13208 lines
566 KiB
JSON
13208 lines
566 KiB
JSON
|
{
|
||
|
|
"type": "bundle",
|
||
|
|
"id": "bundle--56f29500-187c-4051-a321-4aba950d210f",
|
||
|
|
"objects": [
|
||
|
|
{
|
||
|
|
"type": "identity",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:26.000Z",
|
||
|
|
"name": "CIRCL",
|
||
|
|
"identity_class": "organization"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "report",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "report--56f29500-187c-4051-a321-4aba950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:26.000Z",
|
||
|
|
"name": "OSINT - Operation C-Major: Information Theft Campaign Targets Military Personnel in India",
|
||
|
|
"published": "2016-03-23T13:26:54Z",
|
||
|
|
"object_refs": [
|
||
|
|
"indicator--56f29542-7bc4-4deb-abc4-47c4950d210f",
|
||
|
|
"indicator--56f29542-d630-4eb8-a662-4421950d210f",
|
||
|
|
"indicator--56f29543-f58c-4ace-909e-4c45950d210f",
|
||
|
|
"indicator--56f29543-03d4-4b81-93df-4024950d210f",
|
||
|
|
"indicator--56f29544-3ebc-4911-af6a-4af3950d210f",
|
||
|
|
"indicator--56f29544-45ec-4167-870c-4cf3950d210f",
|
||
|
|
"indicator--56f29544-0278-48c4-8611-4c14950d210f",
|
||
|
|
"indicator--56f29544-d688-4045-818e-4d21950d210f",
|
||
|
|
"indicator--56f29545-18e4-40f1-8eeb-461b950d210f",
|
||
|
|
"indicator--56f29545-312c-4bd6-b2a5-44a3950d210f",
|
||
|
|
"indicator--56f29546-a734-45dd-9fe4-4da8950d210f",
|
||
|
|
"indicator--56f29546-1688-47d8-b753-4bfa950d210f",
|
||
|
|
"indicator--56f29546-bdd8-4440-bd29-47df950d210f",
|
||
|
|
"indicator--56f29547-ef20-472f-ab8a-461f950d210f",
|
||
|
|
"indicator--56f29547-50c8-420f-a777-434c950d210f",
|
||
|
|
"indicator--56f29547-6f3c-4780-96d4-47d5950d210f",
|
||
|
|
"indicator--56f29548-776c-47bc-864b-4b5d950d210f",
|
||
|
|
"indicator--56f29548-239c-4dff-a065-4fa5950d210f",
|
||
|
|
"indicator--56f29548-b65c-43bb-9a9f-4bfc950d210f",
|
||
|
|
"indicator--56f29549-7e2c-4f48-b678-4ca5950d210f",
|
||
|
|
"indicator--56f29549-92bc-4212-94b2-45fe950d210f",
|
||
|
|
"indicator--56f29549-10a4-4306-9eb1-4a8c950d210f",
|
||
|
|
"indicator--56f2954a-64c0-44c0-87db-4706950d210f",
|
||
|
|
"indicator--56f2954a-1eec-4d9e-936f-4cd7950d210f",
|
||
|
|
"indicator--56f2954a-56c4-4e79-a6e6-423a950d210f",
|
||
|
|
"indicator--56f2954b-7cf8-44d1-8a99-46dd950d210f",
|
||
|
|
"indicator--56f2954b-da1c-44d2-867a-4989950d210f",
|
||
|
|
"indicator--56f2954c-9588-4064-b6a8-4489950d210f",
|
||
|
|
"indicator--56f2954c-5d70-45db-9d04-4050950d210f",
|
||
|
|
"indicator--56f2954c-8af0-459e-b07a-451b950d210f",
|
||
|
|
"indicator--56f29577-b168-454a-bddc-4016950d210f",
|
||
|
|
"indicator--56f29577-35e4-4a84-8852-4bae950d210f",
|
||
|
|
"indicator--56f29577-c9c0-447a-81b1-43e8950d210f",
|
||
|
|
"indicator--56f2958b-0318-4104-a90e-4e10950d210f",
|
||
|
|
"indicator--56f2958b-8650-4d64-ae9b-46ec950d210f",
|
||
|
|
"indicator--56f295cf-a9c0-4cc7-b2d1-4ab5950d210f",
|
||
|
|
"indicator--56f295cf-5b6c-4635-be57-4ce9950d210f",
|
||
|
|
"indicator--56f295cf-87d0-4fa6-a0dd-41d0950d210f",
|
||
|
|
"indicator--56f295d0-a674-407d-83fe-4fa3950d210f",
|
||
|
|
"indicator--56f295d0-18d0-496c-b1ef-48b2950d210f",
|
||
|
|
"indicator--56f295d0-690c-4174-89a2-431e950d210f",
|
||
|
|
"indicator--56f295d1-10d0-4190-968f-4fe0950d210f",
|
||
|
|
"indicator--56f295d1-cb40-4b9c-83af-49cd950d210f",
|
||
|
|
"indicator--56f295d1-fa38-4953-a1fb-4cc0950d210f",
|
||
|
|
"indicator--56f295d1-b3f4-483e-b490-40b3950d210f",
|
||
|
|
"indicator--56f295d2-794c-4fd4-ad7c-438c950d210f",
|
||
|
|
"indicator--56f295d2-243c-4630-b826-4abf950d210f",
|
||
|
|
"indicator--56f295d2-c1dc-4a9d-a647-4a7f950d210f",
|
||
|
|
"indicator--56f295d3-ad24-485d-96cf-4d2c950d210f",
|
||
|
|
"indicator--56f295d3-d2f0-44e7-a612-4fb4950d210f",
|
||
|
|
"indicator--56f295d3-12c4-4653-86be-4c8f950d210f",
|
||
|
|
"indicator--56f295d3