsy9GIU8WUl2XZSLQjca9Hri+inlHs9ttirKtjqqV1Z4MvC0vAISDA3oI2QZ9RtM/RQcxHqp0CZcYN1npr/XHwegOE5Kz8jj0Amt+0pYaG6mAoXnFn0cAz9VpnWUYZ4DANWczJRc/IJxKfhnyNzpitDqd6pcWHaHpaZX/BMHODB3OGR8F2vGH7YzaMvN601/jzX35yHS4UOlihiFdjuAF3Qw4brAp26zxWdqcdv6iVR19BvuIQ6ss1cTqsJpNsMzoVDJrsw+Ot9wAGS+KAmU/2hNoCDXvoHGOj93NdTzaEEkxCVBLBwjaKh6ucQUAAOcMAABQSwMECgAJAAAAOGKbSLbZcocXAAAACwAAAC0AHAAxMjhiMTg2ZTYwNTAzMmM2Yjc0MjE0NmYxNWE1MTY4My5maWxlbmFtZS50eHRVVAkAA+ytIFfsrSBXdXgLAAEEIQAAAAQhAAAAgQJ+SIj2mXWQD8f38+gUqhHJ+uH4crZQSwcIttlyhxcAAAALAAAAUEsBAh4DFAAJAAgAOGKbSNoqHq5xBQAA5wwAACAAGAAAAAAAAQAAAKSBAAAAADEyOGIxODZlNjA1MDMyYzZiNzQyMTQ2ZjE1YTUxNjgzVVQFAAPsrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAOGKbSLbZcocXAAAACwAAAC0AGAAAAAAAAQAAAKSB2wUAADEyOGIxODZlNjA1MDMyYzZiNzQyMTQ2ZjE1YTUxNjgzLmZpbGVuYW1lLnR4dFVUBQAD7K0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = 'b3fd234b.js' AND file:hashes.MD5 = '128b186e605032c6b742146f15a51683' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720aded-f08c-43c7-9c70-4387950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:49.000Z",
"modified": "2016-04-27T12:17:49.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b3fd234b.js' AND file:hashes.SHA1 = '173222e2e71d805a197ec65854344a707e476f2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adee-0858-4185-b048-4b8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:50.000Z",
"modified": "2016-04-27T12:17:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b3fd234b.js' AND file:hashes.SHA256 = 'f9c5be688ce00bd38e9224d079b30b9262354db1afff0575e2b69d4eba531916']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adef-3d00-43b0-9b16-47a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:51.000Z",
"modified": "2016-04-27T12:17:51.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADpim0i2+ZaocQUAAOoMAAAgABwANGFjMmM0NzIxODUwZDNjMzZjZDZhY2IwYjc4ZDQxMjZVVAkAA++tIFfvrSBXdXgLAAEEIQAAAAQhAAAAdzYt6TytZw6tZHmbVzLRw3rS6QXbFQdaBXw8WFrxH5W5wFomN9mgXCTsZSXRJYS1b1SsjnqHd1szzkKUifHWZ1enrBXF7H7i4RzPa04rwnPm32Odq47JhVrnLu0FIdx61DNp8cd8NQZ5kM5yJNadN9HHmke+i9MRHfkxxLO+KjStbfhbryJlqhJByKP/QmofV1YF7URrjJcduS3z9uGxKhxEWkzlYPTtGrhLhsby/2h9I5MUJNZ9fWqODUPkiyDWC9FIm3Lwf4GtA1pHshR5gAFzTKuWcWyg1e3D9JiQ7YNtFCfhl5TC51P0uQg5WTOYgnZaqbqqonhqqxrfL2/Iuiui6svEDIW+Rpo/sKTQDGXAnAZuQymX7ZMy/M64boxa5kuqPLTGBRA2mNK6kTSD+/syxxgpNUza30s7GlzVC7jDEFp3MTvpblGuTZSPsd1pqMJ48Cd6Wt8CBVz1gjRVc+eLa+5QWjY/iyquUEaKunXHZXdyZRGtSqlZqXdYVe3tPfx7JDQjbehTSNsyZ98mH3J1I/GWKglP59XjHQXHyuSndreSkE7kCl73Ykyxc7nrpGonK+ETix9FfE3WLw+Kg49WBJLlTrnGUC8aGTm336Z4LFCmDHBbFPhGPKZBpmuf9HyKJyAgm6eDO+QSOPHUoBG+vFvqnoxPZyoa3sDSYkbZQiz+6k62ZjtV77IbmTZD6R0kGqUIiXZOd8C+uMrY4QIsvrT+dX4FkjCNtaCz6V/Fza58mZ81m1+da4WENkLNRW/iEx+7Z6N0GW1qHH81f1JXb3CUklNue5frYo5y4az5ZzCHN0pc/X7g6HP43WPIsmyPtI+tAYiPJ4s/H53vJpy8EGVMX6LF3o685wLPaji7SNFRBPIeYuT/Pb/ngSsfuiZ3PploFrBOCJRhLfkTHL/qqMxM+oHDUbBeU+wkeYP4/4qIgUBUsQUpt59i6my0h8dLSGsfuOgS719aY7OVRp6VAGjeOXyEMaEC/jb8joyA8DpENR0iGF3S13LyrvuYpT5Wtx8bVBd5HA0iExjOCyFviWR94rD+o9zcHfd5vaw8Omzxxo0xodb9RyKM5qP2PxN671ACSxa2bEFtL2u/4Z8Z6ZKYaqpYesdSSgcehJAvaTOfT3jqsVloJZhd0pCYuM8vfPYQxmIb2cqcNuQlBEXLNi+GNQnmIhssCNLbn62m/Y2JV1ClhS/yxW7fc9VskEZGuaxKQgQuuqpn3cnk0PkPym9XKi2t8UA5QIn9fDlKjqN7jahCSBAgPvytbaFblHWHMYnC0mxm463PjNjoiroGQTNmv0eAlgmy6TD8UwTM3fPaRIq9v7ux1NjXX00N1WQ5BY+u7FwWGTv6ACodx5M2UfL0LVM8IgS43DfRO6BG2Jh2uyg2Wekaupud42rAXbyE4IjcSdeDc++nJQyZJAVYbJUC/yOqPNnGRrsfoYNxNE59Z9Neaet9R2rGNSwgXB7tg6MUHSCoUrDzrZYp0THSgm1pdeTTFhyz+okyLzMMeUxb9Cpo2EV25mF0hL+mefNEaNEGrV9qLgCRuSN0SfJPgfx262OBANaqsOyt4TxpIcaCS1pRheFkMKTjDv3ebZQAKvZCFZp/spOBVUz8dPCIONY5YhTK0qCst+p5KGJM5VcmjRRpkXQU03iyh8U4VsGlWR0JZTSgZKq/x5qMpxJe+x55PR2rRAVg3evvyyJrneKBGhUTZEy9t1cebj/lHqQLW8CwJI/dfaJN+xQQ+ZC90YhGj5kA0vIFYi49cFG71U7glJKgiaybj6kjGjXNIgEWC6TfAo+XtVCiq7vaOI0FQHw1IDxlyTxlW2dcb9fIdFEvL5htgFYmWr2g59ZtWFBLBwi2+ZaocQUAAOoMAABQSwMECgAJAAAAOmKbSDIBzLYUAAAACAAAAC0AHAA0YWMyYzQ3MjE4NTBkM2MzNmNkNmFjYjBiNzhkNDEyNi5maWxlbmFtZS50eHRVVAkAA++tIFfvrSBXdXgLAAEEIQAAAAQhAAAAlZMAhEdgrD4FGmfIRlXCj5L8+MdQSwcIMgHMthQAAAAIAAAAUEsBAh4DFAAJAAgAOmKbSLb5lqhxBQAA6gwAACAAGAAAAAAAAQAAAKSBAAAAADRhYzJjNDcyMTg1MGQzYzM2Y2Q2YWNiMGI3OGQ0MTI2VVQFAAPvrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAOmKbSDIBzLYUAAAACAAAAC0AGAAAAAAAAQAAAKSB2wUAADRhYzJjNDcyMTg1MGQzYzM2Y2Q2YWNiMGI3OGQ0MTI2LmZpbGVuYW1lLnR4dFVUBQAD760gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABmBgAAAAA=' AND file:name = 'b9bee.js' AND file:hashes.MD5 = '4ac2c4721850d3c36cd6acb0b78d4126' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adef-d85c-4a18-935d-4be5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:51.000Z",
"modified": "2016-04-27T12:17:51.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b9bee.js' AND file:hashes.SHA1 = 'f1e28003e13d4c45bfd2c1d1cb8eeec7295fdff5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf0-63a4-4f4b-9403-429d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:52.000Z",
"modified": "2016-04-27T12:17:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b9bee.js' AND file:hashes.SHA256 = 'cf3e6b59d23663bce98990b244a1d6c0efb36fca33a4a664c86064071d03777d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf1-cea4-48f2-80af-47d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:53.000Z",
"modified": "2016-04-27T12:17:53.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADtim0ji+xhxgAUAAPcMAAAgABwAMTgzMjEyYzYzZjM0ODJhYzM2NWNkMzNmZTZlMDVhN2FVVAkAA/GtIFfxrSBXdXgLAAEEIQAAAAQhAAAATcsb0Zf4CX5s1OkOGFIvqH3o2cgyHGsxQbeFuDGfN8DIjih4kcY9c+PfeO/HuUc/HegLF2/oBPvE66wuKg5ZIbbSvFKXjNKhXSG8wYR2R1xJOjk4lnbkDpHEn+xP7Rn5gornIMXpy8NgtVoAOsKlM4CAD1kHqlF2X11WWvnNp4DR+UYKGu2PuSaMzbDdRi65nBxuMDtVi3qw7zz6y0mQf8FhGrCxOOCfVJtjYyqDuOYt6N8FA3VY6qdkhY8oeV2VUo406+59jRGODDvTbbYSAeHSviHWQdJLVhLCSTqUlxjPPFX3U0kPfh4P0JOkNtrx5EfTm+h9Ac/jmKyPUfagDqAssESplFlgI5tua++PFOMrFdY/qIXcCEau1+174CQVQ7rBMxZKu7OI6fD8sQQqudshiTolx2KLN5McCtGT4lRymdd/LyNqQrXRRblW9kdxkSnsB5fmasubZoyAWmFCXOkS0/ZyJDvaPoHyNY1Q+5c5/dOvaybJ7SB5IF1mwb0XFX9i7F5RXxrBmji/08jYfcW9qBvLd/uyW1Z/Gzi6t33xHBk2WLPSXBRIQ/nj98aaarXQCTtla68le1qELJ/lCbbu+p1uQIXyfFkrNRrrTB/2UCqyKAP8cJXi3ST34DKNIrJQxlclGGZUeHf4TBOL8AK5qKVHHIST9vGBYzvoJB1p6411n+cQs2UJyQWwY7xfv0cPWrfj8vKyJxJ+xzAc2AMIO9DCjSQNhkO1IVgJbj2wIMACuN161LcOfZmjEOosVyUSs9IKs7hQOZnCTdujIDAz8lO3EbeWxynBWkJ0qnuo3Jgrgps8Rfe08EFJzk05x7GY1yR3zI0YxNQWMc1Um2TccKP+XmcsRJJOALBcx0AACdBFoqNy3CMXFZyJ7kl8+Oz3A3Dk7cZQGnSsNKCbAhl9f4/XNs35ENdEtDCkJhLbJLD7tgswlKmVGB8O6ga3uZpew/xwuqWB6IWnfZHZS7J3775bhjkGYMWzoeFBjOGfRZ/uE1a/kUxB8rh+ux09FlJDmx8cCBmKR//1G0hOIJbzhmZiVy95MeEf0xEG4ruATqAV2/JISbUSsYOa+tvbWivh6muFeMHV32v1t738ZK0XoLDnR0VHLLXN6HhZynBsGuH9wMgnNPkNJKvMlLRfCoYIZoBa/zL04jrJXnE5e+Ch574LR7Nm7CH3SOv+QLlQiu3r/zbN9LhCldBcBz/UHd4QfsOv+tx2veI6J8/uT4+TtLPeqAg3m2LuphJVmva132L5eVLJqvT3b0u8OjrJ+tvDJGaiIGxDQmwrNU4/wSYtnba/oAnFENVynLe1hHR3b1vvszhFAusuUwh6ec5eVvt9jDDNDlHDlg/dRaEdYIFZZdO5WAqKewvy9BlmA3Ap9tD72p1obBrHzpKRCAWTMeuw51fcIc98ZExufXiDP1zD60DPjhoiEY4OdCLMtgUSBK0iIj/xjO8DCYtB6JR1UnbJOGZCL5av5pR0ycHHoJIXqosP+976GVZDRToEp5c+7vnPw/+GxKJW7/ass7vG9fNeNesO2SMa/NPYbsNgfblacB9JZnurCozuMWKG5mJOWxoWogGcib9ABLDUOYK0NT2YkT4ONaKzbBj6zkUZCdIi24jYvKbDO9/w9KkJT/zQ9YMcGY7i4GT4xQtYv2mgxv6XdLNe/ZEmxnBiK9ct/0G9B00HVQJ+KBGSbn3Orst+gxREijscTZ+TkUVIac9mqih/ggN4E4sW+7fpcIsvQpJaZtvPxkyAoaWVWaiYHT4vkRsTA32ScWGtOtO60JG7s9a6Leg6H7BSbIIOMcDxm6Pv5dou1Hwwk7+Q4m/MKDKtrPWc9M1VKJaMoMLm/afwh+3yXBJBchu1/qBnLV8KXFBLBwji+xhxgAUAAPcMAABQSwMECgAJAAAAO2KbSPHcmtUXAAAACwAAAC0AHAAxODMyMTJjNjNmMzQ4MmFjMzY1Y2QzM2ZlNmUwNWE3YS5maWxlbmFtZS50eHRVVAkAA/GtIFfxrSBXdXgLAAEEIQAAAAQhAAAAs4rf2mtvKC+i5iJJTFy6KEClLjmWaRRQSwcI8dya1RcAAAALAAAAUEsBAh4DFAAJAAgAO2KbSOL7GHGABQAA9wwAACAAGAAAAAAAAQAAAKSBAAAAADE4MzIxMmM2M2YzNDgyYWMzNjVjZDMzZmU2ZTA1YTdhVVQFAAPxrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAO2KbSPHcmtUXAAAACwAAAC0AGAAAAAAAAQAAAKSB6gUAADE4MzIxMmM2M2YzNDgyYWMzNjVjZDMzZmU2ZTA1YTdhLmZpbGVuYW1lLnR4dFVUBQAD8a0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB4BgAAAAA=' AND file:name = 'b6442c62.js' AND file:hashes.MD5 = '183212c63f3482ac365cd33fe6e05a7a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf2-77bc-4f0b-b19c-4cc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:54.000Z",
"modified": "2016-04-27T12:17:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b6442c62.js' AND file:hashes.SHA1 = '7f4645bb3dbd3b248b8673490b2d117e36edc28d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf2-3568-4f50-8061-4a2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:54.000Z",
"modified": "2016-04-27T12:17:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b6442c62.js' AND file:hashes.SHA256 = '2de67b43a45b0bd4db35a1b04917b336373d962688f85a5e69883cc40d4db394']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf3-a978-4e5a-8fb2-4b2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:55.000Z",
"modified": "2016-04-27T12:17:55.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADxim0ggm3r4dwUAAO4MAAAgABwANzQ3OWIwOGUzM2M5MjlkMTFlMzM4MGNmZTRmMTU5MTNVVAkAA/OtIFfzrSBXdXgLAAEEIQAAAAQhAAAATcsb0Zf4CX5s1O7GLcxeYRSx19ZdiQTJuSm5gB97FhSCFWeWNENccNsizmyJ/o4OznEwfJ3QaRGNLv6NKBZ1acSZLwSdhrVWdVR7YWlOB4iRKjjUO0SpM7I2pRrBDsd3+FfafH97lUUo1t2PXeMaPM4XVO1+wgL5h4onxJzVAOVwnz+9nosUERVEHn8ioKlMiyFAyM7N9eYUFrqJNZekGCdBPzvRMFVeLsRBkQu7k4VVZB4s7DnQZsZM9wdRUMuv5llMZG/C36uKcJWWnVdcrGfnnZQR43EHlhxPvytg840K4X4+VEnnXOguhKMDgfSbCOfDsoMq8c1cajRYe3h0pSq57lb5XUX0xG+l0jkcScYButd996Nbvpm3qtX4VmhzkrpQtdrZA5I0Q+MaIEyNUzYC3Q9g1jZpiAaKoEYXRrHAtgS1Ytxe3MTeQdAiN83hPZnpAwuP22QKv2phMsNDm9awRM8XTTsjAEFEkb88PqYQZ+Dy7iRQIk7bwsckfGSGMTxhxnCCRYyzIhRHXOGJFGiwnCnJ0u0C5F3Wwk5cqem8hLmC2+OOC7mcLaIazmV7dEsGolrdEreEvhunE6F+8XABYCltmDc16J6uhPUV/0QKvWnUF0ogo6pHENVKRbOXCAkbZPQJReyxLFRAZvUOGeDEQe0zZW9bIASHLAoEvdwnJ4YkJXCcOtbB2nt6CUTjL3YpQc8sI2QoQBKk+1ct8WqwVG0hJcKp75JiU+PNsOZQzF/6O0Q2LP+lElkDtNqcX+HPzX6beOBlrFQM/AzZxVl6w4rW+4d8jC7HX7qgdLzzyOqHhwS4FO5VqCaltlcI0n/bWGHfRDsYddzmo9JO9lJQsD4DleUgAOu1ato91vb3xGOTIlpquiPiK2xx9uZAEufp0Vek9TTH+9ymIJ7kejM8mpwqJ5PRjdtFHylt2LYiZqSS0FLxZ97lR4cyV3GRokU+nE2sa2efNYHF/Bt5GLm3N2VdgBemqovQ3aP0S4VJxvDBUbXxnN5UEPAe05sUudU63vINNM0He2+fQAn8j5G26WInYuVsCOLTv5RvuPd4vA4/e+/fM09l3NNjQvgvKBXRDpYNuS53NuerLR6/cwuG59ykMd4q0uP/qBxzuP8e2BusvELcNFjtRaEpiBu8Va8OiruBtXQ9EYvZ0WMi4uTaOX61oCeG9av5FJthdAPRFYfNS0us+1pdNGmRRIBNp3t6EIfpfAv3ePd7r0RDXzbyh7YEiT1wLzpbkdHul4cdz3FRFESXJd7Zbffg0SMN3iyj1szWnXc+x8eMbzN0C2XaJdW5dzXif1VzZuJvPUGjqukHoFtvW+6ltRoWgGCEZRLB3S5Uo0KOpSfBse28XIligNDe6I8gYxfLBxGzWPkqy9D2s2iWU7Pk/QC2nyBaS2quJmxJ9TBloelfZj2HoiLbmr1qvcCUC1auo2bRaUyuqzNXOmHi/H/riwKP+mwreBa7Xq8Dwn/LLhI2EBMuvL9Y3kSqS1K2PSW/kS3TD/j1fU398fR7REiR2pAUJlOA+RIGT1m3mjhXkvYulxrS3y+KsASc302j1MNHLWkVJLhvkZ6IDk1rqj3txnunNy7OjrKPl53/cgQbjTSBupAmF9M3rIEKosLIeogKrB5DHlYz1B1zVdO5/R5cCOSAIgkFtutJO+UWvVRwjxIK4deLfSUGQhVrUeSfZbtEEJJ1QKgZf/KIu3nXt4dVr1ohYU34Opfbmskm4cmGF9OllBrh+323TzQ/hRICCw0gsH2+pO5uZAZGtH38U7idfoRWevBmGrExN/LVmM81nBuB7418cTpB5aZJtoV1Vj1CZDOx3rESFwuFGqkAmuhe3KTZcp0BKLLWCflcYlBLBwggm3r4dwUAAO4MAABQSwMECgAJAAAAPGKbSJyJ/ZMUAAAACAAAAC0AHAA3NDc5YjA4ZTMzYzkyOWQxMWUzMzgwY2ZlNGYxNTkxMy5maWxlbmFtZS50eHRVVAkAA/OtIFfzrSBXdXgLAAEEIQAAAAQhAAAAs4rf2mtvKC+i5iXXBIc3LaT9YwdQSwcInIn9kxQAAAAIAAAAUEsBAh4DFAAJAAgAPGKbSCCbevh3BQAA7gwAACAAGAAAAAAAAQAAAKSBAAAAADc0NzliMDhlMzNjOTI5ZDExZTMzODBjZmU0ZjE1OTEzVVQFAAPzrSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAPGKbSJyJ/ZMUAAAACAAAAC0AGAAAAAAAAQAAAKSB4QUAADc0NzliMDhlMzNjOTI5ZDExZTMzODBjZmU0ZjE1OTEzLmZpbGVuYW1lLnR4dFVUBQAD860gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = 'b9047.js' AND file:hashes.MD5 = '7479b08e33c929d11e3380cfe4f15913' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf4-2720-49a6-90e7-45cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:56.000Z",
"modified": "2016-04-27T12:17:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b9047.js' AND file:hashes.SHA1 = '3b9bca38061f916ec14b2120d75f818dfc0a1582']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf5-3628-472e-ab4a-4521950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:57.000Z",
"modified": "2016-04-27T12:17:57.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b9047.js' AND file:hashes.SHA256 = '6284a4144fe8641b848235683e06fd520439b3e282e75594fa89f2ddab2d73ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf5-d2cc-40d1-a012-4b18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:57.000Z",
"modified": "2016-04-27T12:17:57.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAD1im0g0KCiIaAUAAOIMAAAgABwAMDIzNjZmZjFhN2RiOTM3YWEzMDczYTgwM2Q1N2Y3MjFVVAkAA/WtIFf1rSBXdXgLAAEEIQAAAAQhAAAATcsb0Zf4CX5s1O9HriLhznDveZU1L3Hj86i138BHI3Gj93167LgaGqYbhtSGr8QSW0BgzOAjneGJ2efXz8+lIcxpiguLJXFECbt32PFS08tZDAYpcUPr3iIol13SXAZWMtgY49K1rBXnSfnYOOEoomWkEFJeM3iDDBmOctHEUKHWNowQiZRTL3D8TEFYiENI41k7qWYcFtTzfN7setnKekMJBvskj9PNCTC1q2KO3vTiyBR2Z3pk9MCb2+WMvW8+M0aHW4U7jvfTgZm53pc8NDQ46liykc6XOZYTXnDviTxDuqahtcFHgfjKdxewk5kM1p1z5MFz7trThnKuWslO7ZtuZpzdMK5cBzSr1VTU0rF7s1zYvlvRppPxASziumGfE/oyZ4cQhz5QAv1396ZXlDa4o1W6rSBT2DjO5LRMfXOxdfmyuZokprqa4G0+qVezWZe7EgioVYZFPEzQqtdJVVSzds8TbXly8G9RMojeXf8tjVLjrtbgg6K35KlIY9VxMnZb0ZV3NJYUVedgXvSn2foQG8T3+75LxiphW8OmWcH93UQAJsWZfXNZJRUzKiY+Al4dgIWaEAqOR32YJ0ILQmo3BJJbCnTR6XMsQ3DkkdpNDyYLA6vkX57iJtkHJHZjASzwtH3+vF/UgYlt2XIsqtPWoGeecf53HA4LC3f1cBuu0rqBQbFgMmRcsRv5MskmoIS72dI3nx02R0AdhYlaFUjQkb6rvVmDh8VKt9sY/am4bP6gRcL8GB9RaN/L/ShoKneL9L3MQ2oP047sqavJiqfEKGU4b1E3/jJvNumjVrljm4iY1VIVbc617sT1E0PE2vnU7uWugi/9H3j2UwL11L2kqz757lvMCc7Uvu3VBo077G+VGuDdOP8bkXUjA7qNrX5M5anOb/cepM/iw78RcE8JXns8wqSvBbqgOGZNG6awLBoyGZLbXzWblZmD+bY41ueU4gMnKRCPZVyGIp2fC8aehb6Umt5klXW3S1dO4HgjwT9EVg7CAT7sw5avjvS5OYCD+BcmMKwydxJrX/9FnIOqTAckTtWZnmwhWEJY3vvoR6UH2hzLErzb9KWNC6WUFqWorwZG81hEgmBAeEBm4RqRB54+Ymp1LNDA+LfqHP4+yPKUhi3rgzMuSPvq/Z2jM0LUu62rKKn9UYs7Niz57LG3O+Kpa1gJwdxrZVyAogzDPQERdL58ljBp0K020NFavy+oBUqhzVZe4SfbP5uZ4zEPdulPpQnWGz56/hWIybyA+oPL0iUj0M1qX+ttCK+swmGkIAQNRBVd+JN/aki14XJFAM0zG4x17TeL3lHLELW3xt7QubApEFjf0gv1D3A1wycp9zBgRZf1dnleX3nJ8OgYO77nLom4KunlV7YqrruJpShIqiP/l6Lq4E5H29waEVMyPjmJ6kJkhUF6FZMPeWJNLgqC6gKfOgKZjqwG2s9A/cjW2iRnazVD4Jhl/GWoOlCOBpFFf+ZNdudO8tk778vhmMvE8FG7O0FGZpOdjJNhuOKnJZiWnW/nTD5vUFf3kE5/RJSNM+RhCPhhFrNBR/ifbBZ+tncCcn/JRRrhWqTPJkusCbAq0eHvPb015UKwOLEAZ70IhEKmYvzzvjOEj1oOiCP8CR1dS8zSam0U2URmRT9ArJWtt7UJMAxXMcJuMtjaj8kd3gSDLuok2PmGfVlNM2jhGN5Q+SqS8JFcm2vc0fYxwS/niAvuLzgDi5x4TNGAw6n64l6Idn0kt9LoFtzU8323iHZ7LfyjJn40mSGP938g7D5XMTztImGJBeAeQchMvCStlFX8ftMfdtn5vAeInkKLFCd/Dc6kn2FUBo8lR1rqVhEsEVBLBwg0KCiIaAUAAOIMAABQSwMECgAJAAAAPWKbSFTlz6gXAAAACwAAAC0AHAAwMjM2NmZmMWE3ZGI5MzdhYTMwNzNhODAzZDU3ZjcyMS5maWxlbmFtZS50eHRVVAkAA/WtIFf1rSBXdXgLAAEEIQAAAAQhAAAAs4rf2mtvKC+i5iSVRR5lVjtZ6A3O2qNQSwcIVOXPqBcAAAALAAAAUEsBAh4DFAAJAAgAPWKbSDQoKIhoBQAA4gwAACAAGAAAAAAAAQAAAKSBAAAAADAyMzY2ZmYxYTdkYjkzN2FhMzA3M2E4MDNkNTdmNzIxVVQFAAP1rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAPWKbSFTlz6gXAAAACwAAAC0AGAAAAAAAAQAAAKSB0gUAADAyMzY2ZmYxYTdkYjkzN2FhMzA3M2E4MDNkNTdmNzIxLmZpbGVuYW1lLnR4dFVUBQAD9a0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABgBgAAAAA=' AND file:name = 'bac9b964.js' AND file:hashes.MD5 = '02366ff1a7db937aa3073a803d57f721' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf6-4fa4-46b5-bee4-4963950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:58.000Z",
"modified": "2016-04-27T12:17:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bac9b964.js' AND file:hashes.SHA1 = '4ba112105869ee0c11829889dcc8e7522b3368c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf7-3f18-436f-a440-4df1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:17:59.000Z",
"modified": "2016-04-27T12:17:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bac9b964.js' AND file:hashes.SHA256 = '8ecb9297a5272cf8403d23dcc4b76e703112a4b954fbaf53f450417effa3e2a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:17:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf8-7468-4bdc-a160-4c6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:00.000Z",
"modified": "2016-04-27T12:18:00.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEBim0jQcXWNfQUAAPcMAAAgABwAMTQwNmI4M2RiNzZiMTRhYTlmYmQ1ZDQwYmFlZjBkYzNVVAkAA/itIFf4rSBXdXgLAAEEIQAAAAQhAAAAIgOePAwsGBV0PC8/Ia8oQUcW4GodA6zFH5aLxbriL2li9FB12dc73pBgA4kSdw5MihrlkbqtDA+5cgKQ3HdPvyDwiyYkNhqvozSaXt+wjVthPWAUubs295b1/ML+SxDkVlB1rMc7ouONOGt2vX9EwHGhiqe2TtbV0YqNWQmrP8ky4ymD7tGJFuga7k5PqCGs0CbrI1XMdMmYmV/0gAnLuSsz4XS2/yxgwHfZIuOp+q4HR/RuuRzfoDKOUeRDdJSJ7WjNby1XoBxO7CrrSeibuOH4w9MiSlu1Rbhiww254Z84xbGhUddTLpzsoHrCELgLRjt4RzQ55OGgzOIvPRhOt4mBDquPzl307Wb7ubGhyqjODPKZ2oayTxDNuVBHrLMB92iHq9xncOwWCdZ3DWB/CEFPQQIxFkZlj9wRRpniksTILc/RN1/SSkd9AkF9qzf1QVLIjQt8V01fh+MPqDgmt+jg+zpFKGwmgpqLiLu84xyDhVGLPctRX0ymnx7XdOxoKJ9BfIfbN1Ish4tgUzxyROJhS/ESVK5hxr5tQfotrwKEjSQ6Ht06oS5E/vy1ORYkMRoiBE+QKBFsG9kh7FOkHLZwwJLVcYXiUPPh5HFws4t/eIZ3mM5kzcApoWW3AK7u+QaejIZFQUq3ldBxfMcMLIFtnD/Mk9QgqrFcpKzyc4BI5p74buFYMvT1+bNmjNoDE4gW/YDKXiSJYAr5DHK6Ray+kXROuz15cLzhxq15qot4B9N0AJUyymYgPOrCVEZssNDDFuca7nGGK9xnMv5czW4LNCgjB35+nDgvgwUBxxEO7RmkHXf3sZyL/JMPrvPMi65skA6Na/f20v6JCSch7yD45bNfu6NegeEzGDOYo5wGmhaqIGJ8GRafIq7hcX3R31t7HoCQjHh5qY3Rctj/u1gLmWTdI4uAMb37NV2OgU65e77fIZ5oI415DI6kLkxVRDcAFQpuIJLq3f1YkUyQ0q0zGlO7aOWYd+AS2b389mSuaDTbevPR1DJuxHGDmHcodxMqXJeb3jo0F6KUzyM6k6ToB59hX7+uwmanCJg3Jp+VdQ1su6OPiUyNYsiSLbxSTIXpJhOvK5if4ZXLylKuiMXUweMm8zBIEY8Qpu8LScRBpv/SIRC+XuYJVTTyk55FXeBzq7dLxsvWV4QbcPodh493HUiizP9D2dvRV5KcNExpeLYpIg0I3C3zBw8g8IBI+0U/qVIH2IpeHzKMDS7flmyblx/TQuMl7g+vvt1XMkIC28DGA62191B2ko1Z6ibDIulP+ezhR79h5MEe95T6+GXgQ6Mf58n1uu7l1se+HdR8NvF9b6+pzHQgO0L+D5YGIU5nV6TLcPr97jD/ICpqiknAAkgESPwXL7Z/BexS3y6t1GjyX1O6iFfTC95VUZPOJ77PgZUvMJIl3Mvn+1dy5AUApVcU2ei+89sGEFJMXY0iVNwYfKxbAnK9DLQPOdi7K9eoVq+Vvg/djjY+Vbirj3+rgxm5MnPQ/grazxNtr8WRFeQZxk41t6IN9/E+MgSuGgpxqgaWKBzauM3+upA1tVM/BLD3yhv9rN0OPM8AEN47LmTSeGLosmCZ9YqwApKlwDJijTSnzHMvI9Hng7JRMiio+n7OZr4kje2U5NHdB9YOZedi6x2AGR47b0xHP3GF9W+vbMPHpq0d2yK0qI/pkR6F0fii0Hd8TuqndAEBECyackpV9Pens9968bxG7icVPJnRIkLejRppzAfRWu9goTItT3gzcUNAelt3RQy80ED1SG6WbIEujaHSRcSj73yzrIu+GcqWutiQ7L7zdKvxCKVWX+yQUpjX0GptxmJY76Je9R6v1uRBfWx/3RqwcAgdmYTgFutDGtZWTglWDlBLBwjQcXWNfQUAAPcMAABQSwMECgAJAAAAQGKbSJ5OfTAVAAAACQAAAC0AHAAxNDA2YjgzZGI3NmIxNGFhOWZiZDVkNDBiYWVmMGRjMy5maWxlbmFtZS50eHRVVAkAA/itIFf4rSBXdXgLAAEEIQAAAAQhAAAA1jl5aU5MXjCHY9j3mLZkvROfV1oAUEsHCJ5OfTAVAAAACQAAAFBLAQIeAxQACQAIAEBim0jQcXWNfQUAAPcMAAAgABgAAAAAAAEAAACkgQAAAAAxNDA2YjgzZGI3NmIxNGFhOWZiZDVkNDBiYWVmMGRjM1VUBQAD+K0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAEBim0ieTn0wFQAAAAkAAAAtABgAAAAAAAEAAACkgecFAAAxNDA2YjgzZGI3NmIxNGFhOWZiZDVkNDBiYWVmMGRjMy5maWxlbmFtZS50eHRVVAUAA/itIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcwYAAAAA' AND file:name = 'bb2706.js' AND file:hashes.MD5 = '1406b83db76b14aa9fbd5d40baef0dc3' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf8-8a14-461f-b455-49b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:00.000Z",
"modified": "2016-04-27T12:18:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bb2706.js' AND file:hashes.SHA1 = 'e7ffd9466615e7a33c8191840ee1a4550466635d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adf9-5c10-4a3a-b9ee-453d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:01.000Z",
"modified": "2016-04-27T12:18:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bb2706.js' AND file:hashes.SHA256 = 'ad52b63a6aa7262c163e098e6fb64bc421b2f90a11211f8d848a9288cd90b54b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfa-6d20-4e08-883d-4d9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:02.000Z",
"modified": "2016-04-27T12:18:02.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEFim0gjxcekcAUAAOoMAAAgABwAZDQ0YmM1YzhiNjY4MjI3ZjVlNjI1YjYyNzJmMjdkMjZVVAkAA/qtIFf6rSBXdXgLAAEEIQAAAAQhAAAAFze4ECfqkdomvqw6htq0fPhP3jGqMbVjZeFYRIRxUqr8/+vOtCzYxMrL/zkc9pF7HRi+hkIeccCDQ93Hm44kwVnIf55feu9WuE8i5rvy6617flox1fvMf7CnCMM7FMan4IAbMAZDEri2ffAtyHdC9oqxbPeuEcuil7adGY3CGAIOCjoyw4W8ba8wEsOa3k//JfUIEvMxw0LSDkOq4K8ztm/E1A6F1dytwAfUprNJ26wpwQXOq7UZD6ORmujFL3XlQYokk9w0gw6sRTJJgmQpGJO+gSgfl0638378MWmLYMb8Fh9T1T8rjAoJWy4fYcedaZTnL/FL2NSVNv5Wnkz+RhE/5X4S4iraSIOihIvUBnBFRSbTi7ouMg3f2qASlM4u2B48nCnbfdvt+q0nvGZGtyj12FiacPPOHUESEBpetsSgHrxtAFW/cAeS3dMAu1AZDlO2CmyhIMJe2fWJR29oDyCyBTOmoB8JzdgreunLfNj5OxHBg6zccAd7AwWrPF8dMAjFpyk/kF7QZuE0gczi8raxg+NdAhDN7+xjqOVKBR/54sZVa8EFVGT7Noxka+SrrA044Nopm2bw2oI+SvdncGt20Ce+1pKYdcTue8Vu65tv/Sj+uWTTLpJn73EVnEm5lL5V2Tf2rlDG+Xbd0JEbsjE5LSQCBoC4bqT9VqpywuRGobNaITi+PEIVc/yV3SE3JRNHQW1T2Sszhu2UCzlkRYiOoBNoBelRc7ZIpSlF0FCpeOStzKeF3d7oTqiCdA5pUoWo86PpIEX2Wx1u9raL0d46zMD5xEptB9BiMvcZTK1omRdWVLMtFOoqgNDBsGPiQEMBpxIyFdIF/oy5ovuxrwMkJ9C582F/KWgPMqWU7gQJJ11CqPk7lmhy0/+THmAGdT7YjcpwswTh+b0N0sGHoJdvocDEcumVkxD7E92Z8hJ11CKPS0Ng1uru+FSdsvJhzy+0r/HzlCKBApzbh0gyMQ/SfKBkyuKK2W1mlDpAaqYK9o2i7SC9QyUVive53L5/vg5+zsfx97DVPdRqjKWF7iY6uU3mVWJ3JsqdtsKP+ySpuuL3WOHfiZeMEGJhwlj+itoqkgu0LU3r6qfw/upRosT0V/5pSZkjceniiavu4vkav4G9tH/U3BTnQ6zLHuok0a23YrtFjYPkRYh0boV31ZxY0mBvPw6Riba3IHEojoAwzLvKbgfEwkaFY40DqtSEmnG/Fc/24Jk3vhkEEAFaGSZxrRebpDTNKd2T2trt2laU4Hh1pxCakw0amSSIFQG0I8pXplKwI/60AQqpwuMvqgJnl23rE1sTe89x228QjaYvZnnAhfO2Oa87eUkNrQNQVwyGTWWAWfZJhARSaBlJvKJbpQkvGgFEVTysWiGazD0aRnhz2tnEnX9RmfMrK9OqSeEw6zMcOjlmnoysE6v/8W10T1Ygcw+jPI9cgfnFId9Ie93ZdHSp6H+J08ny49yFJxAAdktpi2AKpSNaP494ZN6CUXgjv2pYevRJWXsxaEpCY8Ur7J+rKI4q++j2l4+j2oH0jSMSp+hopId/vSaLO39Hh/dgNezQPv2e9DuQcybdYcqzY++lzybO5FAzVXUNQsOaghl8d3cgwT6+F1KwCVu/fU/7UudHs+QNJ+gT/E++JCpIM/PUNzStMGurxtPQ94S+hgRgJPmGEl+NEf5FVt8GbtiMntCTucpyt+NpC8AMmj+KUTjMintzI3lcJa72b4Znc5VOAoRbyvWcsvKoAuzLXu9N9cdMeZ5+b7NlLLTbAWinfJpw87MLQooUDQnPX1iIyRIcQxBB2YnE1jBFr1uT300BZdENQtn1UlwJdisW3J6FS0LphTYe2XdA7erMUEsHCCPFx6RwBQAA6gwAAFBLAwQKAAkAAABBYptIcDwc2RYAAAAKAAAALQAcAGQ0NGJjNWM4YjY2ODIyN2Y1ZTYyNWI2MjcyZjI3ZDI2LmZpbGVuYW1lLnR4dFVUCQAD+q0gV/qtIFd1eAsAAQQhAAAABCEAAAC/QOEut3/of40DYyInzSB4nwZ+1be6UEsHCHA8HNkWAAAACgAAAFBLAQIeAxQACQAIAEFim0gjxcekcAUAAOoMAAAgABgAAAAAAAEAAACkgQAAAABkNDRiYzVjOGI2NjgyMjdmNWU2MjViNjI3MmYyN2QyNlVUBQAD+q0gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAEFim0hwPBzZFgAAAAoAAAAtABgAAAAAAAEAAACkgdoFAABkNDRiYzVjOGI2NjgyMjdmNWU2MjViNjI3MmYyN2QyNi5maWxlbmFtZS50eHRVVAUAA/qtIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = 'bc4829b.js' AND file:hashes.MD5 = 'd44bc5c8b668227f5e625b6272f27d26' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfb-20b8-43b1-ab7a-4d14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:03.000Z",
"modified": "2016-04-27T12:18:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bc4829b.js' AND file:hashes.SHA1 = '10d02e577340cc3a2bfccbeb32bee1f1a36311ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfb-e584-4014-9ce1-4be9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:03.000Z",
"modified": "2016-04-27T12:18:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bc4829b.js' AND file:hashes.SHA256 = '7672fce9bc8da3c4b4cdc9b2f484e64df876967d115c9077d18ff3e5d793abdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfc-652c-4025-a71f-4b44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:04.000Z",
"modified": "2016-04-27T12:18:04.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEJim0j7ChuncgUAAOkMAAAgABwANjAzZWZiNDI4ZjlmYjYwOGJjODBjYjBjZmZlYzRkMzdVVAkAA/ytIFf8rSBXdXgLAAEEIQAAAAQhAAAA8Hhz+nNVhXjI+B4SWXxMbqKm3iOGHLuTJJKX++RSuWLhn7CcSTjgl/0qXPFQTxhcW+/UMyqxQaL4LJTraWF7fSHzcPR3mqwg7cGcggZa+vODEs3/FDaxc77fmKTI4WAOvR4BfuHA+BWeK8R8jStLYKvq84yS8qtto5cYff1wbAWQst6iv1rd8UTmtK3po4c2xyPuoW4LVKuz289zV4XAmjVvril1J/9vzC7nIhBmn03v3wTc033SKVkFUDiXw7tuU6qAt3IubmTjXQ7m3o03n9HCs40KWt0VQW5+zQ99DZKZHFAzKB6/swovlvYgKGO7a7/Q0tvsWeEe6G1pGka6tbTMNarD7qd4DKhO4uTVpKrTbKXfNtKMTVeM3tzYjm4nYAyj8JOsXC3tLdK5vk83JjzlMeoLYgzM1ngpRty9X48blwxYac8aLoDe0vl2+56EnP+Qs4YdHsms7rmfdIst4MA5mRkixXWIrG30AJ8mQkfomgI6fyAinRPbZ8HoA0ZxqLcQZ3yMpmEPd0POx5eFNG7dXCG/ZnipsPeMPho2/Q2pLCcpSkKiqV9i3uO07Pwn6cCqBNdbU5JrZ2yQlRVNj1dZVGd88milGFNqXCyv9WsF6PDS9QRbzaJ+N29itMfEb350bjo1x7AWItkPjZZXM+XAqHtEow7uNLOFXx4B1unauO2wb4XZq7ThusAkHW9YOtl2s0Yl+2NYJynLJRLOMGVwMACOduA7mZ8UEaioWZTZWmuBf5vhhpWG6j7e4onK9ra4JLfWDWiLA7/bmLxu08e2dJWU28mpA/iTnlp4KiV9nFJ4MLFLHGBtWrGIFcudvDZxPoYpOFPJwU0k8f9E22einVKApLPAjmMaOZXuUq0muhxacco+ml7wsxJImECyco+aGVh/KchBUjUGnxcleA6H3TOXCcUPzujU2Qc5V9XAaRGmpPBNrJIvOI/fd/bsKm2EkdPOvEdGkErSEZG5miDsofwqc26toUFizq0SbI85LOc1WhHAa/5+dZt2sTfPlFVX8XPzcHNLXlxLDfXbSMizJLbiMBCxFySKil7R1dYcv+gXSOpCZkmytZa5MJi181WlfobO+rbfbBlt3YCLMOR2yGulYYX+Yq28sZHIE81wL1oKcu/bhjqSNeHmu9p1CBgzkiMObBHxm8cxElJaDWf418ZUH+GAAAKqBBLHpaTtcS38lZyCoAf3TWYo7X062RdIDt14U+OYH4Jhx0G3dUpdfy1TXeKfcP+qQ2rqkjGuAIjyepPxC9Bb2wbGJ08PLdwoEGV0967WJAgQkq91Q6OQoGSXmmSUKT84WTyv9qz8znt3WURv32Pv0+TvD7hvbXbqYVGiWSv3a8F4N3JJj+wiDxkExWsc48sZfQ2dvX/plO5F1qXL/TU8Nh3pnIU3++8afQsdSIZkZTXkuxJ5dWJJBtEUYabqjQEHs5V8A5Nlk99nWv8t/5U+yUnMUlHML+YaKSpkqFnXMHkvCJ+0xSUhty+6QWV5kwSSDQjYR27tg+c2VgTGMDw7+OYcDEU2lDQWCgq5OnyD/ic3k9qfnRBcuzncnP+daxUhJMnEzyDdiwgt9sknAXzfTTHnVb2sxKwaeSvkniI4St3fnUlVRvYOzfh787nfOmGJLuELAbVYsTk7u0fmhqS2p9+IcttXsobSSxxHx2sbUO4qCfMsOR0af0SLnYotkLMyWo91iOIC9l3WSaZwb0DaHiZmtRZcrkwMOxiZPaUM0/e+slISriZlo2IUwqySX0b4Lngy8gxZTv3TMxkEd2282jxJkds2u9nGX8KEo3Kl8VQcmQQNHxNXRQhkeOzX+9Hu0HTVNXNRIxwI5H3j9hPU1PCFofwZUG9QSwcI+wobp3IFAADpDAAAUEsDBAoACQAAAEJim0jI4/GnFgAAAAoAAAAtABwANjAzZWZiNDI4ZjlmYjYwOGJjODBjYjBjZmZlYzRkMzcuZmlsZW5hbWUudHh0VVQJAAP8rSBX/K0gV3V4CwABBCEAAAAEIQAAACAK/7X8zRHd7yWPnNUQ/OJmpFr66SFQSwcIyOPxpxYAAAAKAAAAUEsBAh4DFAAJAAgAQmKbSPsKG6dyBQAA6QwAACAAGAAAAAAAAQAAAKSBAAAAADYwM2VmYjQyOGY5ZmI2MDhiYzgwY2IwY2ZmZWM0ZDM3VVQFAAP8rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAQmKbSMjj8acWAAAACgAAAC0AGAAAAAAAAQAAAKSB3AUAADYwM2VmYjQyOGY5ZmI2MDhiYzgwY2IwY2ZmZWM0ZDM3LmZpbGVuYW1lLnR4dFVUBQAD/K0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = 'bdb7814.js' AND file:hashes.MD5 = '603efb428f9fb608bc80cb0cffec4d37' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfc-a760-42e4-9266-4577950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:04.000Z",
"modified": "2016-04-27T12:18:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bdb7814.js' AND file:hashes.SHA1 = '7eb1c4d527b33dc64aaf28320663be849557daaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfd-7950-4ee6-a293-4d79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:05.000Z",
"modified": "2016-04-27T12:18:05.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bdb7814.js' AND file:hashes.SHA256 = '0e8dc7ffee1a0f2e7fbd37576d4937c2711b27b5176711a0683080e5e6a453a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfe-4254-4ba2-b396-43f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:06.000Z",
"modified": "2016-04-27T12:18:06.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAENim0j8Gk9CcgUAAO8MAAAgABwAMGExNzliMjllYmY1NzllNThkOWE2ZDY2OTdlZjQ4YWZVVAkAA/6tIFf+rSBXdXgLAAEEIQAAAAQhAAAAFze4ECfqkdomvq6lY6ulG8VGdFOaLv4L92eJ5eXlWnu1TJon7g8ov7wqAddDgKSBJeoMjPto+xbnWM0GAMGiVg80yOn4ONvtmo1qcrU8D4msO753hD1EYd0GIlxaB9AHVLOT4KOZnXKw+WhzvKFNtfGc1Xy3bNY40DNkv3unl3c7i+Ou126uzNMlY9Z1jJHYjrKvEhtZwZ0OIvcHbHLc5Gc024SxOUdiuoKMxmC9M3CqQibPa0EPCtHKsLfLNbRMW9DVfHY0USq+/ThyJ5zIQUaljO1iDyOspGDz2VNU46a0M2aOzwkV+bSkll0Vh3uzYCrGT0B5V4+qb0ysRDgEZMq0vWuZ6Xw7uHX4s6p9WvOVWvK009IRqnXvveSOlpuam3mBSfqaeUesENKy1HefrKx7++hQ+wUXirO8yrhfRnb24atnEW/qjUoAYq+vgXnBTwkSEqI8glfQYF53kBiE9xYbb2Z5OY/fNyq2uLziFTgSdoHuJdhgTf4pKqRJPRDpZSJaXzfYzaqpxDWlb554Z5EiI+KdVDIkMjwZQbwUQW5ThKbqXBwpvIHOPstGlzCDKTweWf7z6LUri1A2hJfAA1HfqhPmGh6Nq61QJDo1gGRA6goI9kezBa2HbzaUKQ4xcl8AM7CSMLNN0chqGEwORywknFWDadiBySTaR6a7t41bi9FYm2D7cmJh1iuW5XxQke0Qr90VP9UUBH8HPpv1tldV7xF88lQMOmthSs0y9U9fH4KUN5m6nFlXZuOz7ft1iRCUawgSddAKyYDHOaduF1YM0jI1J6Ri+9z3x1c4yNrwKIEx7e6n8ww9wCX0NdVGSXFiGQUkwD6jvBJGzMSwqpbh5plRPuBH6/IKrZIBWGmIe1JuxU54szFpNB0pZTB4eQYj55Ub/ayQoREFH9SFj+cRVXVftxxTrNso1WigmJUHXq6JbJmlFk0lIOr+jcCvCNpCxxvaGwOc/eQgHk2IUf5dPCcxrm6J/pE+eRuBhqC+rsw+2i5HV9QPZ1fmP3dne03YLXHTVvAhCqdaSQ63n78n1vdKQ3HegAxvkoT0rRGnzIjDedRGZOyKjz6+jzYC8ZGncAxwEHYx9pCipT/sqBD6I1r93Qb8LWjh3pNzN8NEZ+gS/bN6iQe8UPy9ooi0cse5rBoQLsQkEbmjnKtd7RDU0ZGHcEAS3jeeoiWjJEuxwiUKdmWuGt49jy7MR3KEIFy+AWGohmsSFw0So9QP06ptMjSfp8dw+lVirLAkTVf7Oxt25E47T1m6USqojkxJbuks7Cop+dAmWrntW806S5xQr4aujmcu1V/WpRVIb+52HEND+sOCAxmPVIOAY9eUKEwJbOFk7Y1npsynu6cTP/jqjkTJ3400C7fi6l7cZOi6X7sP9qQQm4ZRnoqDRpNtoJPWq3Bq8qsMvqZq1eIK/F7uqXZUupQOHJ5sy5Fq/Ggq2JkdcgkX4kt1pa4grtdJZZIVYCRWuFJsSxMSSYz6TVBXIXh0mxwkLr3UA4zOYJvF+z/9l856qlrOx3wiRHX7eKxBgRovV1tGMcoD/Xn9QkFnw8vMV1qL9EahwdCYtQIOG1fe6luFLLbixVgdc0w1yoNoYoX7OSpztou6KZ1MYJw5B3VvAEOC9Ikr2pjqhHSrpBb0XAlZFqqu1NM+LQAKtwHCwBOsKxxNDEtI5uXYI2nPt7oxxBu4qaDnGJBT7YUQ54YLSrJhppaSE+dE7EwkRolcGBDA1e5E7O43W8Uio/BH1cec+kgDRLDP0JJopnukxGLSSnzMhv4hgcSG/nFOeVotIFkQ6U0ovdIlE/PNKgqi6hWf6mxpond3kx/BqIFAdP63/6Bxh0ezonyF2Csh/qlQSwcI/BpPQnIFAADvDAAAUEsDBAoACQAAAENim0iuikqIFgAAAAoAAAAtABwAMGExNzliMjllYmY1NzllNThkOWE2ZDY2OTdlZjQ4YWYuZmlsZW5hbWUudHh0VVQJAAP+rSBX/q0gV3V4CwABBCEAAAAEIQAAAL9A4S63f+h/jQNhaU86xkYK+gLR+ONQSwcIropKiBYAAAAKAAAAUEsBAh4DFAAJAAgAQ2KbSPwaT0JyBQAA7wwAACAAGAAAAAAAAQAAAKSBAAAAADBhMTc5YjI5ZWJmNTc5ZTU4ZDlhNmQ2Njk3ZWY0OGFmVVQFAAP+rSBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAQ2KbSK6KSogWAAAACgAAAC0AGAAAAAAAAQAAAKSB3AUAADBhMTc5YjI5ZWJmNTc5ZTU4ZDlhNmQ2Njk3ZWY0OGFmLmZpbGVuYW1lLnR4dFVUBQAD/q0gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = 'c0c0e1c.js' AND file:hashes.MD5 = '0a179b29ebf579e58d9a6d6697ef48af' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adfe-c4d0-4905-a503-4cc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:06.000Z",
"modified": "2016-04-27T12:18:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c0c0e1c.js' AND file:hashes.SHA1 = 'de6146846b6a0cdb9c532f4e857d903bdf19172c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720adff-af04-4e4c-bcd7-49a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:07.000Z",
"modified": "2016-04-27T12:18:07.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c0c0e1c.js' AND file:hashes.SHA256 = '724e2aa3373ba20ad5a92052ef047ee0a73a06f06cca402c9809b4d41b78eb60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae00-0c30-4e29-8f7b-41f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:08.000Z",
"modified": "2016-04-27T12:18:08.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAERim0iu3UPeeQUAAPIMAAAgABwANDQ0OTk1NjgyOTIyYzg5YWQxZDRhMzQzOWMyOWUyYTlVVAkAAwCuIFcAriBXdXgLAAEEIQAAAAQhAAAAOX4KkqfVMS2Yy5Uvj58aZ4nB6sBQWom/hLV3v4h7e6TGeaFcgv+jyeZWhy3TmtCtnhYThuq+DN/JJkfgNwH5qQ+2cUL6kpjrhPkWgIRzgPGu+7qwV9gQiuHkEOF7WYVzIMbzpafYFZW7Phh+ni2uNISAnQkZIyPgjYyDoyRzXus1YR4Cbyr2eL/G2QhE1LCGTBKtLYcOULrPUZSvkOcVXE6vAX+yllA1QTKCVwL+IXmkgF3WCNdzr4+7AQXy/F3xI1t+DGArDMWFG/o2uTer5zy5hqbkiSFeX+TTK5TceMwA34qqKP2X2t9wHusWgCRHJvtrDRkKJWnpED0RpbEpB58fyIsnFqdxzr8IIIBnYAWW1nWAAKeccwgC00ONnGDzumYMaD/Kx0gmALPKpOlAyItHSkBmawhBD8KceRDq+UD1H5V2pdMuKgFwby0gniwHh/S5wXtwbF4T7ZVB24KTwju7A2ACKnvbdpRKg3VvDIETQzTn/sm4ejVKWEtnhw00wdtv1jRO3DMJq719TE/VIatBYGHnLfjDq5zM28yOqzsh/JFBYWsPC5n4g50RGuOZd0kHDwRSBpVkd1AR18gayV3+TUM7kH+Dqx1Q/gjJaBpJYI1mamp0EKx4cRO5wHtaXm07eOOcNU5hxLSmReq3PUuh5ubn3WshSHujcQU3r67qErAjer5CAgSB2NQP1+WLYSTgvbRL7DvJGEkUyiDXTWksg3heSlXa0uZDhKzB5nRnUqPKmvfBz07rF295IJxnVRhYttraaBovDLnPhIyHa1EI41uxnmvp2IFeYV83iIF5NJcJOi9v0TlH+oYdfuST/WCXMRMH7/YtAvhIGxL6otonhFQBqVxxi9NDdo9Opwuc/EsMKbG2FqRNQXXQn8iQlzuo1xcd91XfaTaX491VbYQzrsvNIINrwIH3YzYt1SULsLQqAQlS+v1ijmuhWCcdel4foCC0jsQhFPdKO8WNbNDQiB035ZLSvqtvfT0WBY0J2DT/qod99v+cw+sREA//zwLbx+C3v+zu++zHgqdvJFNWCn4QvNQ4zJp8vBvvqjaXg3Yd4rrcJTJkmLb9Z/VyXLVxer0lNUjhP7T1NhezEUBEk3sci4414oJWCTu+NIs8w17v9W0S+DUzVD6yi8Gs7aREEwP0LjQgX6mX3wECda/2gWrBIpFZFhZSB4+sK6rr32AME5rk+ak4yfM7FBmOUq4uW5E/4yX1EiIOtIDB4K2hVWCrOisLvDM1fxq58kUg2mguMpVa3bz4IUm35SGAoi+tgFSOn+ff1jNlJSg39AcuoSzbxWQ6GL3UnqGhuM0JpJsk9j9Ff4SiBX9pvEv/QAO+Z+vDj4exOOlfmjmoL/nXXjCjYcBBB8X4WNp8taa1xLy3Z/xStel4VePfuKaC2kr3fA6JfLo39Ygp/VxZScAUmHqn159WMlVZ7KTPTNByn25g12NDhs+GSauTVE1qZZjWYmYYYZwbhkjp8bAEi75SuPqDkoJNHY+aGd+0uD7Fjr5553kx+6vq+QyGORvLheqwP6eE+KgLF1VAfIQfeICOHGZwjxzK6Jft/mRxDWolZWPg0tWb3zC6ZQhAdVDxAsMXPPYR1VtWrwzQlVGZx9hijjkAwOVqCnAaxSZ/4ZElVO/MiAfLnRFM6SAViYF3WvgxqUl3h5mv785EImcMrc4Q0VYGUI9/uWNbXxZuvq+bqe8sS2WP7ZeT9BhPuzelRP2kqqvdw9iZzbaN2Q2nOO+EAKqnGY9yZ5t3yuKcIwaiQb+HnHGAw3HgUHSXnoaz/34FFsedNsFZavcBuKtglWuXx/aaU0jYmvZDibbmj4aVFnx1/fh6mtzNdS6ZMarPWIRag8bJ+6ZdUEsHCK7dQ955BQAA8gwAAFBLAwQKAAkAAABEYptIzLibJhYAAAAKAAAALQAcADQ0NDk5NTY4MjkyMmM4OWFkMWQ0YTM0MzljMjllMmE5LmZpbGVuYW1lLnR4dFVUCQADAK4gVwCuIFd1eAsAAQQhAAAABCEAAABC2UVXX6X56K0cTQKaIPYOGAWmFqnhUEsHCMy4myYWAAAACgAAAFBLAQIeAxQACQAIAERim0iu3UPeeQUAAPIMAAAgABgAAAAAAAEAAACkgQAAAAA0NDQ5OTU2ODI5MjJjODlhZDFkNGEzNDM5YzI5ZTJhOVVUBQADAK4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAERim0jMuJsmFgAAAAoAAAAtABgAAAAAAAEAAACkgeMFAAA0NDQ5OTU2ODI5MjJjODlhZDFkNGEzNDM5YzI5ZTJhOS5maWxlbmFtZS50eHRVVAUAAwCuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcAYAAAAA' AND file:name = 'c4d6d91.js' AND file:hashes.MD5 = '444995682922c89ad1d4a3439c29e2a9' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae00-78d8-4263-ae7e-484c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:08.000Z",
"modified": "2016-04-27T12:18:08.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c4d6d91.js' AND file:hashes.SHA1 = 'e6dfe14385784b4832087a18b3e6d28777434d22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae01-abd0-4934-b0be-47e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:09.000Z",
"modified": "2016-04-27T12:18:09.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c4d6d91.js' AND file:hashes.SHA256 = '0549b72ffef7bd8a8808a2ec4a8eae42c3d8b399ebd190dcbe722ff37abedd98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae02-9c5c-4780-a9ca-434f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:10.000Z",
"modified": "2016-04-27T12:18:10.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEVim0gHNXMbgAUAAPMMAAAgABwAMWZiMTQxNzVkNmIzODNmNDU4ZWQyM2IxYzZiYzExN2NVVAkAAwKuIFcCriBXdXgLAAEEIQAAAAQhAAAA9B2zYggaw6906WzYk/VljivAAjskYwAschdONazZpOKAL6+AvNbi/IVsM3ii0BizACwZgJubylxYuNXUbepcDGjxK8goOpn+dsOan5JtR+n9TuCm1HxTGjSo+ZdG40kSQhrbWLFj2AzdrZhmvIFr1Bu7nyPrOL3xmmQos0XVpC2Iz6lpMd41NzjYN8/+m/WPK/QADMC2StCMWIRG6QCfeYDJoAWymHlpa2anyMnOvyofFhqu/pwX3Ef1UKwxWLzVFe2EleD+0MalsFRH507EzHaUbPC542jzUgULUJhHHopUsnin80my8sOdQIvKLCv0N4WQOsxU5Roa/mXch2LgjXka8M81nk5juDVMwDmwcj5w9d/BkPSYplIzN7aYw4eA4pwDvMGfmTRqYWF6YL58gnYaUJa4KFsvOcgg2K9czo0erzxyH/w1abpFAK/+UvtXkmuaXu99m5WOpfyaJdYDvvfdIp04eI1aM99mp7Xg87hgadkmTBNEnIsmbZmt+OTEOdW9fopHXNRXtbn4yySnJjMNuVNdTAzsYA4lc4ZjXTiUT/aNSaZMiGYua3hA/7XSzaIopW/U84jVcnznj3p5m7fMy19iWtbWL4uZi6h54C9pTUKLqVGtbBpU8AbVmXev+E6eF+eCP+H7ll8+wq+b7cqrueZRHcwzfGMyFS/FebT2keKhuOKm7dRPFOnozCrkAkXAIVaDWuF8jJt6wqY8E7KTLAdOcdcTyuSErPT4bV+6IzzJ1lgQL5+XJVfxZLffaFSBP5kvyJem0jpceUrS+DpDC1BM7T+RBpnWd3epg0CS4pLWOiblYlUlb2v5HfG/himCRcWs8a4+kRAbzIlfNZ95uRiXInO89b2VLAGnX6ed+b5n8qKSfVwnkWKxpkAeq3W3iQW7A9B3+mO2UhosZkDa25jTjDAMnYGNiGrM1PPCoxBbnsTlmjRkh6Fu+c7/kr0mZXsS12ldvURx1rVU8ZbPSqosyRBauY5JVR8SKG0J/ZZ2W3P6mBNOAIqLBUeK0YYwAheLdw2DyBR7azxEtqK3axiYIH3FUxX6akVT2DspaPsBx4B4vNRdno5Ju7LkMVgkuEvUyAZlFn7se5wW+FiZ4h2UJ6e/aOs0L4WdtRzqRST/Rssl+c5rkkcK/5DbrrDOferLvCk5kCK+OrBppEt2SN0eQixmLnhd9tZvwX/VbHMjfeBpupWNgxvxat6Vde4XvG/kH2UYRsGHXMz1X2ZRIIW39tcEf6zMd5XSEyNhRIWkQTpuXf2QhvGSYYj0XOblyMqIBcV8CBZGGHO6Z7S0yR9QV0s0TOOcWlNRpHMdi4kVOtBcNxd5oFLyS8vQwsPS+GefSMRxmFV63+6ph0I7ZA69+QHqFL3Ol5jdOilBXVgwX4VL+LNxkbFqeDNdZ4zAjSdtP5z7vuSOdwsWPWVcsWiz4X6vzcmnEcSJsIF1sPUfpf6RhVoT90T38zepCGZ5FOzQZwHm+ee54ImvmiMRR6Ee6QEBiLpwtu/SSCiJ2mURI9XbeZxu2xGxdLYi6r7I4Mf4If2e9YcuUdoFm5he/U/J3VPhelRiz6zTSGyr7FWK3p9ZUI263Kz0d8Kp/3WbRWCWttADAiFbWxV0C6WOg9rzkH0eQGPPkEpxxGkeIvpF19aS9rsGIVT4YafU7jxuf59EcFmk20y7uWvNLRafiAtfAycnSXa0NFhaql0weSp/MuJQP3nZG8VMbkRLQch8HO7/UuVO1m6Bfam0owewj0GmAZX6d8Yb4ijOoJpiSNU9LLRpvOJLhXkAFDvPN1fPbHfdoTNpxdC+ZR5yHM2AUdgqeVcmMMar1npBbjHOSqvY0U0ZBlPuQjUEfiynIorL4dWgdClMyF1XCjQsIlBLBwgHNXMbgAUAAPMMAABQSwMECgAJAAAARWKbSOzTMlUUAAAACAAAAC0AHAAxZmIxNDE3NWQ2YjM4M2Y0NThlZDIzYjFjNmJjMTE3Yy5maWxlbmFtZS50eHRVVAkAAwKuIFcCriBXdXgLAAEEIQAAAAQhAAAAHUKd0rF6A9Z2kaJkvKUg92VyZKtQSwcI7NMyVRQAAAAIAAAAUEsBAh4DFAAJAAgARWKbSAc1cxuABQAA8wwAACAAGAAAAAAAAQAAAKSBAAAAADFmYjE0MTc1ZDZiMzgzZjQ1OGVkMjNiMWM2YmMxMTdjVVQFAAMCriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAARWKbSOzTMlUUAAAACAAAAC0AGAAAAAAAAQAAAKSB6gUAADFmYjE0MTc1ZDZiMzgzZjQ1OGVkMjNiMWM2YmMxMTdjLmZpbGVuYW1lLnR4dFVUBQADAq4gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB1BgAAAAA=' AND file:name = 'c7fb2.js' AND file:hashes.MD5 = '1fb14175d6b383f458ed23b1c6bc117c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae02-7a08-46d5-af54-4456950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:10.000Z",
"modified": "2016-04-27T12:18:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c7fb2.js' AND file:hashes.SHA1 = '4541b9fab4491e0ab12d1f829a4473e5677ff6a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae03-42c0-4150-b5af-476f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:11.000Z",
"modified": "2016-04-27T12:18:11.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c7fb2.js' AND file:hashes.SHA256 = 'dbb0f39b5781ce587cb1b19804c40ba5ebbd6dd7da4b70fa38a0caa0e280badf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae04-1230-4ee6-94f6-4956950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:12.000Z",
"modified": "2016-04-27T12:18:12.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEZim0hPmGoJeQUAAPEMAAAgABwAYTdkMTA1ZjJhNjgzNzBhYjRkMWI5NmRjNDYxNjU1NjVVVAkAAwSuIFcEriBXdXgLAAEEIQAAAAQhAAAAPK8rguEu4ZsjgHqTw0ecpXtJtfw0VvKM6L4ok6Rr1VVTmeOksBLcHJ03qRsE+F4A7roWH9rIVMoE1f4JigUPmNFHeOlFG4ZSUGCfktjtjkqTJj1QPT4ZWsbL0I+fMF32ie5kUtRrEljFQ8IDTExEpNQDey3mL9lY83+WyplhABY0hWNm/3xkNQC3Sh2os7H0pr6dQY1p+Qa4iefHsi3axa5VOqmhptEefpv+eshaPayhpGkvXJZi4BK7xrcApbFYjnaz37WXbblHblXdB5qpnKn8OaVAQT3yWVyueScYYLoeYdFNh2XAj4ZvRvd4FoRSox03dENlqWpgwb2OyfTWFeh4EG6ysB0g6fvTsrszPDpAiJ7iRsxnvnjs1K5uJPhIGtkX1hO1Dr0cN1E7lm5/ymZOBOSCcI8yzbnaZLr8DJuoGanhZvBT7QrsVHHWSxlRrP7ecQvzYTcY/QZn9P9cUZJICd6heUNpEDNlViP4l/kBtS2DOYfXeN8Z6clqWl1rZtLlFaP3vqqn20vj0tw/TA5uqG4Sc82y1/On9/bjQ5dHRbpyidG84j5/d8xbmvoEeZ73bMM1LDbBO0ag1nEuU8B0WrWzDbKbBpSw3PG6nB+EPQcvbCsX+bJ6aCX8oe9mhjyBYCGJvOYjbhdnLRzW8wPrVogVYg4eXOowOKEYISMEhMiwKTCqTUHIdZ6iMBmstZ5nFHUbQXey0eEyTsn93WPRBI5TcoFjIqBonqciSrPXXmzjHTwjM5B4nqbavZFkHVWeOHRNy+9IJl3lRfe/IeOp5/3NkSz/tmhSHHF3tL/Ng+fk8QqhiJoRDHFHJ9n6TZhnaY0cCSJk80YfCdMH6dUZQc58IKRxCTYFuGjAeiC6H5skhgPEH4caANi2E6mcZFkTN0BlXSJ0+SPdEGe0UUTsxG95Aimys3xXrLOMw4B43kJDxyB2xAK7pSZUpGgEmbpkBHP9XYmwLgyB+bhDnNn9+3hAUHX19wd9IPriJA9v3r1DuF1WjJUnVAJsim0PP/WBNiSQ5B9T9rilusSjcMrFJ9Cv9pYf7clQ8y7jGMkODzo2ZNCwnI+bDSrcFCL9ZvkkKT7b9msIAX5OovXzYrjHKNxac0QtflFmZG0uLnp3JQbFdUj/C9XaYAXAkXg3UKc3YhX62z8/7B2XlFR96VmWJu3lCyZgzSD/RxPE1Zgdb7DHV+zArGy6IThljTGE6IYCDjCdcARiDNhL2nHnyY3KXy4A8sZbT/4KNn51s7gReHWpZdx9Yz3KtR1CZFyTaEJd/PxxxbdIKvT7tsLq4ySE+diUVrq+WSenqzLuU+Btot1FfnjxNuUi6m4N7a7nYAV/iI6NFJI2rpM6t1baRBex7yf1ree2lJl1tHVCZqeRfUAxmc6ZmKLVIYvfzJKUTCZc1jDziVCffX/tq92qQiMoZY68QUuxJW26fWzJ9HcSnFkTaU04HWRVDIalSOLT7L5auv+N1ggcDWviA5w3R3d4ROPRnJhTOyp3attEqN3sQkskYu4qL602TB6x+Ib/LHHjlIOh1/ODkcgz4U3QBJR3jt/761A7C5Q9//zli61e5KOtMTLYhNUP0yENGjCI9LL7nD1a4fJenLfzaNulKTLpXg/CiqmlWpgkqGujlDtpCQ1cOwrel4Veq+Fsqe7XDQI1TGD1QipmaY46TLOgeR1KjY+dxLTPEFndUNn/B6pMEwNUvXJBn3jK52VFDtycqaom86AgLvJW1XQF3l6aK4tCnPPKr7/LjHJ6Fbgz3T/gIDtVx7mTJRkyDJE1iRcSDVWzSXpTSDu6G2oF9Q+V5uW+z+DjtjbaEFZtuMYmMKJ5Jj5JPMOj22XT7QehMoDzmPM8nK2IHAmwUEsHCE+Yagl5BQAA8QwAAFBLAwQKAAkAAABGYptI0V7++xcAAAALAAAALQAcAGE3ZDEwNWYyYTY4MzcwYWI0ZDFiOTZkYzQ2MTY1NTY1LmZpbGVuYW1lLnR4dFVUCQADBK4gVwSuIFd1eAsAAQQhAAAABCEAAACXnjOUdSJNgKRBMlGb2rUQdwFQp7izxFBLBwjRXv77FwAAAAsAAABQSwECHgMUAAkACABGYptIT5hqCXkFAADxDAAAIAAYAAAAAAABAAAApIEAAAAAYTdkMTA1ZjJhNjgzNzBhYjRkMWI5NmRjNDYxNjU1NjVVVAUAAwSuIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABGYptI0V7++xcAAAALAAAALQAYAAAAAAABAAAApIHjBQAAYTdkMTA1ZjJhNjgzNzBhYjRkMWI5NmRjNDYxNjU1NjUuZmlsZW5hbWUudHh0VVQFAAMEriBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHEGAAAAAA==' AND file:name = 'c9fcc5d2.js' AND file:hashes.MD5 = 'a7d105f2a68370ab4d1b96dc46165565' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae05-4338-4936-af37-4cd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:13.000Z",
"modified": "2016-04-27T12:18:13.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c9fcc5d2.js' AND file:hashes.SHA1 = '7cdf72d29279e5bb75d5ad09e8cfc78d9620cbae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae06-a7c0-445c-bc12-4981950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:14.000Z",
"modified": "2016-04-27T12:18:14.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c9fcc5d2.js' AND file:hashes.SHA256 = 'e56e772f874ca3ab5a7445fbd87f9d6990fb072fb52e7ad9af6dc2bc64348ec1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae06-7708-4a32-be54-46b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:14.000Z",
"modified": "2016-04-27T12:18:14.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEdim0gcp9/WdwUAAPAMAAAgABwAMmZkZGFmOTIzMGEwMWEyNDA0OTk4MTFkZjA3YWRjZmJVVAkAAwauIFcGriBXdXgLAAEEIQAAAAQhAAAA9B2zYggaw6906W4GPZA9s/gY1225if/xECJ11gfDhqIvk7Hzb2esDnFaATX50rLYRgxTxHPy6unfMixH6n3oeP7Xo8MTZOdb41G3a0ziM7om6eK8VSz1RBH/TlbeQ6JY+vdz0EGKbT4ucnt71Axw6+lnPnIUqFbFrRXejtvdenWLCH0H7qrorFde+03RXtwH4NHTU5/FFAm2mRgBsadrMDKrbj+O1DymJO/Dh2/evNoYNXgGNDVTI3JC3gC+X0MprYfHNP1z2n4LeMcQeoBukm9UvYRc3e8eL8PrwAXqNLNFPQnbqa8zWsKO4miOemKRezxMAqIuzt+4G2LB/jxVzWnlIx8tyn7gCV26sLYG0yAeGLgEhc3ca4EpobBOiJ6HvS5f4HRF4U5eUOauNEUO71IzlGXDQhlsvrEvie8ayuYgTK9Ryjijz7D4YboTaJ6t+qOaZPCPRMFKrKF+1Y0oTcIX7uV74ra0vCLa2rVTF7cJJV4crQEMQ+pH6WaYIt7rq7IS/vjAY+lPFZKcvjdWdGlJEX2f4345pDsy7BmXh3XHIF4iqcZySMOYQrS1B3GtBqRcIy4i/XjkitNd1KbK7wOcr6BEGjHFfY/Aw7e9+tigIV8dtyk68Ebo/j9uWNmcGzzxa4cyKXOMhOJdDRPBKdlZ+H/QcQoA4fX+ZxtWsrdb2fg8KQAD5vk6lbi4TS0jPQDEZxPiIo8voD4oL/5WmUe5zb+AHldS6M3AfGdstW4/9dFPL37bQJkwrZkd9+ZMnQi71/fy7jET24gfpauprw6uo6fMjFerE+66wM0xvH47r9yprdddq+HjvWAE/6OsjucKsS7YWkOscT+IK6Xri5FlxpRHh70ooYictuQVe1Bde8E0gsrpsM7wH4wUZR8t3JH1PF75ykHokByXys6R8LJmSU35FsO65IsG8iKRbLqW6kJ84P39ZPVq8eApt8dgJD67lRcYGnhZ47rcc5yGlKFR4iVSYQm3P3kJxdTyQZ/PcnYFHWDBcRwEaVfoEFBI/hFnivJL52b6EO1sLRHVg+yJZANGoqV1QZ8BOaM0JB812m6sgFNQicO1Clm52XAGCQwgwoTWRN3XM/SE3+e+o07MK+OlogaJ41ZRteniBE95k7JeQ+faq8r49uo8trltleQFESd2irxF8rf5AhJMSXX0tB7e8WVqZuHcRTRbVt09s3fkZamw9YC/NMHa+vu33Ep00gBmnO4iscsNVA8IiPcaiAdLql6U9N2DGt8DnKbQV14mKwhfsItL8L1SEvuGB5ei+INhxfmWoQYF0jQdUq3xjCWNy+IBZoOLDdgZPS4eZnkn3TqrMKfq6uO81r9y49/iIoVeKbFN981OSQmIytd9cDNi24swxqH0LNkr/AOXbZ5riLErZSw1ke4x1obd6WmK8tpnV1gbhf+nzg3re57W2FVi2iUOS41pDGh/6tmFn1sFJaelsnWdGFETqxoUJDXlnnDpQRLNpsMmig0FBx8GIiRzuIFZ1SvzDgronxrL6VuqyPAbLrpNiR/SIrTe26njpHxYdnXMETrTRdWIG7N7jX37Lhp16mi9LeIZ4+QhENdS1HyaEZl8Q70AGwf5GVTnO8q3wdf8fxyYWCByra+4mCnlNqONIUVIXBB5tJqevccoYAPkPNnVQ6zYKQuy6qcKwwf2EJ0bfsUbWjlMEABqbEzKEBETpGdQXYQwXE20L0OJZm95e279VBUD3F4Z0tOXjKtb6NFsL/Cy0nD6WQu9+llQpCotCK0dK1PfuMKo3x921qTT9zw95n8mCpczbIDx6FocFYz6xZXko6qqHw3ftfoUp7GBxQcJuhFkDqMgBp5njzubMMdzU6hqcWZWgyqmygRlIlBLBwgcp9/WdwUAAPAMAABQSwMECgAJAAAAR2KbSLQ6dZYWAAAACgAAAC0AHAAyZmRkYWY5MjMwYTAxYTI0MDQ5OTgxMWRmMDdhZGNmYi5maWxlbmFtZS50eHRVVAkAAwauIFcGriBXdXgLAAEEIQAAAAQhAAAAHUKd0rF6A9Z2kaB+1rlG9cQ+en+M3VBLBwi0OnWWFgAAAAoAAABQSwECHgMUAAkACABHYptIHKff1ncFAADwDAAAIAAYAAAAAAABAAAApIEAAAAAMmZkZGFmOTIzMGEwMWEyNDA0OTk4MTFkZjA3YWRjZmJVVAUAAwauIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABHYptItDp1lhYAAAAKAAAALQAYAAAAAAABAAAApIHhBQAAMmZkZGFmOTIzMGEwMWEyNDA0OTk4MTFkZjA3YWRjZmIuZmlsZW5hbWUudHh0VVQFAAMGriBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG4GAAAAAA==' AND file:name = 'c225e93.js' AND file:hashes.MD5 = '2fddaf9230a01a240499811df07adcfb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae07-7750-43a4-8b88-43f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:15.000Z",
"modified": "2016-04-27T12:18:15.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c225e93.js' AND file:hashes.SHA1 = '64379746667fd15ce364991a7249ab3c9ce10695']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae08-5708-409c-b4ec-49dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:16.000Z",
"modified": "2016-04-27T12:18:16.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'c225e93.js' AND file:hashes.SHA256 = '8ca84fe1f5b6b42252bbc043b3bb275c207511995245a2457be3fdfbbcc6327b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae08-52e4-4754-88b3-4229950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:16.000Z",
"modified": "2016-04-27T12:18:16.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEhim0ghX4MQdQUAAOkMAAAgABwANWMwZDMzMjczYjAxM2NhNDk1ODk5ODRhZGRkMjVkODdVVAkAAwiuIFcIriBXdXgLAAEEIQAAAAQhAAAAOX4KkqfVMS2Yy5n8NI06bM3fpqvaYmLBv92rCFnfasJkWjXJLC+ZE+Wpt7TzOdGpOXGM/mr7TeQI/Za+DrHGahTVXGYKGLGOaJmTw+lGEz2VR0487E9oKRvOo2tb5zrRdJdPS0EIIXydKOSJoblFlUVqjINXhShi85wzHPlpZS6v78hdygUVZG1CkL+v24oErfV481fDJLYkbqI4gV7r65t4UK/09EFGjONcxuGInaMf1wxTVAx4Swi/3DegPcw65WuVuRbGMx5USW7OjNtATqgR6x01Wf0AyGy17S49Wl8mnreLwl+bDvZwsYrJAEjN4t+fYHU41zbz4tpwKDnkutpE2fD3SEWXdyoDdhlISkQxRMs5ztEjLz5pAeTkcuuS2jO/9mxiIhVX/X9iO/5auXfSfWJVdmK51VPM/hGggYzcafRRd0pqr34h+BW9b24SqT24DBuxP75WTCwxWzbLr3/FG7U7UtbDKZWYC1Lr61hwT9SZVpJh/ZLCV+W5CkA/l/v3DP1myTLx+LtUhh8ejOzvaT0WmzGl9iYcqtDQOoAaDWqGIdpRhhkyP93jgJfezkAl02VI6X4ZlvgSowjI3gpfLuxxi0qkF0W1jnBT7EuQwCZS/nYfFbzpCMS61IRMfA+mRPpX+t5gtqjuVmXl5yvic5SJNI+BhqIxAkXgh37hqDrJHNjn4IMqIexlHC0lamQhq5BKUum85WgOp+uXTLZd96Gic2p0H5wyM03WQgsXU6CyGNXLglJ4MpGU43T6rG6t66JRmjepGIqoj3DManQ9DkReLc7Jm6JUuJtiVxGntiS8QfDjQnSAeRaBndsoEkJh1nAFdBv1ukHnBdmjTJNQUpKVKiBEwdUD8+Lyate6zz2rKsWieKogEF8rNv7z31fbDddaNzQHUpRGaPTa1jC1EQWnRI+rlH1sVGuv0u/2ctCAdOj3YSAD6igI6HhTJmrVOT4s57U2Pw8GldOTMi638pZSKZaio0I090BLRYelEY0pjDJpOzyP6NGc2ec7prekgWPw/ZePpZWILSXmJTYTH2GwgZ1EoNfTRA7CtsYEuenR5BaDO+TfQ/8252iFbQRTbm09HVmjArLzO9ZtIP/62KJHveWrREq12Q5qvP+3cev+lRQjFeqDGUKLSpvftvxqVJ6FKkQAKou5PN3ZzlAPc3E5Cp9n/+w4ivruh4pdyFJAE0a6Aeb+wKfG+MiE4sZM6p5XYUbX6QhrLSSB7FTAzi1NN/PcTxnZ3zwk/7QbJslr7KbpZ9bg/srp8zIitVVUoMjiuxehgj24Et0v3stvcAdWUH9xEwOVHqEEZbm0LHIawfwuKosceRXVoC+sf5vHdBBq0otlUe85BzgtTjfA4WJlwwjvbUFbqp8g4d/6FC4wBKieOHhSelGpSA1LCaHwFaJGQkaitntFQk/emD7ZfjVArBrN3mXw8xDY6QBBJwz6gSyrt1V3pJkDueoDzJl7ZBlk/Juwtz8/b1gMLMYxmKPPUnc/wup5CUs93Jiu7jzrJOpyFdBOmC8cxQiCkw9EatI8zurhITRAigSBl0U/+H0Q/rB3weZaKaXXxXNIv7ijDwa0pD1OaV2NiJmxTepmlWvj39Wb6O+HhNDKD5WHLalSaK1zmF1sYb1Gf4HOxllch4sjQWlnVK1YO3DZ9k/lG+FbkVR6RsfypXWSSpsOtJbWrC/sDdTw4PpFaQKIEeNy+1eK6VUv7VOGWybct6zM+4G23615T1+uZynwwI7iA9BsJK3IEFUWDFSPVP7+PBwdOFZ67i917LsPl5ZVj4foEj+TX5+0KVpKj6DdG3YQZNg573mkXS9VtYfUzqyHvhmqZv4OokQE7d65wQxt1WhHuzlQSwcIIV+DEHUFAADpDAAAUEsDBAoACQAAAEhim0gum3n8FwAAAAsAAAAtABwANWMwZDMzMjczYjAxM2NhNDk1ODk5ODRhZGRkMjVkODcuZmlsZW5hbWUudHh0VVQJAAMIriBXCK4gV3V4CwABBCEAAAAEIQAAAELZRVdfpfnorRxBHwBCbMk24uH/1SmgUEsHCC6befwXAAAACwAAAFBLAQIeAxQACQAIAEhim0ghX4MQdQUAAOkMAAAgABgAAAAAAAEAAACkgQAAAAA1YzBkMzMyNzNiMDEzY2E0OTU4OTk4NGFkZGQyNWQ4N1VUBQADCK4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAEhim0gum3n8FwAAAAsAAAAtABgAAAAAAAEAAACkgd8FAAA1YzBkMzMyNzNiMDEzY2E0OTU4OTk4NGFkZGQyNWQ4Ny5maWxlbmFtZS50eHRVVAUAAwiuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = 'cc22f6bf.js' AND file:hashes.MD5 = '5c0d33273b013ca49589984addd25d87' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae09-fc60-4e00-b140-4e84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:17.000Z",
"modified": "2016-04-27T12:18:17.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cc22f6bf.js' AND file:hashes.SHA1 = 'ff00ecf601f5c92d29508f7fdcf2791514502935']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0a-c9f8-433e-a576-436d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:18.000Z",
"modified": "2016-04-27T12:18:18.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cc22f6bf.js' AND file:hashes.SHA256 = 'f10cafee4db5bce4b8f079eb146954a94a245830050a87a4a7dd461a1230cc01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0b-7214-481d-a735-4aef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:19.000Z",
"modified": "2016-04-27T12:18:19.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEpim0iUFtgSdgUAAPQMAAAgABwAZDZiMDM2NTU1NTU4YmViOGEyNzYxZTNmNzVhNTA0NTZVVAkAAwuuIFcLriBXdXgLAAEEIQAAAAQhAAAAYRV8uEU10LpVicZB5iheuu4Gi7T8FR+SPQxdou1FCBCY6XzFwgO3P6dFvEua1KJI67+YJnVhyXHc/ktOcexjd+EEOS7BQsNqD3NXwk/91mFJTDLDQJLJn9BUqgkayuCG6cwdzxjhoJvuFI+taEtGw+u1KKBxvYc5r0HtU5xzikJWtKgIChV1m5voWi7bEjntNd2yWOT53KWP0NKsSKagTWDWppLySg9pRepZnRi8kPw3ugxjKQEl5r6RZn1eHlkSME28MCLyVvdU0L0NQGb9amcgu9L+SvDYAkKSmN/mzA2z6yCAN/wsBd7ec6j5p8ONZ/re1lgrr/VMoV0FrR0iSruLMGptrOHKySPnG37lyEgFAd5sfAYszv96Zuq6m8qVAAn91+QexRifzlcTsBT7IRtK7rFo5052Ng4NTtqoXLMxGmz4DKEL3N6ZIflop8MTFGLBHbc5HV+kAVh9k0E2+uWkc0xmzFCRbiS1T+Eeh1lkp7qeiaNh8ZYK98vLo7b+Di4Tjs5VB4rmIZaZ6+Ei29eSvvsJRFBAZLeig/Tocet55o+Z+ZeHSZ7v+mnb9bAajM4wYHsMqzncw/kCeQRvuI3TcbsxbrZN/uLfUo++BBClRDsNOQE8YkRxCYk7vUAJ1qUwCwcBxxRVI6rpYsop4mgYrQ1LZqK1vd7Xx8L71ciZLqofRXOeLxDcIB65E0wugHLAPnnfqSKL5bBvpSbbnQjoZebrWuzeajmyZQ//AvGCrV/2GMVYJV5tcZ/OkbWUjKY2e1IBhaigw+LlkbhUwRHm2VO+HM0VquITyI+4QBROUsodPrkE7ijRq6xy5vdatFDhbfcAT/QeyhUW6Txnm+aQpAEdwBin2iiDxDt1RVX4cf67XZbIWv+QEuy2xswtpfbGCx2rsslYAAOD+tPCFwyJ6xSvGvdsQF1uf0SFyY9wuLneWsrRrgIBRjSub/HD2ItGnGAmePG0seAJSKw0Yso88Au7MzWCQgW/hEUzDNhZVTcEIWXawbJNaz5eHbFSsEE9jInUXKn58TrgYZJpqx8IDJRUlRbxQxt9a69Xbs2rzwaA6WYcnn0a+ay8Gg2AanIjIre9iJ1A8onPCNYbKeHbOFtbkA+o/vANn6nkF2u7Dy7lkMJoaosBfxyL76orkUZlNmTsSXjbiSU0bG1iW5aNCvEjLV2y7Bq4VRX3XbfeXi/DQ+7ETISxuI47Q53cznQ7SQ9r2TR/WPmH4B9l19V2XxuWBTmnhiCBuiH3agidHGR1EG3OrwE6lRr473PjYjB3oNP0vEenatCWsKRIJkyrMMU46z9Jy2QyYOKqNlXVfTDw24tAYhzxMgSbljqBh9/Y4Px9jb08iZ9WlRx0UgO5W8YxJOhH57RDSPJdCKHKjHLDaaeCk7EilXpfQmv2pmS+aOqOn65HHN4s9rZ2hr0SuojrhnqVEcbM6GU4m/rLtxAuY4gwXedk10lTfdaKKJBy6FdAa2CMp5LHT4oxMs5PdXKSQO2ANMfu4bNZNwviGt50kToXGnIihbsEx6MY2OXAQsXeUaARb+4EaGnOfYqJ85WxwOk4sf5Dbe01L/Wec5QgTtMrD/W0NfSzUMX2iha0vrkJxjsh3lY0+G/ry825pxgc05W7SZ2CuVwnuiu680wMt+PGV7cwwcBlkwEbQht5zE3ckvsYYGp6YpP4eK1/M7eO+/hXhiQAGVx8JasMFJVk48ls2l0w6qxhCcsj7mQEfWcLikI81QYfxSy2SJGhW8QOhNaCuFd02qyk5NK5N5dvNaKoP1mihV51bGeIcz4txoJp6LaNbfSTz8wEdsT86oXm5Xv0YZoAqwPpIHpQf95wa5USqvXlORliddKfld1ogmkkUEsHCJQW2BJ2BQAA9AwAAFBLAwQKAAkAAABKYptIAMcIsRUAAAAJAAAALQAcAGQ2YjAzNjU1NTU1OGJlYjhhMjc2MWUzZjc1YTUwNDU2LmZpbGVuYW1lLnR4dFVUCQADC64gVwuuIFd1eAsAAQQhAAAABCEAAABMrLN+1TgTFJqDuIxTCD8c+i7d5LNQSwcIAMcIsRUAAAAJAAAAUEsBAh4DFAAJAAgASmKbSJQW2BJ2BQAA9AwAACAAGAAAAAAAAQAAAKSBAAAAAGQ2YjAzNjU1NTU1OGJlYjhhMjc2MWUzZjc1YTUwNDU2VVQFAAMLriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAASmKbSADHCLEVAAAACQAAAC0AGAAAAAAAAQAAAKSB4AUAAGQ2YjAzNjU1NTU1OGJlYjhhMjc2MWUzZjc1YTUwNDU2LmZpbGVuYW1lLnR4dFVUBQADC64gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = 'cdbb71.js' AND file:hashes.MD5 = 'd6b036555558beb8a2761e3f75a50456' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0c-0544-4de8-a661-4e4d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:20.000Z",
"modified": "2016-04-27T12:18:20.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cdbb71.js' AND file:hashes.SHA1 = '1350e231d8be55a7f6b0f3be2355f93f7c5a2e94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0c-9274-42b4-8b40-46e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:20.000Z",
"modified": "2016-04-27T12:18:20.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cdbb71.js' AND file:hashes.SHA256 = '84d48d5c206821350b01cadc97292a4be20338d4a512df1e70d707ae69caa31d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0d-9104-435c-aab8-499d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:21.000Z",
"modified": "2016-04-27T12:18:21.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEtim0jH4cexdwUAAO0MAAAgABwAMjkxZTYyOWMyYTlhNGM5MjUxYzM0YTliM2M3NWEyZTlVVAkAAw2uIFcNriBXdXgLAAEEIQAAAAQhAAAAi0h/KO8b2t1487dm3xqriLflB6x8FOaJh7dou/u2LQmKMV5tRFjaNVagvhAXEsQYTSU4V0aBZPMk4Clbo+6tMmOuOk9OfKOHOo5AMA4VcVOjZEX5Jo9Lp17yp+33sutAkp0NBUkKtb0YtNgX6KBBkTUS7Hbeb8a0AQ2WvSehFMs5ElGijbmacS9nJ6Vsz5ppEyecaOGWKP+UmhQBhECia1nZbpClEqgDRLCPMwIb3xmGeEt4CW7rZNwCOGUEjGzPqu70em2vyBovK/muABqGH0oFLG6enDoo+eNeFokqjMU3n6sr9A0NXUzGVLUKbBy9HOSZuuL61w76gvr/IAjYgCMqSRAlClsDUUzRZBQq4oeDmyqjVB02e68x5M4GrZ4FNduf0NzQsL88dFYtWj5fGCxEdgjy45LRmQ39ZXcaXOelldBoEsHMOjpP/y2DwXEMm5plGTjBsaCpG8epKGjB09dhxpe37X3kpb18oDZTgszK/50P2sNqjcSzwWlOHeBQPUtVoCdZ1d5gqgj1utN2CzuXzP42WlbKqbBIhQDReiCFFLLDkp5o0mz3CUlAvHeTixxoQ1HLwEsIDYhYAG8pYnz98qPas0XqKmMk0IFIhuUYHj6qghamPpt44tyIhU5nql2jYp20Mo53rggc5kAu3qBFusar4z//ME8NXl+7UImNlqw4xeqXIJQC/98bT0uK5Ked35G4I5iAXYCzJApY46GZHMPfcGStOmCwTi1cGfIyrHmcnfdPiI0oHZrDzzJ6m+sXQhWLgJg5ohwAw+Ver/ghbYCaHqhMOhzwjFm/wBUi7IjRX0UHJLcwFdPGNrcvz3pC9TeV5RF9rcDklmiHCxGXNwPXiN816VTII4cPiXEeJmXoffhyhYRBazlCpukqqgrDbTNyUt0qoGwtCh0klLKeFu8zFj+JfSbzc0PmAEvWQQzvCHFZI3BaK/g+hSoxS3+7XTLxjo3cgHZPHEfzWqq38JMtvS3Ma+Ft9+sXzRTmP89nbeIvukG+g1kjUQuGDd0TTomQUsGHcRYo/VD4ok4TRDxEfNEV7tjxjDv0f23NivL5fyXdPEnTEGSoVIqf8tZ2ZZ9M9ooKqvOlrt26cCc22cDnazDlPqsIPWAFNK/f/Febs5T/P+I5e7PgCHi1knJZEMWsE+JX7qAp8hY7l5e7Mrp8JXhBEonkeBHpgVW9cJ7Xkd/harFDabp+ZHgEMCVPiQwIMIiM3YsmS/3Wcvt/KYtNzjPV46I1sDwbZVu+4McaNOZmR/yZkOAhxVgoDJuAGZpRW56S7zGNhb3swWfX8ZCo5TUtDG9OxpN9EEUOHOsYgd4yjAkiC0rxeq67+fzuhKYcNRhW007C3FBKDq3aM0vQ27NM7oVDyS4UfblO99ka+1d3Y9/qL7k4qHW1OQzDvBE6rEU3Wk1Jnms4rfoFpOCutBQ4oWmjH03GUAwmNcho+M8vOe8ivhACjTkTfUhsgQ/cFiXsgVO3RWm2mDiyLGg1L+FwkDmxUIBYQdDq7gc2i6PQY8BBt8P68wqmkqlti8ac0C3gHpf/pYm6F6eOYYaPknvOu2LgqdPD8d7zo1Um1mz3JRZd+jI/9oT1X/H3/MCpTsM4ASXs/qhjYqszKJ3M3HwlEpw1sENyipYHtWyqUqDUJ/MmnNie0xtrwp7LZZUNkedQaaOnJdHkVTzjneJMC/aOVHwFoiLAhc0HBUCLA701kV/5KQlM+KXcagpbG40IKjoLJuEKi6b2+AyaGN+PS0whLYoQp2JCP+09kqBzQB6VAxOQVu141l1iz1U8TYPFTxnvCHJfDEsq5mhRNvdUyNhGLzhHdH7Vg30Vwm5mUQJex0s3rewbgbu08q7JKKpJmlBLBwjH4cexdwUAAO0MAABQSwMECgAJAAAAS2KbSHzLwzUUAAAACAAAAC0AHAAyOTFlNjI5YzJhOWE0YzkyNTFjMzRhOWIzYzc1YTJlOS5maWxlbmFtZS50eHRVVAkAAw2uIFcNriBXdXgLAAEEIQAAAAQhAAAAzHc3O/q+mvTfL4CDRH1SMnKdTsBQSwcIfMvDNRQAAAAIAAAAUEsBAh4DFAAJAAgAS2KbSMfhx7F3BQAA7QwAACAAGAAAAAAAAQAAAKSBAAAAADI5MWU2MjljMmE5YTRjOTI1MWMzNGE5YjNjNzVhMmU5VVQFAAMNriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAS2KbSHzLwzUUAAAACAAAAC0AGAAAAAAAAQAAAKSB4QUAADI5MWU2MjljMmE5YTRjOTI1MWMzNGE5YjNjNzVhMmU5LmZpbGVuYW1lLnR4dFVUBQADDa4gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = 'cf7f9.js' AND file:hashes.MD5 = '291e629c2a9a4c9251c34a9b3c75a2e9' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0e-71f8-4677-b6ec-46b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:22.000Z",
"modified": "2016-04-27T12:18:22.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cf7f9.js' AND file:hashes.SHA1 = '102c2fd3f7dee8de85ece47bb55aca1f6e58079a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0e-0b4c-4509-be7e-4c43950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:22.000Z",
"modified": "2016-04-27T12:18:22.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cf7f9.js' AND file:hashes.SHA256 = '9eb2f1294237a310074e121855d3969964d60d36c4bffc5c7a5fe70ce99a67ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae0f-4f48-4e77-9bd2-4e9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:23.000Z",
"modified": "2016-04-27T12:18:23.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAExim0jY2KRRcQUAAOgMAAAgABwAMWFiZTBjYmVmNWNjZjcwMzY3YjRlMzE5YzU4YTkxOTlVVAkAAw+uIFcPriBXdXgLAAEEIQAAAAQhAAAAYRV8uEU10LpVicCbLvPaOkRU4x3/YEvcLq0ovmOMJpoKEeYQZJZNr76FlPltGntXF6J/viEXXIhXipdmsigANJsHObesu5X5HnPs8kQjnt9LNIJn3C5i6cx/ljZFSyVzeZc9+83i/5w1kmAKGlo+FmjRP+IjXIz163DWcSE17q0ry5H7F7g/we2hDaOlSjDxulbXCOG4tnQRxvgmED9j1tZ/U+UsO5cTPHCqNoguH+UP6iNRq1jQzNuDbOxZmAQU0OkJIrRYDyxrO0Cptu4NLSAR2j1MhNlLblUX8RS+GcCDfU/MtMS04nUSuoWqAM9js2Le3rl2PenSeitQwDtr+ncYKMPXpOZQyDXSnnCkJAPCMm2vdEn395NUcvO4kBt6X+SJbxQlTR0NDs510fI1tMewTDBiH6VpUbCrjOTCMKiDnS29yjSL+XP8OtbL7pG49+RmpJwZhPR1RByltBBkQ1RDJH0Ny+q0F4nsBjwQ1mxnJhS7/J2sM0wW66GwBTMKIrzbrSFEel1dpXh2VQLN/S7gJqQzUkyaZIuMlc2G9edrlUI1q599BeXvLL2k93pAss9dZtvIw/XHYlgPYqElpINlkVczueKWXajtSYKaRJOYVB6HI7E5wk8Y47974PnCEz26ujj4d4Kx1nEq5mrcgrABqfo07jf+yWYC5inMKzm7wqE851HCDy0sPR0jOQjwOEPbxfjW3AzFfj5j/YlsBSZu+YfR8iVAXjUFFsldi2oDtPcUQpJ5DfiIFSNVr3o2R6xzOnzvMaHSRsZq+xDxlcQouTKsVdo24erAlQC7E0zQDKb9wLCcZFH0ZRBjpP1BjjnYFiwvJ0o5PUdo2pPQeWDltS2m/eD+yjSS7u/w2M/q5+ibv/8FRYzKLyj9zC9FZpvP2IR8U7OmhWka8q8EWdPqLxlnXDlkhC5MNIAJCuqVfsBane5PyATaWPXUu/ah6dI3j6j9BRPcrifaT4YXET3A8Sfx3K8R4S+Qq2/9meDnULuhoyA20aiy2GXr25lOAML7dQjoyeyyCD9Q8e+wia/T7IQ5sGs+RAtLgWUhhWE5Q2lMTtogpN0IbMprL2tZUx8C3KIebr+q5vieLqf4h50JgduBCHCOgOUJ7KcHmsRXG2Wv0cSYzy6Nfw0Xj9flZolTC99nBqJzUJe8Xw8SMTfy6gOf/6eacSRkuXnHoDi/ZQH/mEALcazgGatSgf4q427NY7FoOn0iAYkxsrhmhh7rQh4B4yy/0/glIVWNtzgCDbwMoc+eDjqTcz0FTRbgy8N/7YEhhuYdRfdVKVqqEsHWB3tUzw8WfQSko+Uwa0z+WvintCUbEvU0ht2tOxKS0DWCQ2Sw16z73k79ctjOcrjx2hSPsZBvhrgJ4KOSuNoLYZ2kbFm6Kk0boThVgfYYIbnhVRzo/87UzdBkBVVtdVy4CO8Kq0XuFBZWpytP4M54zt/LB76PQIzXybpT13s+lY9g2qfDx7MIYCjZulCHXLk1waeosVccrRDSjfk+UxnKK2EQTOj2e2qEtNgf8luvZKRpDLUPMxT7GOB5EstTkr9o6/a1SfHlSEDFLxYBM2J5386GNahY1PF/5TKDcKLIvZtLTZJrNi1BYMcdwPMvMQXBN52FRTkNx0kikjLCfQJeOUZ2by5GPKdS8Z7p+pZKV3FySgegqkw2GZfbmhVcOuuNrhhE8ES2SIsOv4xcN+NRQF0cF3ayg5tiK2un/VdnEPP/BTbuvwmD0Eh5Nz3/X8eAIxmgtriOKItcSRwPZQ/9uu4tNCRZcM7c3FUxYKdsRqud4nyz39Hiqyl1N0YhTI27aRMm1HaTNnqg9syCEgafOEXInw0vyH66asLJPl664VBLBwjY2KRRcQUAAOgMAABQSwMECgAJAAAATGKbSOkkFhYVAAAACQAAAC0AHAAxYWJlMGNiZWY1Y2NmNzAzNjdiNGUzMTljNThhOTE5OS5maWxlbmFtZS50eHRVVAkAAw+uIFcPriBXdXgLAAEEIQAAAAQhAAAATKyzftU4ExSag77drdzxPgPdRdvjUEsHCOkkFhYVAAAACQAAAFBLAQIeAxQACQAIAExim0jY2KRRcQUAAOgMAAAgABgAAAAAAAEAAACkgQAAAAAxYWJlMGNiZWY1Y2NmNzAzNjdiNGUzMTljNThhOTE5OVVUBQADD64gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAExim0jpJBYWFQAAAAkAAAAtABgAAAAAAAEAAACkgdsFAAAxYWJlMGNiZWY1Y2NmNzAzNjdiNGUzMTljNThhOTE5OS5maWxlbmFtZS50eHRVVAUAAw+uIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = 'cf910d.js' AND file:hashes.MD5 = '1abe0cbef5ccf70367b4e319c58a9199' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae10-3050-4c67-82b4-4ba6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:24.000Z",
"modified": "2016-04-27T12:18:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cf910d.js' AND file:hashes.SHA1 = 'd1954135672f66e5984f4deb3b6489c7bc99a08c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae10-aec0-456b-9387-4c67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:24.000Z",
"modified": "2016-04-27T12:18:24.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cf910d.js' AND file:hashes.SHA256 = 'aca13acd3a6d756eb63150e25b58a9133397782d826f7d1ebc16b4dd4f816b44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae11-e598-478f-a5c9-4044950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:25.000Z",
"modified": "2016-04-27T12:18:25.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAE1im0iTg5qMcAUAAOkMAAAgABwAMTdhZmVmYjg5ZmYyMmFkYzY5ZmExYjkzMjIwYTk1NzRVVAkAAxGuIFcRriBXdXgLAAEEIQAAAAQhAAAATUGIfpOYyEcuSCtE8Ac/mt0IHtPd1YivUeqMg6/karO/iD0xRUvVlWx1qlEvOtweTUNk+I/b7eQiXcAxhPfYZKlpYm/JEJaoK4cAiV3gHr8Out4+YX3sVTJLZhjcmhFvIe5K4HbWc2vyMNU2ZLWujL775RkTctvV1Ghn9Grlhnf7cpg1a7fxdbIeZFnwXLOj6GXKfJ4M9C7XS25XC3W0Lc3Dy3zc4iCqE55kDMU3l0KOpvLpByIpi9F+g7B8e9z9EqCzUIi9sg2lNsl4S1lgMa0QFF7T/rbknljeZuT1vn63jnEG6V5n4wkqA8r9qMfn+L5IFpqjA4iaACnbwYeITTuL6nMG+3SoUshJTapeMLNs02a6h1knKIi2YGeCbbcLackkflW57B20SniKuTSAXrnS10IH7ZK2LmASgHrzV/fA1ViEXj+MDjuZNWhsIQ31MwVphbgGs+NicPDjzj2iPqGnMljWPAf+ku77jbEEqk5TL9toOL+sQE9kAwbAQbTJowzQFcD4Hh9p8cPcysewJoI4ynJydMqF6WHIHpLlx7/gL1WCajxe9WuelUZK4io3fKng6NGfNE8/bPbUM/rcT+XWnmVmIIa+G1kyErOqD9NUzpQDVWrMOM5SxlW8vWAZpWvBwx5bCMw9BkBZxz2Wl0aJ3RvTfIcB+OkR8jy35AQ4YebBQ/ALBMKIzMJTDT8ghiLZfQUJnVM6YVliDA5VQus66Oclgt+ecoEIya4eqEMswnFAwPXZHf5b6vIvDVKnmKDrhcPSuOAlmPyeh6pY7oydm7VAkQUBp/BFSNxn9eCUI3xVNtaczSOh/UZ439ESRE5aIVr0k+tkxAv+75nUN7fqFEaN/Mdg9HC6h4FmSbHmxbfEp/xnolYPFzwjJJvsgOwOd7dScPrTB0YwKWP5i97VSKn7O81tbrgDSzZ/BwshIv8aR9EgFAYYG1q7grLzy8YbK6ILekJDzFI83JKkHAcKGNTXZ5Fs3Hv2K+wTeFEJ2cBrmHgFsq4LkgyXJtxzfoEqGgHlEyP2Ir1VdXkF+NKOwz4lVpBp0QmsUDxK96SG/cYWXhJUTkCyAwg7qre7j9U5cfEsViphdp9ivEPXgSYR2Li3LGVshxcZsx4mn292U3tyi6zuhe/eRwFqys1S70bwDttfcKu6kQUpqbotJ2/ma7u+jNhVoPLPqh6rYf+qWdzXFD+nx3wRGasyhBKL9xUozZOIMkAR/1vvH5ZAyS5JQr7ibbWsBDBm6x+Hwrxig8HOVciPyPco54jA+3JrtZDzWdMMZFLhjTjq0rOod4DxN9WYXV2QTW+shZHWSmkvHjCij8s75RE+wL3TlUEIeIgnaJWDcv/vHhDztkU7w8pmKyBGfywmoqwY3Uj+vZKdIfMiARm+uF9fNhbfdF2/OZpJulN2j3xaA6i+3EgfzLEOmjHDpwdZD7+HitK383iJBJd910SR8iMM8gJypEcSo3idYeqWiL8ICB73nrQZwB239/KlBynw1plnGQpAV3k++IJQodvBaQZpC8Z3Khhyhf8qKgg5rL0DDN9gQRN2YZoqK11+tE0YZkFlyzvmW0b4530xQnHGZVjfGEns5jf2DtvolfTKZ71xsdQt7DIkIIPx+JanUrKAdlE93LI+zBHLGePPq2QReAZ36B0dqn8hZ8MqfC9wavZiucRNC7K/83eKs/K1s1cTvvOlEeCALaX6wnyCP+ny8hKZNzpCuJq1JGi6gYfYHjbY77AsKUrK8vaMsQNoQZoolGeT4pxQCVcm9snk7MzgWx52+EcSCTZjEBYjMKrgvaw3h0rd4EVXC8gqeuR1iL8rq+gBDA8VweYWjKTZJETzprn//xrKKQXmUEsHCJODmoxwBQAA6QwAAFBLAwQKAAkAAABNYptIesT/6RYAAAAKAAAALQAcADE3YWZlZmI4OWZmMjJhZGM2OWZhMWI5MzIyMGE5NTc0LmZpbGVuYW1lLnR4dFVUCQADEa4gVxGuIFd1eAsAAQQhAAAABCEAAABr29cZGSJ2lRZz27PbsvgYxv1VVRA1UEsHCHrE/+kWAAAACgAAAFBLAQIeAxQACQAIAE1im0iTg5qMcAUAAOkMAAAgABgAAAAAAAEAAACkgQAAAAAxN2FmZWZiODlmZjIyYWRjNjlmYTFiOTMyMjBhOTU3NFVUBQADEa4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAE1im0h6xP/pFgAAAAoAAAAtABgAAAAAAAEAAACkgdoFAAAxN2FmZWZiODlmZjIyYWRjNjlmYTFiOTMyMjBhOTU3NC5maWxlbmFtZS50eHRVVAUAAxGuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZwYAAAAA' AND file:name = 'cf3401d.js' AND file:hashes.MD5 = '17afefb89ff22adc69fa1b93220a9574' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae12-377c-4bee-b610-4e30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:26.000Z",
"modified": "2016-04-27T12:18:26.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cf3401d.js' AND file:hashes.SHA1 = '3a3f414fe1d2efa479d3b76280745c1093562f08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae13-8560-4203-94b4-4a66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:27.000Z",
"modified": "2016-04-27T12:18:27.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cf3401d.js' AND file:hashes.SHA256 = 'd7b1aa05d95d8358f8911ccd6ad871abfb4d080536192d39a7b725d5911b9e0c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae14-5854-4b40-abb7-435a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:28.000Z",
"modified": "2016-04-27T12:18:28.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAE5im0gOEvmpcgUAAOkMAAAgABwAMzYzMGVhNTQzNWRiMjFmOTk2YTgzZDFhMjY0ZDdjZjBVVAkAAxSuIFcUriBXdXgLAAEEIQAAAAQhAAAA2tj3OIYLqiVfxV7BOJKeRsjxZyflciXJ7xVJW7/ztFPsTUpqDvrtK3zhYX93Hb+Fbsh/itkw/Y4Olrlsz+sGDo5Usky0xAWHBDcghn/Sdmv1q1aAr4igrSsqcGtwVNP2mwe46GYEEQW2En48FvyrbW6T48YWItUClnaXCg9NhGMZcjk+9Cy+HTAOeHddSUlGwpRecl0T/4cokQD0o/kcvjpnMwqhEhJT7gZQPX9IqOsgKfT1nEXAYzjrHXoFMCEaOkA7a5xqjibaXmtth8EBrvX/JtU0INT6sww5mWRyU9unsGbDTd4KTug5iietOwwmZ3oDrwg3jVwktEpmboPTm5zmakSxlOnmHA7BXPMEBAFOSurPo3HK3ipdaGxQY/ITgtOeT+Njvser6ffamWsy7pH5XSWS32csGIuiZz/MMLcyT3BeVVA24TJNeNTxhnc+Kn0q10TzjTKQoxwzBGbQAOyUWExptq7VOf0jxh7TMBMUhm39nj8UwGEO/R6oGQK8iSzc4JlJvJ6/AyHsCUtburHbCeBifVEQfKhUdpdlWMkGlW6/G/2MINnqO8al1fjhpr1rMsAFbl3Gl2HwiQRnMgHyTy6TR9noWYerJU09FodBQOpk66WFC8vOYDh63QmlPv3gUOOc6pVwVeelbunxd0Kq7y88XD4RFP/cElvOuIS+kNKRgfBvz9vNsR9AfgVk4uk8EFOTtNWMslobUKl8wNZVwRlEWdeJ4q7LBieFV1Yghzwnrs/ykL4OfWrQqB2Y4VVaLBMzt0XwOT+qPTJb/RK2bJHkDJWibuH2hOvnnAH8ibEr1TmNgutGnga8tsWQUm3QCYAuvmO6dF34QXgstPOUGCSIZLoDojY0sMALQ4bypcDr9Ehfec/2XUkvboOxjl3xDih9adaPx7EcwpfafAgV29kYpzbzKHhMLuL4SDrrAjsMxP1YW8pb8xCBncz+Td1Lyl1lhqSi7lyyhKZIIy0vgla2SDevrnxTn/haEcXMZgymux1dHALlu0cKhK85V0I/HDkCKGmrMSTwryuHaWBK6POVJen507oh7WLyb03TkMXNdSWoFcUw1iiNRGxJO9CrzddU53fGAu9tthJhEzhJra1N7poT643AlIMZ888aDTF2bc4qbdZxTUajHStbxd6krSGJvw8xq8EXDZ7Y9KTqyvM93wer+FsJzHaiW9uSTf9Pw+4q0K2/HEBNlEdfEGiQLt14RoqLw4FYpmNehrLaMRc20bTQnt+r4Up3/SzhIgRjQRNw+NQe285LiYnrsn+OIg9WMwhs82AzX3cK/WmbQJUq1LXJJx6CR4iAmk+nhauCX1LABRa0NG74iJQms9tjzF2szi9zoY1rbPk0R0gVeflKZVl1fNWFlC3gpkEvpb6jrHPzfLNxJpRdxmkauYIW+PSLAzTdp4ysTEreCxTU/7ZoGNCgFCzVoMa1khT9LJDwmVYGvFPBn2BhffqPihIRVNPwgoGKuKvFh8DKEnozJB+O8Dba7iF8MW02Dw0SFm+mBRf+TJoGFreSAw3Y/jo3AzmEx8cSU0GB2fdm4/0/FEA8DaEAQV6kQVNsPaDqIDYz7slZBBwJac9TC1PoJdkXaHeA8ZBS+acQLxdisj7Yac+37zZS+JoXuydtHwNdJB0A/KJ9gufe/pDlFt06YcwKHfyo3aWQgy9LuYVJUnkxAa3p9ST8W6ZL2Lp6GzGhM+nnPhR66ZqSLf8RxBgMDPTCMwhZGbHlLrZFNyeS2QR9a97ZKf6jT+nooJJLadDaYO4N1IY9S43O0yRJiRgIOG7m4RzQ+yrsjU+N+6VQmvePA/dMnIduOf8WID+AQtjKweyjy6E33Q9HmzS4pn2V+uNQSwcIDhL5qXIFAADpDAAAUEsDBAoACQAAAE5im0iGpOv6FgAAAAoAAAAtABwAMzYzMGVhNTQzNWRiMjFmOTk2YTgzZDFhMjY0ZDdjZjAuZmlsZW5hbWUudHh0VVQJAAMUriBXFK4gV3V4CwABBCEAAAAEIQAAAKdA+jw2ZI7PADFovmjgnQPqC22+dg1QSwcIhqTr+hYAAAAKAAAAUEsBAh4DFAAJAAgATmKbSA4S+alyBQAA6QwAACAAGAAAAAAAAQAAAKSBAAAAADM2MzBlYTU0MzVkYjIxZjk5NmE4M2QxYTI2NGQ3Y2YwVVQFAAMUriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAATmKbSIak6/oWAAAACgAAAC0AGAAAAAAAAQAAAKSB3AUAADM2MzBlYTU0MzVkYjIxZjk5NmE4M2QxYTI2NGQ3Y2YwLmZpbGVuYW1lLnR4dFVUBQADFK4gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = 'cfbf7c6.js' AND file:hashes.MD5 = '3630ea5435db21f996a83d1a264d7cf0' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae15-8734-4d30-865c-4f2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:29.000Z",
"modified": "2016-04-27T12:18:29.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cfbf7c6.js' AND file:hashes.SHA1 = '77741eb0c2469cd8ef8d49e2a56b6ca801cd1476']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae15-0440-4ba8-8a3d-49cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:29.000Z",
"modified": "2016-04-27T12:18:29.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cfbf7c6.js' AND file:hashes.SHA256 = '4d28d9a18fb83bafe33ac4ec23168d001fbfdabb8eb3fc587b432a765bcc5092']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae16-0bd4-4ceb-8f88-42d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:30.000Z",
"modified": "2016-04-27T12:18:30.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAE9im0g4zMfpbgUAAOMMAAAgABwAMDU3MzI1NTVlNDFhMGQyNWM1M2U4YmRhMDU4MDY4ZTFVVAkAAxauIFcWriBXdXgLAAEEIQAAAAQhAAAA2tj3OIYLqiVfxV9xpqNGBDulF711gF47XGh9OCXGeWpD8U7oFgnmstuqOkUCkxEcHz4nc1rP2Yw5jBJVS9w0Du3oeBqU5FGbEwwSpNrhZ5Hic8ejt2+zksKjTNs7gXJIw6m9wYTIGy/uaqmEVGki3cs+15m0FQj/wsShyecTyey9VAx4FbfRjzm1VccJeDc/z3q5cSGqbpG1nf0we0PUidBA3fjHzQtDu/qIGA+iHibgU3NeCN7IFZPW5yGgzDhalkE32F9Kpr0xezBzjWx/qOj1P1P2KRKYKrnpvnwyH3uP1tGpP+lj2zpqOhjF1O0UO+73GJXdfHmYPY13L8nXLv/L3PfBvXuZ1X63RCWepisYoz6qes3KHR7GvTWE0oRolG29KJ1+WnNirV1P/kxHTzliG0pWnlL//VFHZYSYlsEVE+J5RXUvc+f0vmVgrByxjax4QOSeUh6hbIKi/R3UqkYOid6Nkr49xa4t0yhFb9vPaGCC0u90W8scjJGPwT0N+OfdARc2wVMzFJbpuQZ9jAra3srRbd2C8soJA/Ih9+H6azlwJXnWmaSG0kWjo8DB+B+283mC4TsRXKsuMay3wJxmvFgSbCsS6vKztyG1x75U6fknLD1P/oE9w0NKoqQ4o9EsZ4oL6JmJOhMwV6nTmqiBUIdCmfqdMuW1pC6JxMJul9ygFKhQiL1bpT+YjzOJEL1w37Kfy3tqzwRbLemYi9IJkA2zx8iW5/hUL70dW1KCplryqH+Uk6/7pincw1n+5tozmPgKq25JW7MaiiwhL3s+h+rarSkQ9CkmrC7fRk0BGE8KVVP2tHNgIjGXxurgh5WiKpPDtdnbU8Hq1mInIbqDt1i8vEYpBqyfuGgAug2YOKdm4qEqpF1vpvTvkWcNcHwRr4+goLlITVUw1UCs6yvlnwFf33u6y8c0rbXYvne6B+hwa8geWJ30OeQPTNDNtNAG0tKZcLdM5vUFFqqp3LUPPWhupS6kQWfVbglmM+D9EwCsZaGUGsVFp1+0qIyjtAKSWvCTWB3jXHLUNI9XqJXczfOR7cIPsv/dxWXbhaYNm6vImVzXa1kn7goB96qQ8sUOvMSAXG/9MTMMq3RAhNpDDLBaq6K4d/wQijI9tlNn/zfS4CnC+Nqfl9dvkPOlum/2xlRw1iFUleeMvYMHfceFHoG4hAdc9W1O2CPAcb39HAysHEs9uDBCYLpbqZu34b+E5MMO2b7/RjDzqsxd3Ny1yeE0CjPhvIT0dVYYyo4zYMM1QQIrjLxHKtPkza4Z6gUF3fcHx0ZeQ26s1N/vcIF4WAU/649WyIHz3tNfE6tHsIGQe3dHLjwWUkRK2ivECJr6QvSHQ49rxnBgl/pPrqo8ZxZgHoMOhhAcxjK5Hr8HehbXlP0woAcbmmkdcrgVEjdWxlMwTLRBvKnaLkbxVTs6M7mmKMbZd9K3mSY99qS8WRxVMJcQWgaWU0+Wl59QCPk2wZiwqPIt37VxqZPv+kb1LKNKctrGVYYxj56gRNCaD3LTjNS/yMSJCWcLZKE6ubmuO00wYP8jvGyTMSeQKZbdaskgQsComy+WuPlGJuQU0zI3CMMHdl9tWjYCGaV/GQC9hDaCgMEmW3tqv9tZY/DQ89KGAZPlPMjjdCu9UfXuNqkVbPkPEURcq5/NUak1VcLmmRX6YBzXR23aBajBWvI0xV+QhoqbK1Ly8W2X8bgdcyT/hP7umzn3m1SmaBRpyicJiP0jYQtV86c6eeZGXcfKbo1tKSd2D6PkwL6vvjJlhJEzSsz19YjdXMgRWeO2FhCdMutWH8Prz6fp0hyxEAJjx3H1DYiAAOiScUB8BGin0NI5TWuiM/omIhfG4FBLBwg4zMfpbgUAAOMMAABQSwMECgAJAAAAT2KbSJ8/ZYYXAAAACwAAAC0AHAAwNTczMjU1NWU0MWEwZDI1YzUzZThiZGEwNTgwNjhlMS5maWxlbmFtZS50eHRVVAkAAxauIFcWriBXdXgLAAEEIQAAAAQhAAAAp0D6PDZkjs8AMWlwHgJXVPTdzkRQeGlQSwcInz9lhhcAAAALAAAAUEsBAh4DFAAJAAgAT2KbSDjMx+luBQAA4wwAACAAGAAAAAAAAQAAAKSBAAAAADA1NzMyNTU1ZTQxYTBkMjVjNTNlOGJkYTA1ODA2OGUxVVQFAAMWriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAT2KbSJ8/ZYYXAAAACwAAAC0AGAAAAAAAAQAAAKSB2AUAADA1NzMyNTU1ZTQxYTBkMjVjNTNlOGJkYTA1ODA2OGUxLmZpbGVuYW1lLnR4dFVUBQADFq4gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABmBgAAAAA=' AND file:name = 'db1dcbc0.js' AND file:hashes.MD5 = '05732555e41a0d25c53e8bda058068e1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae17-9d90-49c7-9a0d-4bd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:31.000Z",
"modified": "2016-04-27T12:18:31.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'db1dcbc0.js' AND file:hashes.SHA1 = 'fa9f13980fa09e3167eb0f942814bbef53f8ea94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae18-1b54-4ca4-bde2-44f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:32.000Z",
"modified": "2016-04-27T12:18:32.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'db1dcbc0.js' AND file:hashes.SHA256 = '37070ea6a410149a8148d2b15720aa0481c2287b5eeccba05c68418eba72da07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae18-ee74-4969-86ee-4173950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:32.000Z",
"modified": "2016-04-27T12:18:32.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFBim0hsw9OxfgUAAPUMAAAgABwAYzk4ODFlNjY0NTM4MTllYzYxOTUyODBhYTQ4MWIwZTFVVAkAAxiuIFcYriBXdXgLAAEEIQAAAAQhAAAA83iQ+QFYCxmX4JNOtP7Vbv+Map2Zxq5ieMtP27ORWvF48p7IHgQYND1/WAt0M5N33ppJgwewUVmdONN0oZ6szsVWmuTQpgyO8sQ12KFbkdIn+d8RhNRaqXJM14TiRDxIltP1vgSxQXrDiw2LmiN7UxH9eb3Nm4SovQIp+6djyBdi0+TANhUUNL6KU2tSSPT76cHUSFoMqG4cNmHPxbxZoks2FanUC6FE4LoKKRsc3xp7d8BiUxLqId3L2C0PUQJGUMGezRnN4vqt+Vb8d4dECtuT/CWXrVXskDvq9UH+aO6tu/ZOxfLPbHOV9uzzt88Gz9D6IfbnRmK20esjdKMac9a4WbHfl9yEHOTX8isvBZuCOZ38wgd1Wy+nW2OHFF0rSQlaSk5u4xruwZfYRVXCesxFk+l5ARHwcvl3YxILTPR4hzWpaI87QLkQhzX3v0Bns2ypt0Vsw8ef9NRTJs07TB9EJrQdxqFO8d3gMrXFfGtgjO7laeWNRT8J+qBHgMLmdHttZEDH43q8GSPzrfcD+Wnbh165gwL0Ck0hmwJPlDQUOhqsF1WtuSuIj9uW4LJjoJg9VpKu6q1cTgVrMqcWL23Fe/dGGOMxnP0KBX0WkH3ODLcjVLHai24zTwSqgRNNAhn4wm82EjAIxsCYvb9hq5jsvz+Rt17u/jx4wyR4MlKSSPAGjE1sPYXyc6280qBKFs+ltx3Oiq1HLAgckoNyY+4t38LSXW5d9YoIFPvb8FWyvvRaxJuc+qsMoqxnyxk7Ooor72EUHUxHtZRahpehs+eAxR7F3dlfgzRQTV2yjt65/GzQhdjz4Lou4xV2HDnkeMp4U8fZH5uMcNHnEdMA4jnbDjEAihTnkpqbvkhVtMn7kWN3u8CpmNvmwQczqqn1uexDZU5g7zKlkYpzL56wDvu9zNz++7T5u4TCOfiwGq1u7O4sQ68v8iS0KO3eMLaB8tl31sp73tgDAl0plZVABZ38i5L6caxUqi9IjCPcJhuJMrKTob4hQR11rT140KGIZ1atw4kjrtiSDNk5aRuPwAywxhWURaaFoNLtxhBrfwAk7mcRJ/vlHRYEM7pF/81eXGhGtVJ0LMf5M2kytTXREv4DJDAPQaMQ7IHhTJrRUabph+VEVcjtEuAcRpEgGWYyjSG/8drLfTa011ucHHUz/ZcQQfE9hH4GQfQorWIyciT2f1juGUnmmcvbMAoINC+A0+7VoziqPXMEKWDhzWIy1tW0NeZmt3zp6O1tdCsYTY1gsnHVhWLXgr4yFvv9NXl5XvhLFvbp6JMFVa3A9abK2pT/P5K+StP2gUa/dRWuB/vYFFPCoFhIMn6xdBnGYKgb2o6Jc89hd2sgFimCXOS0uyp96CfVReIVm41LcV/o1GvREy7yrENv4VH5e7tN7peO7sZ7Ei8e1CVVH3pz1t8vdfB8jtjWl0cFJfR2an1JxecBE9qSgz1jrcmn2YzaRqkCRGpzfsFLlQW+r6CzX0MhdYXeM58YbSE9aLIPblf+doR74VvJ2K+pF6t1mWRxg9j5Q7TzEApxEyZCICL/DhI641irV+xUF41QdnMMi9qWtIB7cgdmWrSB6lX0C32znMbnxKvxrya33vettPz8WCIbpW0opPyLXFwUTfvXrA60Raii+eUUclLAxKZeKNUOlEuK2CNmVjKqDjV4ck7lLtbP8p+bU2cZWZaIzZrfHZIFcMp+7zFEtT9E0zGnE6lBl8j4tkdYj4xsRdtIdshILDxom3kf90xly5FPZYVCetQA5mJ5VCQOYvfUBdc0fsxjDrKOVdoY8DdqZfc7J3fupz8ZhSH0tvWZGtTx0kTSoajOGNPuL0RnpN08PF5HRGooTXIHKZNdKwr0HSLxDCR4DCdQSwcIbMPTsX4FAAD1DAAAUEsDBAoACQAAAFBim0j2Ah6gFAAAAAgAAAAtABwAYzk4ODFlNjY0NTM4MTllYzYxOTUyODBhYTQ4MWIwZTEuZmlsZW5hbWUudHh0VVQJAAMYriBXGK4gV3V4CwABBCEAAAAEIQAAAEFUfWxEldbZZDB+iDgF0NO/cjHGUEsHCPYCHqAUAAAACAAAAFBLAQIeAxQACQAIAFBim0hsw9OxfgUAAPUMAAAgABgAAAAAAAEAAACkgQAAAABjOTg4MWU2NjQ1MzgxOWVjNjE5NTI4MGFhNDgxYjBlMVVUBQADGK4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAFBim0j2Ah6gFAAAAAgAAAAtABgAAAAAAAEAAACkgegFAABjOTg4MWU2NjQ1MzgxOWVjNjE5NTI4MGFhNDgxYjBlMS5maWxlbmFtZS50eHRVVAUAAxiuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcwYAAAAA' AND file:name = 'e0c7e.js' AND file:hashes.MD5 = 'c9881e66453819ec6195280aa481b0e1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae19-c2d0-41ac-8f1e-418d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:33.000Z",
"modified": "2016-04-27T12:18:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e0c7e.js' AND file:hashes.SHA1 = '6b627be164e9372e01ed339b594d20f1171f2448']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1a-e24c-45e1-8d5d-4ca1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:34.000Z",
"modified": "2016-04-27T12:18:34.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e0c7e.js' AND file:hashes.SHA256 = '956742ee6039912d4405371405d07d2d9f0230e5593efe5bef79bdedae998ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1b-eebc-473a-b3b5-41c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:35.000Z",
"modified": "2016-04-27T12:18:35.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFJim0iZRI9aewUAAPQMAAAgABwAMzc4MTE3NWEyMWUyNmE3YWRlODA5YTBhMTg4MjI3ZGNVVAkAAxuuIFcbriBXdXgLAAEEIQAAAAQhAAAA8u9dkmzWWytTYIBImeHjapaGNW4t06eF+lio3ORgtz+qXqdg7fxg5/dcRNNxmk+bT2uxxPOVOs5QP4BRwLE4kzCTOh1tOLc//zSp5CM7cZ2Jtt1pwGTpEKvCV6LWZozRRPmfn27dOEVIlL+TvGb4z8c7CT74Svk5HIXbMgJcOG0IIxKXNGmynsJoTiMAfrqgwuh2BcOQrG5MrwkcNhJOb6311GUY+on0UqwFQpD46KJTyS5d7F65V+1yBnJREFDCZkOSIT5uyV4KiOUcduAIyv7IUnh4O5Lyl2+wtHtyHn3oVaLm3LqvE68GNVO2R3eTtdh8fQIVF23Ss6eoB0wxOvjrc9smDoEQjgc0jebZEitbBf0wqohL09COaQ/wIUAqMK6U2jhf9EE3hvLoz88+JZnuCO6fxuoF+V/0fzLL/kxCWYnOfrSE3Z4FQ2OBzLbBF8h5OCGKZYjRjqM04bx0TlpOxrXTRVx+ceYbZQVwN34+Xoy/SxhQo/pplDFvho/6h3LnpMwhjOYtBvdB6QHZhzgASwdOOyX88s0VxCYMdb8AmAoX+3MAE6S1Y3A0T33RVN3YRxlIOB9Lzmi4Sj0IqGMjftPT8JSMkg6MWRmZJAMuzed4Urbi85Fhaicjc/5nkIon0TSm8Gijjd2l8sFQ01SZyEOl19dXhxq2IqZk7VP4pXLQ2WsWMDbKijgMr85pT5FU++kqc9pW9mV7nViXeSqDlGE7eLeJaNVPRpudRp+0MZVIESVVQtRuXxDrZ1kFdtCEmC3LBaQWxFg8zVoWRTtVRLOLcQ4ZvGq82qH6n0qkFuzlYX1ZOJ4TxiKOm3Jc6VG82TgxT94rCX6idMldLfZBZQmyyv9ssPBJlFKphcfvnkX1M6Y26+0zfc4YQbuVfZotYhEuD6sB6IutanSc+f3nJjmRetx7XMFS4l6Pme/b0JW7MCySoLXkqaxhtEmqHSIWqS+6sJZZLOyrmA04nBc44t0lBlg5nHnXuKAhYqs+ZEjNi3y6t1EjqE8WXZeetrTs1E650JU3IptN+c2mf7ROrDQr2ax9OdFao1PSrvL7RDMr25hRfhfA1Ajv+SKdWRC8b7pCDqcw9CziJ6Lf1SmA2PBYFOCw5t9BiK7FkVA0o2/8BrIo5P1tSH7PqDxNq/nejXNUMoWRnTmXr9j9g+qPcCpOQCgDJPis3cQT5akqR1MIcTt2lPxxZ7RCt8HfHwbhGqFcwAL2sMCa818jncaiutv53dqxyO3191vCDv7aKrp2Pflg/71nIyM2s0G4yCuX4LdWYrBRQMpKz+KHBFWK7YBX/+2bmy6t27HKShWVNMtdvTlhdZhywFCwgyqAdKc6zD4dzZTct4sNgbJYG1qheifEdAd6lC2MEXZW+H1mmh1KeneEcj/CeP/tevxHLx1haTqtjIzLUKeHAZnwDQJxrSS5RirDCW8/kh3W5bMMCjcM1HIQP+cEDzXLIP2ri56x7VjeTKwIyeCageGgKVvr2XJcsPHe5wIogSZTz4WVzlYJ4Oec9dxlV5YfkamD4UkidgcMEb7tZKiWIzaijEpJQoGRsz6QjapXtKEwcNcIkPSg/iUpj/wODnrO8AAZHRDTNAZfC3Yt5oXblThrFUxr5p9PiSNgXwMcYEVvqiZ8gLI5QOfr+FzKRRbEbQ9pzzlGSlTuVzojZVbkPpZ086DQhRT1sdmqQ9JS5JlZ/7XoQVQAP+V5m28Jjf2V2eSPxpjGZ8x0hafqcq9haw5TYPm21gG+BbJF1h1TbD7awFG0fZXlzMSy0MRjBSxKBweVMcHpOMVoNuK40UgnWd/zRUFqQ6DJ3c1D48NqjJiyps/ZxRibdzzoEt9DGIZR+HWLjaR8x0x9//YgcH9QSwcImUSPWnsFAAD0DAAAUEsDBAoACQAAAFJim0i0MapXFQAAAAkAAAAtABwAMzc4MTE3NWEyMWUyNmE3YWRlODA5YTBhMTg4MjI3ZGMuZmlsZW5hbWUudHh0VVQJAAMbriBXG64gV3V4CwABBCEAAAAEIQAAAET0/yDGRju5TCfrmLkdMoHKvdJWiFBLBwi0MapXFQAAAAkAAABQSwECHgMUAAkACABSYptImUSPWnsFAAD0DAAAIAAYAAAAAAABAAAApIEAAAAAMzc4MTE3NWEyMWUyNmE3YWRlODA5YTBhMTg4MjI3ZGNVVAUAAxuuIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABSYptItDGqVxUAAAAJAAAALQAYAAAAAAABAAAApIHlBQAAMzc4MTE3NWEyMWUyNmE3YWRlODA5YTBhMTg4MjI3ZGMuZmlsZW5hbWUudHh0VVQFAAMbriBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHEGAAAAAA==' AND file:name = 'e3bba8.js' AND file:hashes.MD5 = '3781175a21e26a7ade809a0a188227dc' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1b-24ac-4a43-b7b2-46c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:35.000Z",
"modified": "2016-04-27T12:18:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e3bba8.js' AND file:hashes.SHA1 = 'fb82124392390ccef8c18e68fb749b3cf0c93c89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1c-f914-43e6-807d-4f62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:36.000Z",
"modified": "2016-04-27T12:18:36.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e3bba8.js' AND file:hashes.SHA256 = 'cc9cbea16b867f6f795a5441a32a49a98755028fa4b963c032267db07f2d0d3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1d-0bdc-43d1-ad86-45a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:37.000Z",
"modified": "2016-04-27T12:18:37.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFNim0gRtfdRgQUAAPYMAAAgABwAYmM5ZmJlOWQxMzNiODQ3MWVkODM0NTVmYmZlYjM5MjdVVAkAAx2uIFcdriBXdXgLAAEEIQAAAAQhAAAA6x+jxIUKLnrO56O8co/vBEkMb0kbYCa0ckvlsMxVY2PcO7Bdj4OE/RfVmF6hycepdEAr67N/dtOSiTuiuR92hOavlYRO5k3C8gV3CnYfIpGHqc1gzJCuQkPsT+lbEum7R6QTgK0s1HKdJ96mVMggm9REntifnYBgZVfVg9vGGpm7bG0bsB1s3F/se7yA6y0VzDtL/lI1Hgc0/NgiJomcitYimHZnbqYMhr1u9mWY1h8njq8J8SkK3Ay2Vg21h6RARo+nf0wMdwwldtMPSAhyjk2e4QN+Wa6c5JJKEn0ZU5efAQNsrrbtWHUoN5cu4BDEip9FmtEnEls0SdQQ6zLd/Q42ifJ0jyo4OyMdyecgpP7f9hKjt8yN9S8YbazBnonNT4VoQWkUsxCvu9PBb1M62oyurrbG+NW2LO8fh66Y1p3Atkzl8kd9oVEcR5FaZYRjmzGLd8PjX19Qwcg5uqipfeIgLc9+ghmV0N/jxXVD9Td2x4sW7udw9Lp23s42ub+eTwBj9PJnxMhAhxBUZSREq/HwCBoK45mV4SWjHRaR1EkceT1qd8R/TVwRQCMqUgyh0OQlSuDaFiMVoZ7oCyt72LqqhIgjiYcF4eD2Tzo7p2cRLkXvwTIpe/Gxd9DaQKNOrrlfOUghgeHHGvk1yCxEbAuWzOfDPkFqd5jPAblKhGyU2GdfEcEFDoIS011h5O4MAK1Fq1h2wuzn4iTFysLgT0hAqqsUrNr/zhKee6yNvLYH8b5YfHIOwoB637uOODy9kK577ozuJwcUAFSDhjhiucfN92fEjRD/5O3nLF+u86Vn8cWRPxv1L96kZhntGGW4WxgxeZgrSbDT6Sw5ehb7gboIFbGAffoLmTjjZJeE3giKjuP5CuMaNjnQmCYtkPCJExKr7kxfvwbZESr2gJ03uh2LHrC9FtRkd2quIthAG4ZASgGBqQY/3SO7xeSUpa+VzzwxVka90FVgTQxNlZgvDDjnyQBDKXVrzW1viqv5WhfArK898XaKEd1Xr1yUIXD8sW/aRjgRB92Bvas5zJzmmSJq3vr7Ldu1VnYgZdqBa6y8E5K+Yzl4bHmBBfpxeuqDqrwWVJniffJWix+DAYqDmpkEFDoEvPYljl5lFqm/WhTieJEmUtL2patHFjBjyL2x7uPBs4ZhrEyhJ/PDZ7OIcbN1c0FneD8w2LzBy+kN+fBr2FRHxw0l80o/X3TnrK2loyIG8sTAD7EGFRIMVWYiGX8cHIr+rjvjxgV917g9Xfa7s9IEng/nTsZ2cwtH60/NN3DkWJ1RDNjteVT5afssYvOFMJAZuMDAeUKD9dsDsvYbeKm5XW1xbFJbZ6/RlSMOsyA28YtBHXJ1edw3G1DfERnVJZBWNL0dOMNuaNK7AfTIQNuWAYOIokyR3fumNkrJFqYlmZS72Lbide3/6feZb6ueXKR21jBpXWAYJCpdPtwjR3WZRUv8tVRFbnGxAAgie4xFeLfiw/7deckeXS4HqVTB60/4is3sQbVJV05y5hLMy9SdBjs3ePgEMYGJAMWQqWMRvMTiePg49BeNFGWdt2RETlqe2j+nBXOMWG69KGKQ7Dr6IGgrJ24O2eSEqtociTfqdaU/hB0PLAyU9A/p6D6j5g4qSvCQ2j8nP6/fpbMieAlqmD9XZYX3ZqkHgdudRn3u8JmVBlg6z4Bk/Tv0hje8meIjYizm9xWXpstfVXGHdoStrDP+cMtuscUWIGKqXR/fh49ic2XOt/SfPwzoNDPvkuxVRXw4qkYVGw2gWvjdKH+cpz1nwlGqD8dK7F4wztWwXihZo9Ek2tSu3vz/lZpW/iS7gZdMp5yjdwkYysa9PI+k9iYmvhnRoLodqu+oyX1B6eY9bKYW7McZHPxWJ7BQSwcIEbX3UYEFAAD2DAAAUEsDBAoACQAAAFNim0g/u74SFwAAAAsAAAAtABwAYmM5ZmJlOWQxMzNiODQ3MWVkODM0NTVmYmZlYjM5MjcuZmlsZW5hbWUudHh0VVQJAAMdriBXHa4gV3V4CwABBCEAAAAEIQAAAAcxOg6tmdTf7GtPP8+HGJ2FFsOinyMgUEsHCD+7vhIXAAAACwAAAFBLAQIeAxQACQAIAFNim0gRtfdRgQUAAPYMAAAgABgAAAAAAAEAAACkgQAAAABiYzlmYmU5ZDEzM2I4NDcxZWQ4MzQ1NWZiZmViMzkyN1VUBQADHa4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAFNim0g/u74SFwAAAAsAAAAtABgAAAAAAAEAAACkgesFAABiYzlmYmU5ZDEzM2I4NDcxZWQ4MzQ1NWZiZmViMzkyNy5maWxlbmFtZS50eHRVVAUAAx2uIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAeQYAAAAA' AND file:name = 'f0eafe5f.js' AND file:hashes.MD5 = 'bc9fbe9d133b8471ed83455fbfeb3927' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1e-4450-4fb8-80db-4712950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:38.000Z",
"modified": "2016-04-27T12:18:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f0eafe5f.js' AND file:hashes.SHA1 = '1aad77cbbb29d5fb34c6cd0c0f8aa5fbf01e9e88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1e-e430-4820-8360-4704950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:38.000Z",
"modified": "2016-04-27T12:18:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f0eafe5f.js' AND file:hashes.SHA256 = '9c55c5ced7bba0d5bb2c9e48fa2762b694b68ae203d27d668b9b6d73bb63c64a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae1f-bfc0-462f-8098-4f70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:39.000Z",
"modified": "2016-04-27T12:18:39.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFRim0iknQKJbAUAAOQMAAAgABwAYTQ1YjQ1M2IwYjE2N2EwMjE0Njk3ODhiOTg0MjgwOWVVVAkAAx+uIFcfriBXdXgLAAEEIQAAAAQhAAAA6x+jxIUKLnrO56QWHC6dpKKPQWPqqBjajcWNi2mMwO4gPokgMEysQu/qDceOuDGYUGQdOKPio6g7ZcaAHq2KyxFjY9jwA3wEfUFl/SJmiVxZgYla1K8xoP0i9S0O0TZSBeOpVOalYylthgwxMTHGH0GyrPkU8UPacdZKruKKDVrEchOFFCBEXCAlosMTlQxn5kASt7agqrwcoPYCTZYU0lBgIR3T1RL2MlWeSixgSFfz690Tw4sWdMhOIEM97fAJn6NrfBE7vGCFmMMD9nUJSaBbLMkconxcHypLjI+iIx/z2p+RaSxwWLWValZy2j7x3XoNq4bGNMoB+Edj+5Af/Ziek40DdR+tInKgk5v339BvjBna8CRlZP51sfrAPpTu8Y8y5zPOYMbaEpG8/6yxS0Jk2n+imvjxtc7sHmBqeKeHrgR+9Rx7ZdwNc6stKoYWRwDtMI9eBLxTlUffwbkFyFeobX67TPh1LTPr6yIbw2ozDAhHnf6OHDTp99Y4p+PIabUkQsc+f/xQlGpiQdDeZOyStaiH9uy5AE38p07ve9MEg+Mljgg9I90/q4ysGGg8CbznHa/ndGgyreUhBYG7GjCXl56o5L5rQALeg6LgvzPjYP/Okd+CuqOFh1zXpJ/W8VAMwM7wU9NwcbeVdtr0Z5JmL3pKzWtZ6Ejt9BYpUq75kXOSc2iJ8tWIwVwluMtpEd/714ihqvgKzwd1TsYBKyVkjM/AWS7GthdzGkKd3Qsby8DF4dpzxaiOvq73xKze5PK8MHMOJChzwaObT5lQQ/TRdiQE98nAtHW7fZifhPe5BVDZPTK9hVIRA3AypuFFI4vVVThIZrxwAD3Fbyfvbplos6QRF2+yr0CwETes6MpyD9XrAyLpSnT3GL0wWnSl57ba95ihiwSQMZGDgFt2gZNfH7YmySmRDYt8kNlEHpZnAbQmObLje5fCdpsuDNP9j8WIdfUF1+Glz/w+eteXLZyEmdfT22hhLjd5Rv4LfIR2zuJVawj4Zfe1Gx6aJTc0OQI4bi16xLn9MYW+/LwVEOgnfyKun3KaELrmiUkZc8z++aWKUQtD+Py9iFXTijXVDmnEcZPrX0EGhYyzOe+Kx7sH0/C1ujmU6oMKZkztRNmbPGk54QVQaIpi7tU2Xei18u/TyoN3D7FxeLhrgpd0/GP6skCDpL9uY+xzjNXofhHbzLIKcJP43J0xR2wattYRtrONZ2O1sEltWMXVGYdzAJUDPj8DQg8LeppTEeU+9NMEsaKHjthew0MpgN7BcGLH6xlyV+CJeCWP7xv+JrGCIJqxQmszqAop16+0u4GvuwbpijSGq4xM70ZzyZWTh1ET8Zl128Duob8zDcZZGQtgVJV/m3XSLyjIQv3RestB1iASb6KAGzu3y9rjUgUZo36L7BVQxtIBIpL+cndaCFZJs4fr0QipU4MonE1UWv5p6zJQ8UuixEmtM/MSyINhBaQO16DT3hadli3aZMX1BDUdeNoIbo+yog54Rq0W7OCJTfXM+qtYsTaQCI0RaZkfZekU3blPHhr5JIqhh8h6otghTRcuVYZ3DSb1NkO3htrj3WRGn2RuhDgq/fZQM28bDEWBm3KUODQ2isFMddb5udq2tegWJg1t8t2YEs/BfintBA5I6CINCxKkC8Aj9bxkDRSBx3I7ozfDWB9VZHOBjEWrZDUVfhFsUGZqvCZv+kwsvcR9ltAmQ7ZX1wI3Vysd0MwM6/c9RlWgVh7tnaca+J0H6t9pIwfQm1ZftbEEbgfCQxab8sV4kJGDr/j+lYbU8YyeLhGrFt17H3PYH/JCuTK6JQWLL0htaRX1J5bds8Xb+Kn6Rf7UUrvXc3ehEspQSwcIpJ0CiWwFAADkDAAAUEsDBAoACQAAAFRim0h7htrJFwAAAAsAAAAtABwAYTQ1YjQ1M2IwYjE2N2EwMjE0Njk3ODhiOTg0MjgwOWUuZmlsZW5hbWUudHh0VVQJAAMfriBXH64gV3V4CwABBCEAAAAEIQAAAAcxOg6tmdTf7GtIHcixw4TGKFIG2ApUUEsHCHuG2skXAAAACwAAAFBLAQIeAxQACQAIAFRim0iknQKJbAUAAOQMAAAgABgAAAAAAAEAAACkgQAAAABhNDViNDUzYjBiMTY3YTAyMTQ2OTc4OGI5ODQyODA5ZVVUBQADH64gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAFRim0h7htrJFwAAAAsAAAAtABgAAAAAAAEAAACkgdYFAABhNDViNDUzYjBiMTY3YTAyMTQ2OTc4OGI5ODQyODA5ZS5maWxlbmFtZS50eHRVVAUAAx+uIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAZAYAAAAA' AND file:name = 'f3b59fc4.js' AND file:hashes.MD5 = 'a45b453b0b167a021469788b9842809e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae20-c63c-458d-9d1f-48db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:40.000Z",
"modified": "2016-04-27T12:18:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f3b59fc4.js' AND file:hashes.SHA1 = '550d87b2095fd7b00328cdc19704b56efb96b343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae21-9ce8-42af-8fdc-48ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:41.000Z",
"modified": "2016-04-27T12:18:41.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f3b59fc4.js' AND file:hashes.SHA256 = '4bd76b62e7c98107f45e2d072c278c2c3c7dd269437a2f7e55c2719542003811']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae22-1718-4afb-b3af-4a09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:42.000Z",
"modified": "2016-04-27T12:18:42.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFVim0iROQ5TdgUAAO4MAAAgABwAMDBlZGMyY2MzYTYxNzQ5Njc5YjFlMTgzZWFhNTdlYzRVVAkAAyKuIFciriBXdXgLAAEEIQAAAAQhAAAAiY9K3mMApARVE00mg+jW6ZWXMEIJc1j5RCuS7GaAwOUjP+e2ngHKn2afTnqiBiRsvdzMB6rSkJqdZwcll4lthfJmSX5MAsBUfRQqr20354xMwrmaae9asSNYkEL21bitNn8MaziIv+HWrMH0lu7muzv4+bIAzD6i2c3R0IAoTku97afHm8V9FGUV7OuEVDqOpF09aRB6Pr46AUPJWCZsHAAAPuqHk1vtw7FpheLJoo6m3yHHWMJubLpiR8kP1vZtIH7B7H3YD8N/U62knz9oRkCMm1f6r8Cq7373Qd2m7Iz/8xRuCLaE4UbSg/5/gNVTD6NT4x6Tz3JtxrsFYNzak5iK2gLGZCFI7HoQ350J9V8jwkX/6Xxqt1TUKLcDD303O2E7r7N0LwkM+sq0XuyZ2gCDryUBm25q8DdZnGzBi7LDEYRJ1njHQfSMe5SR04y62kFxvUWWaCLxvpjVySbRhE7rjw7z4Fpisngf0k3yL9pPzdUXRb1U10YgWUVFcLtPAOov6cPuGWRCTps3JxoOUjv8tfVPAKdZeNq2F5O2BcmP/J7ZJIyMuWO/+3H5C9jfAeHlGzcAjnNG1eZX1weos6VAbS7O2DWPaD2PbOWzQwgDN8H1nQfeuRFglGS6SVRS1YgXlmdPaOn43dOwJSPQTHxXde/qsny8nTTXQ2hi1rKEQunSpbuqdGh0Ox6l3nSjo9qdagkfsxDbfU1FIkuUc2IQgyvYZYX8JxsrvJ31TmC5+dH5wILTsq4TPpqgQhDGndt/8ePaA0hJfbaAhrcADuTDK6yByBHQT04/nVm5wcullNU7Cjk/smeyoOat0c3jmxwwsSLorbz67Leir4J9f3rfLV/VeJreuXSWYzMxSxMKGP8o0dholL/xMfxUEWPKUq1zgjGRZD6+fXYdLkDm3HGKj5+hVfrrUVGi8JJrTEwf5vHduO1lKctr2Cea34VBr1bMfnPwAVsPwxQrtyKCYNcYt9h2CKgW1Smrjb/ZRWt5nwaTKDa0QJda+BrT0uUHoKv5M+oP8qeNL36hJnkcLcHTV9UukciNKwqavLcd7dCShVGQ9RR76dPBbIe6/kIwUYSGSXaxIGs3HL4C2ctXVLm8hEg5s/r6mD6AF6t4W0MX1U10APvMjfn6L+2HZ+ngXRg3jAVo2z4PJdq2E59nsGUFs7bUyyc+I/pYW7CXOQy489exGpQc+aj1myBtVlIk6cpZIegQd3C2de0MLa7JVFpeUsJvh8UVbdWHb1BNi8O/JHAatomv2NZiC8Fjlt50G7geRVIz55tdfb2O5OZ/p5Iyio90uUpdTOZAWFUa42lg3faULJGo5+02/wEjkMa6OBvehJbd+hol4SDRjBPEj32vLGYD5K0pdeDsWA6vtf5KjU4EiB0lMQT+dlMl0d2rz8KtAQ45ivg3BjyuHecCkCUH7mc/zGtuC83k++OEA2gKA9d2WbP0Ouek+ulM2tJZ7M6Y3uatl91BIhTB77TKocL8wI1/K6Y5/YP/7f3k5kSJcN+nj74BWMeoC6fh31J58ST7MTu0mfgAGfnQR3yveufsCtrA8tUDHWr7DT+bLb/ljioJBvR0di+luzDRrUxvDB+lP2bKxszQ2IdUWKfWPDnTD2e8U0jKHQggMPqgi24YRGq53wtb7LbligbvmdpRlHaZP7S6m9/VVC1gJp87YpYmABVZGDgC1xqxYXiVPStKwWWcMfSVpaQB9R6f5y1yPtdsHV7I1/CRSIKfWvm7/Z18nFOmHqEFipkqAzTEzVRM4bJFSeZUOl36HkJ0QXjBZXXL7vSL+CrnDuQH9VQUz6TSYwCTSSNXQ0ET0m+vW6uEMQtMpyvD/+3t/lVvd6ul0NtMwgZ+UEsHCJE5DlN2BQAA7gwAAFBLAwQKAAkAAABVYptIkcK13BYAAAAKAAAALQAcADAwZWRjMmNjM2E2MTc0OTY3OWIxZTE4M2VhYTU3ZWM0LmZpbGVuYW1lLnR4dFVUCQADIq4gVyKuIFd1eAsAAQQhAAAABCEAAABQZVbaTgyXgMmL3PghXrRYTmnbutJSUEsHCJHCtdwWAAAACgAAAFBLAQIeAxQACQAIAFVim0iROQ5TdgUAAO4MAAAgABgAAAAAAAEAAACkgQAAAAAwMGVkYzJjYzNhNjE3NDk2NzliMWUxODNlYWE1N2VjNFVUBQADIq4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAFVim0iRwrXcFgAAAAoAAAAtABgAAAAAAAEAAACkgeAFAAAwMGVkYzJjYzNhNjE3NDk2NzliMWUxODNlYWE1N2VjNC5maWxlbmFtZS50eHRVVAUAAyKuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAbQYAAAAA' AND file:name = 'f3fe17a.js' AND file:hashes.MD5 = '00edc2cc3a61749679b1e183eaa57ec4' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae22-370c-44f8-84e6-469f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:42.000Z",
"modified": "2016-04-27T12:18:42.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f3fe17a.js' AND file:hashes.SHA1 = 'a166ba76fc427bdf9dd28b266aae803d7bbc37bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae23-36c4-4883-889d-4535950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:43.000Z",
"modified": "2016-04-27T12:18:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f3fe17a.js' AND file:hashes.SHA256 = 'a8aa94ecb6a6d8d06acbf7b41e269cd98c2c3fa096c26ed83d606b1ded3e679a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae24-f0d0-4394-904a-4806950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:44.000Z",
"modified": "2016-04-27T12:18:44.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFZim0gCNCmgcQUAAOgMAAAgABwANTAzNjdjYjZjNTJjMjAxY2QwMDVlZGY0OWZjMmUzZWZVVAkAAySuIFckriBXdXgLAAEEIQAAAAQhAAAAyYu8cO/v4J9B1Y/besd+aj1ySE6wZgR5mB6Nq29KBsDiqGc5HL2UV/f8Ra3X9zawCsZL9/XuSwmoyF2acG+vKPIHaqzOIkaoSIUMNiRjRCq7ABK8pSObFif/wclbLSFr9XV08f0d5f05dmxid+Rr1fKIA4XsGUF1KCG8cq2dQ1e/B3Cstpz9yyqQB/ULROs7XvCIXO7PL7+8Zw75/87BdGM/sdfgimcnlt5qs36zxN2Z0LDurCFgwua5pJ+eXxHo2KGC7FYfGt0NkI4nrybiV8CYg4JYNTfbZmZl6uyGmKiUW0UXEaU6kOcjtBqZtGMwIg3p9i3K7r1NtmvZDiUj4Dxv9BSLPBadVj/kG7qzrFcgTRD1aaSII08adqYa493a8vpvKR4nSMuBLo5Ko/bxJwfCop9eWnhyzDnciNWqSce8TMtAW6svQRam1mIFXw5Hm4cgPgI8QtNPgTMFqYrKwGdlXfEDP2CIzD4FW+pYQisJgonuoVto2XXsin0bKqDd731lsMwcku00rCtSfhxLAKLkwBZjznRWJW1eli0gC9uJhAFgAhcu8IweduZ4LUXCVniv2DbzbLVDVgCIJmEafJfpSCUWoeQmbFx16765XQsTEuo+2CAumjqB8Gl+XkfBcfbNjMYW27bKL1EuY9sqw8k6GGsvwGzF/GFqUKDIa7OWKAIktfWGCQYun4PdTuQLVax4uoWCfmJqn6ZUjrAWQFx/sJviPSzCaq/26mHQV+PW3hA2aVPgvW9Jsb8iM76Ri4wrVXf5rVsNgymdfputK4UWjEKhfo0A4YdlPYCs+YQYpCcfsxofEEK8WW/JCol+A9k4goytjvETJbd2/zLw5+aOWyTH+UH+sWomTv1CAhK0TxIBsL3b7ONwys2QKBuc2zs4cG9k/q/bKLOlVnyDq8DEhuzQBKaZbr/HS4UBzSlZHuOoTHvF9RGlfK/LuqXbRDTuk+VRb+ydeSx3G6f9KM7b85sX9HQH38egV4zS6pK8aK2otAmLrcPBQzw+j8k1tNpArhleK/5YPV1TV5k0rgaxpWGKiNoRq+iMYsg/7+R6oqYR99XDYJp81DUwUZWmzGIHoGscvqUn7aJPwfrDVHADk0dp7+8LR8WJAfsxUEiduveMAQDyJvav5W5QtFVnY5vM/YKPKqcoDLG3k9KNpYAThxu8L4pZgseId9SyMOecRVgMpieQB7jVEz3g6ZJsuuRGfdlHgrlGn8DygjsO4MLnR6lJcwihKwKqFKU627l1sxVNMtwBKyJwZWxPu9FwKIfyK/1VYqQk2HAGp9wV0nCRSQgnnXV6MOChdVip5q/0UefFQew0PaIot1TXYeFoFlECtQigxes8GJ3tFDnYU4dQdvMYh3d3bLMHoYQVeQTT99h4JHjW/36I4Sf9MA9XQBTZ1li/ZUMSTy7pdvZiTuaix6zUrxFEonBg9CORye0hNQyP+vbY15i1MmIXTsvAFzhUvaZqGkAcOMm+dsET8+duN+yH/3WGlH1bro1iorb/J1gU1OajyrLWVBjTBElrkUU8Ah9pCDGeo/CIcH/3TFGRlvSeyrukYjm4BOmvn7VbhUrbL68nZc6eyWx1vrXbslmNxxy5V/DNLRYs8TChYM0dqcgR745oGc+3hjgRysxHnTUapLIcLBBeI0S6j3R7rVEtBnh29Za46FuZw08yFdscoBu7q9tQUsvUS2/Sijys6HpBT3rVsZ0pfmYHZRUBwPgXgCtFfx9n+mXbnOia0PF+drWPlqtGOBK44grzshGBklrZ/er9aG6K2QuRBBYlbkSsLRNEVj35wZUY9zMI1l62bivuu06vetWS00H7t9Kp+OnDCf+dLMsFhk5WNju3elBLBwgCNCmgcQUAAOgMAABQSwMECgAJAAAAVmKbSHB74mwXAAAACwAAAC0AHAA1MDM2N2NiNmM1MmMyMDFjZDAwNWVkZjQ5ZmMyZTNlZi5maWxlbmFtZS50eHRVVAkAAySuIFckriBXdXgLAAEEIQAAAAQhAAAAKldWQURW9vzFcNvID3FJQ95+8khMcDhQSwcIcHvibBcAAAALAAAAUEsBAh4DFAAJAAgAVmKbSAI0KaBxBQAA6AwAACAAGAAAAAAAAQAAAKSBAAAAADUwMzY3Y2I2YzUyYzIwMWNkMDA1ZWRmNDlmYzJlM2VmVVQFAAMkriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAVmKbSHB74mwXAAAACwAAAC0AGAAAAAAAAQAAAKSB2wUAADUwMzY3Y2I2YzUyYzIwMWNkMDA1ZWRmNDlmYzJlM2VmLmZpbGVuYW1lLnR4dFVUBQADJK4gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABpBgAAAAA=' AND file:name = 'f5e8e393.js' AND file:hashes.MD5 = '50367cb6c52c201cd005edf49fc2e3ef' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae24-60ec-4ecf-b9fc-4790950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:44.000Z",
"modified": "2016-04-27T12:18:44.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f5e8e393.js' AND file:hashes.SHA1 = 'b3c98f010ef69c578e3cdfc2b3960a87edec17ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae25-396c-4944-becd-44d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:45.000Z",
"modified": "2016-04-27T12:18:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f5e8e393.js' AND file:hashes.SHA256 = '253f46233a22b9361273b56d3f548694a8c3256246de125a30400acfe2cef559']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae26-0b6c-40a2-9acb-4db6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:46.000Z",
"modified": "2016-04-27T12:18:46.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFdim0hAr95kfAUAAPgMAAAgABwAMDQwNDRmMzlhY2YyODA0MDNkOThlNDgzNmJmMTI1NzNVVAkAAyauIFcmriBXdXgLAAEEIQAAAAQhAAAABDNNzoomo902luFCxDXGsfx08qPu+QBjCjzpXSDrucYMHGXxe3VQUSgcoFE4ZRSyACtJXGYWLFH5+LcebJJVgLvPSIcVC6IpiZ+xNi2Zyiot7TsVGkIKemeZ3Cb7WffJqndeSfriBrH0QVa/UCDyqalCt3EsgcqUk47SlIeE9PL3gj50y9NSUdMJJmJO/tb6ctiGUmKWaK46wW+8056YT90l0ZR5Sj4Oh6gDtg+lO2wSphPLlIEq6SWEH38QLeyYLcRlqTdNZLgbBXFXDnXAl9qD9e+NFYpovTA+qBCyB+ep2sL7aNCsTEfUktIVxwAj2tYryw+AoU5CEiigCYkfGc29w+NEtJ7fAKSIWcPcap/oeFC/UEVBfAXjONhCUPXyQFgenjCc3dEH4reqG7ocyCueisib9W6CxJD29uMlWJKRQ6pqqKFKSL0hBE20KsscZVDaORIsDH8j+igTIKGuoX/J9nhAPxDnEZLLrtO5n94vuvy3butCbf7Ea9M9Fzkcgr3ZAd4Xn2gJJ7zVKvjSQPzfTUfyxDQEM7h24b77fNEfJ/5MSGTHDR0ock7YxJ5mB2b1f3fUEpbJppK3vWobi48AWsixiUcF/nbrl/TNArzhYLtskmeC3xV87AUSEXp+CTkI96xcYrYCFpXnlBdcPP2QjoVm/ROadY7kQCL4iPnegql8ssd0bHzfVazR7xnQPtbgwW+SOMSzBmBzunWTx8GaCQv2R1uYNaMxdACO3FGV5JdyFSPRYZxB4gTD9rQWQScW76Xcu6uo5JvOwt80IHrBns1T7r/70EuhbsQdnZEYQyP7qT+8tlDQhtjGPibWHz5QXfqZYhYjKuxesBFhLlHJg4nxLYp5YIUDG0abTtVF8M44F4ne3lXAshcemD4xR5RTPwqBb8WkMAipA931TiuXM6gSYs3Y9K4lMiboMoMrf6G4OAiFbNXQ3/oPHUlDKcKaVuKT8W0S8oTDG+mnTGumCipAc3vaixqU4jSYVISKiYsNd88YbVLLRCNgRClC4xrWn9d0NziodwR8YivNoH8LxkKgOwC3URDCg7q2o8zlnxSpMNF15N5Q6+1WsWxaLRQIS75ALRT7usx5AN9gG6EuwBjVPEw2hS2OBVdljYCUd2Q4NDCU8scYPSHmh3nQH2d4+uUcDBMZZAcJqykFyEf+msph53Tk1lTE1iDYBi+iV4kpQrPgXp2tXqI86uJr5uRNacBP3QgOpQdN6uwceLNn2CInRyYYSl7lpHLbuYmVIftBJqsW1kN5zehiG0OEKlBDSa2Xh9a0lel68yzpcl1sbt50jRDZFC2UyhXqrYLPQ4yKCFJut44C0s1Uo7UWI33/yLKeb0HsuccddoFJRsJjxcG2wgceXnJ8q5A9M5AJzi/BYy2Ii2BiuLrkD2f3R61aBXY7ZiWfI3Q+TOwxOvTt0smE/ivXIWalfn3UMYArROsy/4vl17avLDFfoZufx6hg3p6XAh68O8olo2XiwfCJkqdypxLxdOHCM0+nGk5NhuBrxwpp8zaEqlet0YLAMP7lSTPbbdLwi72LR5roAD0sTCQKgIW5YPBEwwsVgRvSkEHkqrbWdi9KRi9FcNq+hqVLNK/WGmdbdWQBg7JnwaUN2le95Q3ei3ClONJv3t19IzxbgUubGs/VhQoZ/pb//f41x1Zeuf8+7d+azVdBX3eaAKz6TeF4JqfS0+WxIDqdnCVaXb74VfnYev4ennFjBWixg/NPEnE4EikWcd05Or5P770+v8r3w2duSrpG4MCNa0kBeOu8Q/2EwbQePK9eZorTOR3oDPtc5MRiwSA9m94YJ5JNf5LbnHQ25c0kxpo0rd6ZmjMA3BzNJuA7BqpBMs3LeOQbpPc4giqLUEsHCECv3mR8BQAA+AwAAFBLAwQKAAkAAABXYptIuyTEJBQAAAAIAAAALQAcADA0MDQ0ZjM5YWNmMjgwNDAzZDk4ZTQ4MzZiZjEyNTczLmZpbGVuYW1lLnR4dFVUCQADJq4gVyauIFd1eAsAAQQhAAAABCEAAAAO2emz6O4NENBpH/tAiWKUk1u3TFBLBwi7JMQkFAAAAAgAAABQSwECHgMUAAkACABXYptIQK/eZHwFAAD4DAAAIAAYAAAAAAABAAAApIEAAAAAMDQwNDRmMzlhY2YyODA0MDNkOThlNDgzNmJmMTI1NzNVVAUAAyauIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABXYptIuyTEJBQAAAAIAAAALQAYAAAAAAABAAAApIHmBQAAMDQwNDRmMzlhY2YyODA0MDNkOThlNDgzNmJmMTI1NzMuZmlsZW5hbWUudHh0VVQFAAMmriBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHEGAAAAAA==' AND file:name = 'f5ea8.js' AND file:hashes.MD5 = '04044f39acf280403d98e4836bf12573' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae26-76b4-4e38-b9c6-40a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:46.000Z",
"modified": "2016-04-27T12:18:46.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f5ea8.js' AND file:hashes.SHA1 = '014c73434deffdd5b616d439052889e2096951ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae27-42b0-483f-8f3f-427d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:47.000Z",
"modified": "2016-04-27T12:18:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f5ea8.js' AND file:hashes.SHA256 = '13be09da86d7bf87274cc7df1895f3f1d64e48d703a9f798e5a0f974eb3acd28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae28-4a9c-49ca-9525-4a5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:48.000Z",
"modified": "2016-04-27T12:18:48.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFhim0hzVpd/dwUAAO8MAAAgABwANDZiYjhlY2JjNGU5YjYxZmRmYzlmYTZjZDY5NjBkMmJVVAkAAyiuIFcoriBXdXgLAAEEIQAAAAQhAAAAyYu8cO/v4J9B1YF573m+6o1MJUdBsgcoYvRYRgxmsi3JHij/Au5PY1Tc4H7k7gUACCDdOTnArfmpQrcK52bsbFDgFEjDGejziIO0Lc8K9pDPTI7cNKXFP9iC9RvEWO4xULXfOCA6305Qm+bjzufvH0IXStsHOlmugcVNz/1+3QTs/mfzpHOybZopfm4Phkk4o1Z1zC1YqY0kzPowWp0MJj3GvbBTXu2F7xH8oPifcoF2kvOZJJG3MZIZgtAMytj60ZOGHbMDovcJ6T8+GqBUzn402XC4YRMDVmKCfvRTjRU6DFnwX/BhVzlZwQlLajUNJ3hcRqEDipVwUPd2c9NfPcNDy4PJNYBi98Sgh7Sr3WE4ZAh7DuWY29dZQFb+k4OgwbrF52b23OGtI+CpBljFYkgVE33ajmlzH+utr8pmXiyBOv74aO/N3LXz0UOue1dh8zqy7+WJqfKb4gSlYPqu4LG/WlBE2b3aXx0K1r5TCTkvnSmuGlkBCU9u0zk5Ano/de1JxIVceMSc59ZLO7hBfvaaAS6kKNIvkD3E+McXU6Y3cHjwfGaQFntwqOaq7HNKj/5zlJ+wyldXHgXe0gvb3TDhZVqpMl+yGLmHoxMwcwFoKUrhWBWFA6700A2SoTHxZpjic/Pmi5y2r9oq/PUEp+oeWrXmql3K+744YLDsQjnt+HKN+YaqriR39jk/vMO6oOt0sxPaQN5AiKL8YOERiQGzkSXwZXSrfix18D/23CgvH3yOHfRwe3avxOj3OdSQ5OkHh97CRzzB6vx65MFa8Yq0vItg4xgvplgd0T88gvJxNNMPCwWgFdaXM/6pf7tHb+5FTj8EMMzUYIHZTkmwu0ZSVO9O7iO34GDsaYxM1gwEteXWXdeUfEGIOPjdhVsSPQtPNwJ+XhMW42UOOo6Kn6oES1rjdpWFfx+3KIyIK7iaxbal/IwIPQQMNaaewr8EnjWz0bKzjOWeGJgzid3YrhCWkZSbzHAuiwVGyFRg/Obac5Hf2uEFthg4cSHV6RLFQyBKzRmUtIpaCHS4luMOje8L2akkpdIWKmvkRRYFWdZleOaV4D9PUNKj13iGrsnRRjAoFyaR5MQwmIogTcHePs8FdVkDz7SPDWpYnSj0jo2hO6KNajU2fhUG1Lvn2OmTNEi/52oalaEdnMttORKGG7SYOKXQ/wxd/3TwXZjeiebc8mVRNBzCxC/7YEmVRFbKwkiNb5FKaNOYmhfIh0zDVP5j7h5X9FLDqQ3NMLnZCpQ1vbQvw+/ei917yRBMnbIbAnKbGaQoolXE1duqorwRVE5W21exx5BAHNxKrHSvPpYcdT3MRffoJa9UyNrvO43SkljUBZGPv8cpz1p/Lf1vgwleHidfuVODaUFcfWy6qUPg3VDYqLWF6HZ3W59iDLcJkpTVNjoEBn2dm2IhMWk+ierS9a1uZ00pp/vJrqjA0c0faayKdup3OSL4rDiBV0uiq7yJ7Q0hY7sClY0waTsrZuLTbGCKcKqExGzicrURHPCkI1ic5IDWacINqa5yqsO2ZLBVlpgM0sTHmULKFCFz+kGBGlpDPWl5rWjm9v20uvwf10dhKlLZOHpLYfC+96JuY3yTCwRTVj5FiwJhIdOt29KnZu0ggFq0mh6fQgah/E7STwQI1k1NsP2r+GZrWdRKOCQJJTuoMfULv1pXdYn+8vfFaasKrgnEt3yCwcB6WIstbz60I18TyNv9z4S4JGc3s0jA9wORhf/6IFhcEZP8965eKIWgIhUK3Yn4Ar40XgnjfRPvdkrK6ATOyjnZ+TmGjVgR4GcqZeSInxjvbACkzv/IuXwK90Lm/SjRrtRyhl/Hgu676kRizHJmzZ9Ju0nUv3AeO29GXVBLBwhzVpd/dwUAAO8MAABQSwMECgAJAAAAWGKbSEjo96MUAAAACAAAAC0AHAA0NmJiOGVjYmM0ZTliNjFmZGZjOWZhNmNkNjk2MGQyYi5maWxlbmFtZS50eHRVVAkAAyiuIFcoriBXdXgLAAEEIQAAAAQhAAAAKldWQURW9vzFcNUo82cHVad1PvJQSwcISOj3oxQAAAAIAAAAUEsBAh4DFAAJAAgAWGKbSHNWl393BQAA7wwAACAAGAAAAAAAAQAAAKSBAAAAADQ2YmI4ZWNiYzRlOWI2MWZkZmM5ZmE2Y2Q2OTYwZDJiVVQFAAMoriBXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAWGKbSEjo96MUAAAACAAAAC0AGAAAAAAAAQAAAKSB4QUAADQ2YmI4ZWNiYzRlOWI2MWZkZmM5ZmE2Y2Q2OTYwZDJiLmZpbGVuYW1lLnR4dFVUBQADKK4gV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABsBgAAAAA=' AND file:name = 'f8f17.js' AND file:hashes.MD5 = '46bb8ecbc4e9b61fdfc9fa6cd6960d2b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae29-af8c-4d4e-98c1-48e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:49.000Z",
"modified": "2016-04-27T12:18:49.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f8f17.js' AND file:hashes.SHA1 = 'e804dc02f76812a0d4fcec307ce46d912eebe386']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2a-c544-4006-9678-4879950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:50.000Z",
"modified": "2016-04-27T12:18:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f8f17.js' AND file:hashes.SHA256 = '239226bac73deb22a2c4200c9f8330a62ff2362b9432fd1c45ede9a045103584']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2a-9fb8-4b55-9dc8-42ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:50.000Z",
"modified": "2016-04-27T12:18:50.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFlim0jhxqr6cwUAAOkMAAAgABwAMzRhYTNjMWE1NDllMjJiMGRkM2ViMjU1NTMzMGFmMTBVVAkAAyquIFcqriBXdXgLAAEEIQAAAAQhAAAAiY9K3mMApARVE0HTjrtsNNdaSWxWgUxp58zeIEbdvF3WIhDrscO8ovFg5ypER9jvpA31rByHWlVL8f269DMoWRIWqyR1S8r2/6MLHryyzHB4dg5NKYxdPF/QdktbN1oqFOWjoh5lCu5jn8uPBJG/cYUqg9IMLLHTF55PqAm+fLBhuRsJINBtGuH7gZ+UnaI23JpC5KwDG3zU9OswsgY81aO4HpzCUAdYlyzmdaOXh/WfTota/BTstFHTSdFdq3Bq8U4hyKk6CnObcAfqykk20dn+yL6+6Ajlpl2bR/Gmj+SSzZt9IFllj9Iy56xBTHWqhVrLmBLVAUFFGRltNUTRdRre0atmHtCT8wwD5Fo/Yz+WF1gcWGggAOt7ayHNYp5Pf7SJvpLYXZ0L7zhwVxhBt5Ht5cDY3+8taXwg0iVHEuTv8W3CY3/6Nyu8pm+oIHvFrQ9uWaj5u7VKn9HfKTv1OwUXH4xUyqklqVpc2my+dniupRg+ELuf7mwTk6tQQxgqhaiLn225arutiFI0QNpRUkPy/PfYDsImQvtTN6sHVlf2XX6ZSBaWtR8cKkd21EsqLTPON3ZczzuWthEeuiiURw4ijK2f1BwJz5nFL01UtNXDLD0gDnIxAdwM5/mnEW7B9uXylvuwPyWEC60cTyLEpPWfdd7pcsBgIPvYjkjMoczPW3Oe91EcskA3SXrYShDxZC7VQFyfoH7sWpZeGbQXmiiTACKs39z/UQjx+85nrcyDPto5FxkzsSg+yssmFtpFA6GW54XZgm81+kv+dFhCDYQmoJdq7LarEFJg+yp4zefSZLVRquLr2dMPP8lpmO+yhCvghD/VmZn3L7+3b10zX4ea+n8DR3e6/mbA/hN4UqhHf+xmxaLudYhDjjuL836nWbwMa+ovS2XME2He/wCNmyNQrB6KCV7iLN0mL4a9dnXgs8aoZrzRrI2dzzwo1DGO+5FtI0L7512S3Fhlh+zA5bZGSHtPAJVyjK1Klll0zzGp7MtFjVJ9LQfwzs0+4CuEIwpBRkJRvLcCrTu5w9aA0Nigt7Qtc765DUVpEQ78FVVTWn1sp5gM/SIUWv/rf6e6RX2A9VZXzEFfWAfswXGdMjeKK4ht4N234/eBSjz1jK4/f/xg6viy6xXpqcxeQ43A7aGshRAhCmRcvuYU8AM6Fwck7A41EbS7Nz777i8VfoJ+bJCPPmyeHAnutnoidFJlcU+p5LOKSvfvGfpoPnaS9GfnVGSRiLgW9sReYg2V0jM6fAhv5YBq1O9hzBJk45xqbn/7jyzx9Tla5okZGeYW6dGD+OeZP62riU9FPy13TlRR/xz5cK9LA4Jt6TZfkrIrcjUHOueX3RQxFIpDZTvOnl+ZHIUCkoh0UWKuWXpqYhKKatF0t8bflC0r/uCBPyvGCmr6R456Z1Ed5QX+uxeXZcDM4VyxkV//n08CZUU+jlkuhvSoCFydvDwsPh/KeWXL+Zqd1ejJ+NMV/FhA9gU9/WEc13sp2CXwODGl35e37jdKHEYYB24mYopT4uoCKZ07NzvJX/mg8C6UpyId/2pM9uTIS/6DYi7/tf5GtE1K96MbVyLW19YOvBqWZ3pnqq+EyJOYh2JiriFkVg6ir3Kuv9t2FjwzdwiIrIjfFGEOsveSfk42leU/iB9nDaOU1+VJdOr1t7iYEcSOjI6m5XPRM6ZaLZ8MnSfQAbucKII1ZqTojxhCIZgnBi7drjD/wAlLJnU54Pz/rOZTCchZEYuhfH+frl/wquju26dTCS16iXoBFqtZEnIxO5nZDjE1tJ7Cm46vusLIujZ6X52db0CuWMBIhMVl+pXlQ5R9HGggt3IY4ERa2QWpKcw1TFBt5aWVaSkNUEsHCOHGqvpzBQAA6QwAAFBLAwQKAAkAAABZYptISSSn/BQAAAAIAAAALQAcADM0YWEzYzFhNTQ5ZTIyYjBkZDNlYjI1NTUzMzBhZjEwLmZpbGVuYW1lLnR4dFVUCQADKq4gVyquIFd1eAsAAQQhAAAABCEAAABQZVbaTgyXgMmL0DTCaq3bGTGZcVBLBwhJJKf8FAAAAAgAAABQSwECHgMUAAkACABZYptI4caq+nMFAADpDAAAIAAYAAAAAAABAAAApIEAAAAAMzRhYTNjMWE1NDllMjJiMGRkM2ViMjU1NTMzMGFmMTBVVAUAAyquIFd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABZYptISSSn/BQAAAAIAAAALQAYAAAAAAABAAAApIHdBQAAMzRhYTNjMWE1NDllMjJiMGRkM2ViMjU1NTMzMGFmMTAuZmlsZW5hbWUudHh0VVQFAAMqriBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgGAAAAAA==' AND file:name = 'f9eb7.js' AND file:hashes.MD5 = '34aa3c1a549e22b0dd3eb2555330af10' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2b-527c-4ba7-95de-41b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:51.000Z",
"modified": "2016-04-27T12:18:51.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f9eb7.js' AND file:hashes.SHA1 = 'd0bcb76ebae9dc463011bf0f3436032d579eceeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2c-57bc-44e2-ad6b-4b86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:52.000Z",
"modified": "2016-04-27T12:18:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f9eb7.js' AND file:hashes.SHA256 = 'af3fa361c3ed5478e2df3278cc0260f6d4ffc56edb0acb74b0051f89b6231b0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2c-e570-4d86-9c30-4bdf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:52.000Z",
"modified": "2016-04-27T12:18:52.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFpim0i4DLK4dQUAAOoMAAAgABwAODVkMjdmOGExZGU0MWU3YzRlYzVhYzE0NWQ4OTg5YmNVVAkAAyyuIFcsriBXdXgLAAEEIQAAAAQhAAAAyYu8cO/v4J9B1YMevquido+3rkym3ANMnL5+Lwo76cuXx5C9vQjbJ+iUY2v930V4aQBKIJQU7jrQdeFsHbQ6DvKbgPwv6TobLlPnXloNRSw/+kihlvB9aUY2ibeO1XyVV243oJaYpJmd6P6BsFY4xVyo2AIBcwMuXWr4Op+Um2Dte+LZDAcDT5Hyc12YWN/LdDszZNX9Daamjo+lFMNEZpSO1Z82Pd9aTvuO/gXVJ5j8WAjsVp5QDmmahcsojbR1m84Uh9pPwJrY/UqxDbF26L2HHk360MHF9evsp4QnV89Dhx7CyzA+ABwkMHiarb5Ozuu1bMSRaXmWEh7f67dX3GlW35eabjgzB+Kaqw2NuU43kWi5Dd9txzyHjOwKH5U04jvcmUVnfS8nc+TM6/e0AyeMUQFcqxLfSBEbXYUywh6dw4136ATPpPWxJjx/1Y2g/iTI8FRrkxvU3kJJ1bOygGj3yNxwFgmge+wAwZdq0WhWkDekGgxYBESkmYrqYegSTL2ybj4iFVzld+db1llN0jjdkOcrJHEIchA8LffRfg4YmbwGE1ZowtCoEnbibTTsK8X10DLPbkHEWaubg8DPo5mIxb1vWw/OncbDUhJmm9loupqU3X+VpF/ihCofz56GAD7dK1pN08Q3nGDzgzufUXRdPfQu+QzkwH6/KafHfC31wdtVe5bHBN51ytutUVIj3qBoolsiHpZ2275/tBa2VBouE6eMVD6K7JjKs4GvoojGo1TB9VWOHgbSkLmPu8/+2zjfxr2dsaejX7ubuqxv80eqjnJxtfHshz+X9C9Qnkoovm8WZ9epWhENFtB2gj5wPwi/lK2DjeiV8DNHQ0derftRfK0XDiD4kBBR9289j9+6VE15fUkPgx6vH+k1M5GB8cb7Ud0dXXdNHr3hUBBU8N/hcsE1IFvUyI3W65nZ2YjQBDniJfvBedNwr0DigqbqR7vHCLlin593Ovj4+ujnmh3c81YovELSjvgsUhpCZWKqQXnnRaU3yzQE7vSp4HqN22/CGs8vYHegCNy27MG7O0CBuLdg/1rTOWqtK6xf+8WZNGP9NIgZGkBzRnMW2LRCelGM1Xk1rdz9QbxAgxCRhT0Pzhcqt55CjVl1+oWEdNRPXTiKqvduPvpANgsC5I25Ov7yFQHGZpIRUbjDn9rdyYG2sSORsq+Lom2GGijLcTQDIio/6BI6gimvT3lSy/M3iJ+ZJwsFzchcPdcPhnulIgZh8lLz/Je/8GT7QV8Tcx1HiU0qwoy6NwHFoaaD4Vu3KsDp28Okg4F5+0jkDjN2apTr6lewwtaKfXzOIev0Idz841j2v+Qncpo2FG8obeu/yrCZIj0l2UMLpul31tjXP+r0kLtGmonJvcO4qZ3ctT0pY+QzFL/EnTtzdqogVpGE9/15omiR1l6tYcpt2idVEr/c9rkmUHkll3aScfQE4KXcNigBF1GaR87fyjmFbTWpUnF1XCL2EfGe9e3oYeDfB0chSSsxEwxSjG6R3LQGIPGYRZIwRBRuj2tsZpElnp8KF+qv9FBg2c8UZyFduGqEkSaf6liI/teSUPudanhIZztPY+Cuk+IfL5TiS42GMM7TS1zGw0KtlPfpgbA6UgadzXvjMqy8C0HdnJ6AafpYmncO9ZBQsRHUcD4gm0PnnaZ/6ALoVzH3UuwytTBEwvFoDnkX7jRyPwCjH2gGdQXNXP3noTY0hQV2Ou0A5frpWrMV8jq7BZRslTUoizgItOQSieyMIBxTv+KY6tbggjKoBNjPQOmzAiWOzBzZ2+jDL+CqTkEgCMwzPNgB5hmdsELY19YkloJ519afKzrjQqDk5s77l64E9/aT0obrZJLECN5nPGTfQiJQSwcIuAyyuHUFAADqDAAAUEsDBAoACQAAAFpim0hem01QFAAAAAgAAAAtABwAODVkMjdmOGExZGU0MWU3YzRlYzVhYzE0NWQ4OTg5YmMuZmlsZW5hbWUudHh0VVQJAAMsriBXLK4gV3V4CwABBCEAAAAEIQAAACpXVkFEVvb8xXDXkbsx/yQIz8TTUEsHCF6bTVAUAAAACAAAAFBLAQIeAxQACQAIAFpim0i4DLK4dQUAAOoMAAAgABgAAAAAAAEAAACkgQAAAAA4NWQyN2Y4YTFkZTQxZTdjNGVjNWFjMTQ1ZDg5ODliY1VUBQADLK4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAFpim0hem01QFAAAAAgAAAAtABgAAAAAAAEAAACkgd8FAAA4NWQyN2Y4YTFkZTQxZTdjNGVjNWFjMTQ1ZDg5ODliYy5maWxlbmFtZS50eHRVVAUAAyyuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = 'f45cb.js' AND file:hashes.MD5 = '85d27f8a1de41e7c4ec5ac145d8989bc' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2d-ecec-4366-872c-49f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:53.000Z",
"modified": "2016-04-27T12:18:53.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f45cb.js' AND file:hashes.SHA1 = '8421e96cc184a1b3791794d387958f1a2f8a7096']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2e-2798-4f55-bc0e-4e7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:54.000Z",
"modified": "2016-04-27T12:18:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f45cb.js' AND file:hashes.SHA256 = 'b75516ca7caf321676d5a57051eb85a164d9f42505e152ffdda97b43c6e80c82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2f-05ec-4c69-942e-47e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:55.000Z",
"modified": "2016-04-27T12:18:55.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFxim0jkUXOWdQUAAPAMAAAgABwAMjczNjczOGVmMzQ2NWU5NDY1NTlmMDQyZDI4MTk0MDBVVAkAAy+uIFcvriBXdXgLAAEEIQAAAAQhAAAAi0h/KO8b2t1486Bj3jN07MaRlAlsnxPpGi2fjxJYKdHbBkvzTCAMe64WV+a5D+CthgOBMr5bryP2ykEC5j4P8IeTMUzD8jgfdeNYZ9xU49JFV8gf9fIBJh9K8rUE1cj9VAfPDtja+zOn/Ibslq6jJ8Grx7dlU6JgusNQ7DDAOeA6AWpkIu+WUqz/cVymQLJvbOGA+DcjPrRwaF1uheRYMG6Y0Mc/U58kigEcv6b0hw27SZSpah3px7+6o3OVSg+kf/CYKaXKQRoS3Q9XHhKOCIDzvv3var0JS8I8yMeO8DL2sGb29UKvIzb6QeAOB65fNz823mIkyjTSYCYgGki5yacP2eCqyeHvZRFCaujPCs9Cc//N5fNycz/CC0//8IHHASW3hw2V+3Y4LUVFk/zh+JnDmiRhy3SCMcEnv4uqnvtA6UUc5Ik2z1nsaV36JYEVIyL/efh4r/l+oxJtVLVcN7uBktwFNANY65RTSXMjG911viqnk2MOZWfZIvMXQMSyXr6obffkbupMB0jDe/oVgtPBhBAhqEPzJ0QohQ6TZKnpZE/1NAYs8R39o5dyru2QFVrQ7SQA8yo+zDeWMP8b98iNzA1NA+yMFuZ4FzwJby3nr4SHEJXaK2NJ/20hsEiJqZt5iRzNAAzdfBTg2tsBbtvz0ul0Xtt38iiPdzyxjtaIJA2ZmGfZQYVAmKuxoEJOvje8AiY4c1SvVQ+DzJNv2WjTnDww+wI404cXzab8/J0sQtbhYRyfRSVoVtS4/QeKaQgG1auvG9UjfPaNUqicsKaZC+v/BobWX1l2dSzsakfpihHMiqL+kY8dH9TNrB2gMWoLwXaLqL7VLfD9zf+XMV7NFOJtXvdwOlQn7Ghgg+6YeJ3ZwdZ1WPiEFIopAOPubdc54/zC1K5XtdoDyx/PDJ3pjg3WLY1IzhMw1kNE9T3OxYBkqmMf1aISialDlhmkiq7wyzKE4/+mIIw3AwA1pkXgEYKrE1/CO2iSp4WX+BskQIWMslZnrdWrmKU8eTXpFJW4Nt39eqBWqnirIaeXK99ZB8KPMG7+jarv9mPIn6GC+aH998F06VQZYFnlPKsYSLqHgKUe6+hY/1kaOUaRn/URj7tMvNP6GF2BjuPLhac23E6rKX5LEp/EaaVjKSfzdzPdRqm4xxwNQyPgYl4c+i5vsl6a+Xp0YC5dyl2Xin1WoEbNR+CBHmdKI79kykaBNJfkWc7BjJp9kZViTVphqfGBAmQqZyORlH5dmHfB2Tj7CY0s6OB1Z/HS9H0JWNc6Qv3i428XLvcq19MEqU6m9f7QybCEd9iGrBkL7S278cCrFNGqy+EBD9nIHSI/z83Be6OTMRodAPeYOEY+7R68a85jNcnPyEnGLLJeIWiisr974qtIEXx9IhI7Wm0porGFewWmTz2tzIwAj9Bdkiay6YBQGaQMqoWvgU+XWzF4v6I8q3osUHmoMxRZSVyig3MrogTw3A2SDn4Xi4yF44f7/SmcRVKS1pk/p2/B9Z47WWTgxlGejaRna2TPJnJHp3fzVokujesGuptuhjRGGqkrs1kgrBOcb+W4YE+qJPAGfS4wkmyG21GKkdR6jlayQZSOsk6o2RuYzc/RpreeyS6S6PrThAJdKQXSFZq0OJ5gSOS/KDQU6Yz0b9bFlDRMB8ehKc8pL9SPjp1L0Vl1WO/QzqQSX7kOU1lb8Tx8PPV4VjnSdVp1EvxlFbphsNvM0Ql2G3H/oml272GMTQvTijQBBVvw9K2tO0GC6z6ZoQgfxmQv5QKO74ORy5O8mDcPg0LqkoWHj0vutRwbWvOmGhUuMuff/G88RXWD5NyazR7fCU68jXDx55IDRaT8Sgp1GLHqLvIoXLhQSwcI5FFzlnUFAADwDAAAUEsDBAoACQAAAFxim0jDtthxFAAAAAgAAAAtABwAMjczNjczOGVmMzQ2NWU5NDY1NTlmMDQyZDI4MTk0MDAuZmlsZW5hbWUudHh0VVQJAAMvriBXL64gV3V4CwABBCEAAAAEIQAAAMx3Nzv6vpr03y+XYh/qQdP70SW2UEsHCMO22HEUAAAACAAAAFBLAQIeAxQACQAIAFxim0jkUXOWdQUAAPAMAAAgABgAAAAAAAEAAACkgQAAAAAyNzM2NzM4ZWYzNDY1ZTk0NjU1OWYwNDJkMjgxOTQwMFVUBQADL64gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAFxim0jDtthxFAAAAAgAAAAtABgAAAAAAAEAAACkgd8FAAAyNzM2NzM4ZWYzNDY1ZTk0NjU1OWYwNDJkMjgxOTQwMC5maWxlbmFtZS50eHRVVAUAAy+uIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = 'f8960.js' AND file:hashes.MD5 = '2736738ef3465e946559f042d2819400' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae2f-982c-4d7e-a8ed-4a25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:55.000Z",
"modified": "2016-04-27T12:18:55.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f8960.js' AND file:hashes.SHA1 = 'e33ea4eeb3c9fc4316d1dccc2d51179b9bc0c3cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae30-fd00-4716-85ed-4716950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:56.000Z",
"modified": "2016-04-27T12:18:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'f8960.js' AND file:hashes.SHA256 = '85c5e2ab9e370e98dd9d86a3d30c7868f7ca0c5a1cf36a15fd72a0766c6d4ba4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae31-ab14-474c-831b-4f1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:57.000Z",
"modified": "2016-04-27T12:18:57.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAF1im0iwNLfscwUAAOcMAAAgABwAZDZmYjhjZmMxYmY0MjE5OTdjNjlhNzBiMWMwOWM0MDFVVAkAAzGuIFcxriBXdXgLAAEEIQAAAAQhAAAAcvzej0kQE7qw+nqQX3D01fz3A9hqevwU4Q2L2844IEiJO0v5cCduLO6B5pYsWqUAoXs/LOsNeUiWPFy+ASud77ymxQokUbQYkPgsjczSwDXfxxE578cb23DYbh8aU9YSkYL3H3KapcxeR6cdJgnBqdTmjjS6V9JVJZ6iSEzr2y+MhQ0N+h5QxEEsac3GCdtPnQUVflkhl3BD7YDF3gSoWgoEa7Zepp4khDL5as6a3Q/qvue8OrjoQcIIrTbp8LoLdsOV5R8QDmikWWJy/mJoPXAdJ8S+nKF+DZ3EOGjTgecdBaJ9wDj6JI3Rrz8TZFGU8/WmNxDlafH1LYWGpLQ3AozcFUJiWcgietmifwKpxg9qNF1TWXvaZIpd5L9Fhoe7VQB5DjGK3l+fVfflgxNl/QYsUxDJco1cz9TLXxZ3NT4Kkc8sZtZ5lU8Ye8eSOyvONFfq1JsvgOlEHApcjo3vlwUOLY+1qmS2iJ0xNWzTIgSiJVT/UmVeuPQzid8SFTE0xAv6vvj7G5FgjdypMfwZGRD4JoZDwy/HWSuwhQ+ALFiH7uKoRjECkyBl6TOwz/2s/4F426ReQMXRy9ptBfFyQzzCdG2isH3M/smNoP8NXXcU55oYD5RdH5dwnUnza7q6t0ZbJhfAkP83wipX6JihZz23mEMo7Q6HVMjUufbhw/oNLapHsrhijIbnkwSGnDZ2Sc5iOUQ9h/sDgCHd3ZZeOjsa68cwjou2HNnfPUaWO194KRaAb4d1Xdetj/Mv3ilH8hc6v/jVwU/KVely+gxD/oLTTz7xTlp5Z9S7ByaIjPsWVVxUL7ky+B0m1AGAVemB6jpUg+XeSSJgZKEItljTphsLbJB220Lkhm6L5KfvKIY04m9CaxgnkZiJnhS9E6YQqUgz+OoN0r1R+7m0LTyvJLggr2Dfq93GwcBOp25b6Qc8NHbleU7dL94KtGUgNOYppUfpdK1GWoDvcw/YPC0gmebABY8RZwYgDf/o0O2E3+Ba/bhQMidRcITdKVpzSPf+lIxKI7unFCQRpXEuhU77Kg5/7vTIxTUEhH/bDZM2hTxWO6BPipelhe7HsMiSVnljsxZDafRCx20qBcY8fD8w50E7CnWv9GbEsJo4pixqEWgwHaIy7kbLObQUqIfZmulO7s7X8d8TzZk/ad/MUgfVM3Pd9/dOAPVkfrcGR2Knr94yFm/TQhU7ByT4l2axTmDgUKd0ehxkrOfQbV+p3FyGZY6Zt3fJvnQwRpRCuz6USSfs+CIzzxB7WQ5eNMhjUSJBi+fTJdOLBmZ1I+2yYKLrBCIOZ6aVscmZIdcx8O/dZjSmdqwPbkYnSeUNYeuq5cWwpsz3Tx90SBCHzJV2p88HRWBl1Tu3O/ziNUep4j+DkB25etoTvjlCrPAcTcbPraVZh1BnojGj1txgpejz37coCCrcR1ZG1fIwunXQuMoR8kJnyuAkvri/NxU8JVz1pLfZwA/cL17HcUzjF2wHqv4Ak62WH8EUlTzPTTPFk58HBKQCK2wdLTLIp741xmgZF2KiARBr4P/MU9XbvSdckhJ96njAgo0PpbI3SLyGwRdgcID/RvNK8slRsAd+mdc56HFQRvY+Vf0Af0r2Cza1DXt5ibXmt70A0qO95jurK2Ya8UUmGL170zXIYm0kau5EG4pimMiQCiLtVS+GPR13lr1WkcJ5ytEWXjPOfrxGyHtFBUBv1LsZHldxk16oSLABxm+D3Ri56PbX3QR6dtwxp3cYTp9Lquuc8+ZdNlzEQS7J1kSF+idq3TRIaMCHk85Y954jF05gG34nIVfoJpcqvZIQVRq0C8UqMbDZnH6eURm1P9S0+LVBLI9coZALhQP8Jtsr1GOLUEsHCLA0t+xzBQAA5wwAAFBLAwQKAAkAAABdYptIeEPUixYAAAAKAAAALQAcAGQ2ZmI4Y2ZjMWJmNDIxOTk3YzY5YTcwYjFjMDljNDAxLmZpbGVuYW1lLnR4dFVUCQADMa4gVzGuIFd1eAsAAQQhAAAABCEAAAA289ZdJ4JRIyUgYvpovk4B/MitQrALUEsHCHhD1IsWAAAACgAAAFBLAQIeAxQACQAIAF1im0iwNLfscwUAAOcMAAAgABgAAAAAAAEAAACkgQAAAABkNmZiOGNmYzFiZjQyMTk5N2M2OWE3MGIxYzA5YzQwMVVUBQADMa4gV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAF1im0h4Q9SLFgAAAAoAAAAtABgAAAAAAAEAAACkgd0FAABkNmZiOGNmYzFiZjQyMTk5N2M2OWE3MGIxYzA5YzQwMS5maWxlbmFtZS50eHRVVAUAAzGuIFd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAagYAAAAA' AND file:name = 'fa1bec1.js' AND file:hashes.MD5 = 'd6fb8cfc1bf421997c69a70b1c09c401' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae32-724c-4ef7-a72a-43fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:58.000Z",
"modified": "2016-04-27T12:18:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'fa1bec1.js' AND file:hashes.SHA1 = 'd8760f53d1d3a54b4414e35f6036917dd99fa2d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720ae33-3e14-4459-b199-496c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:18:59.000Z",
"modified": "2016-04-27T12:18:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'fa1bec1.js' AND file:hashes.SHA256 = '5953ea26eaa8cbb6494d02dc48cdb8dd96e8e35ef39e1d6a850d9ef867f86572']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:18:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd0-f300-425d-bf95-46e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:52.000Z",
"modified": "2016-04-27T12:25:52.000Z",
"first_observed": "2016-04-27T12:25:52Z",
"last_observed": "2016-04-27T12:25:52Z",
"number_observed": 1,
"object_refs": [
"url--5720afd0-f300-425d-bf95-46e402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd0-f300-425d-bf95-46e402de0b81",
"value": "https://www.virustotal.com/file/5953ea26eaa8cbb6494d02dc48cdb8dd96e8e35ef39e1d6a850d9ef867f86572/analysis/1461757510/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd0-a7bc-4623-bb92-439102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:52.000Z",
"modified": "2016-04-27T12:25:52.000Z",
"first_observed": "2016-04-27T12:25:52Z",
"last_observed": "2016-04-27T12:25:52Z",
"number_observed": 1,
"object_refs": [
"url--5720afd0-a7bc-4623-bb92-439102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd0-a7bc-4623-bb92-439102de0b81",
"value": "https://www.virustotal.com/file/85c5e2ab9e370e98dd9d86a3d30c7868f7ca0c5a1cf36a15fd72a0766c6d4ba4/analysis/1461755792/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd1-ad78-4824-909d-44d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:53.000Z",
"modified": "2016-04-27T12:25:53.000Z",
"first_observed": "2016-04-27T12:25:53Z",
"last_observed": "2016-04-27T12:25:53Z",
"number_observed": 1,
"object_refs": [
"url--5720afd1-ad78-4824-909d-44d002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd1-ad78-4824-909d-44d002de0b81",
"value": "https://www.virustotal.com/file/b75516ca7caf321676d5a57051eb85a164d9f42505e152ffdda97b43c6e80c82/analysis/1461755238/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd1-5cb4-4584-b099-4b3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:53.000Z",
"modified": "2016-04-27T12:25:53.000Z",
"first_observed": "2016-04-27T12:25:53Z",
"last_observed": "2016-04-27T12:25:53Z",
"number_observed": 1,
"object_refs": [
"url--5720afd1-5cb4-4584-b099-4b3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd1-5cb4-4584-b099-4b3702de0b81",
"value": "https://www.virustotal.com/file/239226bac73deb22a2c4200c9f8330a62ff2362b9432fd1c45ede9a045103584/analysis/1461757838/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd2-5560-4df1-b2c3-4bd902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:54.000Z",
"modified": "2016-04-27T12:25:54.000Z",
"first_observed": "2016-04-27T12:25:54Z",
"last_observed": "2016-04-27T12:25:54Z",
"number_observed": 1,
"object_refs": [
"url--5720afd2-5560-4df1-b2c3-4bd902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd2-5560-4df1-b2c3-4bd902de0b81",
"value": "https://www.virustotal.com/file/13be09da86d7bf87274cc7df1895f3f1d64e48d703a9f798e5a0f974eb3acd28/analysis/1461755239/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd2-e7f4-43ad-8618-421402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:54.000Z",
"modified": "2016-04-27T12:25:54.000Z",
"first_observed": "2016-04-27T12:25:54Z",
"last_observed": "2016-04-27T12:25:54Z",
"number_observed": 1,
"object_refs": [
"url--5720afd2-e7f4-43ad-8618-421402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd2-e7f4-43ad-8618-421402de0b81",
"value": "https://www.virustotal.com/file/253f46233a22b9361273b56d3f548694a8c3256246de125a30400acfe2cef559/analysis/1461755215/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd3-6cac-4d5f-8093-462e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:55.000Z",
"modified": "2016-04-27T12:25:55.000Z",
"first_observed": "2016-04-27T12:25:55Z",
"last_observed": "2016-04-27T12:25:55Z",
"number_observed": 1,
"object_refs": [
"url--5720afd3-6cac-4d5f-8093-462e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd3-6cac-4d5f-8093-462e02de0b81",
"value": "https://www.virustotal.com/file/a8aa94ecb6a6d8d06acbf7b41e269cd98c2c3fa096c26ed83d606b1ded3e679a/analysis/1461755889/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd3-eb4c-4b9a-8ac6-456102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:55.000Z",
"modified": "2016-04-27T12:25:55.000Z",
"first_observed": "2016-04-27T12:25:55Z",
"last_observed": "2016-04-27T12:25:55Z",
"number_observed": 1,
"object_refs": [
"url--5720afd3-eb4c-4b9a-8ac6-456102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd3-eb4c-4b9a-8ac6-456102de0b81",
"value": "https://www.virustotal.com/file/4bd76b62e7c98107f45e2d072c278c2c3c7dd269437a2f7e55c2719542003811/analysis/1461756105/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd3-5370-4752-89cf-439502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:55.000Z",
"modified": "2016-04-27T12:25:55.000Z",
"first_observed": "2016-04-27T12:25:55Z",
"last_observed": "2016-04-27T12:25:55Z",
"number_observed": 1,
"object_refs": [
"url--5720afd3-5370-4752-89cf-439502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd3-5370-4752-89cf-439502de0b81",
"value": "https://www.virustotal.com/file/cc9cbea16b867f6f795a5441a32a49a98755028fa4b963c032267db07f2d0d3c/analysis/1461751754/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd4-ff4c-42a8-976e-47e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:56.000Z",
"modified": "2016-04-27T12:25:56.000Z",
"first_observed": "2016-04-27T12:25:56Z",
"last_observed": "2016-04-27T12:25:56Z",
"number_observed": 1,
"object_refs": [
"url--5720afd4-ff4c-42a8-976e-47e702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd4-ff4c-42a8-976e-47e702de0b81",
"value": "https://www.virustotal.com/file/956742ee6039912d4405371405d07d2d9f0230e5593efe5bef79bdedae998ba8/analysis/1461755278/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd4-f26c-46d5-9eac-413702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:56.000Z",
"modified": "2016-04-27T12:25:56.000Z",
"first_observed": "2016-04-27T12:25:56Z",
"last_observed": "2016-04-27T12:25:56Z",
"number_observed": 1,
"object_refs": [
"url--5720afd4-f26c-46d5-9eac-413702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd4-f26c-46d5-9eac-413702de0b81",
"value": "https://www.virustotal.com/file/37070ea6a410149a8148d2b15720aa0481c2287b5eeccba05c68418eba72da07/analysis/1461748593/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd5-62a8-4264-b9b8-4e3002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:57.000Z",
"modified": "2016-04-27T12:25:57.000Z",
"first_observed": "2016-04-27T12:25:57Z",
"last_observed": "2016-04-27T12:25:57Z",
"number_observed": 1,
"object_refs": [
"url--5720afd5-62a8-4264-b9b8-4e3002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd5-62a8-4264-b9b8-4e3002de0b81",
"value": "https://www.virustotal.com/file/4d28d9a18fb83bafe33ac4ec23168d001fbfdabb8eb3fc587b432a765bcc5092/analysis/1461755412/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd5-db34-4ac1-bcb7-4ffa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:57.000Z",
"modified": "2016-04-27T12:25:57.000Z",
"first_observed": "2016-04-27T12:25:57Z",
"last_observed": "2016-04-27T12:25:57Z",
"number_observed": 1,
"object_refs": [
"url--5720afd5-db34-4ac1-bcb7-4ffa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd5-db34-4ac1-bcb7-4ffa02de0b81",
"value": "https://www.virustotal.com/file/d7b1aa05d95d8358f8911ccd6ad871abfb4d080536192d39a7b725d5911b9e0c/analysis/1461754815/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd5-dbb0-483a-b6b5-4b1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:57.000Z",
"modified": "2016-04-27T12:25:57.000Z",
"first_observed": "2016-04-27T12:25:57Z",
"last_observed": "2016-04-27T12:25:57Z",
"number_observed": 1,
"object_refs": [
"url--5720afd5-dbb0-483a-b6b5-4b1402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd5-dbb0-483a-b6b5-4b1402de0b81",
"value": "https://www.virustotal.com/file/aca13acd3a6d756eb63150e25b58a9133397782d826f7d1ebc16b4dd4f816b44/analysis/1461756244/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd6-3584-4e63-97fa-409502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:58.000Z",
"modified": "2016-04-27T12:25:58.000Z",
"first_observed": "2016-04-27T12:25:58Z",
"last_observed": "2016-04-27T12:25:58Z",
"number_observed": 1,
"object_refs": [
"url--5720afd6-3584-4e63-97fa-409502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd6-3584-4e63-97fa-409502de0b81",
"value": "https://www.virustotal.com/file/9eb2f1294237a310074e121855d3969964d60d36c4bffc5c7a5fe70ce99a67ff/analysis/1461756246/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd6-2378-4471-b926-495102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:58.000Z",
"modified": "2016-04-27T12:25:58.000Z",
"first_observed": "2016-04-27T12:25:58Z",
"last_observed": "2016-04-27T12:25:58Z",
"number_observed": 1,
"object_refs": [
"url--5720afd6-2378-4471-b926-495102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd6-2378-4471-b926-495102de0b81",
"value": "https://www.virustotal.com/file/84d48d5c206821350b01cadc97292a4be20338d4a512df1e70d707ae69caa31d/analysis/1461756553/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd7-b0d4-47ed-93d0-4c7502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:59.000Z",
"modified": "2016-04-27T12:25:59.000Z",
"first_observed": "2016-04-27T12:25:59Z",
"last_observed": "2016-04-27T12:25:59Z",
"number_observed": 1,
"object_refs": [
"url--5720afd7-b0d4-47ed-93d0-4c7502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd7-b0d4-47ed-93d0-4c7502de0b81",
"value": "https://www.virustotal.com/file/f10cafee4db5bce4b8f079eb146954a94a245830050a87a4a7dd461a1230cc01/analysis/1461754676/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd7-ba04-448e-b8a1-412502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:25:59.000Z",
"modified": "2016-04-27T12:25:59.000Z",
"first_observed": "2016-04-27T12:25:59Z",
"last_observed": "2016-04-27T12:25:59Z",
"number_observed": 1,
"object_refs": [
"url--5720afd7-ba04-448e-b8a1-412502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd7-ba04-448e-b8a1-412502de0b81",
"value": "https://www.virustotal.com/file/8ca84fe1f5b6b42252bbc043b3bb275c207511995245a2457be3fdfbbcc6327b/analysis/1461754726/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd8-6d28-4aed-907f-423502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:00.000Z",
"modified": "2016-04-27T12:26:00.000Z",
"first_observed": "2016-04-27T12:26:00Z",
"last_observed": "2016-04-27T12:26:00Z",
"number_observed": 1,
"object_refs": [
"url--5720afd8-6d28-4aed-907f-423502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd8-6d28-4aed-907f-423502de0b81",
"value": "https://www.virustotal.com/file/e56e772f874ca3ab5a7445fbd87f9d6990fb072fb52e7ad9af6dc2bc64348ec1/analysis/1461756725/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd8-014c-45fb-b71d-419802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:00.000Z",
"modified": "2016-04-27T12:26:00.000Z",
"first_observed": "2016-04-27T12:26:00Z",
"last_observed": "2016-04-27T12:26:00Z",
"number_observed": 1,
"object_refs": [
"url--5720afd8-014c-45fb-b71d-419802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd8-014c-45fb-b71d-419802de0b81",
"value": "https://www.virustotal.com/file/dbb0f39b5781ce587cb1b19804c40ba5ebbd6dd7da4b70fa38a0caa0e280badf/analysis/1461758005/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd8-4f28-478b-bb5f-4def02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:00.000Z",
"modified": "2016-04-27T12:26:00.000Z",
"first_observed": "2016-04-27T12:26:00Z",
"last_observed": "2016-04-27T12:26:00Z",
"number_observed": 1,
"object_refs": [
"url--5720afd8-4f28-478b-bb5f-4def02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd8-4f28-478b-bb5f-4def02de0b81",
"value": "https://www.virustotal.com/file/0549b72ffef7bd8a8808a2ec4a8eae42c3d8b399ebd190dcbe722ff37abedd98/analysis/1461757920/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd9-b408-402c-b6e3-498a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:01.000Z",
"modified": "2016-04-27T12:26:01.000Z",
"first_observed": "2016-04-27T12:26:01Z",
"last_observed": "2016-04-27T12:26:01Z",
"number_observed": 1,
"object_refs": [
"url--5720afd9-b408-402c-b6e3-498a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd9-b408-402c-b6e3-498a02de0b81",
"value": "https://www.virustotal.com/file/724e2aa3373ba20ad5a92052ef047ee0a73a06f06cca402c9809b4d41b78eb60/analysis/1461755792/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afd9-5728-41a6-bf6d-472802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:01.000Z",
"modified": "2016-04-27T12:26:01.000Z",
"first_observed": "2016-04-27T12:26:01Z",
"last_observed": "2016-04-27T12:26:01Z",
"number_observed": 1,
"object_refs": [
"url--5720afd9-5728-41a6-bf6d-472802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afd9-5728-41a6-bf6d-472802de0b81",
"value": "https://www.virustotal.com/file/0e8dc7ffee1a0f2e7fbd37576d4937c2711b27b5176711a0683080e5e6a453a4/analysis/1461755831/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afda-9400-411f-9f50-4e1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:02.000Z",
"modified": "2016-04-27T12:26:02.000Z",
"first_observed": "2016-04-27T12:26:02Z",
"last_observed": "2016-04-27T12:26:02Z",
"number_observed": 1,
"object_refs": [
"url--5720afda-9400-411f-9f50-4e1402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afda-9400-411f-9f50-4e1402de0b81",
"value": "https://www.virustotal.com/file/7672fce9bc8da3c4b4cdc9b2f484e64df876967d115c9077d18ff3e5d793abdf/analysis/1461755490/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afda-20b8-4383-a90c-434502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:02.000Z",
"modified": "2016-04-27T12:26:02.000Z",
"first_observed": "2016-04-27T12:26:02Z",
"last_observed": "2016-04-27T12:26:02Z",
"number_observed": 1,
"object_refs": [
"url--5720afda-20b8-4383-a90c-434502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afda-20b8-4383-a90c-434502de0b81",
"value": "https://www.virustotal.com/file/ad52b63a6aa7262c163e098e6fb64bc421b2f90a11211f8d848a9288cd90b54b/analysis/1461754395/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdb-de40-454b-b506-466302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:03.000Z",
"modified": "2016-04-27T12:26:03.000Z",
"first_observed": "2016-04-27T12:26:03Z",
"last_observed": "2016-04-27T12:26:03Z",
"number_observed": 1,
"object_refs": [
"url--5720afdb-de40-454b-b506-466302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdb-de40-454b-b506-466302de0b81",
"value": "https://www.virustotal.com/file/8ecb9297a5272cf8403d23dcc4b76e703112a4b954fbaf53f450417effa3e2a8/analysis/1461758235/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdb-8f0c-4fc7-a733-482d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:03.000Z",
"modified": "2016-04-27T12:26:03.000Z",
"first_observed": "2016-04-27T12:26:03Z",
"last_observed": "2016-04-27T12:26:03Z",
"number_observed": 1,
"object_refs": [
"url--5720afdb-8f0c-4fc7-a733-482d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdb-8f0c-4fc7-a733-482d02de0b81",
"value": "https://www.virustotal.com/file/6284a4144fe8641b848235683e06fd520439b3e282e75594fa89f2ddab2d73ad/analysis/1461755189/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdb-8114-44b8-80d0-445702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:03.000Z",
"modified": "2016-04-27T12:26:03.000Z",
"first_observed": "2016-04-27T12:26:03Z",
"last_observed": "2016-04-27T12:26:03Z",
"number_observed": 1,
"object_refs": [
"url--5720afdb-8114-44b8-80d0-445702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdb-8114-44b8-80d0-445702de0b81",
"value": "https://www.virustotal.com/file/2de67b43a45b0bd4db35a1b04917b336373d962688f85a5e69883cc40d4db394/analysis/1461754429/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdc-6274-4ee4-a49f-44b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:04.000Z",
"modified": "2016-04-27T12:26:04.000Z",
"first_observed": "2016-04-27T12:26:04Z",
"last_observed": "2016-04-27T12:26:04Z",
"number_observed": 1,
"object_refs": [
"url--5720afdc-6274-4ee4-a49f-44b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdc-6274-4ee4-a49f-44b302de0b81",
"value": "https://www.virustotal.com/file/f9c5be688ce00bd38e9224d079b30b9262354db1afff0575e2b69d4eba531916/analysis/1461755429/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdc-0934-4511-ba2b-490802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:04.000Z",
"modified": "2016-04-27T12:26:04.000Z",
"first_observed": "2016-04-27T12:26:04Z",
"last_observed": "2016-04-27T12:26:04Z",
"number_observed": 1,
"object_refs": [
"url--5720afdc-0934-4511-ba2b-490802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdc-0934-4511-ba2b-490802de0b81",
"value": "https://www.virustotal.com/file/e57393d6ef4c9504099c3a2ece4b7520637e4932a8cf3c70f2b51ef1c5ac2bbb/analysis/1461756307/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdd-9a08-45d0-81db-44a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:05.000Z",
"modified": "2016-04-27T12:26:05.000Z",
"first_observed": "2016-04-27T12:26:05Z",
"last_observed": "2016-04-27T12:26:05Z",
"number_observed": 1,
"object_refs": [
"url--5720afdd-9a08-45d0-81db-44a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdd-9a08-45d0-81db-44a002de0b81",
"value": "https://www.virustotal.com/file/bc09f01042091a147d5b08b83d00534f66d20a32924ce7efcc58687d9bd53da2/analysis/1461757806/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdd-32e4-47a9-b220-414b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:05.000Z",
"modified": "2016-04-27T12:26:05.000Z",
"first_observed": "2016-04-27T12:26:05Z",
"last_observed": "2016-04-27T12:26:05Z",
"number_observed": 1,
"object_refs": [
"url--5720afdd-32e4-47a9-b220-414b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdd-32e4-47a9-b220-414b02de0b81",
"value": "https://www.virustotal.com/file/dad9429bc12889d75c39e896eb343596b8ca8e657823927c20adf5e8f7248ccd/analysis/1461755731/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdd-f240-409c-88bb-4cdb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:05.000Z",
"modified": "2016-04-27T12:26:05.000Z",
"first_observed": "2016-04-27T12:26:05Z",
"last_observed": "2016-04-27T12:26:05Z",
"number_observed": 1,
"object_refs": [
"url--5720afdd-f240-409c-88bb-4cdb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdd-f240-409c-88bb-4cdb02de0b81",
"value": "https://www.virustotal.com/file/362fb8371c557736fc123229ea15003ff0ed4357be8920a759c9f2934b2dabdf/analysis/1461754584/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afde-827c-4cd4-aed7-45b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:06.000Z",
"modified": "2016-04-27T12:26:06.000Z",
"first_observed": "2016-04-27T12:26:06Z",
"last_observed": "2016-04-27T12:26:06Z",
"number_observed": 1,
"object_refs": [
"url--5720afde-827c-4cd4-aed7-45b702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afde-827c-4cd4-aed7-45b702de0b81",
"value": "https://www.virustotal.com/file/83427674a03259a49c1fcd5b7ed16ec1461efc635e58b8bf99c0350ee26da4b6/analysis/1461756236/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afde-118c-4726-845b-41f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:06.000Z",
"modified": "2016-04-27T12:26:06.000Z",
"first_observed": "2016-04-27T12:26:06Z",
"last_observed": "2016-04-27T12:26:06Z",
"number_observed": 1,
"object_refs": [
"url--5720afde-118c-4726-845b-41f002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afde-118c-4726-845b-41f002de0b81",
"value": "https://www.virustotal.com/file/664155a3950db4393a5694d20bed30fd329ebdb0dab32be75ca603a917f4367e/analysis/1461754462/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdf-2168-4518-a036-445502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:07.000Z",
"modified": "2016-04-27T12:26:07.000Z",
"first_observed": "2016-04-27T12:26:07Z",
"last_observed": "2016-04-27T12:26:07Z",
"number_observed": 1,
"object_refs": [
"url--5720afdf-2168-4518-a036-445502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdf-2168-4518-a036-445502de0b81",
"value": "https://www.virustotal.com/file/030ba1c93958c11e4983348112a793aeb26c178e9a53586e79b05ad2607c5e63/analysis/1461752818/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afdf-14c0-4a76-abc1-44ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:07.000Z",
"modified": "2016-04-27T12:26:07.000Z",
"first_observed": "2016-04-27T12:26:07Z",
"last_observed": "2016-04-27T12:26:07Z",
"number_observed": 1,
"object_refs": [
"url--5720afdf-14c0-4a76-abc1-44ab02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afdf-14c0-4a76-abc1-44ab02de0b81",
"value": "https://www.virustotal.com/file/691dcebba448ec884af8a48eabaa8f71968ac3a66ea309e07ca6ba485937241e/analysis/1461754908/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe0-eef4-4019-8162-4b4202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:08.000Z",
"modified": "2016-04-27T12:26:08.000Z",
"first_observed": "2016-04-27T12:26:08Z",
"last_observed": "2016-04-27T12:26:08Z",
"number_observed": 1,
"object_refs": [
"url--5720afe0-eef4-4019-8162-4b4202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe0-eef4-4019-8162-4b4202de0b81",
"value": "https://www.virustotal.com/file/30075062061a6fd6109c35b3e3289f84a2d4a4a764d27183941531dd8cb43ddf/analysis/1461759017/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe0-7828-459c-a90b-42b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:08.000Z",
"modified": "2016-04-27T12:26:08.000Z",
"first_observed": "2016-04-27T12:26:08Z",
"last_observed": "2016-04-27T12:26:08Z",
"number_observed": 1,
"object_refs": [
"url--5720afe0-7828-459c-a90b-42b102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe0-7828-459c-a90b-42b102de0b81",
"value": "https://www.virustotal.com/file/a22e32f2b88a6a0b3b744bf99096b528803cc359cb8eb6197f7b94a10bbc4460/analysis/1461752538/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe0-9308-41f3-a12f-4a7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:08.000Z",
"modified": "2016-04-27T12:26:08.000Z",
"first_observed": "2016-04-27T12:26:08Z",
"last_observed": "2016-04-27T12:26:08Z",
"number_observed": 1,
"object_refs": [
"url--5720afe0-9308-41f3-a12f-4a7a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe0-9308-41f3-a12f-4a7a02de0b81",
"value": "https://www.virustotal.com/file/02c9ebd8f8e531e0c5594ec00311a9ef3dbdeffa346bb92fbd41068f37b1abfb/analysis/1461757731/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe1-9384-4cd9-909a-45d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:09.000Z",
"modified": "2016-04-27T12:26:09.000Z",
"first_observed": "2016-04-27T12:26:09Z",
"last_observed": "2016-04-27T12:26:09Z",
"number_observed": 1,
"object_refs": [
"url--5720afe1-9384-4cd9-909a-45d602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe1-9384-4cd9-909a-45d602de0b81",
"value": "https://www.virustotal.com/file/5cdb625edf3415d9a88a1ceb81eb9bbf8b7aab265ffabf72f59844ef8a075d34/analysis/1461752536/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe1-777c-4c94-ac0f-4f2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:09.000Z",
"modified": "2016-04-27T12:26:09.000Z",
"first_observed": "2016-04-27T12:26:09Z",
"last_observed": "2016-04-27T12:26:09Z",
"number_observed": 1,
"object_refs": [
"url--5720afe1-777c-4c94-ac0f-4f2d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe1-777c-4c94-ac0f-4f2d02de0b81",
"value": "https://www.virustotal.com/file/7b80f6683777b30f4e0d1125cdc0d2dc3618edda67019f61662eb74036dd6cc6/analysis/1461757628/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe2-5edc-4ad1-a4ac-460602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:10.000Z",
"modified": "2016-04-27T12:26:10.000Z",
"first_observed": "2016-04-27T12:26:10Z",
"last_observed": "2016-04-27T12:26:10Z",
"number_observed": 1,
"object_refs": [
"url--5720afe2-5edc-4ad1-a4ac-460602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe2-5edc-4ad1-a4ac-460602de0b81",
"value": "https://www.virustotal.com/file/64a573f96cbe3f9a8127b04e85e8510cd0c4d9e37423e85078a6fe09325900d0/analysis/1461752768/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe2-07d0-49f1-880b-4aec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:10.000Z",
"modified": "2016-04-27T12:26:10.000Z",
"first_observed": "2016-04-27T12:26:10Z",
"last_observed": "2016-04-27T12:26:10Z",
"number_observed": 1,
"object_refs": [
"url--5720afe2-07d0-49f1-880b-4aec02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe2-07d0-49f1-880b-4aec02de0b81",
"value": "https://www.virustotal.com/file/7968e2e214e1dc1c205628f8cb6cf0ed2da544c37c4cff5de0ce2b22840028f7/analysis/1461757130/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe3-0f0c-43f2-93ae-4e3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:11.000Z",
"modified": "2016-04-27T12:26:11.000Z",
"first_observed": "2016-04-27T12:26:11Z",
"last_observed": "2016-04-27T12:26:11Z",
"number_observed": 1,
"object_refs": [
"url--5720afe3-0f0c-43f2-93ae-4e3902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe3-0f0c-43f2-93ae-4e3902de0b81",
"value": "https://www.virustotal.com/file/cd9b7db514202035fa113f3138ce5c18a0f9bd37dfc98e7877424c08bf526825/analysis/1461755183/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe3-3d20-44a0-b7e8-46bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:11.000Z",
"modified": "2016-04-27T12:26:11.000Z",
"first_observed": "2016-04-27T12:26:11Z",
"last_observed": "2016-04-27T12:26:11Z",
"number_observed": 1,
"object_refs": [
"url--5720afe3-3d20-44a0-b7e8-46bf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe3-3d20-44a0-b7e8-46bf02de0b81",
"value": "https://www.virustotal.com/file/dc18453e59c18388ab3f86712df1769b7563cfdb35b2a741fdce432e76e2ab38/analysis/1461758526/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe3-8594-40fc-9503-4d1302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:11.000Z",
"modified": "2016-04-27T12:26:11.000Z",
"first_observed": "2016-04-27T12:26:11Z",
"last_observed": "2016-04-27T12:26:11Z",
"number_observed": 1,
"object_refs": [
"url--5720afe3-8594-40fc-9503-4d1302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe3-8594-40fc-9503-4d1302de0b81",
"value": "https://www.virustotal.com/file/0f55d61059f0351aeb747a9275efc6c9ca6458d908ac96329841f69b469c8b4d/analysis/1461755976/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe4-1230-48a6-9d20-434b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:12.000Z",
"modified": "2016-04-27T12:26:12.000Z",
"first_observed": "2016-04-27T12:26:12Z",
"last_observed": "2016-04-27T12:26:12Z",
"number_observed": 1,
"object_refs": [
"url--5720afe4-1230-48a6-9d20-434b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe4-1230-48a6-9d20-434b02de0b81",
"value": "https://www.virustotal.com/file/093f3fa00bf7c539c1ecb63a558e3c76b92626e4c577add2878593a142a9f9a3/analysis/1461755913/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe4-761c-4711-8e89-4e4e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:12.000Z",
"modified": "2016-04-27T12:26:12.000Z",
"first_observed": "2016-04-27T12:26:12Z",
"last_observed": "2016-04-27T12:26:12Z",
"number_observed": 1,
"object_refs": [
"url--5720afe4-761c-4711-8e89-4e4e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe4-761c-4711-8e89-4e4e02de0b81",
"value": "https://www.virustotal.com/file/09c7f049ca5ec0e5cc138c2a39ec201e160c69ed0ea67a1308d32671b5b9ca9c/analysis/1461755984/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe5-563c-4ada-b5ec-4ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:13.000Z",
"modified": "2016-04-27T12:26:13.000Z",
"first_observed": "2016-04-27T12:26:13Z",
"last_observed": "2016-04-27T12:26:13Z",
"number_observed": 1,
"object_refs": [
"url--5720afe5-563c-4ada-b5ec-4ba102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe5-563c-4ada-b5ec-4ba102de0b81",
"value": "https://www.virustotal.com/file/df6b08f38c12c7157458e58f8fb14abfd30bd05842255bc7f53ee6d0a17b9c1d/analysis/1461754674/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe5-5208-477c-8396-4ff902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:13.000Z",
"modified": "2016-04-27T12:26:13.000Z",
"first_observed": "2016-04-27T12:26:13Z",
"last_observed": "2016-04-27T12:26:13Z",
"number_observed": 1,
"object_refs": [
"url--5720afe5-5208-477c-8396-4ff902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe5-5208-477c-8396-4ff902de0b81",
"value": "https://www.virustotal.com/file/695d757dc0e57e99b08e2f0872a24799e9e8144175c1abf92bbd13bf6765414b/analysis/1461756054/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe5-5860-42c1-b7e0-436f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:13.000Z",
"modified": "2016-04-27T12:26:13.000Z",
"first_observed": "2016-04-27T12:26:13Z",
"last_observed": "2016-04-27T12:26:13Z",
"number_observed": 1,
"object_refs": [
"url--5720afe5-5860-42c1-b7e0-436f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe5-5860-42c1-b7e0-436f02de0b81",
"value": "https://www.virustotal.com/file/e62e5763c663b9fe8ad1309841c5e8031f1323b7efb59824663d43e084c1cfc8/analysis/1461758419/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe6-d674-447f-9325-4a0b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:14.000Z",
"modified": "2016-04-27T12:26:14.000Z",
"first_observed": "2016-04-27T12:26:14Z",
"last_observed": "2016-04-27T12:26:14Z",
"number_observed": 1,
"object_refs": [
"url--5720afe6-d674-447f-9325-4a0b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe6-d674-447f-9325-4a0b02de0b81",
"value": "https://www.virustotal.com/file/4ae68705dc40d37462d11056039306b3d45d7c580de1f3854b354eabcae4ec95/analysis/1461756348/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe6-6f6c-47cc-8e9b-4fb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:14.000Z",
"modified": "2016-04-27T12:26:14.000Z",
"first_observed": "2016-04-27T12:26:14Z",
"last_observed": "2016-04-27T12:26:14Z",
"number_observed": 1,
"object_refs": [
"url--5720afe6-6f6c-47cc-8e9b-4fb102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe6-6f6c-47cc-8e9b-4fb102de0b81",
"value": "https://www.virustotal.com/file/b31168c5cb3138bce6cc5dd7c85ceaef3902b5f59e01d32bef7c177c548b7d8b/analysis/1461754216/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe7-a03c-4402-8673-426902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:15.000Z",
"modified": "2016-04-27T12:26:15.000Z",
"first_observed": "2016-04-27T12:26:15Z",
"last_observed": "2016-04-27T12:26:15Z",
"number_observed": 1,
"object_refs": [
"url--5720afe7-a03c-4402-8673-426902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe7-a03c-4402-8673-426902de0b81",
"value": "https://www.virustotal.com/file/7e5f4851383ad3cb2cba784e13b723a86c44116e0846d0278ad6237e63f1323b/analysis/1461751775/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe7-de94-46de-8411-4ad202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:15.000Z",
"modified": "2016-04-27T12:26:15.000Z",
"first_observed": "2016-04-27T12:26:15Z",
"last_observed": "2016-04-27T12:26:15Z",
"number_observed": 1,
"object_refs": [
"url--5720afe7-de94-46de-8411-4ad202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe7-de94-46de-8411-4ad202de0b81",
"value": "https://www.virustotal.com/file/684d82f2d03b11467ba60d075a0065804ce05b613017aa7ea3cac80c5fbacbe7/analysis/1461758411/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe8-6798-423d-8c6c-4a0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:16.000Z",
"modified": "2016-04-27T12:26:16.000Z",
"first_observed": "2016-04-27T12:26:16Z",
"last_observed": "2016-04-27T12:26:16Z",
"number_observed": 1,
"object_refs": [
"url--5720afe8-6798-423d-8c6c-4a0202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe8-6798-423d-8c6c-4a0202de0b81",
"value": "https://www.virustotal.com/file/0a5d8efa11abda2a2ad2b90cff3867f67192789234e3ca56ad10e7c40ef9913e/analysis/1461755530/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe8-fcf8-4e89-946e-40c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:16.000Z",
"modified": "2016-04-27T12:26:16.000Z",
"first_observed": "2016-04-27T12:26:16Z",
"last_observed": "2016-04-27T12:26:16Z",
"number_observed": 1,
"object_refs": [
"url--5720afe8-fcf8-4e89-946e-40c502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe8-fcf8-4e89-946e-40c502de0b81",
"value": "https://www.virustotal.com/file/238d680d23f80cac7348f763df6709c5ee1172b099c14fee97553affaf6c41e1/analysis/1461756312/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe8-fcfc-47b2-a377-43d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:16.000Z",
"modified": "2016-04-27T12:26:16.000Z",
"first_observed": "2016-04-27T12:26:16Z",
"last_observed": "2016-04-27T12:26:16Z",
"number_observed": 1,
"object_refs": [
"url--5720afe8-fcfc-47b2-a377-43d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe8-fcfc-47b2-a377-43d302de0b81",
"value": "https://www.virustotal.com/file/38fef03e595b5b1c214f3f3acb81702df3156536f5e6ce4126ff338b27238d7e/analysis/1461755711/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe9-efa8-4345-8192-459902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:17.000Z",
"modified": "2016-04-27T12:26:17.000Z",
"first_observed": "2016-04-27T12:26:17Z",
"last_observed": "2016-04-27T12:26:17Z",
"number_observed": 1,
"object_refs": [
"url--5720afe9-efa8-4345-8192-459902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe9-efa8-4345-8192-459902de0b81",
"value": "https://www.virustotal.com/file/59a227ee15d13f532d0a79909747737d689f6a66d2b34467f89be7f60e934d87/analysis/1461756105/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afe9-6148-48d0-b882-49fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:17.000Z",
"modified": "2016-04-27T12:26:17.000Z",
"first_observed": "2016-04-27T12:26:17Z",
"last_observed": "2016-04-27T12:26:17Z",
"number_observed": 1,
"object_refs": [
"url--5720afe9-6148-48d0-b882-49fb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afe9-6148-48d0-b882-49fb02de0b81",
"value": "https://www.virustotal.com/file/02ad31f1b90bf75e34caddda33d9b7f51283f84c140fe44faf6380d5c52eda07/analysis/1461754974/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afea-0f98-460f-83b1-4d2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:18.000Z",
"modified": "2016-04-27T12:26:18.000Z",
"first_observed": "2016-04-27T12:26:18Z",
"last_observed": "2016-04-27T12:26:18Z",
"number_observed": 1,
"object_refs": [
"url--5720afea-0f98-460f-83b1-4d2d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afea-0f98-460f-83b1-4d2d02de0b81",
"value": "https://www.virustotal.com/file/54446e2f430c43cdae5ab20a36f83b6444d9750b8de03c10ca79080f0fa327ee/analysis/1461756329/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afea-21e8-4651-b478-4edc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:18.000Z",
"modified": "2016-04-27T12:26:18.000Z",
"first_observed": "2016-04-27T12:26:18Z",
"last_observed": "2016-04-27T12:26:18Z",
"number_observed": 1,
"object_refs": [
"url--5720afea-21e8-4651-b478-4edc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afea-21e8-4651-b478-4edc02de0b81",
"value": "https://www.virustotal.com/file/73949eed422bbf33f8f6547957aa191abecda41ce45eb439fb765ce155690c2a/analysis/1461755792/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afea-b4c4-40e9-8608-447502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:18.000Z",
"modified": "2016-04-27T12:26:18.000Z",
"first_observed": "2016-04-27T12:26:18Z",
"last_observed": "2016-04-27T12:26:18Z",
"number_observed": 1,
"object_refs": [
"url--5720afea-b4c4-40e9-8608-447502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afea-b4c4-40e9-8608-447502de0b81",
"value": "https://www.virustotal.com/file/878c25cc56787d6a5a7e0116237240ffa9e0d96e4b0a8d1d793d6d237525309b/analysis/1461751576/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afeb-0fc4-43c3-8773-446602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:19.000Z",
"modified": "2016-04-27T12:26:19.000Z",
"first_observed": "2016-04-27T12:26:19Z",
"last_observed": "2016-04-27T12:26:19Z",
"number_observed": 1,
"object_refs": [
"url--5720afeb-0fc4-43c3-8773-446602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afeb-0fc4-43c3-8773-446602de0b81",
"value": "https://www.virustotal.com/file/fd10c3848b89d978a0b22afa4cc0e173cdd5de651ca62c09c44d5e9b94b83519/analysis/1461755058/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afeb-23c0-446c-9d98-459002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:19.000Z",
"modified": "2016-04-27T12:26:19.000Z",
"first_observed": "2016-04-27T12:26:19Z",
"last_observed": "2016-04-27T12:26:19Z",
"number_observed": 1,
"object_refs": [
"url--5720afeb-23c0-446c-9d98-459002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afeb-23c0-446c-9d98-459002de0b81",
"value": "https://www.virustotal.com/file/e1d4703c7d9fb325d6a1d16f7c338727eac0ed8c85e8aa4634ee815714a7ad19/analysis/1461758105/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afec-9cb0-4396-8871-49b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:20.000Z",
"modified": "2016-04-27T12:26:20.000Z",
"first_observed": "2016-04-27T12:26:20Z",
"last_observed": "2016-04-27T12:26:20Z",
"number_observed": 1,
"object_refs": [
"url--5720afec-9cb0-4396-8871-49b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afec-9cb0-4396-8871-49b302de0b81",
"value": "https://www.virustotal.com/file/b8c6acab14c2d817f78f698fa542929453bd32a235003571b16108ceefca3344/analysis/1461757393/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afec-af24-4388-86e5-467b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:20.000Z",
"modified": "2016-04-27T12:26:20.000Z",
"first_observed": "2016-04-27T12:26:20Z",
"last_observed": "2016-04-27T12:26:20Z",
"number_observed": 1,
"object_refs": [
"url--5720afec-af24-4388-86e5-467b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afec-af24-4388-86e5-467b02de0b81",
"value": "https://www.virustotal.com/file/783dcafa624846d9b6f3559415573faa6be1581b840191fbfe88e8066431cb1a/analysis/1461758283/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afed-1c6c-45fb-92e2-4da302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:21.000Z",
"modified": "2016-04-27T12:26:21.000Z",
"first_observed": "2016-04-27T12:26:21Z",
"last_observed": "2016-04-27T12:26:21Z",
"number_observed": 1,
"object_refs": [
"url--5720afed-1c6c-45fb-92e2-4da302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afed-1c6c-45fb-92e2-4da302de0b81",
"value": "https://www.virustotal.com/file/4e1190ef9dc26244ca9c8493ba84a63e76725c34f8faac7fa77541ab94a55b5a/analysis/1461755621/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afed-061c-4ce2-a416-4c5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:21.000Z",
"modified": "2016-04-27T12:26:21.000Z",
"first_observed": "2016-04-27T12:26:21Z",
"last_observed": "2016-04-27T12:26:21Z",
"number_observed": 1,
"object_refs": [
"url--5720afed-061c-4ce2-a416-4c5002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afed-061c-4ce2-a416-4c5002de0b81",
"value": "https://www.virustotal.com/file/48362eace40ce7b742539dc17e5f44b052b7b62484e8b3a8a0d8c27103cdd70e/analysis/1461758554/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afed-83bc-412a-8908-434f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:21.000Z",
"modified": "2016-04-27T12:26:21.000Z",
"first_observed": "2016-04-27T12:26:21Z",
"last_observed": "2016-04-27T12:26:21Z",
"number_observed": 1,
"object_refs": [
"url--5720afed-83bc-412a-8908-434f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afed-83bc-412a-8908-434f02de0b81",
"value": "https://www.virustotal.com/file/f23765873ef6603f79a279ca213f82adf37fb4b1d9eb5b4805d6766be9c94a87/analysis/1461755280/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afee-86b4-4fa4-b199-406702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:22.000Z",
"modified": "2016-04-27T12:26:22.000Z",
"first_observed": "2016-04-27T12:26:22Z",
"last_observed": "2016-04-27T12:26:22Z",
"number_observed": 1,
"object_refs": [
"url--5720afee-86b4-4fa4-b199-406702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afee-86b4-4fa4-b199-406702de0b81",
"value": "https://www.virustotal.com/file/3f7abdca6ae9bf5273763348d4e444f685abc7fdc92f20206e3c5f0afe298f79/analysis/1461755743/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afee-4698-488c-b229-4ab402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:22.000Z",
"modified": "2016-04-27T12:26:22.000Z",
"first_observed": "2016-04-27T12:26:22Z",
"last_observed": "2016-04-27T12:26:22Z",
"number_observed": 1,
"object_refs": [
"url--5720afee-4698-488c-b229-4ab402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afee-4698-488c-b229-4ab402de0b81",
"value": "https://www.virustotal.com/file/ce1a3ef6cf3f740596d75cebaf7293b1b19d673844758349120354d475a4541a/analysis/1461758821/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afef-4ccc-42e5-b078-4f4502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:23.000Z",
"modified": "2016-04-27T12:26:23.000Z",
"first_observed": "2016-04-27T12:26:23Z",
"last_observed": "2016-04-27T12:26:23Z",
"number_observed": 1,
"object_refs": [
"url--5720afef-4ccc-42e5-b078-4f4502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afef-4ccc-42e5-b078-4f4502de0b81",
"value": "https://www.virustotal.com/file/580f43d5dec09849287d5c610ecc117579ae84b5dc3f59bff14ea22c56fe40ae/analysis/1461757528/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afef-0654-4826-9b13-429202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:23.000Z",
"modified": "2016-04-27T12:26:23.000Z",
"first_observed": "2016-04-27T12:26:23Z",
"last_observed": "2016-04-27T12:26:23Z",
"number_observed": 1,
"object_refs": [
"url--5720afef-0654-4826-9b13-429202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afef-0654-4826-9b13-429202de0b81",
"value": "https://www.virustotal.com/file/4f02717150f420d921ab2e64b63537dfbe6d1c415de83a673fcbc59eb7624579/analysis/1461756053/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afef-6d58-4f80-a690-40df02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:23.000Z",
"modified": "2016-04-27T12:26:23.000Z",
"first_observed": "2016-04-27T12:26:23Z",
"last_observed": "2016-04-27T12:26:23Z",
"number_observed": 1,
"object_refs": [
"url--5720afef-6d58-4f80-a690-40df02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afef-6d58-4f80-a690-40df02de0b81",
"value": "https://www.virustotal.com/file/569d2caf2e59ee852dfc08280ae42acce33a81d9494c8abc95915613fb267489/analysis/1461752618/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff0-386c-46a0-9bad-49c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:24.000Z",
"modified": "2016-04-27T12:26:24.000Z",
"first_observed": "2016-04-27T12:26:24Z",
"last_observed": "2016-04-27T12:26:24Z",
"number_observed": 1,
"object_refs": [
"url--5720aff0-386c-46a0-9bad-49c802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff0-386c-46a0-9bad-49c802de0b81",
"value": "https://www.virustotal.com/file/f2f2009ebf69ae999c5e689b06c6c30732d51054a094a938cd2481aba163e5d3/analysis/1461755330/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff0-7ca4-4d7d-bd6f-4f5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:24.000Z",
"modified": "2016-04-27T12:26:24.000Z",
"first_observed": "2016-04-27T12:26:24Z",
"last_observed": "2016-04-27T12:26:24Z",
"number_observed": 1,
"object_refs": [
"url--5720aff0-7ca4-4d7d-bd6f-4f5002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff0-7ca4-4d7d-bd6f-4f5002de0b81",
"value": "https://www.virustotal.com/file/27668875468c144186132894e3d8e06512386f70ff91390db96d26a0c074dbb6/analysis/1461755974/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff1-0b10-4d26-ba8c-4fa102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:25.000Z",
"modified": "2016-04-27T12:26:25.000Z",
"first_observed": "2016-04-27T12:26:25Z",
"last_observed": "2016-04-27T12:26:25Z",
"number_observed": 1,
"object_refs": [
"url--5720aff1-0b10-4d26-ba8c-4fa102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff1-0b10-4d26-ba8c-4fa102de0b81",
"value": "https://www.virustotal.com/file/08a1f917824237ecfd135b1a745b662c0a660c3fe8ae9afe393e18b378c8fe5d/analysis/1461755953/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff1-d38c-4a90-adbe-41b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:25.000Z",
"modified": "2016-04-27T12:26:25.000Z",
"first_observed": "2016-04-27T12:26:25Z",
"last_observed": "2016-04-27T12:26:25Z",
"number_observed": 1,
"object_refs": [
"url--5720aff1-d38c-4a90-adbe-41b902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff1-d38c-4a90-adbe-41b902de0b81",
"value": "https://www.virustotal.com/file/70871c1d159b3593f10fc9480a0411c9c151e0bec8dfc615c80c58d9d5ebbea9/analysis/1461754433/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff1-d1b0-4117-a6a7-42b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:25.000Z",
"modified": "2016-04-27T12:26:25.000Z",
"first_observed": "2016-04-27T12:26:25Z",
"last_observed": "2016-04-27T12:26:25Z",
"number_observed": 1,
"object_refs": [
"url--5720aff1-d1b0-4117-a6a7-42b802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff1-d1b0-4117-a6a7-42b802de0b81",
"value": "https://www.virustotal.com/file/2e5f70f9e1159eb9b039095430ed9678dffae63d98de7845b11ac7830c15f431/analysis/1461754759/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff2-535c-47cc-8f16-4f8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:26.000Z",
"modified": "2016-04-27T12:26:26.000Z",
"first_observed": "2016-04-27T12:26:26Z",
"last_observed": "2016-04-27T12:26:26Z",
"number_observed": 1,
"object_refs": [
"url--5720aff2-535c-47cc-8f16-4f8c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff2-535c-47cc-8f16-4f8c02de0b81",
"value": "https://www.virustotal.com/file/21c439d1d7a7653179777c34ddf2afb58928ab313037fcfbcccd4b2c92c7dc4b/analysis/1461757903/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff2-18f0-4a21-bd60-4d2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:26.000Z",
"modified": "2016-04-27T12:26:26.000Z",
"first_observed": "2016-04-27T12:26:26Z",
"last_observed": "2016-04-27T12:26:26Z",
"number_observed": 1,
"object_refs": [
"url--5720aff2-18f0-4a21-bd60-4d2e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff2-18f0-4a21-bd60-4d2e02de0b81",
"value": "https://www.virustotal.com/file/6095338bb7c34062ef4c974f506bfa0c539cc1a378d1d4621259f23fa17c50f3/analysis/1461756629/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff3-ecdc-470b-9d26-4e1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:27.000Z",
"modified": "2016-04-27T12:26:27.000Z",
"first_observed": "2016-04-27T12:26:27Z",
"last_observed": "2016-04-27T12:26:27Z",
"number_observed": 1,
"object_refs": [
"url--5720aff3-ecdc-470b-9d26-4e1d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff3-ecdc-470b-9d26-4e1d02de0b81",
"value": "https://www.virustotal.com/file/5e5317f0b1ea74066ad64c5487fced7287839460dcf7006ba92c53d231032f15/analysis/1461758728/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff3-1498-4449-8a48-460e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:27.000Z",
"modified": "2016-04-27T12:26:27.000Z",
"first_observed": "2016-04-27T12:26:27Z",
"last_observed": "2016-04-27T12:26:27Z",
"number_observed": 1,
"object_refs": [
"url--5720aff3-1498-4449-8a48-460e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff3-1498-4449-8a48-460e02de0b81",
"value": "https://www.virustotal.com/file/0d8d9b83e595cfcbc84f392f4c7270e6acf2fc1c14b23e1ac69b23d072b62938/analysis/1461756136/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff3-811c-4e2f-baf8-4c3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:27.000Z",
"modified": "2016-04-27T12:26:27.000Z",
"first_observed": "2016-04-27T12:26:27Z",
"last_observed": "2016-04-27T12:26:27Z",
"number_observed": 1,
"object_refs": [
"url--5720aff3-811c-4e2f-baf8-4c3602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff3-811c-4e2f-baf8-4c3602de0b81",
"value": "https://www.virustotal.com/file/45d134e1c72d672923da4817c304657488c437df9e0eef340284527ddda02716/analysis/1461757561/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff4-5634-4270-a6b4-479f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:28.000Z",
"modified": "2016-04-27T12:26:28.000Z",
"first_observed": "2016-04-27T12:26:28Z",
"last_observed": "2016-04-27T12:26:28Z",
"number_observed": 1,
"object_refs": [
"url--5720aff4-5634-4270-a6b4-479f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff4-5634-4270-a6b4-479f02de0b81",
"value": "https://www.virustotal.com/file/7439a285e18bbc19296ab9d06a2f1fd5859e8b828a3301a15f8fe43761d65a7c/analysis/1461756328/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff4-20c0-4215-98a3-455b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:28.000Z",
"modified": "2016-04-27T12:26:28.000Z",
"first_observed": "2016-04-27T12:26:28Z",
"last_observed": "2016-04-27T12:26:28Z",
"number_observed": 1,
"object_refs": [
"url--5720aff4-20c0-4215-98a3-455b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff4-20c0-4215-98a3-455b02de0b81",
"value": "https://www.virustotal.com/file/b193a520392e1bf9a6128a147ddc236f5967f38c5629c06a23e3f400d63e332a/analysis/1461758959/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff5-7ae8-4416-8498-439b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:29.000Z",
"modified": "2016-04-27T12:26:29.000Z",
"first_observed": "2016-04-27T12:26:29Z",
"last_observed": "2016-04-27T12:26:29Z",
"number_observed": 1,
"object_refs": [
"url--5720aff5-7ae8-4416-8498-439b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff5-7ae8-4416-8498-439b02de0b81",
"value": "https://www.virustotal.com/file/530d6ba59edb414848ac20f118ebad11ad20e2d8d47b03dbdaf71ad1502dda48/analysis/1461751694/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff5-4938-4165-b5d5-47f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:29.000Z",
"modified": "2016-04-27T12:26:29.000Z",
"first_observed": "2016-04-27T12:26:29Z",
"last_observed": "2016-04-27T12:26:29Z",
"number_observed": 1,
"object_refs": [
"url--5720aff5-4938-4165-b5d5-47f902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff5-4938-4165-b5d5-47f902de0b81",
"value": "https://www.virustotal.com/file/b2f5dedfbbc815ca95a28ee864a8af12e6b0f0e0e08a02792304b13b02062c31/analysis/1461752500/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff6-6adc-45f3-97bb-4dd202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:30.000Z",
"modified": "2016-04-27T12:26:30.000Z",
"first_observed": "2016-04-27T12:26:30Z",
"last_observed": "2016-04-27T12:26:30Z",
"number_observed": 1,
"object_refs": [
"url--5720aff6-6adc-45f3-97bb-4dd202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff6-6adc-45f3-97bb-4dd202de0b81",
"value": "https://www.virustotal.com/file/a27d893c1eba08326ad9eaa058f0357bc23aaef236809e800068ab382ea425fe/analysis/1461755613/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff6-22e8-404f-8a99-408d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:30.000Z",
"modified": "2016-04-27T12:26:30.000Z",
"first_observed": "2016-04-27T12:26:30Z",
"last_observed": "2016-04-27T12:26:30Z",
"number_observed": 1,
"object_refs": [
"url--5720aff6-22e8-404f-8a99-408d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff6-22e8-404f-8a99-408d02de0b81",
"value": "https://www.virustotal.com/file/8bd38e3d516708d14e90ced150bad20d370afba9074a91adcaaea584ae20d9cf/analysis/1461755024/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff6-816c-4333-a6bb-473f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:30.000Z",
"modified": "2016-04-27T12:26:30.000Z",
"first_observed": "2016-04-27T12:26:30Z",
"last_observed": "2016-04-27T12:26:30Z",
"number_observed": 1,
"object_refs": [
"url--5720aff6-816c-4333-a6bb-473f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff6-816c-4333-a6bb-473f02de0b81",
"value": "https://www.virustotal.com/file/9e35077257072091e5130b5a7136804fdb4da5760f2aebf6baffc58be33217af/analysis/1461756317/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff7-87e0-4f28-aa47-4ec902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:31.000Z",
"modified": "2016-04-27T12:26:31.000Z",
"first_observed": "2016-04-27T12:26:31Z",
"last_observed": "2016-04-27T12:26:31Z",
"number_observed": 1,
"object_refs": [
"url--5720aff7-87e0-4f28-aa47-4ec902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff7-87e0-4f28-aa47-4ec902de0b81",
"value": "https://www.virustotal.com/file/206affe254b7c6fc5c4ed51538b9a99332153ef829cbc0d6632ff9fa0b1ca9a8/analysis/1461756494/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff7-e398-43a1-93ec-445002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:31.000Z",
"modified": "2016-04-27T12:26:31.000Z",
"first_observed": "2016-04-27T12:26:31Z",
"last_observed": "2016-04-27T12:26:31Z",
"number_observed": 1,
"object_refs": [
"url--5720aff7-e398-43a1-93ec-445002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff7-e398-43a1-93ec-445002de0b81",
"value": "https://www.virustotal.com/file/facb1eaf2abc3d58e6500b6c9f33f50c2d74a281430b6c65e54ef41a0f70663c/analysis/1461756069/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff8-4574-4e86-9550-4ca402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:32.000Z",
"modified": "2016-04-27T12:26:32.000Z",
"first_observed": "2016-04-27T12:26:32Z",
"last_observed": "2016-04-27T12:26:32Z",
"number_observed": 1,
"object_refs": [
"url--5720aff8-4574-4e86-9550-4ca402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff8-4574-4e86-9550-4ca402de0b81",
"value": "https://www.virustotal.com/file/bb8d01e37599e55d32649b0e2da7c5cf8460c3ec270b58cf8d9db9cf9242c574/analysis/1461756411/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff8-a480-4a8d-a106-43c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:32.000Z",
"modified": "2016-04-27T12:26:32.000Z",
"first_observed": "2016-04-27T12:26:32Z",
"last_observed": "2016-04-27T12:26:32Z",
"number_observed": 1,
"object_refs": [
"url--5720aff8-a480-4a8d-a106-43c702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff8-a480-4a8d-a106-43c702de0b81",
"value": "https://www.virustotal.com/file/d480f6b57ee39e90d080b0c29527d2521b9441c68d2803fee6d8e280353cf209/analysis/1461752685/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff9-92fc-4198-9f33-4e1902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:33.000Z",
"modified": "2016-04-27T12:26:33.000Z",
"first_observed": "2016-04-27T12:26:33Z",
"last_observed": "2016-04-27T12:26:33Z",
"number_observed": 1,
"object_refs": [
"url--5720aff9-92fc-4198-9f33-4e1902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff9-92fc-4198-9f33-4e1902de0b81",
"value": "https://www.virustotal.com/file/4ec296488e0ab7a537898025d322252024ac8954e833eb3cec3a3e1308a782c9/analysis/1461754059/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff9-f154-41c7-905c-4f3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:33.000Z",
"modified": "2016-04-27T12:26:33.000Z",
"first_observed": "2016-04-27T12:26:33Z",
"last_observed": "2016-04-27T12:26:33Z",
"number_observed": 1,
"object_refs": [
"url--5720aff9-f154-41c7-905c-4f3102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff9-f154-41c7-905c-4f3102de0b81",
"value": "https://www.virustotal.com/file/d519f1fb862bbbbf2724420c7bf1a5bde6ef0abf304383c14fb50253c8c40ef1/analysis/1461755278/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720aff9-3048-4353-b088-459e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:33.000Z",
"modified": "2016-04-27T12:26:33.000Z",
"first_observed": "2016-04-27T12:26:33Z",
"last_observed": "2016-04-27T12:26:33Z",
"number_observed": 1,
"object_refs": [
"url--5720aff9-3048-4353-b088-459e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720aff9-3048-4353-b088-459e02de0b81",
"value": "https://www.virustotal.com/file/2ac8704d3095189d125d88ce09a29cb462867209044625b5727827161550665b/analysis/1461756105/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affa-34a4-47ea-8d6c-4feb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:34.000Z",
"modified": "2016-04-27T12:26:34.000Z",
"first_observed": "2016-04-27T12:26:34Z",
"last_observed": "2016-04-27T12:26:34Z",
"number_observed": 1,
"object_refs": [
"url--5720affa-34a4-47ea-8d6c-4feb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affa-34a4-47ea-8d6c-4feb02de0b81",
"value": "https://www.virustotal.com/file/06d6a45df0d02d0be8a049c488f5fee5ce84f4f3679aa1de94a7a0ce1e324ce8/analysis/1461756064/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affa-6768-40e0-83a2-462c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:34.000Z",
"modified": "2016-04-27T12:26:34.000Z",
"first_observed": "2016-04-27T12:26:34Z",
"last_observed": "2016-04-27T12:26:34Z",
"number_observed": 1,
"object_refs": [
"url--5720affa-6768-40e0-83a2-462c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affa-6768-40e0-83a2-462c02de0b81",
"value": "https://www.virustotal.com/file/ee652e31be7b8cef241c33677004cc1df7094a2b9602923af155e31165690747/analysis/1461756136/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affb-5ef0-447b-a48f-4e3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:35.000Z",
"modified": "2016-04-27T12:26:35.000Z",
"first_observed": "2016-04-27T12:26:35Z",
"last_observed": "2016-04-27T12:26:35Z",
"number_observed": 1,
"object_refs": [
"url--5720affb-5ef0-447b-a48f-4e3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affb-5ef0-447b-a48f-4e3702de0b81",
"value": "https://www.virustotal.com/file/1b3b52f8e271365947f287be172ef69f73af452fdc8c4bb687b2aab27469f6f9/analysis/1461758088/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affb-64a4-461a-9472-460f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:35.000Z",
"modified": "2016-04-27T12:26:35.000Z",
"first_observed": "2016-04-27T12:26:35Z",
"last_observed": "2016-04-27T12:26:35Z",
"number_observed": 1,
"object_refs": [
"url--5720affb-64a4-461a-9472-460f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affb-64a4-461a-9472-460f02de0b81",
"value": "https://www.virustotal.com/file/18aa8c3d0b201b6eb381d0135b3508a6b43111bddb53051bac5163b3a69eb916/analysis/1461757771/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affc-1fd0-4dec-8a3a-419202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:36.000Z",
"modified": "2016-04-27T12:26:36.000Z",
"first_observed": "2016-04-27T12:26:36Z",
"last_observed": "2016-04-27T12:26:36Z",
"number_observed": 1,
"object_refs": [
"url--5720affc-1fd0-4dec-8a3a-419202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affc-1fd0-4dec-8a3a-419202de0b81",
"value": "https://www.virustotal.com/file/977dc0137343fd1d1e02a32e5114eb64bddc43571d2eeef00b4640f157f5e157/analysis/1461754572/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affc-bb10-4409-b8c5-4d2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:36.000Z",
"modified": "2016-04-27T12:26:36.000Z",
"first_observed": "2016-04-27T12:26:36Z",
"last_observed": "2016-04-27T12:26:36Z",
"number_observed": 1,
"object_refs": [
"url--5720affc-bb10-4409-b8c5-4d2a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affc-bb10-4409-b8c5-4d2a02de0b81",
"value": "https://www.virustotal.com/file/ab696a6a053c2376eac6926bc616d34d50f17efdf32e9e8e6ba416a857076eb9/analysis/1461751754/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affc-5fd4-4075-9aba-46c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:36.000Z",
"modified": "2016-04-27T12:26:36.000Z",
"first_observed": "2016-04-27T12:26:36Z",
"last_observed": "2016-04-27T12:26:36Z",
"number_observed": 1,
"object_refs": [
"url--5720affc-5fd4-4075-9aba-46c202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affc-5fd4-4075-9aba-46c202de0b81",
"value": "https://www.virustotal.com/file/c9fb8439b4baa86f73eb5d0a6fa0b9e293bba1a0575df98bcc46e5cc2853794d/analysis/1461759126/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affd-75bc-499f-8a64-4afc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:37.000Z",
"modified": "2016-04-27T12:26:37.000Z",
"first_observed": "2016-04-27T12:26:37Z",
"last_observed": "2016-04-27T12:26:37Z",
"number_observed": 1,
"object_refs": [
"url--5720affd-75bc-499f-8a64-4afc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affd-75bc-499f-8a64-4afc02de0b81",
"value": "https://www.virustotal.com/file/faea28d78f99a0722a23682c80b1ac0de5d99fa9b8e09f9e9c99034ffb9c3a29/analysis/1461757722/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affd-504c-487f-9cc3-4da102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:37.000Z",
"modified": "2016-04-27T12:26:37.000Z",
"first_observed": "2016-04-27T12:26:37Z",
"last_observed": "2016-04-27T12:26:37Z",
"number_observed": 1,
"object_refs": [
"url--5720affd-504c-487f-9cc3-4da102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affd-504c-487f-9cc3-4da102de0b81",
"value": "https://www.virustotal.com/file/cf192f6306fe4028b1a58abb048637ba064130865757ff07ed452a67219c0909/analysis/1461751634/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affe-0c98-4caf-a7dd-492b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:38.000Z",
"modified": "2016-04-27T12:26:38.000Z",
"first_observed": "2016-04-27T12:26:38Z",
"last_observed": "2016-04-27T12:26:38Z",
"number_observed": 1,
"object_refs": [
"url--5720affe-0c98-4caf-a7dd-492b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affe-0c98-4caf-a7dd-492b02de0b81",
"value": "https://www.virustotal.com/file/9d6f5e6f87ff02d21dc5ef664edbf38f07c62540d4649e4de9732d4ecf8ce476/analysis/1461752592/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720affe-b3b4-4f2b-a988-432d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:38.000Z",
"modified": "2016-04-27T12:26:38.000Z",
"first_observed": "2016-04-27T12:26:38Z",
"last_observed": "2016-04-27T12:26:38Z",
"number_observed": 1,
"object_refs": [
"url--5720affe-b3b4-4f2b-a988-432d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720affe-b3b4-4f2b-a988-432d02de0b81",
"value": "https://www.virustotal.com/file/34f3727cd8cdf1b63f55b6a42adb689fc046a2b484eaa851f859bc7a4d2044e2/analysis/1461754627/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afff-f690-43b2-8adf-46f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:39.000Z",
"modified": "2016-04-27T12:26:39.000Z",
"first_observed": "2016-04-27T12:26:39Z",
"last_observed": "2016-04-27T12:26:39Z",
"number_observed": 1,
"object_refs": [
"url--5720afff-f690-43b2-8adf-46f102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afff-f690-43b2-8adf-46f102de0b81",
"value": "https://www.virustotal.com/file/d34d1537212a49c9622efa3db46c13801065c478c2f7a4c954965e36223c3ca2/analysis/1461756328/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afff-2798-4740-b9d7-4a8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:39.000Z",
"modified": "2016-04-27T12:26:39.000Z",
"first_observed": "2016-04-27T12:26:39Z",
"last_observed": "2016-04-27T12:26:39Z",
"number_observed": 1,
"object_refs": [
"url--5720afff-2798-4740-b9d7-4a8002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afff-2798-4740-b9d7-4a8002de0b81",
"value": "https://www.virustotal.com/file/415b0df36fb5f1e73a2b0fee41c0148caba99aa66b0024ece37364d805a785b1/analysis/1461759249/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720afff-8210-4354-9160-4c4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:39.000Z",
"modified": "2016-04-27T12:26:39.000Z",
"first_observed": "2016-04-27T12:26:39Z",
"last_observed": "2016-04-27T12:26:39Z",
"number_observed": 1,
"object_refs": [
"url--5720afff-8210-4354-9160-4c4002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720afff-8210-4354-9160-4c4002de0b81",
"value": "https://www.virustotal.com/file/8ae8c365d78d74328177011eed73fdfd144f224cd8e61fe579a71cc0908b0b8e/analysis/1461754654/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b000-22b4-4dfb-a8f2-4d7d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:40.000Z",
"modified": "2016-04-27T12:26:40.000Z",
"first_observed": "2016-04-27T12:26:40Z",
"last_observed": "2016-04-27T12:26:40Z",
"number_observed": 1,
"object_refs": [
"url--5720b000-22b4-4dfb-a8f2-4d7d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b000-22b4-4dfb-a8f2-4d7d02de0b81",
"value": "https://www.virustotal.com/file/9eeb96fe9bdbe509fad39c81ac6a6793a704bf65788e8081a729ff137fcea5fe/analysis/1461758736/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b000-ce20-4a79-ad61-450e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:40.000Z",
"modified": "2016-04-27T12:26:40.000Z",
"first_observed": "2016-04-27T12:26:40Z",
"last_observed": "2016-04-27T12:26:40Z",
"number_observed": 1,
"object_refs": [
"url--5720b000-ce20-4a79-ad61-450e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b000-ce20-4a79-ad61-450e02de0b81",
"value": "https://www.virustotal.com/file/479732e964aa412960284684346a85099e2459f6afd79a653c736d60d6b8e0af/analysis/1461756358/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b000-40d8-4d5e-96fe-456802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:40.000Z",
"modified": "2016-04-27T12:26:40.000Z",
"first_observed": "2016-04-27T12:26:40Z",
"last_observed": "2016-04-27T12:26:40Z",
"number_observed": 1,
"object_refs": [
"url--5720b000-40d8-4d5e-96fe-456802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b000-40d8-4d5e-96fe-456802de0b81",
"value": "https://www.virustotal.com/file/3c12c6e575bbef22ea237d3a4f9b8519e060d075d01c1003a2d21f149c179f63/analysis/1461754941/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b001-f6bc-415b-b415-49fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:41.000Z",
"modified": "2016-04-27T12:26:41.000Z",
"first_observed": "2016-04-27T12:26:41Z",
"last_observed": "2016-04-27T12:26:41Z",
"number_observed": 1,
"object_refs": [
"url--5720b001-f6bc-415b-b415-49fd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b001-f6bc-415b-b415-49fd02de0b81",
"value": "https://www.virustotal.com/file/8bf626b1048dc42ddb6270c3268e071ba3825da9aaf82b22698cc3358e2a9e79/analysis/1461755057/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b001-2bcc-49da-be57-486002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:41.000Z",
"modified": "2016-04-27T12:26:41.000Z",
"first_observed": "2016-04-27T12:26:41Z",
"last_observed": "2016-04-27T12:26:41Z",
"number_observed": 1,
"object_refs": [
"url--5720b001-2bcc-49da-be57-486002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b001-2bcc-49da-be57-486002de0b81",
"value": "https://www.virustotal.com/file/8b230b887b30d0905f5eb7ed13d6b8d999e342f8432958d24882adfe247ce855/analysis/1461755853/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b001-eb08-4daf-bc69-479a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:41.000Z",
"modified": "2016-04-27T12:26:41.000Z",
"first_observed": "2016-04-27T12:26:41Z",
"last_observed": "2016-04-27T12:26:41Z",
"number_observed": 1,
"object_refs": [
"url--5720b001-eb08-4daf-bc69-479a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b001-eb08-4daf-bc69-479a02de0b81",
"value": "https://www.virustotal.com/file/a977c65b2605efbea8a8e7670242253ad6f9b8a593b2173cea952b51e102c160/analysis/1461752544/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b002-30d0-4452-9d84-4dd902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:42.000Z",
"modified": "2016-04-27T12:26:42.000Z",
"first_observed": "2016-04-27T12:26:42Z",
"last_observed": "2016-04-27T12:26:42Z",
"number_observed": 1,
"object_refs": [
"url--5720b002-30d0-4452-9d84-4dd902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b002-30d0-4452-9d84-4dd902de0b81",
"value": "https://www.virustotal.com/file/9e8339264c1910d4d2e2ad3f4bc3d836312bae8905940fbb4c05ef2d914d1ed5/analysis/1461752376/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b002-b27c-4dc7-a7c1-40d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:42.000Z",
"modified": "2016-04-27T12:26:42.000Z",
"first_observed": "2016-04-27T12:26:42Z",
"last_observed": "2016-04-27T12:26:42Z",
"number_observed": 1,
"object_refs": [
"url--5720b002-b27c-4dc7-a7c1-40d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b002-b27c-4dc7-a7c1-40d302de0b81",
"value": "https://www.virustotal.com/file/7e20b56d46574ea911605e5d0e1f8795edf49132053d3f54acae7911756f2992/analysis/1461756115/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b002-a810-4a8b-a573-4c5102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:42.000Z",
"modified": "2016-04-27T12:26:42.000Z",
"first_observed": "2016-04-27T12:26:42Z",
"last_observed": "2016-04-27T12:26:42Z",
"number_observed": 1,
"object_refs": [
"url--5720b002-a810-4a8b-a573-4c5102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b002-a810-4a8b-a573-4c5102de0b81",
"value": "https://www.virustotal.com/file/093c9eee9da997bcdd9b1505b06ea7e8af09c7155a4c2472068593f619018186/analysis/1461754432/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b003-8dac-4425-82ad-410302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:43.000Z",
"modified": "2016-04-27T12:26:43.000Z",
"first_observed": "2016-04-27T12:26:43Z",
"last_observed": "2016-04-27T12:26:43Z",
"number_observed": 1,
"object_refs": [
"url--5720b003-8dac-4425-82ad-410302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b003-8dac-4425-82ad-410302de0b81",
"value": "https://www.virustotal.com/file/0f3c35721fc00cadcc1e3d0aab1899f3cbb44afad258e3c3aa5c4503e9fa7263/analysis/1461755490/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b003-f4d4-4f5d-82c6-4d2102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:43.000Z",
"modified": "2016-04-27T12:26:43.000Z",
"first_observed": "2016-04-27T12:26:43Z",
"last_observed": "2016-04-27T12:26:43Z",
"number_observed": 1,
"object_refs": [
"url--5720b003-f4d4-4f5d-82c6-4d2102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b003-f4d4-4f5d-82c6-4d2102de0b81",
"value": "https://www.virustotal.com/file/e9a2ea62829ee1014773f26126206e6262dfeac663b4aa7670c992f54cc65854/analysis/1461754526/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b003-ae6c-4d88-b6ea-4b0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:26:43.000Z",
"modified": "2016-04-27T12:26:43.000Z",
"first_observed": "2016-04-27T12:26:43Z",
"last_observed": "2016-04-27T12:26:43Z",
"number_observed": 1,
"object_refs": [
"url--5720b003-ae6c-4d88-b6ea-4b0202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b003-ae6c-4d88-b6ea-4b0202de0b81",
"value": "https://www.virustotal.com/file/531bfe706c156c9cd175a9a9debda5457d025d9864fb9d01cbd98fb0e8d80000/analysis/1461755873/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b076-8c24-4f3e-914c-4aab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:38.000Z",
"modified": "2016-04-27T12:28:38.000Z",
"description": "download location",
"pattern": "[url:value = 'http://aaacollectionsjewelry.com/ur8fgs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b076-a6c8-41dd-85d0-44a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:38.000Z",
"modified": "2016-04-27T12:28:38.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'aaacollectionsjewelry.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b077-bb04-4bf8-ba64-4872950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:39.000Z",
"modified": "2016-04-27T12:28:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.6.80.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b077-c04c-4b2e-a1b5-4baf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:39.000Z",
"modified": "2016-04-27T12:28:39.000Z",
"description": "download location",
"pattern": "[url:value = 'http://adamauto.nl/gdh46ss']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b078-ca78-4697-8e6d-4f68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:40.000Z",
"modified": "2016-04-27T12:28:40.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'adamauto.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b078-3c80-4035-9ddc-46df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:40.000Z",
"modified": "2016-04-27T12:28:40.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.252.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b079-daa4-4419-9644-4f97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:41.000Z",
"modified": "2016-04-27T12:28:41.000Z",
"description": "download location",
"pattern": "[url:value = 'http://ca-cargo.sk/asl9ks']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b079-c878-45e4-91e9-48d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:41.000Z",
"modified": "2016-04-27T12:28:41.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'ca-cargo.sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07a-c3f8-4d19-b228-4b9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:42.000Z",
"modified": "2016-04-27T12:28:42.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.197.242.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07a-0a00-4488-ae93-4fbe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:42.000Z",
"modified": "2016-04-27T12:28:42.000Z",
"description": "download location",
"pattern": "[url:value = 'http://games-k.ru/n8eis']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07b-7a40-4753-a059-4d81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:43.000Z",
"modified": "2016-04-27T12:28:43.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'games-k.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07c-e980-45fe-b416-41dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:44.000Z",
"modified": "2016-04-27T12:28:44.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.53.96.36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07c-dcb8-49d7-a8e6-4007950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:44.000Z",
"modified": "2016-04-27T12:28:44.000Z",
"description": "download location",
"pattern": "[url:value = 'http://jurang.tk/n2ysk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07d-c4a4-4654-acc0-44b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:45.000Z",
"modified": "2016-04-27T12:28:45.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'jurang.tk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07d-5538-478d-a2d5-478a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:45.000Z",
"modified": "2016-04-27T12:28:45.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.204.249.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07d-3108-4899-ba19-4786950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:45.000Z",
"modified": "2016-04-27T12:28:45.000Z",
"description": "download location",
"pattern": "[url:value = 'http://l-dsk.com/k3isfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07e-c87c-4146-87ab-488e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:46.000Z",
"modified": "2016-04-27T12:28:46.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'l-dsk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07e-73e8-42df-a35e-449c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:46.000Z",
"modified": "2016-04-27T12:28:46.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.153.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07f-2a54-4881-b027-4b3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:47.000Z",
"modified": "2016-04-27T12:28:47.000Z",
"description": "download location",
"pattern": "[url:value = 'http://lbbc.pt/n8wisd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b07f-548c-4320-bf25-49f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:47.000Z",
"modified": "2016-04-27T12:28:47.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'lbbc.pt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b080-02ec-409a-bb77-4012950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:48.000Z",
"modified": "2016-04-27T12:28:48.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '130.185.84.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b080-0d14-4696-879d-46c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:48.000Z",
"modified": "2016-04-27T12:28:48.000Z",
"description": "download location",
"pattern": "[url:value = 'http://mavrinscorporation.ru/hd7fs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b080-5118-4bc2-b68b-4d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:48.000Z",
"modified": "2016-04-27T12:28:48.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'mavrinscorporation.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b081-79bc-493e-ab4c-4b97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:49.000Z",
"modified": "2016-04-27T12:28:49.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b081-cc8c-4632-b235-497b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:49.000Z",
"modified": "2016-04-27T12:28:49.000Z",
"description": "download location",
"pattern": "[url:value = 'http://myehelpers.com/j3ykf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b082-0c3c-4c3e-9e93-4563950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:50.000Z",
"modified": "2016-04-27T12:28:50.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'myehelpers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b082-9f90-432c-a55d-4224950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:50.000Z",
"modified": "2016-04-27T12:28:50.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.8.25.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b083-adc4-47d2-a3bb-451c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:51.000Z",
"modified": "2016-04-27T12:28:51.000Z",
"description": "download location",
"pattern": "[url:value = 'http://onlinecrockpotrecipes.com/k2tspa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b083-ade8-43e5-bacb-4f55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:51.000Z",
"modified": "2016-04-27T12:28:51.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'onlinecrockpotrecipes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b083-11b0-462a-ab16-4d80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:51.000Z",
"modified": "2016-04-27T12:28:51.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.232.212.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b084-2c64-439c-8f04-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:52.000Z",
"modified": "2016-04-27T12:28:52.000Z",
"description": "download location",
"pattern": "[url:value = 'http://pediatriayvacunas.com/q0wps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b084-41d4-422c-904c-4bd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:52.000Z",
"modified": "2016-04-27T12:28:52.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'pediatriayvacunas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b085-3598-4151-85c0-4a62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:53.000Z",
"modified": "2016-04-27T12:28:53.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.163.122.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b085-0bf0-4d5c-bfd5-4481950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:53.000Z",
"modified": "2016-04-27T12:28:53.000Z",
"description": "download location",
"pattern": "[url:value = 'http://rayzan24.co/m3usjd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b085-e7ec-4523-a944-42d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:53.000Z",
"modified": "2016-04-27T12:28:53.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'rayzan24.co']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b086-b874-417e-a5dc-477f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:54.000Z",
"modified": "2016-04-27T12:28:54.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.162.201.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b086-a924-477c-b0e3-4a11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:54.000Z",
"modified": "2016-04-27T12:28:54.000Z",
"description": "download location",
"pattern": "[url:value = 'http://soccerinsider.net/mys3ks']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b087-0da8-4e3c-9c49-4faa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:55.000Z",
"modified": "2016-04-27T12:28:55.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'soccerinsider.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b087-6fe8-4688-bb84-4f6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:55.000Z",
"modified": "2016-04-27T12:28:55.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.162.17.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b088-0214-4f50-a0f5-43e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:56.000Z",
"modified": "2016-04-27T12:28:56.000Z",
"description": "download location",
"pattern": "[url:value = 'http://totaltransport.com.br/n7dus']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b088-a978-45c1-8275-48cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:56.000Z",
"modified": "2016-04-27T12:28:56.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'totaltransport.com.br']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b089-4cec-4069-9ab6-4223950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:56.000Z",
"modified": "2016-04-27T12:28:56.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.17.111.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b089-f730-4077-8bac-4906950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:57.000Z",
"modified": "2016-04-27T12:28:57.000Z",
"description": "download location",
"pattern": "[url:value = 'http://warcraft-lich-king.ru/i4ospd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b089-bcb4-410e-bfff-427b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:57.000Z",
"modified": "2016-04-27T12:28:57.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'warcraft-lich-king.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b08a-6cd4-49eb-9a90-46eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:28:58.000Z",
"modified": "2016-04-27T12:28:58.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.236.19.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:28:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b258-aebc-4eca-b403-405b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:40.000Z",
"modified": "2016-04-27T12:36:40.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJRkm0i9X7wSAs4BAAC6AgAgABwAMTFmMjhjNzQyNTBjOWEyYjY0NGUxYzM4ZmYwYWZkMTlVVAkAA1iyIFdYsiBXdXgLAAEEIQAAAAQhAAAAK09ufNJQgwQggbuj9+jPvEGFFMPSFUDOquB+3KkT8/NFm95ii1JdwFPSfD5lRLXlx0lXiSPMzSmgYw0nHHCZt14+ZMaR/I9Zkft1yiAnNXbVhFHojFEmSrr4nlgYxv76XXx+NgQxTTsx8oX50TWkxgNetiY6HGATMN6EnFLfjJbHYznh8k7oGOjUXGC+OWkJlBcF7cyj0jN/eUAv6haT0d02vEgpECcWI2vpUM4rHD/v2Dqhi9LSq7kXkU6x4I21fxQ/6s2Mw1sOjX8CYOWMAC7dvs/00j0j0NWHdN/045CUosLHa0LxvKnnwhw6CxQkz9ty3au51X9ZC8uT4tikhQauXhwsDMNSdBSYqGEz8qFNO1HfMSIz3Wum8bup5SaO78mlLrGY5YNbn37QFxINLvOo0sdQ7+Dm0nH3u/pKyWUhrz+UTNW2b8+hZcpqgHtWVjvPLmSvR0yFmuDFmiIXOxahbQ9zJLn/4oR/XBNzAw9VIpd6zvoddu8kQcZX/3dJ7M3P+jGHdfW3MRGcbkhUCGC4JUXGEkIuSBGX0aGZq/xuP6UkpGKLkiLfzHQHb2oZfWmTy8KcXfWG7J1sJgA5hfjRhluKgMOhtfg2vfeOBWXB4YX+bql19x8+myVrgiNSCOhdQwYj2gLDSV3EWp+Pjufs7n6WEO5G/RNWdBDPileLdPHVh3xv9PJSLtLylaz8NZbV6Z4f7xOQn2jkJeDtrz7S02P3z/h8vmnB8ob4IpDiG5bR1+M2PYF1UKbVySxnygxZO9cXHliQZCSVoEuylSrMJQRlixGlhqBnfmt+H87CUkVv8kXxy+RwGwqrPpOQFC52qJEO+GAMl41/p30dmkZQK9yoZj7JsSyFHn1PCNuuYGeOIi3fy+CRmFEDXU872FGfwgy1qusjSgmsM7j1PTK5w35+I3XPoz9OitnRMcgqvh7Am/dS/5ojdDC94Gr9Wf+Pb+WAVDnHtQEIBCJ6fzwwSArb4u+Iu3+lFc42rBB7iVL9yP3+TzMRR5cVfcIvE+XoZBAQ1aUnYjJfhc/L2v/VDlUjDRSGcXLFil3myH4IR0njnOTV4epI8vbbciWQwgHfdsNxkVz2BsiCwrVpKIUkTg7nh/LoLRVd1sn/wPSAnz3Z2EFTJoJsjcERcjo7OC9rcLroxYyWNwy6LQtWnqsejaxaFuxIk9VBSW6sudr5bPuSTnvchSa4A5YjKjvB/b2wr+Rne6muMF0SshUWwkgqpAe5Wa8nj5lJSDBhWH98rviU0acekUebK5wvfiyTesINdlyslpseDDzbG0IRaqMG983ryru7D1NtekKfSzLU/KJ8vZ58kAG+MtVfWScUNbGsSC1dS5IGTSm+o/Xu7eSE78dEmgqrs8FaMNn7hexWd69LIu0nH5cXQQfRryhllBwas+k2wgu79XJlL2KiY4OMTLqZaCshv0v8wZFARPuGp+D8zCs3pbz9/Wo7VSO2+8y6bSGqCXkHlhZ7fBNMf8Z7ZEuFdKKbhoUCMgBKPjovrolKIzyxNMCT+DXLgbARrLGGhrOMqickJLGkKMVWQrZryBcjUYcsau2Pw9lwYZciIljmz0Eewm75BupgxPM3WselpWA6MwHeshXkukzNH7mJSfDL8jDiJj/6rCkfcgnNFe7JeQ4pLDOjgHkEN27JgG7B3Z4+5MrFE6d+6isz1ucV074lvoAum4urpuYOOV9+TbAj0ojLVeYjXfO5ZJPkBv6bz5mbF53tNGh7Y3i2q7QTwylhK1T92tZgMtcWfI6j9vYRNsIH4xFBGTxIOghlAic/QtlSx5hBZlBA6fawxiyWE3auS4Hem5U+DktYlmzpqL3UZFIRe8sMVRmAjWI6cHNB/hegxJ1Hg3Ara9qTCqevU+xazm8uI/VJRYjiQU7r6QF/5WU4KPRjMeyEU1gz4oWZ3L2vUQxgd0Uv6CPJ7duPDgHV3m7HJBFZV/HcNBosHTNRkSeqovVEwNeKtXNBlfz9KsM+ZPqkAHU2RB8FyvIu9oHu++zNRDIGdbh7xSU/5Kb5SwyXpf7JXRikjfT/5PzGwJSgeL28EMBAAe7cZPfFg1AQ7hhn4ex23PSbY7jZOrqxSQM2of4RlHOUJCZGeDIhYH7ukimGOU1lHcXbu8k+FjwkNOL2sjU+cCmrJARkpDNZVyDUlHFaHQVh/IxG608FDpbKSVFzCevpWy10KwZsypnFp6RLuhfCU1e0uNS5KAbZDcnofFqk5dXCYIN4fozBASBmLTgLOUIvv14klY46qDwzKThLpWKH/lLSDYAjY2e7/urE2HosRAKLWYSrNDNNArBZdoFtyRmeaFVpECR3BefFk0hXiLI48HMhQYLpzc8ZFv8LrRcngyv9A3lRlWjsictqLJuhlKzlivfmmNcHZ1lAO8F9i1bVwhLsl8A0Q+RAD+4eN8gDJ7yCoL5rZEOGZYRR52XCyq6jGwVZKypTVgdVjX/hBA4U8xFmMEIg+ElOuOViD+apM9Oq807cl/rpdnt3OexfIBYroETh48bMhhSuytxmmEPJgsaE3sA40uqL0dz8EDKviLxtBUz7GqedtSMcySG7l2+xElhIATpMRnocMhjwV0iUdWA0tOLu8Ki1M0Cw3n/wPrAROL0loUi7ue/4tVENLG1E6rdNfRMiu7qsZLJmuAvug5BynhfSIk4fwy85CqJiYJFBfLX4BtCTMMvqALpyTw9eQe8Jjx9uVTZD4NFfwOZR09/YzFMNseDb9D7ie/EJ95zzoyO2C9ZpJcAEJap9+DBfI9byArIxDFk8rZjAvBCqfyONbruAPrnkS8TlhSy3AjlRCoq+WEDOaBAFutnD6Wm3ZE/fbR6p4U0e2Yel5LS4KelR/qmefvlBEgapzFMtkvjn23TmT7x6cB0QWAEfsAD9ZIfCPHy+D4gJvduf5Wqrn30/AApD5YB/1qlStNmKA+LALb2KdtN2dXKNC8HXt3+owckVMmvUAD/e/yE2cGgMIHijqZ6y1TmCEIIA+vjdj2f8oVmdQcELZaH8PZsLzgmsSMRb8RYDg8FaJzruNXxBL4sWkxz0GptaeVWfK/CngHgKjxMJ3FsUVRjoS1p60pjT+8asHpjWwXxhB0IBTH369EBmyphfSQ32LPVmq0AJ/iOE5xNiBIQQrypX37HFFEGyubI+ayHiXFHlbYW3rmoeuhOhQaHVHU3a9oCH8FXqGEh1mEtA510oxakS/Kdhcc/NXj2KWk570S8m5VcPAYTkVoLyZ3su5SLrebDGEiLl02mP6zVvC6h4+YG872FrOkfKhLr5aBDb8sJdQWewQN2neGvC5Gc6vDBRy5FCtIQteALroea1YotLJNh0wTiQCJYR3rkXQ7w5KsRp98IYfOboodvexs9TrlVMqgps/awQGA4+nTn8x3iHkyDEx/NVrHTx6mQKXgfVmXVxwSukthOINxydaok4veje2/vUl3MUKmBZGsJ+CW+DAVL6Qoa0olEWm26MrI7HisTmB7ZWIuUC9+lt5y2T4Md5SeGOgTN0OhthZpzk9dh/Zt8UzZeUpX+Q9FCy1bbQ8CR2mfygkNGWKyECYQAIOUCCahETBUzbxoFZB2htwdOlHGKXRayJjLmL/zociNMOnoabG/lF6DUBo3yVI6Mb5rZDAbNM1T+j9iAgs3U2+FvlJ39xaHIK/iloSPN0H4ggZY1BmXPNOZsEwDzIRQ7OeUW9a8NlfO6w+d4L0x5xoRJXTToZrp4Lo/k3HWKMqPvWL361fLa2iAbpuVh+xaHXMPs7T1scSXsS7Qlg9YFOcoeiZx3mB02t7qQrgmmpK07xG47DwNOe28OZwQ+7G3sXGHLdJvEWCBbzXN618lDxOd/NM9kkwpzS0yapT6qf78HuHvdvpBs7XYjBxwgTXzvWcGT5MC8sqEXquBezAahV7VM1Jgp3ciOcna
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b259-b5b4-458a-ae3a-4d26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:41.000Z",
"modified": "2016-04-27T12:36:41.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'asl9ks' AND file:hashes.SHA1 = 'd69d5261f94d39063ee24b34a2334f942a0cce61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25a-0128-4afa-b1dc-4a70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:42.000Z",
"modified": "2016-04-27T12:36:42.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'asl9ks' AND file:hashes.SHA256 = 'bb1ef9a7097de9c8b3a68e17a7ab6739315da684b9696d307c39c847f6605aa7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25b-3f18-44e9-a5e2-462d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:43.000Z",
"modified": "2016-04-27T12:36:43.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJZkm0iL82Lb+c4BAAC8AgAgABwANDNiNWYwZTFlYmUwY2ViMTIyMGJhNDY1YzZkZjI5NzdVVAkAA1uyIFdbsiBXdXgLAAEEIQAAAAQhAAAA2AWe4Jv9hlhCfXWrdI9miO0k0EVGJt0t7saJIy0n+ShFgn62szx+AUVBR/MgBoKdPVCXXVcvolMUSjSm4anSHKJyDzLqjcswCd3mWyU7pWQA3hbbgoEXc5tbrfYKnLRxX3Fb3wtu4OfVUm31WlV/XvRdD32C6TtjJzBbeeH0alpBotb6BK2ckBAOMVWmCjGV8SrL3OEPNykQs5zH4/1IDJutfAVZU3eiAYQJ4+/CGE7e/t3SasRKmlo0K/pOl5Z8adqMtWCTVfPga8E3B1BWXiSpDZ09q5V3njdCNEyhsGcQ+lvHhN0Msb5HRmpolvTzWn8Ew5pvTkKZt+EqE5rLtol1kLMgyFJCTm/gW1njXfRi/xT25ISy29Y6j/NTUFw8dVVbYtmqHTtZoPtth0dbuXEvsPi29M3HBGZGfmEdeN98o7nZFWesanvWg+6B/fDsvFiqag+Crksb3dyERK5mfdTXdZGZIcn38bySqZK0ZMGXb1iTS3oboOmf5ZlemCbykBFTGG+mX2lZXe3So98DEQFQeOXy4SG5T+/cA6oNTYqlfFRSyV5v40vm+XMCslVku4VPFGk01p1f6bKA+d2t5XynHhJB4fmVyvAaJzYu29vXaHG8BetipXMSF0k2IYfLP1Pj6QrTOBrEQCxZRya38CNACt+kybKzh7KJCN9J5kjBtvD/ARpbB9NHTdHGPhINCQ495RuFnlIQ6Q2ziTtS+onRzQ0tuNzSE1jCwpILIKbS6/LMZ/MrIkfLgRsZImdrjytYfHFLV7g4PmqSa84lPo21n3ayhzAiCaI4tI0KGDB7evMaX3+U+2KyCZN1QLex1VkOtg6f9Vy+CSq6sQAkpHvynPGYURYPQqbv76mSkAa1ebWRZ8sueEOfgSkDiWIOlB6xxm2QxKpPz39fUoaA65uIUvuRmvuWSZ1j+FYaNem0wi83S+P9o73enYMfozk+CAxxj8x9D9/NcYUpfaA65kxR2eMDQY+0NrG3dXcMTU6OkJ6WFaqAroaJZ+8iF5gGMnDyyvkqhncjveuqXk0p545tVqSw4jyh0fBXqN4NTUqBcJjdl6pOcUhxSOr9N5dp+jj2/GjxWZucgXuiIJS6XYY3O8SP6Pk4oe65AOANYMkSaInn1B5SZxZeKBuH9/iZ2I5wrMm/NHuErv4UYej7sIA4UW2w86DRQIVqLLKKfcx9OYZxY3sMPiGw6QC5N77/JTd8wu6ap0H87BvhElhCODlR4MTdDgJSRKJbebPlqOIKWcq7y0HDVIusLIhedGAqh1lmfprc9eaXNfgNniaqQ/J8anMclPFviqsnL7X6hMAYEQUZy6PQxU7IpWmz+O9S8httmmthDwmyfzraV39oRCjeSQeuVDQ18d7PkD+oi7bLzKnKud6s2n9KOuLkZrZ/RrBMmDOiRKsb8dci1scArNeu++rt2nsm9hVPZEJshdy6aHk7RVnC419EYHfXlDVt/fvcsGJZDwM0fINzKV6zhtjJIzewp40VBaWeqQzXBiE9zgApjakEnep8yQ011a94+9ekUh4FTCqtZTTqGEW1bBwTX8qGdOjiXyknv/Y6DIZLxgEdBiDxUjm7797rbESaAUJeymPcooJAeto1zJixK6tUyxa1lD0mWX9kjEFsRaZpchKpiXARYfnJXhfymcYj4haufuSdX7XJCf41KOo8QJYRqjBi5IzGOy3UD/d/tomCn02NxUZjd6d9+zz2ZasaQylUtKiiFNMgKIUovhi5s8l9+pu1ew/IH9zw8KL0ttwhRAijpnnEKaoScVN9xAFOh4t6576utibs22Q7fN9n3/6PFMkPZ46wufuGTPwLXgXYinDZzT3GTKtM8PIJrOCXnsj3kiSrn75B1MDvrRGXW0u91pHLW6NtWNZcpWE1g81fkFN5gPJn4e0O3XM8RMm2a90k1ty61q1nMzmN+KSpxtod4J1LWrGU6vSbIlfoa2XD0n+n0DdjqMKTxMIv3LLZ+CSAtqOdWP1c9vItyopCGJ9dHBXC7qcLb6JaQVxfTuUVqjmnxVo9g7KCzRmT2LIX8m8/qFgw0DIJhUP2N2cBt8tzg8+SW1X3PZ4Gpvc2thElrxfaZpVY7W3EIG1e+yLE1xNHmQ4DTqx4twTkTb2C30TP8rTR4cpmvEsppVVr1yaqFyf10KtA7GdOzUPox1d38IP+tmYUW6e0KHjga1LPq/pOm4Yu5A6u3Ta1u5kiVKeBw2Xg+C5LJ6ZY4GL4IVF2sa4R5qQd1b3FPlxFdeYbqoWpw4QrlcNN930Nsl705Y88EFeV6er8Z0J4OEpY1TbddTo0VvupFIUDwpW6l0rEC0WBk4AvoMlA7VJbYcOnYWlz6jMwoXS0UvtI3RRIl3sxiVspPREnPElhtuRbL8syt3sSbaGMiYYcSHCmJs6nSFFYAiBy5VQC29WHlWTZxm/l8Xk5wGJRg72ltDWFQiEcKm1CZ8wH+saQiXzP92NsRrgn9MzNvXoYfSu7gk0x7dkGgtBVNK+v9CgbviMihhe+b08jDtCdunxu3JfkPLMUHnGSxHzqQ5sOviEzK2o+3raSl2thJQa+zbym3v5VyT35tj4d+PKQ212Vxs2QzAZrZOkFnZlqFDxbiqeszEAPMK+UXhSuKemqOlvm6B1Jmrg+i3WJCrq8OxGr7u8XqVEkt6fbLna9XHVohfKFMsqk8u/oISXZfFrU58bcNuIaD3bDE7NFDyQwpOoDeyPMbjxeaMGVbYVPoJJhvDId9W+pqawS1a7OTaJ6sDjHb7pUQsHtofTC3Dwtwq8roSD+8XUm8PoJKxPTKV0yJkbtzIaS7VsxyxgFpJs1iGklpk4rLdk/lBz1Q5iyjFRibGgUeyuucccGnlV3o/mwxDUjI4bUzFKXU7GmduORClgoQR1afvQUX6MnJCqwJseX2ufc/TWIRPi6xpgH6p2e6AM9rRO7GuIREdb0IAP+LgcggzHJcSICs38uRaHIFRbG10An1k/whegU0s2gUvJ+OY/rGBnPB3WnMeYPcgZfM4pYT3jvQmrZ1cceVWfAaV1Pk43zDTNWxuttPYNJljPgZGFwq78MpOvkfg5Ym6PLybUK++aKeMJHH6w2V2HqkU027Uaq2xBcA75VmiU2WGFfze4jUMEKkE/KQhb0lPj2NiIRvTwOlMrLnmuyCp3UMUfLYT0DrRWNWpNsoD0GaX2feIE645+TuA+k/aXvFG9PWNVS8WPYDYq4RHJT+InX4qKXMUpet6i7CrXLMNGMJdKRK+l2/puu3JGPsrrpjvLrSr56sTp6iM/snvzl7ZcGGY97+au12Uc5OUu5TKx1XAXed5ngfAf8xF2N4sJm8mL0gsQGKJ9KU9nPIn/3LLQrN+rqvxR0mSd1AThb7ARHPMRQnidjcobS8BcLs4FQrIUCJWFg9c8CGjACzdK9KIoN7hpU7c9fBaNzeAO+b3Fqdq6eYfaHaioyu4U5LzVwTnGODHRRhKknSX8+5Xvz2TBQuQF+ppAmdXOnmKKgAFPjm2LSwc1X7aaWeFPi9+FvAs/9o3NA7oVKv3e6qNWlxefH5r4DHkLNW7YXstM7ThH/HdT8wPbj28vfpZH/IjBqVQEkS2bEAflp5Uc/+4Hcers1sogcaWbXqOPla8mXlD57kLua79UjGTrVngEDHCm/OuQGYL6EzRhkoZ001AGm0Sg2ANqD/HFEhn8hfNqbBImKX1FsnrpnctCVx7XDK66vdDqxw4ww7npn9nPe3xkeHxFg+qQW/HMgVZ8Qa+mQuUkiwT27MJzmrz4VsF8Wmrw0WEiGJuaszubJZ5E/HVDAcSrcFtNz842hgR+kyWcebuj4F4Uq/X0l9odBIEMxjqWkEO+ThTruhCPgN7C32ZuBBPIkGX/9ly1MRxJyThds+g4sxkzr4sB2Kxwg+UJJjvVh6b7oFhtymS
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25c-f098-4d8e-9ce0-4f78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:43.000Z",
"modified": "2016-04-27T12:36:43.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'gdh46ss' AND file:hashes.SHA1 = 'c7ff66a0f0e8da28325d27f01a0fd630e01fed39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25c-fbec-4581-917b-4ccd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:44.000Z",
"modified": "2016-04-27T12:36:44.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'gdh46ss' AND file:hashes.SHA256 = 'cc0a060830e130e7f4d077df78cb44508f58bbf09d1c0a0ee863f3a7aef433b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25d-6128-4f96-8c0b-47f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:45.000Z",
"modified": "2016-04-27T12:36:45.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJdkm0g0x5Laac4BAAC6AgAgABwANTljYzhmYzg5ODRiY2RhNzJjYzRlNmY5MDAzMDUzY2RVVAkAA12yIFddsiBXdXgLAAEEIQAAAAQhAAAAE6Qnzj5aS9tf1Goe8h+3ot2FWXYuNYE6KxZ+sII+ZL7bZpBJbManMHCqTX2MpNDyX9IcxWSFaHCuyUz6kR2+874mBBZu8ZjfSYRONy0U1IvfUJ/85TEeN+3qRygJRv/6+GjmTrq8plVeQ69RA8REOa/4iw6RMZScoLpgC/OHhy0A29V/YLGjjRAjOmOksm+q+E5ThZAopiqMTdG7aDXXZheHFDgKrzsbzvFvgnKq7pdKRonsLzrYgg8L8HRCU/tP5X0yFvAhVzIsnAaTpcXFumkXJKujUqAO4OXctr6bu5rfI1fqJl+Ef2GXn+fPDpcX+g5PFa1t2a7zJuWQEpldGeWBjTuircJPWVpRsf9gQdFU5c4gsTmzCvJ7D/YFzge18K3M1xuD0NkGFJO8w4JEoDNPrgex6+EdcRptd76AwbDLo/kh5rO7kMK51FVLCOedmlhvGXW/8HnCC27NEw3HA9LdNY/ZSQLhm/ImC9e7cQ08zZ16Z3PSgOg0nBUZW0lfUij1e3Nh6naRoRfrtQ0N+idK0ftSJzgrvGPNQ3tIQvvhMebiELnWvkg8evQbL1etdwA6NkAHuV9lLSSHLWywZlP6FtxJOMrMZZ5FIz++rQ6dfaoPMunO1rO6+DUsRMqiGQOggavbJ7m4USqsKydfKZ3moPEDsVhHDjVHioouGHUmsYYF+Lb4FCl0ORcQiQ5eeeTClzeyxltqPA2eVcVKqUxXeuQc/2k9ucfPsMY3vKr0KnKvUMQ2rwsozW9OeWHFxqdJuOdVcz+/J4nZDUFCdIQQzLhoLmsKDpf5njBKDQamPgYfcrrXagCwQ9ec2oeWwl9TJ6nA6dI3FRhejKndlfEO6xYBdxR/CFfH05uroBm3AkgCNgDsBdclWv0NxmexK5SMrI7EvHfW1PL5AnN7gKwZmEKxF0LH3msBhRJeD7Co+bVxE7e7SuwBx6bFzNzkbEFDuaajxOLnDJQ1Q3zvUGHhns5OZZXK0CLBiGoZaezWWrroKk3Nfn0zS64ACPAKIzN+laeWy4B1NjXQbVicCAA3foDDyfXTEoDfavZ+e8mSzJP3QOJxHiP5Ljtb4BA8nPyltlRQZMuQTNOHySi7IuRWvUQGXnN/Nh13oxuGQiLEkYgGw2V0fkV2xoyc5sElWei8xxlkgfvjtn/UNVhkbHqE7YWL9tXnL3jh7EKe0g/hpPAp3M3lzBHiJ0sKH/NgNuSXFjPCnSCkOykIg+2HZJTNYTqqjsfr9TiVwbpY/9xBgUAECoqiGlpUiJBN5gb6/nypx8z2SPJlq6XTUvaUtwQhBOPjB+FDaJt1lgmB5FuYoHYpjcl26wURNCQhBH5j91ocn56vKJx0MvEyqfKMPmQTHTaHzsCjKG5PSN50BoBjtmATD4KmEdPd1co1jRjClc7OZ9PWg2HiA6Hp26U8Yrm2U6uR5/WndV7BYri9dCmVQvgHVWdY0kY25c4RLLZBzuIYyiJ5CAN4Z74BqhBssQIw1gvJjMvTc8CgOUV7QlNtPQpFTeEz1nOAqswJ/yNwIN/rw4NmDXSW0NbD6F3zYnncYu/FRwMWq5hQMjyHpUVxWKX2sVT4QBh0rGDBtR1VdFS5BnpRfIOrpDp2zh8uNdYxV8TtCrVqYhFiAHTB5b7PbyspN54YpUZ0wSDZA4PC2eMNQozAdyTZmn9WiW3H3TIgvrZN5++owK6mXD4/6Zr2hfeOhgF2SH/OJMnQ60N9q+0XPLLD7XXl7v+uSxTxfUcPnjT7WCQmFY/Bf1FE/vtd9YQmUFR/iyEpvnrSqWamQtbEx6NSbmbcqL6Hxucwbew4SiPMQVsPQSemHbd311J3wqoLTiDMDZL0nrmiaaix1a3e0caPIIXGCxjBJyea2a4CU42J7SrfWOkCxL4u0PWgCO1Po3zbD8YxB+k/dUD2cldrIIW5UvE03aMoMRMRQMFhrYfuwsPqMY0i+oY1yzvj06Yv4e3E6u9dlgBWtsDWQ+3HJrillrfKo90UO61ls+NKhANTW6U90n9Fr6GeKE1n/0EntRPcfwqBdGgA2YS4kd6kXV5ytKOHncMwJ3NldqgQ90xRXU7V/vdK2V3MYtM8IlYAUDlpsYK6hkI1FeAhfW7/OMcRXc8eoP9zbgLqXcqWXIdeDRJHJDrinfz4e2Oxtv3IrLq/TNMN574t/HmdyCgSDI2dUXv1a78IZ2dTYukWSGXOc18rdV+tFd0Jvy0E3Tdxy1/A9vcehYZ37fEAF+4Q4m0nXbvrvPNgkyLKA084mPNdLX9ZX/kH6QD+h8E8Dl1NOJNh7fBozimTTehPO3QRjxIjFkbdlwGRHzXrUc2X5x1PSwckLA0IcYQ4nTKfT8kWg3zqFzfhtywTEBftjVpqXzoS9mn3pmONjXS47/cB77aWLhrADpU8cOg3XJirvoW5+h2HpRZnSAI4mWT6Mix4updwhZCGa/GnPnSgS5oj/9Ru1HSmkN3gDAz8BPNdWEfLjxgfe/xg+bnPowEqwppbOlL/LgTk0ya3JuUBgtGg3+xe428O9KZGUWfHz5trgErv6DXB0L7BqH7s3syaZ/NcvlmkR+YEPFHQLAfa7JeZCJzsSZ3NwuItiMtAOZGZuSBrbLW96YjMKmOhP7yZpGk7ajQ9tX32pfeB4/r9VNqwvNszlwr1rozhUdIS6mlJ+kJUuplSZV8VCSpDSMP/MchUexwlFSZRSliDxzyxI01TWNKlcLo6ZjOAB7tSvcUWY/O3RKr4uHZpQKkWqUZuROAjpUOHDt4lHYGFx+oy05EQsxnvGobLbPAw3rC8LOysnztOXPYr0wZgm6bolu+F8jZfbqcMacHwu6xLdi3fvZA9Pz0Oz/CHB3YkvwKo44mYsj4WEZMRvi8KtkPE2LWMXHr/uAKF9l7xZAek1/pIFxaS0MIpfhOXeRJ/N64kLlNXi5BiBYUA6GZkV4k62tKzmAWgT72TKYEgZiNRwe27z+zixDaDY0cpkrav4HrOfCufqQNEzBqxKFLi2uwdmhEkNJQW+x8f+0DVtClG6JjE9LO3wy1vhA3FkzSeg4J9j4ZRgY31xDvVFeiFYlhu7PsCtrpub5lq2bFsWuWMZYltRE5+9f+POYWJ/pcdO98t0sQCF+8lThRFISEXFw3wfSZrfAsh/fXa/nTg6Sr4tX+pxmdfh3DHQyGSylw6WKn4uE54X6pzvsxly05JYZQOKJ7SHIMRVFfCAZBZX+XTRdQKztGriqLm5duowAMHkU2QHOciLvnS492Ib1x4zjaDfx2Zkhg9jh52L9YYPW4gwWV1I+zLLg1AAftG1yWas9g3QJW0zlG5cuH6/0AOa/i2+YtRP7SWegCTA5/QRUoBET/VPKcXLmss5uj5+caSCvzjgwOvV9GZbTIncXHKYgi5vQrNNIPnBIpdpz5s2p3MWOSSOWYNH91kXWQ136HCtaDac+jhqhhcDFvfPnhChHW8a7Fvs3MJ+OdDBELUjjT4ri/hPqSacOjBhN5uMad+X17bmRpTGPwFPbg2DYKiHD4gro7yHTllVZuZhFxdI2Lc+YRwuQ7DHwJeFeuQkEwSxnVbNYT6isKmPswa1cayzcLScPL25QvxAp4SmF9g1KYvzD9TuB0lRdS38138OK2Upnqv8kWe0RVmiT4vjosIaqNQ/iVZ8v48cpZn/mrxhJn2+oHWotsW3pDReWrf+put8Cwqs9+UQotXqQgJlO7fpOW14zgjUOkn+VIlnltwbce0Wae+xmmmhbMJic5pyhSxmFr6yWkenlKh4iN+7r/ZSZvEOyUz6WzxDNsAYzoHj6sQoMq4Y8hi3WYY4doBInDjo1DuwWWBYSbtoYZOoJ8dIMSFm0Trd3PdsLEjsRAVNCSeeTpuLDrYxFX79UNWI0VR62rHpZhGheYhMlcuPSa+6SO5z4dNgp4LPnIfOrbtqV
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25d-1f74-4702-bde8-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:45.000Z",
"modified": "2016-04-27T12:36:45.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'i4ospd' AND file:hashes.SHA1 = '9041c4e803df0cd425d8b83e264283dd23be9a1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25e-d0b4-4921-9009-4520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:46.000Z",
"modified": "2016-04-27T12:36:46.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'i4ospd' AND file:hashes.SHA256 = 'a81a7bc437b89e0b8d777ad6c86b108c02eef7509ff7b53152c134ed1a3ee883']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25f-8de8-4db1-80a5-468c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:47.000Z",
"modified": "2016-04-27T12:36:47.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJhkm0jUsyXde84BAAC6AgAgABwAOTk4ODM5MDgzYjdkNDBjMmY2NmMyMDgyZDgxZWViMDRVVAkAA1+yIFdfsiBXdXgLAAEEIQAAAAQhAAAA2AWe4Jv9hlhCfXtGQCTcxtdE0G8uH9nLfU+kUnTsknXfSA+Wrp5lXsYSclJAZqg6nGOujcP25slRF1nqDFKZTAvfNKoheH6W/5OZGmR0BtdagFEOesIUupF2SYipCpL2hEcCcpA477J4ZOFJ+UK+BZSEk+0wVb88gsTYgWrQaJ/FMamlWjoAH+bchkr9JuzqkrUuhYdi0opiDPGUcbYS/c6SHWGDfg27xKXTqvo3hF5Oh302ujDaZTwI9LL7lx1Ct9e5b3U0bKnd4gxxYTOCOkwfcA4wcwXDYgRxSvYRV/8l3Rs20c9duFNjN8ZCwjiztIc0luLuaSmyD084PCSghwvQgCzVcsu5LhbCwHpWkHm28nS9R3dYlEX17Bs7H3yBhSbR/LuFEWUGBxNpfsAFJmnbtBv4sDaikv2rg/TMmlg+JhoNbOtM8TdV/CyBIjN2EPTKkfM0ZUQXZsdkWxssU4Nz1jn6IitBuyN//YquA9jDhNeyG/7IbRPJ9O1sIkdH14bK0VYp/zLwciY3QxZ02GO1kLCFfu9u+93J+fQqPlI9LGrK6G/1MJybNnyjYZEi8CdivkhsuD7geSbdZ2NZcV+n0xuIpYC9vexqaCVSKPtLgJokiJ2XqdNwQg4qCyQd9GYRbyNjMjdbM7nR2QCkngcuP012RBvobcOs1GY4QoyZxW77O3d3sn/kT9+zJMf6e1OYjkwwzqHkXiPcoQSeHOzkVZ1dW0OQbCRSz5Ud2+aTK47si1aQxI4irNI1KvBSYzykky0HMJDyr1UH6VEkMKJFm+nS1UNY8jo9RvqsjVbjPTfCNvCM5MhXIX1HrTmUyH+AiroBB1uC/e2QrPbPTm1xCMM1/m7QGgSgk6cipB7JmNk4CO3vNiONvLPHQSu16NXVrQf9/M4k4/I3eYvBEpcdbCn2CFoj7hzr2b8XnojRemjMjCe4/ciTjU09CbgSn51lMX1dEIKVWSBnP0i6+T47lO0je3BSl2iRwEEvjHTDvjNJDUAQJF0mkR/lwh6X6uZWsdkJC3DQpNuYMZZYm0aTdCBKNNDOPvV+T+Qn36KDgl6scw/f7LQhP7vseKOdKzgBMaMLzMGWouCN9Z1088pHgcG0krhu2Dy9weJ8SWiTW+xUibIGGDPte9CD7lCTmkn5gmoPe9erjf4SmsOPETK1gDVPjtuOqoLlJjb7uR3gK3x7F2xx2Gi6+Mi+w1XBOgjUnvKtY3drfrpuq0hoZO044NFEoVm7xxdschJR9eb8bvJZekLdoH0WW7ZVjKXl/ZgW6ooyiLNg9Hooo3uhdwX+0KAex6ZFacvmAbbSmXcND1EbVUt2Dq0iZvq1tw6ucKJKaC/Lb3ojvGm37PHGkdwxEUYXioDvLlZ7nNpwQargLRPB7dvBOQoxmfOKprtPgM5LGaQy3HCaRjEKPrs2wpXuhjbsQhql/R4AqbLfJDXOyk7jC4Ugm+d4XjyRd1sOj6sPOUemIrltmLNipL7Cb29u1xg4i8CLhoeEemrI/KV04/nMgziKX64Xtntidt8YbqsJcuviEihlYkqo/vphsCe6lAncBkcw2eWDp5s3RZ1iKZ56BwB5ZuiUhE2463Wd/gNN7omiVYgqPW/sa1FvDb9izTTLiMd0oo2Sb3D4yhoX2nI75682NEP2SqalQuYmpQzhUwxlL3wwpNeA3uWzUZYJ4GaRgGmncYrI2jSjE0WT0Wh3dRE93frBgMMCACy7hsD5GmUPeGszSEIxlD1C+MPmyjvtcOOQZ68kKT/5xehJ86WY7dKhXG5E3ohwTB/uWYIhQWpUZVATlYWVkjWFTJQaULRutF96VKGnzwzxX4FhGj1DddOv/sgBxe3XfZH3huj24NlElcDOzx0nY2F2Xp50c3PBQF9mltDFxJzxg/ASyslXlf9g26+McTfKCIG4XcVUzAlbTL2xedGn+AlynPvm2LQYCpWd7syXwwyK5/EBjWANRdnwDQap40Np27AhdL5oQCjIIQ6QAtJ8YTBEC0DIct86vWetXNG8WqlFaVuYPC5T0PlK765raME91af13QIWHTS97bbJ8wjfyzZt/9FRS/hio2dnxup6BXcHW9DDf+4Hdba8qQoCOC+3+Oq4YVX23nUlsU1Ogccd4g4H3ZHGklHofk2Innt/mOWfGO9zbZm83EoBE4MAzgZ942WTAk9pubNXk7YE7pM2NMMp4oLADaONZDKDaRFYwcRbQLLkE3wNqljembPYP4kk0bqZ64BsMAuxBAq+57yDDj62zL92EkIysIfZTF8k4ycv0N0m+avPPlZ1E1HnB3V6BO22XCoLWenKTaT30hQmi2w3UAtTgtemd2+MGMv479ZLbKesrPUMotlc/SIgy5m3bT1Xgr1JTkZoUG0ZiK7PxP0BBMG+aLgFvdaitOZsZw8VTrLbyORyLUwqVP9NYq83LwGW9CkqJ5VKzvdUi/vvSiyGLUKXKkBF5riIUbcng7FyjYAH0ICCzEpo9HxBoO+3rqbgOXD8tPu7Ei/CkrANbnpTK74dyUxFyMmgGIqrhqIvZNygujmqOoDXp9yJ2hZ4+Qzz2sCmicZ4GD4s68ZuHYQAvpA1/fRZgiLYgye6iIsOvZ7H1T13d4WRbwrbegFQfqC/6ZNOJr34CiaTYiEDMsXG+HaAOVmSn+MHVan2Uzo5+S1CUVi0ah78yH6Ryd52zsSY1zGsfOYDcpRYVrwS+TvBigg4pBI1DnHBCllPZ7RORFU8cqUebro0AGTtb59yjiESicn8nUZlCNYJdr6rl+6T7/IVUJin93ODsdBOGqOWS0HEvhYtXzEIzgiSJfgeSE5aU/BnX34wf8JkOH9Vn6l4HDQKzO3aOkZjM04cvOWiuNlW3UGzZncuGL3QowtI0TgIFbfNg/lTUaGe7j+sk1eVy9xTp22vmnbFZ+fGnhcrUoekqhW1xRozBE6Mzf/0DpjQdt6+DNutXsKbxfQwAy1kw3AD9gc/snBx6oGR8Y9sEhb7XsLuyrCIqbQ9q/ogrpYad+5wWRflu0n60PcsMt4Fl1Rhk3X5iPUYkB69i9jhzMlkCc1jrD7ry9hw8mz0W98ThV2/2wOo6aUx0tZQ5yMSmoBNY1aQJEsAO0BiSZC16hSAIy9M6rlpprcnV8VSfKoB66hzXcFPgqvBGCpLD/WvGgcPHkZHz4/LRLYEI0adjWN3fpFMXltBTAPgcKPzMh4eYtUyPKCqVhIblYCMCYfnzhpBcM6+kmgGFJVJg13sDRfo1GA2rTABJT/xpZ8mIKXg3mR4EbkaiO9muY1EUecGIba2drf9A//glh1SHQsG11T2lu6RVHDMKgUNsr7XBmvZj/qjTV1J+gnzzaTP95vJ5Bl7+2REpSPwu9tUmVdZAcjW9VbtqH2unP5NYRD0sLM7i7oM5MlWSz2lq/8swqxm2/lUfZYyZNeO3TOzAU5CgGJ/ZAWelZX2z6qNH8kEaTo37zc2Sf2YRAYPAqTn2S3kI7klQbTjVyMgEGxllCIok2x2prLK58IuWC0VYGBraxA62bxm8d77c7PCX4iDxBXhtTciqEOuWdT6j9UfC5Rp3Y+JVSf2m6Iwc4qDwOhT7i7ggsq8eT1iRi/6cMkbs6vNkFFDp1k0oQazYw9pe8Oe8B/87UDJtEv2/y0K0Ug3XEMICXjpZuOcfgHmaJP6/HPZuRxlzr8XNOvRMQO+oC9yUWzZLGKP5vZDyNKf8xZZQGTTHybvFF3tctC8MUJkDZoKmkbHDBX/jE9S7xbzAHUXQzWa1oo6/myRZ9p9pTpLUsdt8ngNGzGbPjSKRWcCGO8igs6+TkjUWorS5cLk93P8seG+kAqVkaKJanvuDpAvOgx/cSZvKLhtW64O7ZqLMJ+hjLZpAt9NFmdZzXc9NZkVONaKptuLk+2Qu6s8l8bc9KAhnSBinKWqVuECMl
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b25f-c014-4553-ac88-4152950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:47.000Z",
"modified": "2016-04-27T12:36:47.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'k2tspa' AND file:hashes.SHA1 = '6b22592cd807b7479e035c0178e2be61e569f943']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b260-561c-436c-ba57-4cdc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:48.000Z",
"modified": "2016-04-27T12:36:48.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'k2tspa' AND file:hashes.SHA256 = '39769147a6b85004cfe5a9060fc8e7ceade04b15d611932ad6aceab3641999cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b261-d970-43ea-bd36-4057950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:49.000Z",
"modified": "2016-04-27T12:36:49.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJlkm0iEywRShdEBAAC+AgAgABwAYTA3NTYxMGE2OWUxOTZhYjc0Zjc5NTA4ZGJjZjVlZWZVVAkAA2GyIFdhsiBXdXgLAAEEIQAAAAQhAAAAmgYts8UYU2CjT4lU4ngT2fYNlIbOGm2TU4xnmEyeD4YWGkqCt8Imi+AHknwedzNe33eOxFxfHGGznDv7JmZ3ZKSHFa2O62Nw2QK4OnL3lR7wdhZWgSQj8bsbVLRn1jvA/jn2ZelI/KHVjvH1uapCS113Vr38uaocKOjgv9re1grHpSw93tcBwPzJ1jxO8RACLMPWntRtfaKekC56BURunf1+GN8BzdHqgI1fkRvCHGbRy3tEL5S++d2D4O05FcJX3X63smBM0qpYdptYm7hajxtbBSb0luo6BrxytPvBN7n24L15gsM6LVd/2l7LLBElb5B5HRzDXPKxyqu1MHTnOD4W/oNCV69GWO0+dYZx+RloReSluzQU3YHQrdWUebw9tkfKCd+0pppwL2KBrDlk3GUnAO2jWvickv1uTVFlxM771cfpY+I2N20ui2/eCvHnc9bCxRJp04RPRj9TfTgafeSL1qoBI/KFuqyx98ffqEeoa8pjAPHU8ooEjBfhA+9isTK7V2C5AsfyiCa1U35qL0HjdAXj0rBWisMycxgKb6cweNo6MiUp0SJOgo+ms2k84GTP0beld5tM2HndV3WD8kHCjnTxwiT0HQGMq8Kam64laPfpby/OVogOHN+WJZee2xtfqL0ntLXiBsUe0WPjF6X32xL4Sle8yUR9qwqL6+E33krCdax237Rdw2ABfBMZL8bX0b/v78H9+m3UUpIRpq/+rNPa7FnXdAxUAatZsfBsij3s2FPwuC9atOnWDZd/B9sH+gUTpbPKTKYw3RnSglsBJ1YFf89uFZ8ABqpV3DQP9efYpozcWyRKSbPoH1Qjvj+8CF6VDKQrnCtYbV9WmSAc/1pOwIiXrusI88vhScNuUGsl3SLKhil2py9LUMU/C3snJEdPKqRcI8GgofNNd/W9MBKZtA255WW/RFDsdh636eN2mNzg66SeHj5bQ8k2puh9OqUI1HSVz8zdTYrj5oGWceHoFIQIf8ZCxU21xrRFVoXCCf1PQv1VDbToAm1uvtRImUXE0dj6CHO5oK9/tI/3ie52+u7qTTl09Y+96k3yFcnOrduZjcWvm4ezEJhHVXqK/2ABJNqwIrwUf8vmVyMNOZ3wuuoAlH7JDjFSWjRYvAlNDYTlXrqcUlzi9ddkuFAU6udkNMaG5AHwXMvWWlNjpIfA7997vZfs+4PFUFR2IOU0eQlKDb8jg+gnDm/GhSkk/Y2mKL5UD5730zrxQjPL35wf8JhePESaEjIkIaGfNDTid0FboK3/L3BNBxe74kCJhgo6vGhN7TyTd5jeqluvM4FFfRV/6/2vor/TWZZg1h21xMk67ZFQLBT9aUByf+NIYZfzC/2Faxf9S+PZoQTJHDXPP9uGxS6P59QizUnAXVaaIkgLWKZGi8gTGv6W6K+dHMIqCd7L2nyD0O/VAd1r9hpjPvqNJruJ1VRmIeJX3FYpQMMW/vIrXSLVnrQJrRDFmSNxyjuYVDZ+QisBbz9xtScWB09o1nsPjcb45Yfim6ultWGlSnw+njIIm7NpM4gNkIZnroHS6dTW5G5/fj8lfJO/z47D9msJPomvyDkPfFsqV6hn9UYJwrhVD9Wxlt5CbUT38PFvLxir1qO5pFeI03qD2OZS+A+UgE8lu9Oi2NN+ZB7L8egk2lsmeuYSuVeZP4nlNzxWrLoZQ2Px+ZT+572YFq0gstpM8Y71pZDELccuB1Ek1LyWhBISXt06iROEc/Vu0RIgb6ZjTx8K4VuEaR3EYH1toYE/Ur0fj+87VN8uDECbCgMrfhoF+nt41UlvLNWj/mJWzAoU9G+rlzIUJ8pCIswpunvw44mokUPzYwEIQ/mAjHO0pfpvLDu9pCdEmaDHDQv3OAjMtVee+WMCN1isX3VCcJVAKBCwhFS9KknLyRK7/6GAH07NCrECVozlMHGvSkm9PIFEZsPVEPX7Yt33uJ5f4a7Nfo6jTIAlbIe3rAXkEZGRiWKFwHGHbs1z4vYujQodPSHvTGUrR03OXkkJJ08afc+EhCJ24MTMRdSBkBlCJ0iwMiswlUJ13+3EPzIlpKRrTNeRSByaNz+p9BMce5dAFnWFbFMWZkRUJxJ2WNCkfHZRiEiZRoub/053w72SG+UNErW5qrW62uSvBVuhIl2im201do3HlcQ7cBr8GbBJ8ipsCBV8Dr285JnD47mZ54fMbjCGAXHRcgSVdnGr8r7vjxm3PUFbzOZzLPTcapWodN3h/vlP2vTCiO9SByRWXccCImg4ITa0TA1+wvtlzViK8QOhNcnJeAu5HEma6WsW6SoHJGRhW/US4REMpm4BwhLhFdXX8K42G1djiatdsD6dybGXFx7xme/1lwUXL4SSTFX04DFh8t2IgBkrVjDg4YGdQzkTsnm3P5P639sHUR5fHUWr+lmOWpqFAhdA4/MWZvKn44rMomQBJ+utqD8sbqHzmhUqztLJ3eh0dYcwsC7jlo1MPZHN9TgDDdnFVqHnY3kKBLPRCSrzNmw0PU3XXpbYTos8OJs4DGvMXbA/ywSu08KZ2DI1QbJTN5U3oiCeiozSuGPQ6+YaTwklyJoBylVZpET58+n6m30bF/3UBndPr3DZVIOPKEudz6SBZEOXXsts8toEzpv1tXViEXby81OGnCLYlFYqBj/Jlp4E/h3iCSzKSydNxSIxuNtTCs07OWbS6D+rBg+Ynref1lDgd/AuaLhu0uN/j5njBXy1Cv2YWTz7k+gtvJ7OQ6SFtm1S7qV4b0fTB5tkGAvHZI0KiF6r7oskF0ngJn+81w7IHqffXZlqVDolrsNA/F3ry3UQBPbgfz3HxfDiizwfVskulqDWgAgNQ7SVkF9HZLDlFY1D5mo8yjaHvoAB5scvdrBfJd9icUdC5qN/4jEeQ4Xx8Vf5+sSPS/Dm5f05W/2lcPNr41lcYl+pB0Id+FvRw8GQA+IX97LptRQOfmjvWR/k0Ot/NCkcX6jaLkhpfXna+jPKTols5KONhMuMZiFn8D6Ie6NQHZdRTIiOPizLtpNUApuoi4K4vBs/Z+5xEv0m0mtEy+BvFkii1zUdpH4tOMN82ELRXvXY37hniRFMktM/NEBLjT4gz0T1c8ipaOmGGiUw7ZkcwWeIcMpNYT2eXLuBj9cwY5POiUVYkniMkxUWjWRToD/E7rxqxSZbN22GcWfDAAAvp7xE0h9GrAhKaNoZU3jNfseZk3bqg93ycruz+QWLBWLjp4WS8BI9bnrP/l6Mgf+zvV3gBViGPkVytAzm3pJrnGFLFS9sTSpVWVoR2uIimVKmZAqsHlMDJgI7oKukMTkAOJ/9A/zFBN9Ig2x4G2WHffs89GokpEMItEJ/NmWqPpY/jluLRCHgANfMIyWV97a9XRZiZpkqZw4beZCRpWxVVGz8eCYJyPZIz2DA//ecPmk+1HPItdTIOZGNAcZeNTfWTwPj9O1C5TF+SbnJSpx/d1MhIoPpLFIW8aFhTFsAmHH899yl+Mt1pQOH0CFw9oOWIv1GJ2jy763kBgXhf5TyITvvURvA0XBH2sCjsuCX7kyoluPnyfZaD/UhPttRqF6e1YbKUxfiDEbvJgjzSJn/2bYyGFZ2QmTGhnNWjuj4lDshHXV+z1l01F6zj7L94w/VpVVcl/wrxWKxMFXH0oGqGO/dVuz4tkuaaOzaYOqbKm2SG1djuyWS571/4LiRv6A8/uPA3FjS2MnIIv7xfyHgiDlpXbpMXNglJA2YbJMDWMpl/Mp1S/cc1zC6JuO2YzJFYuZtnb596sQLFjD6UsZW/C/0S2K0WSV8BhTpRNjsPKCXtkA4RzVtNgqoJsW3WbvsYKGqkFDKhxUzM3qP3X0t1Ik8tjlEQeM8nzyqyhOmxURHMw3tcvHH+7gG0epPTaow96yBBfo4ved0BUqvI1iqNnFBvT0g3jh/RPXtgKslvK
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b262-344c-494b-b836-42c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:50.000Z",
"modified": "2016-04-27T12:36:50.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'mys3ks' AND file:hashes.SHA1 = 'feae65047d59e31bf562e12a198abe2f009359f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b262-f238-457c-ae3e-4a77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:50.000Z",
"modified": "2016-04-27T12:36:50.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'mys3ks' AND file:hashes.SHA256 = 'caa6e59e98c22a3f9159412a612ad170d2683640e1845afb6f533f279f5e6577']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b263-26b8-4980-8f7e-43f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:51.000Z",
"modified": "2016-04-27T12:36:51.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJpkm0jJYhB59tABAAC8AgAgABwAMjBiNjIzZjQ5MDkxNDYyNTM2NmFhYjBhZTdiMTE5NDFVVAkAA2OyIFdjsiBXdXgLAAEEIQAAAAQhAAAAZu185lvX5LSiykbKUj/ql4shMJFFUO/3rMTckYcIe7EDNMFtbTGUntIJ4M6AFCgbzxzCbrrJlY+q173Qj5jFAr6SH4xi+Evp/pd/SivteBpjyD5BTz4KAZiAqX4W0uuMtf5uYVpmUe4EdectinxHK1ExWDNXDu9unTlXvMC6Z0kdUlBOoqhHI85Oh0xJv2M5tpfR9Je3DdkDdPuJQLcwwLqdFLYpW67JeRM3Em5yvU4exWTb7KcCQADPdxHzppjx71Tna0y7bFcWXPNnXOIhzXDEeKsWR0bbRtkU+gHAuSaIS7Pyp/O8d4tG68kBluX0hrv/Fsu1bsMRyRTbZW4R+JXVZnN/TsENThc4mr3yqwBb3U27Lf4TuwesCAlKIHom+VOMztsUnVajZbhsFq+NVQlYkqxUy5DWJ4i3eQlOUXTBz8yAu8V4pBWhYhx6ETVx6qX0ZXj8K3rI2jFOGSiJMJ/yEE254F6b1ZWQPsUrLxfxYAULJj++ikKKs6oMvfk1vdU7xuD83qeGiOWia+9jZWMoVbqClSpOYVTJu1Eb6GhTgULMiC4ZuHKSgcsGcumakLuBP9TsxKgvAV4mprBwcjwQWuSM2pZPK392HmFpJtxRigTzg6Lqfjr8bEY3J5PHyTcS/RbI70e6bTgadvSsurNaRPwSQ9Nti/zjxrcwKsyqaeEJ2EMp+Pk+OWqXjPdV7DNuQHp5bt9OTZfdRNUD9YtzmT2G9Rf+ZiY56Z/XwHLH6Op+At2gsn1STJUGjFXME8VegkDvMM7xi5/VfbKukHcXaPdz1WvlA0aHl+d6Z+VlufceAKdULqSGh8gEMCJslB0Rp+k3TbqMSCX3YCfZoDz5TCF9am4Rl7vMdrvrWghp6UVujuAl9D6qIWRRkgRF4pnZVO+FQ4DEp4EtXTDlQjl0WAnhmyL5dpO5+kzwU4Qm1QU/TWVdatl1T+AEjs1hHa28naoucPbcTMZpMOk3Yo9AOQutybkkYTzt8bvviwBhiQW6B9KzO7kWZd8jRcWLsM9Fp51Vtdv7d1klWYEtSu+38GArSBZ36QEHw1h4qY6loLl4srTrMYiuvX0NNpVfW9ShG80kGO2g5Yqj9ygAA8dE0r4sYZU9gw/uVdjIT/AzA34rN0stJQmKurx+Ei/9UbaMLBuaEQw55pvyTaPIXaChwMHIr1zTAfFM7TtVoxp8EshmEM6i/Vc67ASPQqhlosQr81JF/Ve398VA9fmme+qQiTofKnIpgowdL59lxJw0pCfTg7XPovDnco7T75X+Zgn1CZRRfZwDbENH9fYuwc0RY/saX6BpvItH2mR1v43IG2NuitKLmQI2pyBSEELr/lSc9DLCVJkWCeZl/458hkmOmQIBHS/h/36XMPOwBz9cW8yTy8xjLV2bRKzHHtRrRVaEAoppvm5j6Kg7L5txpXVAPBvtTXpJGIeB9wLgtEHakMbh3ePh0+iD1grH9/VyLBZnZcWIOSmFIpL3oGpCZfG3gOo2xkKLrL1d7W8oQluNI+GaopRNX4qrs91JAsWtWJOyPIrpELIdKNGc95XtLPeLnylvlQgZoU46ATPrx2PviWkSkZ4qtYyQuHylDRbzzmCR2Jz+mJZLpJX/9DEh4ob/SdOIC7GCtzxBX3A6y+FF/k9qogYT4E7sOgGHjlZDmvrlQaWe8f9AWKZjgq57gumtPdJn3xclCWX1QD3U8PFr2/fR/pjpLcTYDY4yhpvr+/4MK32K06IhXAfTpd8qJ9/OKseKfLQI/xVNUvmbJhHbKUKg635maEqDydknvo4gkycIpcrBIrN47QDBrdBNjwZRgFuvRm1qfpA/OZKz9+V4R2ajEL8JMDbey1LHp+iJ9IbCXgrABIsJPmzsdhMO8hSHxQOymqkSiEnWA9H//EF4RrxeozX+zHN2bC4JjWkpkWY/ECoNum9sJhlGRErT8DLVnkAHxxEatlALS9jUeO/YzU7FCWZblqYlfOIGLh9Yi8/KB8EgT0h4VzuhO65MzkSlrRVBctDbcV3DH0ABLRZ7KkDkE7e3cfRjQW8XPjw7CQiVV49g2Z/+VKzuIM3WCLHgWeExo2GNmoGR4MzRHKvuGXq1qopovJ7ZIgI15slafKWRyjNWq99LwMQzTaOjPDSrrHF14ejEcI9w94IMe3V5OQrcfijjzW77pylncUNPy2Oy5QjXhmTtc/yCYUYeMYbwPKGe55rIWrKPnRFpwVlSDoO5b7Qxf6qy+dZ/eJmROb+5gd/tgF2z+GaHF8JV9QRsUDyFs7yinSUxEy3byvQrWSuTnhJa2jnM9WgK4ACqPG+GPMPaNBYsGJAeULTgIS0DZ8DS14bg1elSXDrUvSwMDwbhhRCX9ISoBeUDZOfa7zxp/udrAcv15KwAHrsgXIDPBS2J3hx6iojdxhi5Ern8zdUFQ3iCMpbcN8iyfbfl+cEk1W2s14PNACM2zIHKwMtnuvzsWM5RKwbUOp7wlGkG9FXrVTarnqp+KNxITZFbbxuX7iAUkwfi7nl18qr9VLaZhRSdXDBhf5FdkNXKi5iJYaC4ehuCaa6y+6XimeIY/Bzc2r3z79opT3sSTk4WHcIA65T9ASA6/KUux16dd5323GmxDIJgIrCu9q/+QedmyWPbArlPI5LDdiaXyJ3A867wT1ytfsgus/gv+z4FLRZvLoIAb/3AQoy7pU85Gs3jefbnDNI+b/LPHgaNJR9AxjhHosvvuNMHbsrucHpj0wuX1TABY3iaE4LB2VuTkfihMZ8+ZTIBOJOQCCk1ikriG03m/pruX/ZEjDJXCcRnP34/YEfw872E5wtpXdEFjezoT822HZ37OewQGOFpcOqIJ/oadOOoGIwMBkr6G4R4uaQYKVfeoH+guxptAGFzA4KXuKK9v6nhNUlj5w0M5gHU6muAsP+J4KGJQ9PcqgoOHBhkBRGTqREoJ9Q3eTQFZt70C7c4ZJeVfipFPx3u6IA2bgbOjw/juiG/LS/pIbBDC/hjdGVAQ/xpR7TYgw1wTV/3p15KckHY94ZQgwx9xDkQSqIUO0NfHPrSHvuIlFnpxp6EVICLjtOTMMjJOAsA10lR9iWFFOIUlasfJlYacwU9DYfCst4mhQFIm42jG1QYJW/T6ZXiYTIVTmxbYdp39nxq2vB0LRAObWQ0SdZqWESrhghrwvHbHUlm7OGjv2gJwaMezrA5ZmG84ecd7crpH59O5d3V+RTiIIt3IL0H8BigvdCttk+6GiunGd5nk5XTAUCkWaCuAq00JpdskxYO3yqZqsegGZ3aBihPHl0DDvHrbiUXGkFvVzyz1sNu08T1sRT+jb9OHVv7IiCs1Q5LU7c5K+2RVgofwSUMxAIZxPVxC/OFANGIjsS6fCMC/u5FkqT7hlmugi7SSc5NIeTm68yruv+Hhw1qS642K0qyg18rcXkqFX4Yu7x81uR3jLlNVdDUXDKbH2Eh/CZWbU1Y9n6PnIuhwzI43lryghKSSpteeKHrpiPTYcVtSGumUbdQVD8aNzgq/b/7pwsivxmtI/Zm2Ud0d4QvNTs+38oT+cCCQoXwNcfWHzaUpHdLN47J1t7HjzIiGgj5HQw7K0ZuCfOUZCGaniKXVIvp07V9kRsmw56EqIIOwsm728Zy7h5t8zoYtXUydNBnIoTBdbFR02QAp4X4vfVFLe3rfgX/r4mWCuP0jQBvBkkJFpNIXFOLRo/RXXnBvze8DXyk5MqcPILH8nqzhGPj1UcXgZz+ReOMLSJhU5ah82trmSxnS1VrWLVqFjJzC8Cqptq5USuK6gRU20/GLAd9BZy23+DH3FTjlYekjnKu9BW9mmVYu+ovxCqW6mCDoHqO622Tqi1WMnPMmBcYR9syI0SPVso5vM6thr+j0WUSDKXFi5LqX8HInr/8+9uPX4ylUQz8AYcv6mOoXFecurz0vcAjQv
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b264-0fb4-428a-85a3-44d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:52.000Z",
"modified": "2016-04-27T12:36:52.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'n2ysk' AND file:hashes.SHA1 = 'e270cdf7d478f996b775a19641b2ec49012f08f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b265-41ec-4b6a-af54-43d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:53.000Z",
"modified": "2016-04-27T12:36:53.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'n2ysk' AND file:hashes.SHA256 = '09c2455478bd7c1be67719e204345d547db949e8a3d9740f48af58c3d73c4f28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b266-0810-4306-bca8-40c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:54.000Z",
"modified": "2016-04-27T12:36:54.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJtkm0j+U4t4l84BAAC6AgAgABwAN2UzYTQ5N2Y3NmE1ZjgxYzEwZWYzZDdlMzg3YzZmNDZVVAkAA2ayIFdmsiBXdXgLAAEEIQAAAAQhAAAAPq6OCv4y9acpDcN9u3P7rStRlaPdPK6Wd2om8bZhSa9PDCFcSSHbAf8hy/tIRHNmq8wvQ83umrWUGngNsF+yHErYHC6P2Jm6Ycf46yRVLNnSgCfgkV+SVqeSzNHNtcqipR25K9UJwnyQUZT2tcghYC5kJ2D08hzUQPogmI4PURvpVKK6AoMckLNwM5ERcsBk9Qp9YFwCgZig/YlDgJMCLaksZiFo3e0lRFPOWSk+xoMpmVEwA7BBDwAlBoohGovTPpaXFw3Wx9HFN9BxLVTeVE4Xrb5d0ETqSEFtrNIeJ+kNgZKFvfzPgDPIajxnHll1/i3bwBypOY5RjfHmXDKP58hJMmTRjPCQOq6O6iAl54fPkqf+7lv7sEEhdsB/DsZ9SRJIJPeu99iUIzpctO9nqtKya2lCWYMFrNQB1Deaure7vD88P6jWubjUSZrpEOcds9PnC8JkvMLvE+Vl5MbGjc1jiHAEHt87IQWbJQbazs3H6AZ0hUeqVk/atOrq1DpM3WMB7C/OAaKy2EgsVQKqnb9dNPPjwilWRBFUn23R3hrNLhMP3cQtPw6JFFcYRGjyhSei4TJ02ztRH64nNrVjlZlRvl4tRTz9czq6WWi9fZYSuKhvORFcvUam51YzwOKEp0FptFZT1KlT0jtwdV8CdHZAIIRGWg2hNUfwLrf9Jbc0arbftuMVJ/1LCvN1Y/l02dajb9pHUobH3DSLSkOGtiRfJGtCmhvpuQiDiMBsD0aWW2pgbfhV5JuCZ8q1uPaarl5za+EW8LOq7TyWoBULqLXzaQhaXHO5qL0xHGj8cAB955fvncvv5v7ttuoZS6xRPrZyJKzCnpZQwG3OpgtKaRKSwwZgwFvcEJxjz3wDfhM4dF/wc6vLFPNwXR3m3J95XbmY2ACy+wIUR9hhvsjcYOAhYLj8gmV5rWC2Bj0xY/jdE/okQ++Ev6zJWJLWxO312ckxYI7iTfMrTXVk5im1WKl8SR7s2HAFE81qrgljV5+XcV8NOiRrJLnlmV1TOVxV6OcmsQtfGYWfYtKbaN7wou/1SHt7WJI6RVmTGrdIPv6c6ab/g8iyA+wLCmFbl/T18P7PQ31ejiwWQXu8QekaI0j51C7wKy+PuL0rceDPaHG7yd1voWofjlunfswnlqg/3mqG400HOj9ul9a/aMMs+QYnpHpeGyviR1MyMl/F7FvBu/fypAbVdCYmaEJ/VPQxckgDwjPBo2b44Qf7wl21Z9RHBC2JsNXza1INpe5qql8KipshtLoOQ+2+AcSkne+jVmartqpXhLsyw2lXX0Tiv56i+612aFTKvUdmLQd0kQNFeJ9puY+QYvBxjPP9AgM2xPpCwQ/fEPcT9GqFhF7DeNFoXyyynuqySW1lDvAQCzrgM5AnxPp9o+W002S20nru3nJ/GGPlZrQ7saHIS8Ki+hg2F4ZHw5MPccun9AieXvnWM0mAeZ2n9AlA9mftaSFC3KDB6zxHewtJJcuOd8e60ScP6wwVuoUdpfmSJJF88oks74qBoA8oVG+SJTjJWRMhFjSXSYXl5MPojsqlmUZMyT81B0Ohc6MwcXhjGD4fjEEIgx/HVJWVMgGmYKvG3UKFpV7KLxknUBlVS7OxRjcAyfm3HZ2WkRBfZ5IQtl3/QYIRnS+DwuO5+Bb4VemC5/bax3fJDcHKdxZolofsBX8LiOZdZfsVhgtbL+JklCkll3u1Xm4ftlrFHcT+W0PWWm5I3GLnMmM2cBdph9BeE3B974qT/6x5aqb2nqef2i3y6dbJsFcTPtpCj8LO0ul8rDTCN+T9/JIFd2WPbxcUa2+GEpRv1p/e+TN9hI2JevSSL/owcB558f85XpE5r6v929plm6fapl3bL/tsErNiqPfubmnfF+m/tSj1Nc/VNMT8xYzYmvYCd8G5vYgmIlVToBfItrjzBWDEskjLVFIx5I9Kt9p6WDnl9k3ghpNaHCo6rYHGQUcjQgFtdDyEy7sSrtsHrNcxbUGKYQVCBS82Ip+ZD/3e3COXhSGZ4IM53gr1UZIsphFXI9+G6BPFbg2QWv3nrf2pldbXwwrbZ9D1YuJgBZCiitENCs55c5+vj0r1frEaB6ZHbqJb++BXm2zEIx6yDxoIe/Ag3HH8W4EoUx3Q/FTHeU0cariniH2BongKyWf7cYHPdouXfgFRyqlwTQX3UeTHFQ33XMPyHImv1Kxrh4s8lLzK/suFb5WSwFKGQu9VCupBXXp9i2XymUwivNP7E9DA0YMqhBVa3E6KBx1RQ3yPhVYR4xJebBfQwd7B+EYM4IuWyOIYYPNKbIZgVp4qeRBQeVIrjXKCvl422EMRPKohrhdphUrvqJXDMQ7fgVgnP6rL1ELSkoBfYRJ27KVhqXoKSH3KVyMoKQ3VzlFnPTKhdFTUrm1WsfCaBhA9JtYUEP6rbmN7m5RPfSkvybKH5JuHGpfhyArojM5/Py2zoBYBwVoTeKy/77kamceqdq05BgeGxQfKO0eyVeHpPKgLc2xBTo7LM7jFi09p1USzyKJOMs1E1EF7WmMH7vZOpaSlbNvnVQs6q/Tw62NzmjCJcJeCzN4Gq833v5vhhlZixiVUmhkmc3nSUlXi5Zqp9ZMJNaDWh6DSdP/vzwWgboXbzrr1LXMz4+jPc2ZC2WQHU8UWz5QB0tzvtK6wR6dbAC8y0aTnV2VDQj/LoiPm7ENhBAxwQzDbFywXaZIXv91Ns2UO+Zmh5xPfWn+UV+WaXIAUW6JnQlX5ZdUxCyHoXceivzyT7V3iWA9rZpKnzlfHNB8lnXOJGyTIoDBlvbkmsbFnzZkfLD6oGsl35gn+V+P3fvPH+4KuCASyfVrHyowHKxla10IxO2g+zRau2LbbceEnUtY2b1C9h4tGjF/qyylq9tzOfE70kK2Ovq7mk++ikc3i8eteAlRgx9hRHZhRxHfJPfPKgBRxnaKCHy20C6tafxP+d7mC5t3MfmI2PobAqLLBsA4IRyWI0ZgXZYNaWK9HnLxBRIjo9eQJZOZhjDSwto9WWzFmvbpb72nHpc87fgHOLyHfVhEC4BGXi3FBIZ300q8vG+8TlrM0b6+MVdX8IdiSsEx259dIZuKSou8KvhdagN23du56iPQy/g/oeAkzIQIYmFHu33tHTbfGdJxltoTP4X8KSibT7bf8FqFazo39oF8OA1BxtdTpiTY43WTWZu8ahiy1jCO/iYxKvxn7n8IClRW8q8WE1EP3Q0z9JtwpR7GC/jFUUH4F8Hz6lGATu+zw2j/Pmqc2Qn+x/EQ/bb77vno2IiTbsFCwf5UeSVJkLGxK/P8ChqUOLM18RWXkxC77by60BIwrory7NnrXEKWbL92qJ9gbyrbvDAUro2wmm9+r+/9pSQmL3mNd7w9OOgHUoNMPmDkDNCdboX1Tj95oNFonnkwTbY9c2XhJrd+iuMn8RNUwwCOivy3Atr77RFAYr0CPIi7u43fsIIiOYZAgHoV7WzbQ+4VK/anyENA1zEVLYkDJDtsgn0RldII4YAaTEbnjv7CR9I+hbDRl9RweUlnua3ELIbcW90VD8OcK3ACMecKFyNk1vluFwkg+XJyb/Mi5RIEMqdO+bXvwawKToQEcYJhpMIAvXgaTHQg4rCFl8K+D/V/gGAeBr35+mSVpkjGJ7xA0dUwq/oG3VhZ3n4rZtrey2jqgDExJj0J6xNj/84VzQqDCSJTqzmVi98eIQSQ9Op/z99hiluxyg8asCMRTm+wFWNhphjh6RmoycxI9yWMZ/CK91s7cq1dmkgsDIWLd+on8q/FvjtTi8yTGD/z5PqU6HJO19KG647IKGFB99wE6VSj3giKjdcs+TsZq5KtJUqJqLMEzuujRIOLB2CTKywyHbI6sOb693puhzOO614nsXdkPU8hh5prh1RokKzEJGtOxO/9k4lyj2WsRR8FxTmqYYN
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b266-f938-427d-92ad-495b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:54.000Z",
"modified": "2016-04-27T12:36:54.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'n7dus' AND file:hashes.SHA1 = '363fb731b0c7c717879de05fb58dbf79e8d74476']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b267-ed8c-48a9-baf3-4b9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:55.000Z",
"modified": "2016-04-27T12:36:55.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'n7dus' AND file:hashes.SHA256 = '8ae0067a6349c05c261217f201565c1b05120d6fd14003a7118a95c1e9cd89de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b268-6384-4eb7-a863-4c06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:56.000Z",
"modified": "2016-04-27T12:36:56.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJxkm0iKCliVNdABAAC8AgAgABwAN2NmNDczOTU0MDhjMjYxYzZiNmRiMTlhOTI1MGMyMzBVVAkAA2iyIFdosiBXdXgLAAEEIQAAAAQhAAAAb0de1IXE3zfdI5D9xE6HflKRe36KixJW2gPsOSoRCrJGJ0HY21AMtDJk+vVscCpvt6zD61OrKXP1wZ5n6cRiNeu1W6I9yHW56R1y9pMcD6ZZQFip+QGfm7ry3VxGCKKkmssE/h03130yTSGh4lAq0xVOuIDYUu+Wfe96pYlBGy3kSpA9Q4oi2WSnD1wN6XbQfxc5hDRwllS2kexqHXUQT9/DFEg+VFBJPis7oL7D1l9MZl1cG7yaHsnUZlQgTZZecQkSJ36t105AZVX2AgHFNQXgOMzB2jKmvIeL5lU0kLofVL1IgFE+fyNtZBG3cZFuZwKSyEk0+hwMrEKsR6babcohktcUErHZDEDOH54yfdGOJMbHYWDtmq140Dn4waAIfwi7et9F0EFlCI6aBs736REmBJdeLfvd0vFs9mR85BOB7XODeZV+6sWvnP8heburk7uusCOWoSVRqzEMiAAOa2PknDNCYUWeyMFCPZH0UDyadH02YnDJs+6LXjdQoWuiU3HtAOaFlcDhjPo+u7tPU0pxCm2kZ6umGior6Vv7Hw2uNDuYF6Woh4GvxpwMAIzcDCFhjuwlbCeEuEUcok061dFW+HiLhqC95caIBW6mfZ/Ng+fortdTQh6RGmK8bz2I+K7LTTg687D9H9PjoIKlUPcf/1K/oZ/9nruHqI8hEUZkcn+ImmAOERQ++hC5OiXlckqkcECs0b3pqQssM1S9Vg4IsHot+9ksCaVFJyYGV4WkLQJ+V073idkD72j3x19ZFfBM9vIu7exGFhXixrc70QZVblRIQyvfWrk7C3JIyKd10sTJ1Spda/mTp/tM2v4oHKIZCzLX+RLsuqmQbo9l71i56VSNObXUE5X+ICZCoTiGtWHM4Q4/Ja2GuG62estg9R/jcGo2jBruxH18yDHd6f93dA9ASbNpI2ZSHQb4P5Mui83F/E0FEXYFW/jyZoZ4Zx88Jd0cnueKcj0j2hP7VHYllTjsSf23dgXYGpX6kj6XAPWQS6DApI2CB53HaLYPK+ZlHPT2AR0MjRuYMwrWaP0lYu67hzpIkaPib2HPgVdaVTfyVMckHQ90gcjBRgn1ZrDhYCv2JhteEWc2j9lyoCZJEbvgsRw8s0tgGuVnuF8t1OaMDtQSp+cXhJ/Erg0Sv1G1fXsZihSIZe7GX/GTTTyBwUe9IiZrlX7NcvcvR/Y3t58Tuz74Zi4Ha1bi+3rY6JSONLPxFO/50daWrNAkspQDxpPPWGxxAX4aNwQ9dhhMxXi1x7LFXvbrxOHHup0JxmNwOsfta5pV6hehhJTPLsmSjZLKcVLCEbLcCxq0RXDf7qKCXsyl4G6S/cNvl1SGmssjJmoeqdg7HA16ecC1SNSEVZ4v7MKCfQ62/itFU5ZAwjqFUm6OWLyq3un62KvQ3Th6HHTgplavUluNYUxJ5zCIPkt0dLgtQ4Cls0KGbXBXMhAsW2Q3EIz/Xl6QBA7xzwWkgC9/foupXdFrpOY9cM4Vfe9PeJQ0zJor1vRMzmLPCn/RZhY85YQI6RD0XnL6Ux2kOToqkthMgRaff1ES8Evol668bySR+Ru9AdeljArvMUyUFb/uQVRcoeiO2525kGlMDbTDYJbUMy4DH431bAfx46URTgaC3AiYrQHohDFQLk6N9EivAMyVbeTjYE2Cp/sTSDTRCaDZO0+slDyfX3eICIY8I7x1aFENPHkcqrgjdX1dsVPkTMhqIXu0/f3K1+v5ShlEbkRrIZM7yxv71VdE6yHfH0Bog2wqu/i4m7p31Dq10xwixjQfx7D+ECgr/k3vb3iEI79jWncnwOYCjeSlUQcwuaQ8zCYjPBP/HpXnGL12vEe/KSpZsosMG9brmDa+9uWBdFNLEVfhaFpB3QkIteYfw+4cNlZ71tKSES8yAIQg96pR3RYilAFi7OJ1N6i7D6JE6+C4nH93AKihmSspTuUPFEAcjVEmZQYpQLEWco0X8/QTrK+ZjmJKR0BC7hjstwkQlIX2LNT9BdWjnsbEEPXwfoiJ2ocZuXpkrswB8AtsoToONAo469l92bq/oR/3AQf2R4qEnCqj3eMndfZ/e3/T/c+DYPXzufGsqMf3zJLzgmsy8Smd/76pBFipzvtpNQCw2536BUWq6BwJ0BG+fdHqFluUw0BCY8TlbKvA6eYFZlHE2tboz5lEprpWnMQyYUsiFlvZggkesXQiiPN2sieOyAkdAxTAM2oPccwUjZZgXlWds6HVXKR9l+A6HxqKr3uRG6nJ8VkdxiENCyRV4Ynt5TIbTbCN9NP4wQk0X5mgLB7tEFCwxCrPBPxxmnLeAs7vOyXe5dk96s/nGVKOsYrmSIh0ogO6x/SoA6u5iCxd2LBaPx4iYVLxatvAt9wbGr6gJh4o9JukJERF+zX9YVMkeB7YHpJDiCBoGQeu/5IWVqVWjMfNpcuquG5RZZJi5wvxHJ1lNDJoTiCuegcjSHzb9oZ6gQ+6aoSb9DWFDsU+6Xi47Eu5/fvDwhzj7mzaAhsiwJ9aGoBmBkQNuJ7Dka/nbT/yuJkR5VjrudfhExZimFnPlnddQ55iHdAlB3OdlZyjrsp1QcppRLc24/rLRanWVaP5z8nn1nCskptcEcbyeH1qFvY3nCjnXiBFt4ei8p1o1lKMzdMjxJmbh8erAZaNgEZiL7k9Awia2EgdMMVzaeMn4vMBqim4xV4u977Eg8o9cSuT4uBdmyQgrFVoGPPytzXiQjCdHzWrCwl4+cPL4KNNL2+66KSHwviaL5ELrt9wsaTFuFQu3wiWp72tnZcu7LGBGOe+8SbmzJBKw/ysRQmWl4ci2r6Ff9+lbyHBU+aK52qMcsCJiVy/BN/QnolYEPRXX5/H1FPUFgfqMcGTgnRNWiIUVnEjqpddZCZPqjMiaOT67DpzIhfFd215gSLlXJMmeaBYX/R37TvXdsycPKch9L3aF0zpUYPrboMLqCoF3rUJqRI0wLxH+ZoIub0It3UK4yaVGl03FBE0rpNehiezT2SofnJmXDm/IDKhmqJeZoAOcBeGgGXGUiGjntudkOmUrJIm4z7+f2r0n74DzNebq4MZhwEz+NyMe+1Du+SpaQYJzWRHBygxguBQkIzSbtM5cHY7IH2mdEVadLdqMu6pHeWOROP4P2pd9CSUZHmFWp5zBClXvHPP+ph2pk6I/LJ27BJuSi4QTJoe252NUrC7XhnA/sDZB2OkMKVaaxBmGnAQHlWTQsqk95GSy3/kbeDDXUAoHf2oU+1x2oRKWYuWxQDC9pduAIeQoRrpisVix+BC6FDSC0mkuIFbTTAmCz9A2ubwnE2lehnf9ezHG0+C+EUKysePVSdVAPCWfHRUEz/IN7UxR80CyqWmL8xOqFl5whpZQIDL597nfStialDwmGj0Z1oMtFW5zet0EX8CIKdmOGMq5SLYUnzVlfg2VlpRZTRnVhh3viTLaUIthFP4B9nH3wwhP43YZMI5qlzBzbMHKyTOnlfw5c1NWqS853BVdjnxWFUBPObqpV1aHvaH9DrOSd3JBK+Vjz+TRQqiPPmQuqhouy+ycEbYayJDz1GXQ2yn5IoO4oK6dgbxR7kUtBa4Xc57la6gxk9VW+/AvztBkYmOSJVilz9dKwJNBH9ny84JqxOMLpj5MaR9qdDn/YnE9231O1CzKBcbFVtnTQp/RcMTXPlLPy/mVOdEvInD1PqISfxwnL1qdWbgvs+YBEbuBOJTt1SCdKkoUg8EuOAQOs+/v/6AcyPs3OmnNlK/UIA1EnYVULR1XxcFHPQKwZhPz75WPISoSIudAsYI+rVKQrLYLNcVwYcWcf4dKL5MAVxPFS+wjtl0Z/ZLp1ZUvq4HecycZxB+oOyQftgeM08navTAMDs5eKj70Do/qLckeu4vbwLxdPChC9IbY5COE2MTn7MagIdMKLiK9xPE3PpR37
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b269-c43c-4673-8a29-4aa5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:57.000Z",
"modified": "2016-04-27T12:36:57.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'n8wisd' AND file:hashes.SHA1 = 'e8ae1014f15991113c41f318dabdc21743a3865c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b269-e578-4b3a-87d2-4e05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:57.000Z",
"modified": "2016-04-27T12:36:57.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'n8wisd' AND file:hashes.SHA256 = '3e7fd6d13f29a515db24afcda381b0cc940253669141bb06892d4a38948891b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b26a-5414-4478-895e-4fac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:58.000Z",
"modified": "2016-04-27T12:36:58.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJ1km0iMm+JKZ9EBAAC+AgAgABwANTdhNzI0YjgzNTY5OGM5NGY0YzJmNGViOTI0ZDNlMjNVVAkAA2qyIFdqsiBXdXgLAAEEIQAAAAQhAAAAb0de1IXE3zfdI5Faqk6Fb9zkBMnyAdQX38MIzggY1jPRfmLEWLnRtcj01yUFER9qRWc3SCKyzwwvUl3jliAMa3VWQ3SUHj4rMQ94zgwok2ymQPkEc8xDVZpemV5rtV0fg8oFHGDPqO2BYwiAdfYRjw9kOPzVtRKpLXw+EUCVFKdbnEXGyEKj9XKRsI/JHX06MgY9Y2hVJ685C+fgdv4PC86CROlrCZsLAkwM7UMoFRVKUdQaPCNk5UGnXeq0cjXBdWwEFEJoY/lRvU/Sv8sF3Byryl3RgMfM5JlgQCG6dSFEltGPxTMzf8qA4dBsW6YmhujujiZce4MIJpxuTZEDsaciy+I+2pkH4JVgerOgZCokbwpQHqj0jNqRRi2ar1E4KhTYrx1CpWK1/A3fueapJNJCVd3EZHwINUsJdgLWTjQJkXXdYIIOV+kSjEIAjmykDzDaNoR0xBHv1wg04i+0pyhmkg2Z8bOn5zHiEJrWiuiWdmH0SD8ESG5+9LMx5r9qEoz39gATGH74IL9ehvw1WTSqTo4hO/CmjiF+dFte8ytz/sGoIpKVtaranBeNnXVJZoQeuSxas9J3pKHw05D7GbWGsxyL0ZZ15apVDN8Y46xZWVZ3Cs3PvFEBuLJo21PqKl2X1nqL+Ef9+mM2rDstM/IeUp61yQduWzE/fm8WU71fSGwaHWoDcqyW47AGsDdnkblgUKxW2gk1hUcXCN9lgBsFxjE+WHeRWcQo/AQIPorwn7Q2PcE7LgS6Ooh7E7UwbNUlaKSTcvxTO/rNSJSEjvM1OjKnOEUEb2pCXM5gaaMxusgaioHIAXiljUzuJtsYpXJjR4BVVLXFB5nC6Q1Hfbw+fIRBLUJnMZrwzy1fqFvyC2/Y9bCWVWMout1PSWX9tVgTcStDj+Yg9YnZHjiVjgoCgZ6cjBODqZy3HlPNb5ZBHq3WqTJsGQFhy7lnZfY0cK+BrmrXMgo17piZHbxYnhN+CxumP1THJiC7P3Jw/VNCHP+VQCGYMNE1xvBFSUe9/Qdl1NtfvL3j4jqvGN5g1R7+ZER9pQnFN8rv1/vfxrCSUPC4QFp9VCQFL0NznoUmRw8NJQ++acvKkLVnBkzvCk/MTZY55mOXtqvRKW/RWzSns2AaepjSCCPDXb1nR+tYeHDMzaZldK6WAgzRaYQFntnxwGitPaMR4bnu4A1jA/0URqF/UiCX9Rr5ZP1+GiEAlGUafeRwVDZyflme4KoM33y1Jw8BB5pzDwEWd/UdDpK2hemsBMoh384Bzb6EbAQN4ZCnjAA8MYO/elDFc+j1iBsfchZhn2zFX2WiYFGM78Y/iBEDcK35WlriBqiOyUxR5aPnAeipdz1SsreIXi+WdwFSuKYKolUPjf1U6pRNGZdFmVmj1PkL9oQ8yYsmifTee53M3Qq+0sp4nil+M98AyaMT/ygirnL3vVq66HJnApILN3YNMkQD3V7P6H7ql9dfslSw6uBoYC4ughE8M9qKrqLnpwLwI/UKqHYPgDSqI5EMWUTcQl5dHDhkQogV1t06uE94ELQHi7puiMOpL6bySRWDN/fIQYOzzA6eu6IVTeoWn+7J8csxWK/f1h0BlWvPo843Sn2fJkdVrmRe4zOk7DULn31OgJMgeLeLpAgezFZgTY82nlypQ1ZBl/XrrbK7LWz1aGbZhCuuC2M0PXQOLTGLtAngUvUnpEKmah9nBcwRTfPB+EeHITFkwEqUaYhf9BfN/IfRy99PW+XK+zV/Gz6XpC8hPM+5TMtbpFdov2LHy25mEiwaAb45CEYumUAY1do3GIVTMCotW/8lKzpDjTVeR4+h+1I1YL3nZ6pAWexpvo/DnnXJ9kzPXRuZTKZ5SZw5I6O0ceuOSLmdmAGEr+FdbbwbEKfTtv26rIbNl7EIT5pbo4zSn6hEL6DdwtnBdi4XVHI74uVUPir88nItUdYgAkev/faHf3xd1BSnSFo/6qn3m/fpyqbsGESy9sOwjmYItk25XtMRcpwU7r+Br1H4EITjY+jDqMkju5ijGnJtJkg3858z198IJiBlzdm7q2U8fiZ91KwB0KW+hCty2lvlpiLDydB70ak3bXwKXomxfLVVr4wCBo6nYUZkDI4PVzssBs322AxZD1mz41ZuIvGZ0fZALDbo3l50OsrrMwow1p75oImZaPiGQJLbOLMtBGurmON9VpUSVrggpXD71o7PTs0/j1Mp/c0a0vewu2rUPWpU4sef2i6aorY4wWfc62dN4Lm/871eyyThMwLCGQ0Nc4tapi374+PAvypJmYhLIeUl0REcXBKpGd8PLVU7HeFwv5K4JVJqAfkfYu0nNgSMyJ7kcN6wv1wku934O+E6hQ+dfnZvI4jeT6FDD+tc7vMuZIrHOrwnejecg7Ev9VN82jQIxOz+H7dHdOFHTLRqnHC4lG16QNY8Is133lcI25rL0iLgQwYBNt+4JqSDNecyaDTCqwjnKAk/aYTxMEH2GyXwd41GdXE+tFFUsBWl8unTs5QaeL3ceqmoty8EXM2LwOanBnxrthU5q7DJSLxr0mm8SvhtEHrRsqp+M/b9lyOq1BGhkE1yWq2+ubuOBjtqrJ6LfOmXUsWATeETXVitucrAijwEFXLr+MZi+DHtd6Dol6g30YsIPo6he1Y/hnBrTcCUnJuniz2F2XhG6+OXpe+dOuA2EsMn1G/8wHiefnI7orTwgN1+dsUeHo3d0gF7rNjndD3J4xuqeAZxZlxOzwTLYlRFlTMvYDwFllbFCKTYlVx4lXx4fGuIlRbmFq4MaRCaspuE43Rqwv/YVFUPLIcrnV2dMTeQMXcyn+jez/m19of/9J37CWuFcdhzC2lTyx5EE6mAo+ndlj+HSdwtYlSlFIkrbZPUUwbuHyyob94uC2rVrrVrXZAEq921ADJ03NotGYTCRQ5ZrQASWbTUStJAKAp62IkuIC9Eke2sodTZFiPy7YU4V9kxq8l+LpYCuViJQ3lvZR0i954+vAdf3syY0qbXmHCaGgq9hpXzU25gQBeHAfuqLrJL9MXlPFJicIAkMcmz1VTl5S7jmlHTmZR98/CZkF3oVUrRrvYFYU9dezE1yP2F0qN154td3fWGTHKT+mgkKZALHeFJl6YM5MPnj1nPBrPtpT3vhG0vDB+3Gm4xKm4QfYVt+DG6i5TVr1YaLKo/n77p1ioq2WNddCO0pG4XHrS08DnBfBmhYEsMX1wFkyUzf1/zRngx5E+6RNIJMx/gRMakAh1Xbv2x3a3M+ubvQ9vz0zPxX5QR9TmiUbotDchUyY0Ehlt/ceRGNH+7bn8FvmI9jTJBAcybJ3SqZkt8LaV8ocbHsd5ZUiHnzqvTBERWdICTyt3sTXdNRXZWNldnoNyOTQ3XcO8GfxVHIZxzOJyHAawf5SFP4zsZ2TTEDbppnSfrvcs5gRNw36Vo3WHmfzSWdOZsmD5/VDjNLkMUTVaUwYuMGbS5Bbnxf4AIVos08sRBrEUeA0F3BktE+R1xESa4g9oHJEKhtHN1vYL0a7/4RPoFMpH6wFYxEGFG6ZhXenV3F91lsisD3eFQd29jHovIfOImmuFQxjuFPU+xnjiyx+H3ezJmRq+NwpkdwF597Hko7wsBBKmHEDya0lUU9A+Zlgv2sL3aFEF9mrhCVKkIWU3PdrC7gyjJGIVQf5OmLj1JmdNcm+OY+WddsXcJv5utSHBISkMYW1bKtmK/k5fD8icUNz0PCbp4SZlGEpQs1/yo4J6Awp4AAOUenzxhT5GJ938Kt25ZSXTtqv6vA3MhMl0QXyJkmV5cK/ioCrxcqi1tT1xf5m016wF5YdN/z1fVvwy9WUHNBF2e2Tu7HupcaiWnpsK7DYBmZ3q3uZPA+nhT+IANONjnlIOjlUsMBv4UGN+DhnMBQ8jpauhLYWSHo0eEBTrNKrHgyef4y5WZhB
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b26b-aeb8-4dd8-968e-46bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:36:59.000Z",
"modified": "2016-04-27T12:36:59.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'q0wps' AND file:hashes.SHA1 = '7cbc20253d0d590d7e378f75e7926fa6fc8b3145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:36:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b26c-4844-4291-b809-47c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:37:00.000Z",
"modified": "2016-04-27T12:37:00.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'q0wps' AND file:hashes.SHA256 = 'ab38124e5d7f442f463beb3aef19d24c82f2507a87f8fa04261af2ae564343f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:37:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b26d-6430-4d00-abd5-499a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:37:01.000Z",
"modified": "2016-04-27T12:37:01.000Z",
"description": "downloaded malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAKFkm0hOOzkd/dABAAC8AgAgABwAZTNlMzBjYWMwMjU5NDcyMjRiMzAyYTQxZTljYThhNDBVVAkAA22yIFdtsiBXdXgLAAEEIQAAAAQhAAAAbKbnVrx4KvrlNAw39kPUUF2oB02gSKBNoMrU3jXFZAdDRMTTHHytGLGFf6kw8IBwdz1MV3+75ruVhSne0g6UpTBoUEYBf3RzP+JGDs63evhZqOt9XWtFgRMoa1JZC0OXmmUJWECkeejtCrJy4LBmL7X9qy8cFa94pvAi1vQ8E2HmEs3j8X8QMo/5cThFRAuCk70lWSQxp6JIZFXhE4e2PUVZtvpmOnRz1sMAUDynJNR07zmXPbXr2F4HDoiWHYnnO0kWGU4lyrfr8+3qf2YSQWGIvBJyhx3GpbkcHx8OK50aBHNEb1TQvE7iMz48BgH/XRYrUj5Gcuh8XUYFKhvKKPpuGxlnGGmcEdgI2pTjfzs1yqLyR/CoKydaviNauzSWvlD/Ci1vMwkAL2BFPW5nZsWrxkv8SAwCALmddPEXxSFn6+zcjVsEQINYPKKO7l9Mmk5Af7WqfYBalUQ5ZYBH2/3LRuWmEOXfEK3V2U5aoqdMgrBTpJZTiQ7lchI4jmNZz0BtwgMFE/IR3ohG/ZyxY50/IhExjZTu/R50wwF992AgU/hp3DH48JxxrhDPR/vTtn1wOp99xc+7RlwVtPh2AIrH1gi9twXjffJ0wolur2HN8sgCMaw8iVxC91OaUX8UbFyjRkHpnWqb2do/x2mktvGt22NAzgsgfiQTm9pFjplZ4qAOnj6HTHDZ9jV8PEv+5MC9PBCJXrnKjFfuyC1JM5folQXgeZkG1B9u5PhEipdmVonl4J/N+L98A9iXPvLT182yAGbHLOBfNgA/W2MH4MTEruFMgHD6Z3IpEXuY2RreWSPA8AN2HfTGeBkIemCwWv77VXx3qAHv2/exNGX82B4LVg0u3155TZSv4Ljf6wrjInUXBdQPugPFg2akyXUz45f3uIzPSG0XYKV1+UcAf0QFl9bRA1jQ1j7lr8DYKMKqZiTafJgAI0zejc+93dpJGy0sK3pLuMJPseoynd91B0hWFLtxv587pRxR/dv5WB07tIFvvKrVycMbrloBOXygNRW8CacowKmTaecfOP5gYyahv4iXwSwDE80GuhckgZCEuhc9bIjQgNEttE9d+dU12kRN1vRG9nKMI4oEMYTfd/WwRqMBO/dz/rVs9aWDnVuGbFNW4BdPR4lD//O7K8aW/nEIvNAsD32hF8VJ55EoTFgcHg4S8oeJuSZFTxDWSevlKLc6VLoE02pCpulzbRXwNTuRpj/wuZHJ54wgMtQwI3RSSYnxRQhbwY6tFAZWJ0E7nha+4GvV97o4V/6kTyc8Uju6+zl8NHkoIG4UZ6fiObmTmq+ol8D37CW8UC8mKwqLOYdyFNydlC3O2v4VHIpsatqIL8rKgvIyYA3MhK0323sVHnifK2D0owJoT4HQm4/2xtiYyzXYemuZ6E5d/5moTJ84b3OaURExqK5nf6haVmRdKJYvQP7pjd8/xQOlzfk+ZxPmdDRJeLtMivec09yHoFacrLEmDLLr+ngpgMMeAr+zavKnKeBCbqWc2VopFqjApafKzw1D9TzuRIKmo/MPLcEjxKwBwW6ShZbm1FQiGUkNhRNhoj0mNRyIkGovs6WWJ24uybrde898Ca6sFDcR3x+U0+SVhuWxlyVcPiVwqFfuJusVjZv0ivMeN/GtDNrXixocwfeErLg9ZZWCGrWk3UmL4WNDlRVb8asdVaGFQ1S7fzr+ln9ZfLgx4OUVAo1CrMUo2FIHoSAq6gVaFw61D8J0bc7qaVYVT1eh0R2tHcxz2k3lGhDzmerN2VNsr56PU2ODFo/RFJyc3p3qm0Yfq2WY1CYOYdISOY6pFih7iq1kSLCJIohJZ/ABSo5cwBhoNz0+HQGf5EeXSjRG1K5EKq0hjEljFvQQeSnP08ch3LwV6VpCLT55H8HYz1LIfVqdbB0HinJh8rTZ5JArDF6IojifUqXlfTHAkjUUBGGIHFWu/Utzo7o4qkNjg6gA6g2vBNk/T+ShiDGqpGB0nw0k5YoA0A/0aoM8o1ZBQm/jvniIWnDiWZeHvLFCVXwUuw4HDir3q/LhaxQFZDg8VcKuy3BNw05AohUswEOnrKamZEWt0ApWX1jhRmPgvu5Xn3vHt6YPzxQEpxRg08B+weZ0CJT6Cs5Tek9WQHaWD7Cv53hZ12VGn3zYhGTLb9Qk/UTphwKkoiarl+ba9wIff5F9EzuJKcCdzHv0WY49SJxCTzvcSwoprKrYX/2mw5KnIPpaQdtEICD8Nx9PMa8isJEhsZXrElpcaoJLKYKD1GV983alexYaPRodlVhUgoUmYndd4WP20qfbfF/j1S4tTITluaoDfML4zN0TGRK7vMr6lS1xAuT7gPEdcKct6XMVggPnrHj74KGL11RcKWJn1MeBSBWvuhdMLZRSh1ME5sPmqz27NRdiyIiD+iSTFnKwnqgcFcwKq9JRw01UcJ07JBuY5Cgbxza7t6gQ5Ezp1vqz01bIphWfrtlXvw0l0PXs5zfWrAvKFgwiYyTkkllmeVHT+kGbLJcXKZ3UEQzavaXT2x7jpt/CH6QeP/7XItdkijxlX42W0Z49iWhf6n61NNjLuHKGXjrQs5u/JObLmA9tgZasMedW8UceVn0KCRNN8rEiADQcNwJTXFujzd3IJiWjvk1CEWYCPnEIbVPO4LlTKJgQW57k/l5OA6HM52wNYejPXhs7891PiVxVkzvieG+BUCmWwbcQ9nNCizmUg16NSc3xdsJT54HshjEz2Pm6gPts/jN4q+xvCH90E5b0GxYA0z6/MabI7S7dqmg5pRWExCikeXktU4Tv31HVLa382pv06Z+CQeKUzdy7v8mVE8enWuRRHiItoxcIZpu9wmge/PYClqj9RqcXfIJA4ubx62/Bek7ALNwrI7mC2I4u/4Ky06UNRYjaIHJPySzawyZ6wa93FnRNetto9sye3U3V0YOCf9c59gDazoGhzw03MXDooMyb8cG48DhAooQnKNDQyAuvdIMhDx+WndrtVPFltwlY+6W6z7lKzVfJgMpc3ENqrAG93eof4GetinudaKw4BC3xTnA7nQWzg05vRqIQElCPIK8MWnc0mH59cf4eVqdx2nM2Nj7U9y6tD90X22svb0/8DAShyOhNHUShh7LmeoCA0qhGXKZedsDP0pegDOg/A444jFh5kgbuQQu6AXsj1FeE2MQUrEK35ebXvtFY9WgzeZYw7KCeZOJXHK2bTOijCq+O4QtjifH/EcfymEaUU5O9nlWMa9qpLLq2Fa/vLOsibF+cTrNj2rYbp7mwgsENolY6dygYalZyga3FbgpZAjuWF3rUEqUw2FWBIgx/TWU5qMAG/6nUEUWnd3KgET+V/aFl8aQdisQfm528gT99AQYPmSwNlpxSQKBd7251hfu4hxEGbfuFweMqPEoXSNim/3ktLKHB+BRS3vigkx8H9SlCW3Fdh6yTRtOZfPjXEleZ33VtDGtGylUHcJphvjmZAb9oGh41LnqztO+SslgdW+CmhA4WDB4Jt2K2fJD4U94CRxsS5bKZznCXm9bPBT4V6CMbTTF3lIMYaLXt8cj9VtrG4uGeszABbQeJwV3LZo8xV3dJNeQlxrRw/wfeM1EKX3d20gz1QTdPHXcHvum1NhzjJAAnCGcYOto20bs9DKc/OfgbOmakN1AU6v5avPEdWOEUKzKwY3tc4FGpJN2fR4B36fpQWfkWMBogNjg9ovYAWG0I9iqFSdFPtENA0ayexb5YrV6ujLAiQKCeVVsMBha0gZt7RZHxNQnBrFIceTB1to4oxkDrJn6snlrwvEojKlOQ2LG54QzPGDlbDqMrLwPS45wCzmVPftM3uXeH50HhWDT0MZntnqxFb8RY4Aulc8yX/7SKCt02RY160KYWyPiO6jH956QcUexmEKkRyLtqo9Q6eyJqAYkSt0D4jk2tB4htWL23VcDir2
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b26d-dd18-4a6a-ad4c-493f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:37:01.000Z",
"modified": "2016-04-27T12:37:01.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'ur8fgs' AND file:hashes.SHA1 = '55390d1ef435e0f5978e90c504b3fa751390d8fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b26e-e138-4a86-96e9-45f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:37:02.000Z",
"modified": "2016-04-27T12:37:02.000Z",
"description": "downloaded malware sample",
"pattern": "[file:name = 'ur8fgs' AND file:hashes.SHA256 = '978da35ec4a77b1f07ac82196976c35312576aeb97f65f607db7121e2518020e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b303-9c8c-430d-97a9-438902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:31.000Z",
"modified": "2016-04-27T12:39:31.000Z",
"first_observed": "2016-04-27T12:39:31Z",
"last_observed": "2016-04-27T12:39:31Z",
"number_observed": 1,
"object_refs": [
"url--5720b303-9c8c-430d-97a9-438902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b303-9c8c-430d-97a9-438902de0b81",
"value": "https://www.virustotal.com/file/978da35ec4a77b1f07ac82196976c35312576aeb97f65f607db7121e2518020e/analysis/1461758558/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b304-c170-4d2a-b49a-40c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:32.000Z",
"modified": "2016-04-27T12:39:32.000Z",
"first_observed": "2016-04-27T12:39:32Z",
"last_observed": "2016-04-27T12:39:32Z",
"number_observed": 1,
"object_refs": [
"url--5720b304-c170-4d2a-b49a-40c102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b304-c170-4d2a-b49a-40c102de0b81",
"value": "https://www.virustotal.com/file/ab38124e5d7f442f463beb3aef19d24c82f2507a87f8fa04261af2ae564343f8/analysis/1461755798/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b304-04bc-4fa1-a47c-458702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:32.000Z",
"modified": "2016-04-27T12:39:32.000Z",
"first_observed": "2016-04-27T12:39:32Z",
"last_observed": "2016-04-27T12:39:32Z",
"number_observed": 1,
"object_refs": [
"url--5720b304-04bc-4fa1-a47c-458702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b304-04bc-4fa1-a47c-458702de0b81",
"value": "https://www.virustotal.com/file/3e7fd6d13f29a515db24afcda381b0cc940253669141bb06892d4a38948891b2/analysis/1461756041/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b304-1b50-498a-b220-433f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:32.000Z",
"modified": "2016-04-27T12:39:32.000Z",
"first_observed": "2016-04-27T12:39:32Z",
"last_observed": "2016-04-27T12:39:32Z",
"number_observed": 1,
"object_refs": [
"url--5720b304-1b50-498a-b220-433f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b304-1b50-498a-b220-433f02de0b81",
"value": "https://www.virustotal.com/file/8ae0067a6349c05c261217f201565c1b05120d6fd14003a7118a95c1e9cd89de/analysis/1461756506/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b305-f2b8-4381-a643-40fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:33.000Z",
"modified": "2016-04-27T12:39:33.000Z",
"first_observed": "2016-04-27T12:39:33Z",
"last_observed": "2016-04-27T12:39:33Z",
"number_observed": 1,
"object_refs": [
"url--5720b305-f2b8-4381-a643-40fa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b305-f2b8-4381-a643-40fa02de0b81",
"value": "https://www.virustotal.com/file/09c2455478bd7c1be67719e204345d547db949e8a3d9740f48af58c3d73c4f28/analysis/1461759824/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b305-7818-4b52-a8d7-47c002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:33.000Z",
"modified": "2016-04-27T12:39:33.000Z",
"first_observed": "2016-04-27T12:39:33Z",
"last_observed": "2016-04-27T12:39:33Z",
"number_observed": 1,
"object_refs": [
"url--5720b305-7818-4b52-a8d7-47c002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b305-7818-4b52-a8d7-47c002de0b81",
"value": "https://www.virustotal.com/file/caa6e59e98c22a3f9159412a612ad170d2683640e1845afb6f533f279f5e6577/analysis/1461752198/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b306-0cd8-45b5-a9e8-42ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:34.000Z",
"modified": "2016-04-27T12:39:34.000Z",
"first_observed": "2016-04-27T12:39:34Z",
"last_observed": "2016-04-27T12:39:34Z",
"number_observed": 1,
"object_refs": [
"url--5720b306-0cd8-45b5-a9e8-42ea02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b306-0cd8-45b5-a9e8-42ea02de0b81",
"value": "https://www.virustotal.com/file/39769147a6b85004cfe5a9060fc8e7ceade04b15d611932ad6aceab3641999cb/analysis/1461756145/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b306-7fc0-4bb8-b6fa-4e6302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:34.000Z",
"modified": "2016-04-27T12:39:34.000Z",
"first_observed": "2016-04-27T12:39:34Z",
"last_observed": "2016-04-27T12:39:34Z",
"number_observed": 1,
"object_refs": [
"url--5720b306-7fc0-4bb8-b6fa-4e6302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b306-7fc0-4bb8-b6fa-4e6302de0b81",
"value": "https://www.virustotal.com/file/a81a7bc437b89e0b8d777ad6c86b108c02eef7509ff7b53152c134ed1a3ee883/analysis/1461758671/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b307-8d68-443c-8ca9-46f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:35.000Z",
"modified": "2016-04-27T12:39:35.000Z",
"first_observed": "2016-04-27T12:39:35Z",
"last_observed": "2016-04-27T12:39:35Z",
"number_observed": 1,
"object_refs": [
"url--5720b307-8d68-443c-8ca9-46f102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b307-8d68-443c-8ca9-46f102de0b81",
"value": "https://www.virustotal.com/file/cc0a060830e130e7f4d077df78cb44508f58bbf09d1c0a0ee863f3a7aef433b1/analysis/1461759223/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b307-b0a0-4c22-b2bb-408102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:35.000Z",
"modified": "2016-04-27T12:39:35.000Z",
"first_observed": "2016-04-27T12:39:35Z",
"last_observed": "2016-04-27T12:39:35Z",
"number_observed": 1,
"object_refs": [
"url--5720b307-b0a0-4c22-b2bb-408102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b307-b0a0-4c22-b2bb-408102de0b81",
"value": "https://www.virustotal.com/file/bb1ef9a7097de9c8b3a68e17a7ab6739315da684b9696d307c39c847f6605aa7/analysis/1461758012/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b307-964c-4956-8000-4b1902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:35.000Z",
"modified": "2016-04-27T12:39:35.000Z",
"first_observed": "2016-04-27T12:39:35Z",
"last_observed": "2016-04-27T12:39:35Z",
"number_observed": 1,
"object_refs": [
"url--5720b307-964c-4956-8000-4b1902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b307-964c-4956-8000-4b1902de0b81",
"value": "https://www.virustotal.com/file/a8aa94ecb6a6d8d06acbf7b41e269cd98c2c3fa096c26ed83d606b1ded3e679a/analysis/1461759989/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b308-96c0-4e3e-8ab7-431002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:36.000Z",
"modified": "2016-04-27T12:39:36.000Z",
"first_observed": "2016-04-27T12:39:36Z",
"last_observed": "2016-04-27T12:39:36Z",
"number_observed": 1,
"object_refs": [
"url--5720b308-96c0-4e3e-8ab7-431002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b308-96c0-4e3e-8ab7-431002de0b81",
"value": "https://www.virustotal.com/file/4ec296488e0ab7a537898025d322252024ac8954e833eb3cec3a3e1308a782c9/analysis/1461759991/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5720b308-77f8-4ab5-a33c-4c7d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:39:36.000Z",
"modified": "2016-04-27T12:39:36.000Z",
"first_observed": "2016-04-27T12:39:36Z",
"last_observed": "2016-04-27T12:39:36Z",
"number_observed": 1,
"object_refs": [
"url--5720b308-77f8-4ab5-a33c-4c7d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5720b308-77f8-4ab5-a33c-4c7d02de0b81",
"value": "https://www.virustotal.com/file/d34d1537212a49c9622efa3db46c13801065c478c2f7a4c954965e36223c3ca2/analysis/1461759992/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b3-4278-44c7-a16c-49e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:50:59.000Z",
"modified": "2016-04-27T12:50:59.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://107.170.20.33/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b4-2c14-490e-afc9-4101950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:00.000Z",
"modified": "2016-04-27T12:51:00.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.170.20.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b5-05d4-435c-bd8e-4177950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:01.000Z",
"modified": "2016-04-27T12:51:01.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://139.59.166.196/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b5-5cb8-4a98-8ce4-4b88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:01.000Z",
"modified": "2016-04-27T12:51:01.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.59.166.196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b6-0a6c-4da2-8921-43ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:02.000Z",
"modified": "2016-04-27T12:51:02.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://146.185.155.126/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b7-8544-43b0-8034-4223950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:03.000Z",
"modified": "2016-04-27T12:51:03.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.185.155.126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b8-c268-49bc-a6d4-4e40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:04.000Z",
"modified": "2016-04-27T12:51:04.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://176.114.3.173/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720b5b9-28fc-4482-9cd5-43e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T12:51:05.000Z",
"modified": "2016-04-27T12:51:05.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.114.3.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T12:51:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdbf-63c0-4f15-91a2-4021950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:19.000Z",
"modified": "2016-04-27T13:25:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.46.75.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc0-5b2c-4bd8-bbaf-43b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:20.000Z",
"modified": "2016-04-27T13:25:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.52.5.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc0-674c-4642-84a2-4251950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:20.000Z",
"modified": "2016-04-27T13:25:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.54.19.73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc1-a980-44f6-a712-4566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:21.000Z",
"modified": "2016-04-27T13:25:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.194.233.243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc1-eaac-45cb-b4b7-49ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:21.000Z",
"modified": "2016-04-27T13:25:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.196.139.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc1-ada4-434b-a603-417c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:21.000Z",
"modified": "2016-04-27T13:25:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.197.33.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc2-8dcc-4ca8-ab03-4033950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:22.000Z",
"modified": "2016-04-27T13:25:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.203.37.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc2-9db4-4ac7-97a2-4336950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:22.000Z",
"modified": "2016-04-27T13:25:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.207.138.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc3-6f04-4f37-9eb4-4b21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:23.000Z",
"modified": "2016-04-27T13:25:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.21.121.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc3-c944-49cf-8c99-4323950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:23.000Z",
"modified": "2016-04-27T13:25:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.225.29.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc4-d784-4c6f-82c8-45ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:24.000Z",
"modified": "2016-04-27T13:25:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.230.132.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc4-5964-4e7b-aae8-4688950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:24.000Z",
"modified": "2016-04-27T13:25:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.233.122.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc4-b4d8-4ab2-88e1-4acc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:24.000Z",
"modified": "2016-04-27T13:25:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.237.37.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc5-57b4-4652-bc99-45fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:25.000Z",
"modified": "2016-04-27T13:25:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.237.58.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc5-27c4-4bee-8ca9-4135950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:25.000Z",
"modified": "2016-04-27T13:25:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.237.66.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc6-d49c-492f-8677-4189950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:26.000Z",
"modified": "2016-04-27T13:25:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.247.218.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc6-1904-457d-b051-4848950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:26.000Z",
"modified": "2016-04-27T13:25:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.248.122.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc7-d8b4-4bdc-935a-4798950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:27.000Z",
"modified": "2016-04-27T13:25:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.249.4.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc7-c088-4297-897e-4080950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:27.000Z",
"modified": "2016-04-27T13:25:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.35.241.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc7-6a80-49a6-81c5-4bf0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:27.000Z",
"modified": "2016-04-27T13:25:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.36.123.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc8-8cec-46f6-869e-4693950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:28.000Z",
"modified": "2016-04-27T13:25:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.41.196.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc8-2574-4318-904e-4afa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:28.000Z",
"modified": "2016-04-27T13:25:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.47.168.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc9-decc-4451-8838-4e2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:29.000Z",
"modified": "2016-04-27T13:25:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.5.127.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdc9-3390-4a39-8530-4c7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:29.000Z",
"modified": "2016-04-27T13:25:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.52.126.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdca-e6b8-42fb-9933-4689950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:30.000Z",
"modified": "2016-04-27T13:25:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.52.136.9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdca-e3f4-4264-a6b2-4dbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:30.000Z",
"modified": "2016-04-27T13:25:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.55.105.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdca-9824-410f-b184-42dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:30.000Z",
"modified": "2016-04-27T13:25:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.55.91.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcb-bff0-4d41-b423-4d80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:31.000Z",
"modified": "2016-04-27T13:25:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.61.88.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcb-9738-42a9-a55a-4c37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:31.000Z",
"modified": "2016-04-27T13:25:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '105.228.154.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcc-9ac8-4f1f-b8b2-459d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:32.000Z",
"modified": "2016-04-27T13:25:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.194.89.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcc-d3dc-44d0-83ee-45ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:32.000Z",
"modified": "2016-04-27T13:25:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.206.157.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcd-8f30-45da-9683-49fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:33.000Z",
"modified": "2016-04-27T13:25:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.220.106.221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcd-e644-419d-95f3-4e0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:33.000Z",
"modified": "2016-04-27T13:25:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.220.32.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcd-04b4-417c-b4a9-45e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:33.000Z",
"modified": "2016-04-27T13:25:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.51.171.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdce-9ba0-4b9b-b8e8-4f5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:34.000Z",
"modified": "2016-04-27T13:25:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.153.127.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdce-a6ec-4569-91eb-46ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:34.000Z",
"modified": "2016-04-27T13:25:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.175.111.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcf-f7f8-4ab3-aec2-46c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:35.000Z",
"modified": "2016-04-27T13:25:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.228.119.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdcf-3940-42e8-a44e-4f75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:35.000Z",
"modified": "2016-04-27T13:25:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.245.173.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd0-ce44-4b6d-8005-4134950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:36.000Z",
"modified": "2016-04-27T13:25:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.64.6.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd0-cd00-44d9-b8af-4720950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:36.000Z",
"modified": "2016-04-27T13:25:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.66.0.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd0-bd08-440c-9c97-4646950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:36.000Z",
"modified": "2016-04-27T13:25:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.67.172.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd1-264c-4656-ac27-4fab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:37.000Z",
"modified": "2016-04-27T13:25:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.98.160.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd1-1b90-4fab-b9e8-42e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:37.000Z",
"modified": "2016-04-27T13:25:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.98.165.191']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd2-e71c-4b3c-a0a8-4ddd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:38.000Z",
"modified": "2016-04-27T13:25:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '110.227.200.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd2-0eec-4d42-83c5-41ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:38.000Z",
"modified": "2016-04-27T13:25:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '110.227.71.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd2-7e28-46ac-a040-4172950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:38.000Z",
"modified": "2016-04-27T13:25:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '110.227.93.247']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd3-a0f8-4b69-8b36-4ab3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:39.000Z",
"modified": "2016-04-27T13:25:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.118.243.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd3-1d18-4806-9d24-4fd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:39.000Z",
"modified": "2016-04-27T13:25:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.91.51.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd4-b3a0-4e7f-b629-4e87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:40.000Z",
"modified": "2016-04-27T13:25:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.92.116.219']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd4-5830-4ec6-b372-4e55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:40.000Z",
"modified": "2016-04-27T13:25:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.93.130.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd4-825c-44ec-b2a1-4ff2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:40.000Z",
"modified": "2016-04-27T13:25:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.93.233.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd5-4ca0-4e46-9526-406f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:41.000Z",
"modified": "2016-04-27T13:25:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.94.167.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd5-cb50-4bca-97c4-4037950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:41.000Z",
"modified": "2016-04-27T13:25:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '112.133.241.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd6-1d24-4814-bff7-4934950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:42.000Z",
"modified": "2016-04-27T13:25:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '112.196.46.188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd6-9298-4ed0-a86a-4a06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:42.000Z",
"modified": "2016-04-27T13:25:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '112.197.190.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd7-0c3c-484b-96a2-47bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:43.000Z",
"modified": "2016-04-27T13:25:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '112.208.54.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd7-9384-47c0-83dc-4db9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:43.000Z",
"modified": "2016-04-27T13:25:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.162.178.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd7-2fe4-43da-bbb0-4823950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:43.000Z",
"modified": "2016-04-27T13:25:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.162.78.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd8-b494-4b74-8bad-45f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:44.000Z",
"modified": "2016-04-27T13:25:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.166.191.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd8-cb9c-4952-95a3-48a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:44.000Z",
"modified": "2016-04-27T13:25:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.167.64.251']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd9-6158-4256-80a8-444f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:45.000Z",
"modified": "2016-04-27T13:25:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.188.179.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdd9-9d7c-4674-ae10-4950950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:45.000Z",
"modified": "2016-04-27T13:25:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.188.37.120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdda-7da4-4391-b139-4512950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:46.000Z",
"modified": "2016-04-27T13:25:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.188.50.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdda-bd94-44d0-a784-4a4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:46.000Z",
"modified": "2016-04-27T13:25:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.199.255.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdda-2a48-4266-8b7a-4c57950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:46.000Z",
"modified": "2016-04-27T13:25:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.20.108.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddb-a830-4a40-a70a-4f18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:47.000Z",
"modified": "2016-04-27T13:25:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.21.72.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddb-7440-4b49-a38a-4302950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:47.000Z",
"modified": "2016-04-27T13:25:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.59.222.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddc-2000-4a09-9fb3-4628950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:48.000Z",
"modified": "2016-04-27T13:25:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '114.108.235.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddc-3058-4764-a198-48ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:48.000Z",
"modified": "2016-04-27T13:25:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '114.143.81.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddc-4b90-4255-9a38-409d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:48.000Z",
"modified": "2016-04-27T13:25:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.117.161.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddd-8d18-47c5-90ed-4a3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:49.000Z",
"modified": "2016-04-27T13:25:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.117.209.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddd-f8e0-4ea2-8b5e-4ed5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:49.000Z",
"modified": "2016-04-27T13:25:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.118.146.125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddd-2a9c-426a-9f9c-4e59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:49.000Z",
"modified": "2016-04-27T13:25:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.178.209.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddd-320c-4f32-9ac2-4762950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:49.000Z",
"modified": "2016-04-27T13:25:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.184.61.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddd-147c-4e6d-a7b5-43fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:49.000Z",
"modified": "2016-04-27T13:25:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.186.18.196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdde-06b0-4ddf-b361-444a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:50.000Z",
"modified": "2016-04-27T13:25:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.241.69.179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdde-6488-4fba-8b22-42b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:50.000Z",
"modified": "2016-04-27T13:25:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.241.77.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdde-adf0-497f-8344-40c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:50.000Z",
"modified": "2016-04-27T13:25:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.247.26.241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdde-676c-42cf-8404-45fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:50.000Z",
"modified": "2016-04-27T13:25:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.252.38.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdde-1554-4e0b-a882-4e58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:50.000Z",
"modified": "2016-04-27T13:25:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.73.208.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddf-a898-42d7-a21f-434d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:51.000Z",
"modified": "2016-04-27T13:25:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.76.136.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddf-1bcc-40fb-a337-4c8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:51.000Z",
"modified": "2016-04-27T13:25:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.76.212.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddf-3e1c-4cb5-aa24-46e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:51.000Z",
"modified": "2016-04-27T13:25:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.77.190.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddf-a3b8-433b-9c67-44af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:51.000Z",
"modified": "2016-04-27T13:25:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.100.51.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddf-72a8-4ddc-ba3f-47e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:51.000Z",
"modified": "2016-04-27T13:25:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.102.154.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bddf-8620-49f7-bf3a-4ba9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:51.000Z",
"modified": "2016-04-27T13:25:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.108.150.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde0-888c-474e-bd8c-4bfc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:52.000Z",
"modified": "2016-04-27T13:25:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.108.16.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde0-20d4-412c-8b8c-43f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:52.000Z",
"modified": "2016-04-27T13:25:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.108.173.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde0-551c-40ff-aef0-4c73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:52.000Z",
"modified": "2016-04-27T13:25:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.108.223.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde0-32b4-4336-807e-4be2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:52.000Z",
"modified": "2016-04-27T13:25:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.108.72.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde0-f550-4dc7-aa8e-47ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:52.000Z",
"modified": "2016-04-27T13:25:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.109.121.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde1-33e4-469d-9bfe-4155950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:53.000Z",
"modified": "2016-04-27T13:25:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.109.39.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde1-236c-496b-ad97-431d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:53.000Z",
"modified": "2016-04-27T13:25:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.110.204.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde1-abb0-4460-b1a6-4df0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:53.000Z",
"modified": "2016-04-27T13:25:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.58.60.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde1-73c4-4b9b-83f2-4fb6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:53.000Z",
"modified": "2016-04-27T13:25:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.72.8.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde1-6580-4eff-a04d-4457950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:53.000Z",
"modified": "2016-04-27T13:25:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.90.224.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde2-f874-4d67-ba5c-4e9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:54.000Z",
"modified": "2016-04-27T13:25:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.99.102.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde2-9b34-46fe-9899-49bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:54.000Z",
"modified": "2016-04-27T13:25:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.99.153.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde2-3c14-4ae1-90d3-42fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:54.000Z",
"modified": "2016-04-27T13:25:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.1.113.221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde2-69f8-425f-8b6d-42d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:54.000Z",
"modified": "2016-04-27T13:25:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.192.143.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde2-c8f8-46e9-83af-4d33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:54.000Z",
"modified": "2016-04-27T13:25:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.192.150.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde2-1680-4d2f-ad3b-410a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:54.000Z",
"modified": "2016-04-27T13:25:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.192.168.192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde3-8d94-4db2-a0de-45c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:55.000Z",
"modified": "2016-04-27T13:25:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.192.213.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde3-5408-4a3f-8064-42d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:55.000Z",
"modified": "2016-04-27T13:25:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.192.236.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde3-1860-4eb7-811b-4435950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:55.000Z",
"modified": "2016-04-27T13:25:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.193.11.238']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde3-19e8-4684-8e45-4fb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:55.000Z",
"modified": "2016-04-27T13:25:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.194.126.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde3-b0a8-4007-8229-4daf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:55.000Z",
"modified": "2016-04-27T13:25:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.194.194.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde4-2ee0-452f-bd55-49c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:56.000Z",
"modified": "2016-04-27T13:25:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.194.68.215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde4-1b98-495a-8a29-4e96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:56.000Z",
"modified": "2016-04-27T13:25:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.195.215.179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde4-cec0-44e7-b354-433f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:56.000Z",
"modified": "2016-04-27T13:25:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.196.146.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde4-9080-4633-828a-4a2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:56.000Z",
"modified": "2016-04-27T13:25:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.196.239.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde4-7180-4eef-a28c-4b3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:56.000Z",
"modified": "2016-04-27T13:25:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.197.210.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde4-9a58-4ed6-9e5d-45c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:56.000Z",
"modified": "2016-04-27T13:25:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.197.253.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde5-cf28-4768-bc40-4721950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:57.000Z",
"modified": "2016-04-27T13:25:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.198.106.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde5-ae24-468f-bb9b-4100950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:57.000Z",
"modified": "2016-04-27T13:25:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.198.132.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde5-aa80-41a7-b925-4ec2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:57.000Z",
"modified": "2016-04-27T13:25:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.198.33.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde5-3c08-404d-a9af-4903950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:57.000Z",
"modified": "2016-04-27T13:25:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.198.35.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde5-4c50-477a-a797-4691950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:57.000Z",
"modified": "2016-04-27T13:25:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.198.39.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde6-34a0-4426-955a-4988950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:58.000Z",
"modified": "2016-04-27T13:25:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.199.144.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde6-e1ac-4037-b9c9-4a5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:58.000Z",
"modified": "2016-04-27T13:25:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.199.153.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde6-6744-4f45-aa13-4fd0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:58.000Z",
"modified": "2016-04-27T13:25:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.199.163.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde6-55c4-4ad6-940a-4300950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:58.000Z",
"modified": "2016-04-27T13:25:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.199.199.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde6-cad4-46e1-909d-4299950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:58.000Z",
"modified": "2016-04-27T13:25:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.199.84.38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde6-f92c-4ae9-9078-4965950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:58.000Z",
"modified": "2016-04-27T13:25:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.200.163.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde7-0150-4192-8a96-4633950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:59.000Z",
"modified": "2016-04-27T13:25:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.200.245.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde7-ea98-4d84-9385-42e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:59.000Z",
"modified": "2016-04-27T13:25:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.201.111.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde7-9f50-4969-bc66-423f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:59.000Z",
"modified": "2016-04-27T13:25:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.201.89.208']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde7-a03c-48d3-82a9-43b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:59.000Z",
"modified": "2016-04-27T13:25:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.203.162.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde7-ec78-4200-94bc-476f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:59.000Z",
"modified": "2016-04-27T13:25:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.203.78.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde7-6e8c-42f8-a5aa-47fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:25:59.000Z",
"modified": "2016-04-27T13:25:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.204.225.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:25:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde8-c948-4471-8a64-40b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:00.000Z",
"modified": "2016-04-27T13:26:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.204.5.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde8-5254-4fdb-950d-4162950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:00.000Z",
"modified": "2016-04-27T13:26:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.205.122.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde8-5594-45f8-8fb4-47bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:00.000Z",
"modified": "2016-04-27T13:26:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.205.132.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde8-9c38-4336-ad5a-421a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:00.000Z",
"modified": "2016-04-27T13:26:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.205.248.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde8-199c-4dbb-92d9-49c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:00.000Z",
"modified": "2016-04-27T13:26:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.206.174.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde9-2eac-486f-a6c4-4628950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:01.000Z",
"modified": "2016-04-27T13:26:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.207.119.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde9-cb50-4130-91a4-4954950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:01.000Z",
"modified": "2016-04-27T13:26:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.211.161.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde9-289c-4892-9a78-438b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:01.000Z",
"modified": "2016-04-27T13:26:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.211.191.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde9-66f0-4ad4-aeed-43f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:01.000Z",
"modified": "2016-04-27T13:26:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.212.135.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bde9-f2a4-4538-852c-4cc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:01.000Z",
"modified": "2016-04-27T13:26:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.213.154.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdea-c208-4cc0-a10c-433a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:02.000Z",
"modified": "2016-04-27T13:26:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.213.20.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdea-6608-4087-ac9a-4675950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:02.000Z",
"modified": "2016-04-27T13:26:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.214.28.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdea-10fc-4ac7-9ad9-4711950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:02.000Z",
"modified": "2016-04-27T13:26:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.215.16.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdea-3f70-4201-9605-43c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:02.000Z",
"modified": "2016-04-27T13:26:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.215.221.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdea-5cfc-4988-adc6-4928950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:02.000Z",
"modified": "2016-04-27T13:26:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.216.71.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdea-208c-4110-95f4-4a9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:02.000Z",
"modified": "2016-04-27T13:26:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.218.100.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdeb-1888-4fa1-81c4-4e96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:03.000Z",
"modified": "2016-04-27T13:26:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.218.78.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdeb-d5ec-49e6-892a-45e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:03.000Z",
"modified": "2016-04-27T13:26:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.221.115.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdeb-6bc8-482b-86f9-4ae2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:03.000Z",
"modified": "2016-04-27T13:26:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.221.225.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdeb-fe98-460b-a5f5-45cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:03.000Z",
"modified": "2016-04-27T13:26:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.221.66.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdeb-5220-4ec4-aecf-441e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:03.000Z",
"modified": "2016-04-27T13:26:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.222.196.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdec-cbdc-4e51-9962-4c26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:04.000Z",
"modified": "2016-04-27T13:26:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.222.234.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdec-ea94-4d4c-b5fb-4196950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:04.000Z",
"modified": "2016-04-27T13:26:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.223.234.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdec-df88-43bc-9c44-4982950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:04.000Z",
"modified": "2016-04-27T13:26:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.223.38.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdec-8e5c-45ef-b85a-47dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:04.000Z",
"modified": "2016-04-27T13:26:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.242.48.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdec-8c84-4ed8-87b5-4d52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:04.000Z",
"modified": "2016-04-27T13:26:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.247.178.209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdec-6270-4611-abca-4dde950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:04.000Z",
"modified": "2016-04-27T13:26:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.247.20.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bded-8a38-4ff7-9488-449a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:05.000Z",
"modified": "2016-04-27T13:26:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.247.204.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bded-3b6c-4d99-a3d6-4dfc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:05.000Z",
"modified": "2016-04-27T13:26:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.248.65.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bded-02e4-4dcc-9da6-43c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:05.000Z",
"modified": "2016-04-27T13:26:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.248.79.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bded-dec0-4aba-8504-44fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:05.000Z",
"modified": "2016-04-27T13:26:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.6.131.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bded-d77c-47f8-9627-4bfb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:05.000Z",
"modified": "2016-04-27T13:26:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.6.160.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdee-4c5c-4f70-aa8b-401f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:06.000Z",
"modified": "2016-04-27T13:26:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.102.169.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdee-1640-424e-abd8-47ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:06.000Z",
"modified": "2016-04-27T13:26:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.136.55.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdee-6800-4bb3-853f-42a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:06.000Z",
"modified": "2016-04-27T13:26:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.137.142.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdee-2c18-48c5-a898-4d12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:06.000Z",
"modified": "2016-04-27T13:26:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.179.165.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdee-2720-4a3f-b41f-4efb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:06.000Z",
"modified": "2016-04-27T13:26:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.69.35.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdee-1c84-4b24-af85-4321950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:06.000Z",
"modified": "2016-04-27T13:26:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.69.52.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdef-802c-4936-8dce-4a94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:07.000Z",
"modified": "2016-04-27T13:26:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '119.153.165.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdef-3b24-4988-b066-450f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:07.000Z",
"modified": "2016-04-27T13:26:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '119.154.180.231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdef-95f4-4c33-9922-4b36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:07.000Z",
"modified": "2016-04-27T13:26:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '119.155.152.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdef-c1a4-4394-b644-41af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:07.000Z",
"modified": "2016-04-27T13:26:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '119.235.48.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdef-21d0-4fb4-9320-4a3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:07.000Z",
"modified": "2016-04-27T13:26:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '119.93.7.120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf0-6d98-452c-aeda-4313950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:08.000Z",
"modified": "2016-04-27T13:26:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.141.192.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf0-32f0-4fa3-b15f-46bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:08.000Z",
"modified": "2016-04-27T13:26:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.50.2.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf0-7a5c-4a1e-bc22-4e36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:08.000Z",
"modified": "2016-04-27T13:26:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.56.57.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf0-0774-482f-87dd-4e65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:08.000Z",
"modified": "2016-04-27T13:26:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.60.146.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf0-29d4-47ef-8701-4119950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:08.000Z",
"modified": "2016-04-27T13:26:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '121.58.212.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf0-2000-458d-b934-4eba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:08.000Z",
"modified": "2016-04-27T13:26:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.15.136.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf1-2428-4b5f-a0e9-4c59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:09.000Z",
"modified": "2016-04-27T13:26:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.170.160.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf1-7540-4cb2-8b85-40ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:09.000Z",
"modified": "2016-04-27T13:26:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.171.192.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf1-88f0-40cc-8dd8-40f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:09.000Z",
"modified": "2016-04-27T13:26:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '123.19.31.255']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf1-7640-4b6e-be96-44f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:09.000Z",
"modified": "2016-04-27T13:26:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '123.200.1.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf1-5360-4f56-993b-43b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:09.000Z",
"modified": "2016-04-27T13:26:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '123.23.0.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf2-57ec-412d-b124-4bc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:10.000Z",
"modified": "2016-04-27T13:26:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '123.238.183.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf2-fc50-4721-a99d-4f9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:10.000Z",
"modified": "2016-04-27T13:26:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '123.252.216.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf2-5488-48dc-b5da-4348950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:10.000Z",
"modified": "2016-04-27T13:26:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '124.105.29.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf2-5354-4e60-a646-48bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:10.000Z",
"modified": "2016-04-27T13:26:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '124.106.157.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf2-1cc0-46f7-b4a2-41c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:10.000Z",
"modified": "2016-04-27T13:26:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '130.204.247.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf2-4e0c-43ad-b775-4e18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:10.000Z",
"modified": "2016-04-27T13:26:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '138.75.213.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf3-c628-4beb-9114-451a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:11.000Z",
"modified": "2016-04-27T13:26:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.192.165.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf3-2d88-416f-b8cd-4080950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:11.000Z",
"modified": "2016-04-27T13:26:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.193.79.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf3-cc10-4398-9d44-4e7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:11.000Z",
"modified": "2016-04-27T13:26:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.5.16.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf3-d644-4ba0-b561-45cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:11.000Z",
"modified": "2016-04-27T13:26:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.102.49.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf3-2774-4935-8780-4ad9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:11.000Z",
"modified": "2016-04-27T13:26:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.141.249.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf4-bb54-4997-b9f4-4e4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:12.000Z",
"modified": "2016-04-27T13:26:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.141.83.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf4-5b7c-44b3-a194-45f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:12.000Z",
"modified": "2016-04-27T13:26:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.165.184.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf4-73f4-4406-a993-4a60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:12.000Z",
"modified": "2016-04-27T13:26:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.172.140.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf4-c7a8-45bd-bb3e-4e4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:12.000Z",
"modified": "2016-04-27T13:26:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.172.201.129']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf4-3a8c-48fa-9057-45aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:12.000Z",
"modified": "2016-04-27T13:26:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.172.239.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf4-ec38-414a-b61d-47c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:12.000Z",
"modified": "2016-04-27T13:26:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.172.84.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf5-df94-44d1-a72d-4420950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:13.000Z",
"modified": "2016-04-27T13:26:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.176.20.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf5-d648-4ebb-b1ad-4a5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:13.000Z",
"modified": "2016-04-27T13:26:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.177.155.236']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf5-fe84-45ff-9c1b-4c52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:13.000Z",
"modified": "2016-04-27T13:26:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.183.105.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf5-ede8-4966-8da8-4e9b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:13.000Z",
"modified": "2016-04-27T13:26:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.183.109.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf5-a37c-4e9b-ba26-4a39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:13.000Z",
"modified": "2016-04-27T13:26:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.183.178.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf6-098c-4b48-94e1-4cdd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:14.000Z",
"modified": "2016-04-27T13:26:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.98.126.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf6-f518-43b7-913b-421e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:14.000Z",
"modified": "2016-04-27T13:26:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '142.166.82.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf6-c9d0-4dd9-b25f-44ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:14.000Z",
"modified": "2016-04-27T13:26:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '146.60.255.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf6-6150-43f8-bf99-4bb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:14.000Z",
"modified": "2016-04-27T13:26:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.19.178.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf6-b070-44f8-88ba-43bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:14.000Z",
"modified": "2016-04-27T13:26:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.232.204.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf6-ade4-4a0f-a410-4b63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:14.000Z",
"modified": "2016-04-27T13:26:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.232.244.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf7-2c88-4a5f-8ffe-40fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:15.000Z",
"modified": "2016-04-27T13:26:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.63.78.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf7-78f4-4086-9ca7-4b02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:15.000Z",
"modified": "2016-04-27T13:26:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '154.101.152.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf7-8284-494a-86d1-4958950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:15.000Z",
"modified": "2016-04-27T13:26:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '154.122.34.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf7-80e4-43bf-855e-4192950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:15.000Z",
"modified": "2016-04-27T13:26:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '154.127.71.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf7-c750-430b-adfb-4382950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:15.000Z",
"modified": "2016-04-27T13:26:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '156.157.154.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf8-896c-4c78-92d3-4f29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:16.000Z",
"modified": "2016-04-27T13:26:16.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '160.120.48.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf8-7b38-40c8-967f-40de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:16.000Z",
"modified": "2016-04-27T13:26:16.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '163.47.13.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf8-6394-4984-b5e6-4b19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:16.000Z",
"modified": "2016-04-27T13:26:16.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '163.53.211.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf8-4788-4a0f-9861-4a88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:16.000Z",
"modified": "2016-04-27T13:26:16.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '165.50.246.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf8-3ff8-4b23-a0fb-4ff3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:16.000Z",
"modified": "2016-04-27T13:26:16.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.232.183.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf8-23a4-44a1-a900-473b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:16.000Z",
"modified": "2016-04-27T13:26:16.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.234.237.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf9-e514-4d0a-ba80-4534950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:17.000Z",
"modified": "2016-04-27T13:26:17.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.235.44.179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf9-d0e0-4ae6-8e1e-48e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:17.000Z",
"modified": "2016-04-27T13:26:17.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.248.158.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf9-ab10-42d0-9235-44b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:17.000Z",
"modified": "2016-04-27T13:26:17.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.249.104.215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf9-d2b4-470e-8d0a-41c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:17.000Z",
"modified": "2016-04-27T13:26:17.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.4.106.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdf9-0844-4c44-a9c0-47d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:17.000Z",
"modified": "2016-04-27T13:26:17.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.49.153.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfa-4228-4c70-983d-43d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:18.000Z",
"modified": "2016-04-27T13:26:18.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.61.3.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfa-3bb4-4195-aa0e-44a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:18.000Z",
"modified": "2016-04-27T13:26:18.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.76.129.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfa-45cc-48c7-8bac-40ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:18.000Z",
"modified": "2016-04-27T13:26:18.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '175.107.36.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfa-dfa4-48fd-b6ef-4563950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:18.000Z",
"modified": "2016-04-27T13:26:18.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '175.107.36.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfa-c030-4504-947b-46fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:18.000Z",
"modified": "2016-04-27T13:26:18.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '175.107.53.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfb-be74-4f8e-ad27-40f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:19.000Z",
"modified": "2016-04-27T13:26:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '176.101.133.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfb-6844-42b5-88d6-4c16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:19.000Z",
"modified": "2016-04-27T13:26:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '176.204.30.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfb-e194-4897-aba0-4043950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:19.000Z",
"modified": "2016-04-27T13:26:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '176.218.104.167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfb-c158-4b00-8ed1-4062950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:19.000Z",
"modified": "2016-04-27T13:26:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.152.124.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfb-62e4-4fe1-8fad-477c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:19.000Z",
"modified": "2016-04-27T13:26:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.224.106.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfb-8b48-44bd-bd0a-4259950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:19.000Z",
"modified": "2016-04-27T13:26:19.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.228.33.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfc-9fac-4f7b-8401-4882950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:20.000Z",
"modified": "2016-04-27T13:26:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.36.255.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfc-f888-4e64-b86c-4528950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:20.000Z",
"modified": "2016-04-27T13:26:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.47.210.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfc-7514-4f3d-9937-4cbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:20.000Z",
"modified": "2016-04-27T13:26:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.86.97.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfc-c92c-4391-a13d-4e0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:20.000Z",
"modified": "2016-04-27T13:26:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '178.214.67.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfc-1bc8-4b7b-9427-405f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:20.000Z",
"modified": "2016-04-27T13:26:20.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.178.145.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfd-69d0-4f8e-adb3-4e25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:21.000Z",
"modified": "2016-04-27T13:26:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.211.247.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfd-51c8-43b7-95c4-439b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:21.000Z",
"modified": "2016-04-27T13:26:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.215.121.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfd-36a0-4bd3-889b-41e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:21.000Z",
"modified": "2016-04-27T13:26:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.215.154.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfd-bf6c-423e-a82a-4168950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:21.000Z",
"modified": "2016-04-27T13:26:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.87.245.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfd-4054-47ce-97f8-46b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:21.000Z",
"modified": "2016-04-27T13:26:21.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '181.164.107.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfe-0930-438e-a079-4221950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:22.000Z",
"modified": "2016-04-27T13:26:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '181.26.7.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfe-0190-45e5-b3be-45f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:22.000Z",
"modified": "2016-04-27T13:26:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.160.41.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfe-4be4-44ae-9c98-44cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:22.000Z",
"modified": "2016-04-27T13:26:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.180.100.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfe-7364-49c2-b0ac-43e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:22.000Z",
"modified": "2016-04-27T13:26:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.180.81.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfe-c0ec-4c66-b07c-4d19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:22.000Z",
"modified": "2016-04-27T13:26:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.181.176.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdfe-6728-45cb-ab2d-4162950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:22.000Z",
"modified": "2016-04-27T13:26:22.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.184.69.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdff-690c-4878-a60f-44af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:23.000Z",
"modified": "2016-04-27T13:26:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.185.135.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdff-7df0-429a-b53c-4002950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:23.000Z",
"modified": "2016-04-27T13:26:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.185.154.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdff-1390-48bf-8e63-4bb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:23.000Z",
"modified": "2016-04-27T13:26:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.185.188.175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdff-3bc4-4a69-8b41-4f0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:23.000Z",
"modified": "2016-04-27T13:26:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.186.246.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720bdff-bc5c-4219-9a88-448c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:23.000Z",
"modified": "2016-04-27T13:26:23.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.187.10.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be00-be6c-4a5b-b858-438f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:24.000Z",
"modified": "2016-04-27T13:26:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.187.124.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be00-cb1c-4c3d-a605-40ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:24.000Z",
"modified": "2016-04-27T13:26:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.216.229.152']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be00-f924-412e-adf7-48c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:24.000Z",
"modified": "2016-04-27T13:26:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.253.105.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be00-40d8-4981-b831-40a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:24.000Z",
"modified": "2016-04-27T13:26:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.57.167.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be00-a590-48ae-a2a4-4b54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:24.000Z",
"modified": "2016-04-27T13:26:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.58.68.125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be00-443c-44ed-8b3c-4568950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:24.000Z",
"modified": "2016-04-27T13:26:24.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.65.46.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be01-64d8-48f5-b494-4555950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:25.000Z",
"modified": "2016-04-27T13:26:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.73.79.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be01-33ec-4d00-8201-4ceb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:25.000Z",
"modified": "2016-04-27T13:26:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.195.139.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be01-6404-4743-a637-4412950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:25.000Z",
"modified": "2016-04-27T13:26:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.87.125.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be01-daf4-4662-8668-4820950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:25.000Z",
"modified": "2016-04-27T13:26:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.87.126.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be01-4e28-414d-b130-4b20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:25.000Z",
"modified": "2016-04-27T13:26:25.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.87.154.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be02-568c-4f49-bd83-426d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:26.000Z",
"modified": "2016-04-27T13:26:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.87.56.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be02-3868-40ca-931c-4212950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:26.000Z",
"modified": "2016-04-27T13:26:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.88.85.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be02-ffbc-4554-b073-4af1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:26.000Z",
"modified": "2016-04-27T13:26:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.89.39.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be02-f604-47f7-8751-44d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:26.000Z",
"modified": "2016-04-27T13:26:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.103.130.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be02-1978-4a09-89a3-41bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:26.000Z",
"modified": "2016-04-27T13:26:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.14.132.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be03-e1c8-4182-a7f8-4518950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:26.000Z",
"modified": "2016-04-27T13:26:26.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.29.71.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be03-2874-4568-a8a4-43e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:27.000Z",
"modified": "2016-04-27T13:26:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.42.227.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be03-0c84-43de-b53d-4ae9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:27.000Z",
"modified": "2016-04-27T13:26:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.51.205.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be03-0704-4398-baf1-47bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:27.000Z",
"modified": "2016-04-27T13:26:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.101.81.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be03-0a94-4821-a4eb-4ccf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:27.000Z",
"modified": "2016-04-27T13:26:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.104.81.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be03-3a08-4ee3-ace9-42e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:27.000Z",
"modified": "2016-04-27T13:26:27.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.167.6.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be04-b7a4-4654-8ea7-4779950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:28.000Z",
"modified": "2016-04-27T13:26:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.23.77.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be04-f0a4-498c-9c16-4e52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:28.000Z",
"modified": "2016-04-27T13:26:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '187.176.9.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be04-c108-49a4-80c2-49ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:28.000Z",
"modified": "2016-04-27T13:26:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '187.210.188.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be04-7b78-4314-9c27-46ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:28.000Z",
"modified": "2016-04-27T13:26:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '187.253.122.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be04-a4ec-44e1-a4b8-45bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:28.000Z",
"modified": "2016-04-27T13:26:28.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.135.40.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be05-0a48-48a6-958d-4945950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:29.000Z",
"modified": "2016-04-27T13:26:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.158.220.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be05-a890-42c1-a490-4964950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:29.000Z",
"modified": "2016-04-27T13:26:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.212.147.9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be05-d588-404b-8eb6-454f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:29.000Z",
"modified": "2016-04-27T13:26:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.214.183.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be05-42d8-4f90-9588-4866950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:29.000Z",
"modified": "2016-04-27T13:26:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.225.189.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be05-ff50-4a67-b177-48da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:29.000Z",
"modified": "2016-04-27T13:26:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.26.111.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be05-f6f0-4cbe-8511-428a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:29.000Z",
"modified": "2016-04-27T13:26:29.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.3.142.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be06-1380-4c73-a564-45db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:30.000Z",
"modified": "2016-04-27T13:26:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.44.5.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be06-260c-4600-a155-4ada950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:30.000Z",
"modified": "2016-04-27T13:26:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '189.202.81.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be06-b380-4f41-927a-4219950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:30.000Z",
"modified": "2016-04-27T13:26:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '189.74.127.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be06-69e0-494b-b124-45d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:30.000Z",
"modified": "2016-04-27T13:26:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.123.158.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be06-f754-4b39-b0d1-4fea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:30.000Z",
"modified": "2016-04-27T13:26:30.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.187.133.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be07-639c-45aa-ad97-46b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:31.000Z",
"modified": "2016-04-27T13:26:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.221.160.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be07-25f0-4e38-8da2-4739950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:31.000Z",
"modified": "2016-04-27T13:26:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.245.189.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be07-12d0-479c-a45b-462e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:31.000Z",
"modified": "2016-04-27T13:26:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.49.148.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be07-5ef4-4f9a-b62a-4fb6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:31.000Z",
"modified": "2016-04-27T13:26:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.50.105.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be07-69c4-4985-8616-4e09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:31.000Z",
"modified": "2016-04-27T13:26:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '192.95.215.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be07-4f00-472e-86ba-401f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:31.000Z",
"modified": "2016-04-27T13:26:31.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.227.29.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be08-7d08-4783-b36f-4070950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:32.000Z",
"modified": "2016-04-27T13:26:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.255.129.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be08-eed0-4e51-8b2f-41ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:32.000Z",
"modified": "2016-04-27T13:26:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '195.175.17.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be08-0b78-4c17-afc5-4f64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:32.000Z",
"modified": "2016-04-27T13:26:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '195.175.58.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be08-9e6c-4f24-99a0-422a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:32.000Z",
"modified": "2016-04-27T13:26:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '195.175.93.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be08-e270-492a-ba37-40f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:32.000Z",
"modified": "2016-04-27T13:26:32.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '196.113.155.238']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be09-4948-4a37-a550-46f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:33.000Z",
"modified": "2016-04-27T13:26:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '196.207.142.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be09-1d14-43b4-bbf2-4ba3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:33.000Z",
"modified": "2016-04-27T13:26:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '196.3.96.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be09-45ac-4c3f-a6a1-4235950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:33.000Z",
"modified": "2016-04-27T13:26:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.148.46.193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be09-94c4-4547-9e3a-4317950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:33.000Z",
"modified": "2016-04-27T13:26:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.217.103.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be09-0f8c-462c-bfd7-44eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:33.000Z",
"modified": "2016-04-27T13:26:33.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.227.85.36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0a-3ccc-4322-92d1-463b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:34.000Z",
"modified": "2016-04-27T13:26:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.237.8.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0a-0f48-4561-8b50-4e0c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:34.000Z",
"modified": "2016-04-27T13:26:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.239.1.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0a-32a0-4886-b938-470e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:34.000Z",
"modified": "2016-04-27T13:26:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.248.214.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0a-5810-4bd1-be0f-4c62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:34.000Z",
"modified": "2016-04-27T13:26:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.77.25.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0a-0f98-4eae-9578-4375950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:34.000Z",
"modified": "2016-04-27T13:26:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.93.167.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0a-98d0-4d4d-94d3-4fd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:34.000Z",
"modified": "2016-04-27T13:26:34.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.180.17.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0b-b800-4ec2-84a2-433d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:35.000Z",
"modified": "2016-04-27T13:26:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.182.207.38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0b-2a00-4c40-8b01-4d73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:35.000Z",
"modified": "2016-04-27T13:26:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.231.230.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0b-c288-4af8-a93e-4a9b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:35.000Z",
"modified": "2016-04-27T13:26:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.50.22.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0b-20c0-4fda-ac01-4b6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:35.000Z",
"modified": "2016-04-27T13:26:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.50.25.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0b-1a70-408f-8de6-4756950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:35.000Z",
"modified": "2016-04-27T13:26:35.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.50.53.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0c-1b68-4a1d-86f2-446a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:36.000Z",
"modified": "2016-04-27T13:26:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '200.124.231.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0c-db5c-46e5-8f5c-4aa5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:36.000Z",
"modified": "2016-04-27T13:26:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '200.35.85.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0c-9fec-47f4-b4f4-4d5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:36.000Z",
"modified": "2016-04-27T13:26:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '200.72.196.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0c-676c-457d-8a96-44f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:36.000Z",
"modified": "2016-04-27T13:26:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '200.86.174.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0c-d124-4519-b415-4689950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:36.000Z",
"modified": "2016-04-27T13:26:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.113.47.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0c-02f0-4e64-85a9-49e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:36.000Z",
"modified": "2016-04-27T13:26:36.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.193.49.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0d-4e20-4502-8b9f-4a53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:37.000Z",
"modified": "2016-04-27T13:26:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.20.91.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0d-7800-4345-869c-4ee9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:37.000Z",
"modified": "2016-04-27T13:26:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.211.46.193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0d-2364-40c2-aadf-4475950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:37.000Z",
"modified": "2016-04-27T13:26:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.157.76.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0d-dd0c-4f65-8dbc-4505950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:37.000Z",
"modified": "2016-04-27T13:26:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.160.173.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0d-6aac-4845-8066-4512950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:37.000Z",
"modified": "2016-04-27T13:26:37.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.191.183.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0e-7840-4275-87a9-4744950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:38.000Z",
"modified": "2016-04-27T13:26:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.44.38.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0e-10b4-4929-a8ef-48bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:38.000Z",
"modified": "2016-04-27T13:26:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.5.37.120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0e-2edc-4544-88d3-4ee6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:38.000Z",
"modified": "2016-04-27T13:26:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.5.37.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0e-d294-4f29-a1fe-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:38.000Z",
"modified": "2016-04-27T13:26:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.59.94.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0e-ff4c-424a-afa7-4fcb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:38.000Z",
"modified": "2016-04-27T13:26:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.74.243.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0e-a98c-427f-bdaa-4935950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:38.000Z",
"modified": "2016-04-27T13:26:38.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.83.28.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0f-c65c-47c7-9f25-47af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:39.000Z",
"modified": "2016-04-27T13:26:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.112.76.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0f-f184-482b-b16a-4478950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:39.000Z",
"modified": "2016-04-27T13:26:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.192.225.235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0f-b9d8-4a1f-9bf4-42f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:39.000Z",
"modified": "2016-04-27T13:26:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.192.238.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0f-a3a4-496c-b3c7-4e3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:39.000Z",
"modified": "2016-04-27T13:26:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.217.170.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be0f-3274-4130-8495-43b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:39.000Z",
"modified": "2016-04-27T13:26:39.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.76.103.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be10-a608-4a1e-991e-4845950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:40.000Z",
"modified": "2016-04-27T13:26:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.76.107.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be10-1e24-4526-9901-4a3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:40.000Z",
"modified": "2016-04-27T13:26:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '203.82.42.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be10-fa90-414d-8c86-494e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:40.000Z",
"modified": "2016-04-27T13:26:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '212.104.125.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be10-5d58-4e3d-93e5-4eaa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:40.000Z",
"modified": "2016-04-27T13:26:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '212.118.23.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be10-a1e8-474d-98cf-44e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:40.000Z",
"modified": "2016-04-27T13:26:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '212.233.201.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be10-2af4-48c0-b397-4d39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:40.000Z",
"modified": "2016-04-27T13:26:40.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '212.50.15.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be11-4bb4-4546-86b7-489b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:41.000Z",
"modified": "2016-04-27T13:26:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.204.93.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be11-14b4-4cd0-88e2-48ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:41.000Z",
"modified": "2016-04-27T13:26:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.37.195.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be11-6464-4ae2-a045-4790950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:41.000Z",
"modified": "2016-04-27T13:26:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.55.104.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be11-8690-4b09-b766-4014950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:41.000Z",
"modified": "2016-04-27T13:26:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.55.107.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be11-2004-47ad-81da-4b05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:41.000Z",
"modified": "2016-04-27T13:26:41.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.6.151.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be12-03c8-4866-b7bd-4da7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:42.000Z",
"modified": "2016-04-27T13:26:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.6.77.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be12-070c-45a1-83c5-4ebc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:42.000Z",
"modified": "2016-04-27T13:26:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.74.215.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be12-64e8-4a4f-8536-4292950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:42.000Z",
"modified": "2016-04-27T13:26:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '217.128.136.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be12-5eac-486c-baf0-47b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:42.000Z",
"modified": "2016-04-27T13:26:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '217.165.76.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be12-1300-46d8-97a2-4b3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:42.000Z",
"modified": "2016-04-27T13:26:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '217.229.58.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be12-3378-4c82-a2f2-4486950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:42.000Z",
"modified": "2016-04-27T13:26:42.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '217.67.192.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be13-a758-4182-956e-41da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:43.000Z",
"modified": "2016-04-27T13:26:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '219.92.232.192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be13-7fb0-4cad-9f7a-4a16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:43.000Z",
"modified": "2016-04-27T13:26:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '220.227.62.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be13-f6f0-4441-b4ed-41ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:43.000Z",
"modified": "2016-04-27T13:26:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '223.176.161.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be13-1ccc-43df-ba58-457d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:43.000Z",
"modified": "2016-04-27T13:26:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '223.176.179.156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be13-482c-41af-9233-401f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:43.000Z",
"modified": "2016-04-27T13:26:43.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '223.176.42.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be14-c968-4ab4-aaa3-46ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:44.000Z",
"modified": "2016-04-27T13:26:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '223.196.18.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be14-0698-4f32-a77e-43a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:44.000Z",
"modified": "2016-04-27T13:26:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '223.30.121.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be14-5f34-4b60-a958-4592950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:44.000Z",
"modified": "2016-04-27T13:26:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.0.181.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be14-de44-4931-b98f-4290950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:44.000Z",
"modified": "2016-04-27T13:26:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.114.128.196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be14-9a44-4411-ad00-40dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:44.000Z",
"modified": "2016-04-27T13:26:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.251.137.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be14-c6bc-470c-b090-4ab5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:44.000Z",
"modified": "2016-04-27T13:26:44.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.3.206.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be15-5204-4116-af99-4019950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:45.000Z",
"modified": "2016-04-27T13:26:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.5.9.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be15-6a58-4bf8-bd8c-4ea8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:45.000Z",
"modified": "2016-04-27T13:26:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.58.54.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be15-c6a4-4ba0-90dc-4226950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:45.000Z",
"modified": "2016-04-27T13:26:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.74.132.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be15-a114-4c93-9f47-48f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:45.000Z",
"modified": "2016-04-27T13:26:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.77.217.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be15-5094-4e34-b647-4ad7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:45.000Z",
"modified": "2016-04-27T13:26:45.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.97.152.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be16-24c4-4364-bc00-46f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:46.000Z",
"modified": "2016-04-27T13:26:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '31.14.158.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be16-5720-462c-be6f-4169950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:46.000Z",
"modified": "2016-04-27T13:26:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '31.15.249.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be16-cc74-43a5-befe-425c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:46.000Z",
"modified": "2016-04-27T13:26:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '31.184.145.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be16-31c4-45e0-8103-4161950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:46.000Z",
"modified": "2016-04-27T13:26:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '31.218.13.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be16-9488-43d9-9c76-43c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:46.000Z",
"modified": "2016-04-27T13:26:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.11.16.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be16-3568-4b9e-930e-4044950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:46.000Z",
"modified": "2016-04-27T13:26:46.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.210.249.233']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be17-9c30-4861-b494-4ac5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:47.000Z",
"modified": "2016-04-27T13:26:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.211.80.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be17-6b68-4d4e-b580-4b81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:47.000Z",
"modified": "2016-04-27T13:26:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.231.187.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be17-5b94-4644-be73-4878950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:47.000Z",
"modified": "2016-04-27T13:26:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.27.12.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be17-f844-46fa-a47f-4b50950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:47.000Z",
"modified": "2016-04-27T13:26:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.27.43.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be17-ac48-4b19-9bde-4370950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:47.000Z",
"modified": "2016-04-27T13:26:47.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.32.189.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be18-8934-476f-983c-4cd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:48.000Z",
"modified": "2016-04-27T13:26:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.32.8.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be18-2f28-406a-94b9-48f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:48.000Z",
"modified": "2016-04-27T13:26:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.33.10.252']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be18-012c-4e11-9546-43c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:48.000Z",
"modified": "2016-04-27T13:26:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.36.151.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be18-d94c-4d0b-b593-4ce6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:48.000Z",
"modified": "2016-04-27T13:26:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.36.192.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be18-35d0-43b9-b23a-4a9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:48.000Z",
"modified": "2016-04-27T13:26:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.36.78.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be18-e488-494f-9df0-4540950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:48.000Z",
"modified": "2016-04-27T13:26:48.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.40.114.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be19-9d60-4453-9851-4590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:49.000Z",
"modified": "2016-04-27T13:26:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.42.50.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be19-6eb0-40cd-9b07-46d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:49.000Z",
"modified": "2016-04-27T13:26:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.42.51.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be19-e64c-43dd-bfb5-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:49.000Z",
"modified": "2016-04-27T13:26:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.46.106.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be19-80b4-4214-8bed-486a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:49.000Z",
"modified": "2016-04-27T13:26:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.47.12.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be19-c608-4282-b88e-4542950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:49.000Z",
"modified": "2016-04-27T13:26:49.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.47.69.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1a-432c-408f-8957-419b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:50.000Z",
"modified": "2016-04-27T13:26:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.52.164.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1a-b88c-4c2e-8632-49f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:50.000Z",
"modified": "2016-04-27T13:26:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.54.17.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1a-0d08-47a2-992a-44c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:50.000Z",
"modified": "2016-04-27T13:26:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.55.171.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1a-66ac-43ca-ad7e-4d77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:50.000Z",
"modified": "2016-04-27T13:26:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.114.222.126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1a-4d78-4afe-b893-4517950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:50.000Z",
"modified": "2016-04-27T13:26:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.134.194.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1a-c850-4e15-a506-4cdc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:50.000Z",
"modified": "2016-04-27T13:26:50.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.184.183.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1b-912c-4488-9733-4ecb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:51.000Z",
"modified": "2016-04-27T13:26:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.204.93.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1b-31a8-440a-9b2f-4164950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:51.000Z",
"modified": "2016-04-27T13:26:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.207.202.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1b-6a20-4d03-af42-4c4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:51.000Z",
"modified": "2016-04-27T13:26:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.211.173.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1b-c858-4b26-84ce-4b90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:51.000Z",
"modified": "2016-04-27T13:26:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.214.50.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1b-9b64-4e0d-b296-42bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:51.000Z",
"modified": "2016-04-27T13:26:51.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.225.60.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1c-58a4-4bd6-aa57-47a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:52.000Z",
"modified": "2016-04-27T13:26:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.72.18.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1c-9874-485b-87b4-43a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:52.000Z",
"modified": "2016-04-27T13:26:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.78.73.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1c-ba94-4bde-bc2c-49cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:52.000Z",
"modified": "2016-04-27T13:26:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.82.145.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1c-77b8-4612-b064-41b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:52.000Z",
"modified": "2016-04-27T13:26:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.118.179.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1c-0744-4847-b1c2-4b9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:52.000Z",
"modified": "2016-04-27T13:26:52.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '43.255.112.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1d-2508-41d1-a940-4546950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:53.000Z",
"modified": "2016-04-27T13:26:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.114.51.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1d-8dc4-41ad-95a5-4f1c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:53.000Z",
"modified": "2016-04-27T13:26:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.121.111.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1d-774c-4152-befb-4334950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:53.000Z",
"modified": "2016-04-27T13:26:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.121.112.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1d-2c44-44fe-b68b-48bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:53.000Z",
"modified": "2016-04-27T13:26:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.121.30.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1d-a398-470b-a4d7-4a4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:53.000Z",
"modified": "2016-04-27T13:26:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.123.1.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1d-3700-4406-876c-48a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:53.000Z",
"modified": "2016-04-27T13:26:53.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.124.147.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1e-9dfc-4cb3-91b8-4b76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:54.000Z",
"modified": "2016-04-27T13:26:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.176.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1e-be7c-4e2f-890f-45eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:54.000Z",
"modified": "2016-04-27T13:26:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.244.45.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1e-5f24-4ef7-80b9-457b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:54.000Z",
"modified": "2016-04-27T13:26:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.2.40.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1e-0518-4d4a-8135-4469950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:54.000Z",
"modified": "2016-04-27T13:26:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.224.123.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1e-f224-4492-8982-42d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:54.000Z",
"modified": "2016-04-27T13:26:54.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.246.215.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1f-51c8-4f5c-8e7d-414c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:55.000Z",
"modified": "2016-04-27T13:26:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.43.81.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1f-c79c-4633-9d3b-421c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:55.000Z",
"modified": "2016-04-27T13:26:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.60.32.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1f-4274-426e-b433-4261950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:55.000Z",
"modified": "2016-04-27T13:26:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.156.149.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1f-8210-4bc4-82c7-450d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:55.000Z",
"modified": "2016-04-27T13:26:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.204.157.209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1f-2bec-4019-85d5-49d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:55.000Z",
"modified": "2016-04-27T13:26:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.204.186.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be1f-1ef8-431c-a605-4857950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:55.000Z",
"modified": "2016-04-27T13:26:55.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.207.183.199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be20-1b64-4359-a9df-4a21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:56.000Z",
"modified": "2016-04-27T13:26:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.207.184.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be20-5844-4789-bf04-4434950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:56.000Z",
"modified": "2016-04-27T13:26:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.244.65.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be20-bd60-45e9-8ff5-4e33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:56.000Z",
"modified": "2016-04-27T13:26:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.248.56.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be20-5ddc-4dbe-9672-42a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:56.000Z",
"modified": "2016-04-27T13:26:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.48.188.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be20-602c-4aa6-b365-483c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:56.000Z",
"modified": "2016-04-27T13:26:56.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.48.223.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be21-1550-48f1-afe9-4fb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:57.000Z",
"modified": "2016-04-27T13:26:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.172.134.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be21-6af0-42ae-a3ba-4f34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:57.000Z",
"modified": "2016-04-27T13:26:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.81.108.155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be21-3a28-419f-b3b9-40ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:57.000Z",
"modified": "2016-04-27T13:26:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '58.186.158.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be21-f2e4-4b7c-887a-4eac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:57.000Z",
"modified": "2016-04-27T13:26:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '58.27.132.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be21-d2cc-431b-922f-4e82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:57.000Z",
"modified": "2016-04-27T13:26:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.178.161.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be21-7a2c-4491-9d95-4d5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:57.000Z",
"modified": "2016-04-27T13:26:57.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.183.208.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be22-0068-4420-a402-479f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:58.000Z",
"modified": "2016-04-27T13:26:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.184.130.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be22-c8e0-43d2-a2bf-4b66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:58.000Z",
"modified": "2016-04-27T13:26:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.89.12.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be22-6964-4075-a003-4d78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:58.000Z",
"modified": "2016-04-27T13:26:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.89.176.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be22-8f38-4583-8ae0-44e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:58.000Z",
"modified": "2016-04-27T13:26:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.89.24.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be22-d478-4024-98ab-422d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:58.000Z",
"modified": "2016-04-27T13:26:58.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.89.50.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be23-da0c-4997-ad4e-4fa6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:59.000Z",
"modified": "2016-04-27T13:26:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.89.8.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be23-8dac-4480-89c4-4775950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:59.000Z",
"modified": "2016-04-27T13:26:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.90.112.129']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be23-b128-4a7d-9758-494c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:59.000Z",
"modified": "2016-04-27T13:26:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.90.137.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be23-7944-4d98-9641-4dd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:59.000Z",
"modified": "2016-04-27T13:26:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.90.87.208']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be23-7f98-4da5-9127-4fb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:59.000Z",
"modified": "2016-04-27T13:26:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.90.88.251']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be24-77e4-4ec9-b157-494d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:26:59.000Z",
"modified": "2016-04-27T13:26:59.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.91.156.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be24-4504-40e0-b798-4549950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:00.000Z",
"modified": "2016-04-27T13:27:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.91.180.191']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be24-dba0-438b-ab9a-441d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:00.000Z",
"modified": "2016-04-27T13:27:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.92.124.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be24-4ff0-412c-923e-45c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:00.000Z",
"modified": "2016-04-27T13:27:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.92.217.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be24-c8c0-47cb-8077-431d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:00.000Z",
"modified": "2016-04-27T13:27:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.96.253.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be24-4890-4787-8c3a-454b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:00.000Z",
"modified": "2016-04-27T13:27:00.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.97.68.141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be25-c5c0-4c4d-8547-4ac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:01.000Z",
"modified": "2016-04-27T13:27:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.98.163.199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be25-2698-4562-a0c4-4cf0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:01.000Z",
"modified": "2016-04-27T13:27:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.98.41.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be25-3ec0-4323-99a6-4f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:01.000Z",
"modified": "2016-04-27T13:27:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.99.4.238']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be25-d848-42b5-b058-4627950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:01.000Z",
"modified": "2016-04-27T13:27:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '60.243.117.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be25-2ca0-450e-9764-4d82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:01.000Z",
"modified": "2016-04-27T13:27:01.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.0.98.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be26-4ef0-4970-aada-4fcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:02.000Z",
"modified": "2016-04-27T13:27:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.1.67.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be26-c838-4ea7-8f82-4e88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:02.000Z",
"modified": "2016-04-27T13:27:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.3.125.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be26-5114-4d32-b740-4c5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:02.000Z",
"modified": "2016-04-27T13:27:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.3.142.231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be26-4c78-4f6e-b1f9-46e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:02.000Z",
"modified": "2016-04-27T13:27:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.3.72.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be26-e2cc-43be-b84b-4284950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:02.000Z",
"modified": "2016-04-27T13:27:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.99.79.196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be26-07a0-44a9-9797-44a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:02.000Z",
"modified": "2016-04-27T13:27:02.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '64.209.30.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be27-a3bc-4ea9-a7fb-4fbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:03.000Z",
"modified": "2016-04-27T13:27:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '77.159.80.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be27-2330-4727-b4f1-4a6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:03.000Z",
"modified": "2016-04-27T13:27:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '77.28.207.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be27-08d0-44ec-b9cc-4a9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:03.000Z",
"modified": "2016-04-27T13:27:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '77.85.98.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be27-b418-4439-8e5c-4a19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:03.000Z",
"modified": "2016-04-27T13:27:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.168.15.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be27-94e8-4c90-8dfb-4709950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:03.000Z",
"modified": "2016-04-27T13:27:03.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.186.179.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be28-2840-4b1d-b630-48e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:04.000Z",
"modified": "2016-04-27T13:27:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.186.193.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be28-f570-4d3e-8250-41e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:04.000Z",
"modified": "2016-04-27T13:27:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.188.4.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be28-8ab4-45cd-9e68-4143950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:04.000Z",
"modified": "2016-04-27T13:27:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.189.107.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be28-164c-4c87-99f0-411a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:04.000Z",
"modified": "2016-04-27T13:27:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.189.178.236']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be28-100c-45ad-b1bb-4a2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:04.000Z",
"modified": "2016-04-27T13:27:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.189.218.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be28-7678-4f12-8b0a-425e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:04.000Z",
"modified": "2016-04-27T13:27:04.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.98.223.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be29-8634-47e0-9aba-4c5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:05.000Z",
"modified": "2016-04-27T13:27:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.106.21.235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be29-1648-45ad-adb3-41ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:05.000Z",
"modified": "2016-04-27T13:27:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.125.182.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be29-668c-4304-86ac-4bb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:05.000Z",
"modified": "2016-04-27T13:27:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.178.45.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be29-93a8-49a6-848a-4573950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:05.000Z",
"modified": "2016-04-27T13:27:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.183.51.192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be29-cd30-4453-aa30-426c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:05.000Z",
"modified": "2016-04-27T13:27:05.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '80.14.233.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2a-c784-4c9c-b42d-4579950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:06.000Z",
"modified": "2016-04-27T13:27:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '80.191.128.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2a-ae90-4af7-9d17-478a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:06.000Z",
"modified": "2016-04-27T13:27:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '80.191.222.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2a-3764-4c1d-89e6-4d5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:06.000Z",
"modified": "2016-04-27T13:27:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '80.30.86.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2a-8060-4701-8075-4c50950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:06.000Z",
"modified": "2016-04-27T13:27:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '81.202.248.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2a-19f8-4041-ba68-47f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:06.000Z",
"modified": "2016-04-27T13:27:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '81.215.12.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2a-5c08-400f-b706-423d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:06.000Z",
"modified": "2016-04-27T13:27:06.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '81.43.126.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2b-f870-485f-a1e2-4ddb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:07.000Z",
"modified": "2016-04-27T13:27:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '82.106.226.119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2b-9928-4bfd-b4b1-4c8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:07.000Z",
"modified": "2016-04-27T13:27:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '82.155.3.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2b-006c-442c-9a60-4b6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:07.000Z",
"modified": "2016-04-27T13:27:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '82.79.116.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2b-cccc-4932-ac44-4a4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:07.000Z",
"modified": "2016-04-27T13:27:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.110.158.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2b-6648-44e3-82cf-4d07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:07.000Z",
"modified": "2016-04-27T13:27:07.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.110.197.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2c-c034-49ea-976f-4fc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:08.000Z",
"modified": "2016-04-27T13:27:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.110.213.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2c-3bb8-4f08-a9b4-4fd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:08.000Z",
"modified": "2016-04-27T13:27:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.15.229.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2c-eb94-475f-aea2-4931950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:08.000Z",
"modified": "2016-04-27T13:27:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.18.49.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2c-d4dc-4df1-9dee-4c71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:08.000Z",
"modified": "2016-04-27T13:27:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.244.110.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2c-7c8c-44de-b69a-49b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:08.000Z",
"modified": "2016-04-27T13:27:08.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.1.121.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2d-79e4-4a51-bb2e-4392950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:09.000Z",
"modified": "2016-04-27T13:27:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.78.165.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2d-8248-4671-87df-4b2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:09.000Z",
"modified": "2016-04-27T13:27:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.137.209.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2d-3f2c-429f-adbc-4ae3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:09.000Z",
"modified": "2016-04-27T13:27:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.186.209.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2d-884c-47e8-87b0-40d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:09.000Z",
"modified": "2016-04-27T13:27:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.186.237.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2d-9ad8-4204-b2e6-44a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:09.000Z",
"modified": "2016-04-27T13:27:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.241.199.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2d-e1cc-4fef-a835-4d52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:09.000Z",
"modified": "2016-04-27T13:27:09.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.73.156.127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2e-b114-4342-9c69-4e54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:10.000Z",
"modified": "2016-04-27T13:27:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.96.203.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2e-a0e4-4989-a7bc-423b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:10.000Z",
"modified": "2016-04-27T13:27:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.99.97.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2e-5398-4cbe-81f2-47d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:10.000Z",
"modified": "2016-04-27T13:27:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '86.98.1.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2e-8e3c-4e7b-8bcc-4987950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:10.000Z",
"modified": "2016-04-27T13:27:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '86.98.30.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2e-4474-4336-896a-414e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:10.000Z",
"modified": "2016-04-27T13:27:10.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.247.43.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2f-cb4c-4e17-a3ab-485e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:11.000Z",
"modified": "2016-04-27T13:27:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.250.209.129']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2f-5a60-4424-a38e-466c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:11.000Z",
"modified": "2016-04-27T13:27:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.14.51.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2f-9fb4-44a7-ae2e-4771950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:11.000Z",
"modified": "2016-04-27T13:27:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.205.89.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2f-d58c-4a47-8aa8-43df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:11.000Z",
"modified": "2016-04-27T13:27:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.211.147.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2f-bef0-46f5-8f63-4bf5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:11.000Z",
"modified": "2016-04-27T13:27:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.35.195.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be2f-0ebc-4906-a483-456b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:11.000Z",
"modified": "2016-04-27T13:27:11.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '90.165.80.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be30-98b4-47b6-86fe-44f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:12.000Z",
"modified": "2016-04-27T13:27:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '90.170.23.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be30-3e0c-4fe1-bd53-4302950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:12.000Z",
"modified": "2016-04-27T13:27:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '90.63.192.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be30-718c-4b03-9505-432b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:12.000Z",
"modified": "2016-04-27T13:27:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '90.71.226.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be30-148c-44b2-b3d1-4f5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:12.000Z",
"modified": "2016-04-27T13:27:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '91.138.209.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be30-a800-4a28-a066-466b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:12.000Z",
"modified": "2016-04-27T13:27:12.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.117.5.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be31-f894-4ed8-a44c-4972950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:13.000Z",
"modified": "2016-04-27T13:27:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.138.124.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be31-fbe4-42b6-93f6-47ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:13.000Z",
"modified": "2016-04-27T13:27:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.66.240.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be31-fc9c-4327-8b27-4ca0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:13.000Z",
"modified": "2016-04-27T13:27:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.7.7.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be31-1b0c-4191-b64d-4d44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:13.000Z",
"modified": "2016-04-27T13:27:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.89.65.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be31-ef3c-4fee-a3e0-4d62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:13.000Z",
"modified": "2016-04-27T13:27:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.183.155.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be31-a430-4b12-b60d-4f8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:13.000Z",
"modified": "2016-04-27T13:27:13.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.72.186.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be32-4ad8-472a-a75d-4f1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:14.000Z",
"modified": "2016-04-27T13:27:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.96.145.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be32-98e8-45c1-9f90-4648950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:14.000Z",
"modified": "2016-04-27T13:27:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.97.68.167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be32-54fc-468a-af1d-4bab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:14.000Z",
"modified": "2016-04-27T13:27:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.13.204.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be32-4420-4d97-96e3-4f95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:14.000Z",
"modified": "2016-04-27T13:27:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.169.205.208']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be32-8b54-4f13-aa29-41f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:14.000Z",
"modified": "2016-04-27T13:27:14.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.76.204.119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be33-1a60-49ef-a2ba-411d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:15.000Z",
"modified": "2016-04-27T13:27:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.9.145.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be33-4cc8-4946-822e-40d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:15.000Z",
"modified": "2016-04-27T13:27:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.9.185.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5720be33-9334-4e6f-b246-497c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T13:27:15.000Z",
"modified": "2016-04-27T13:27:15.000Z",
"description": "spambot (originating SMTP)",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.9.75.120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T13:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink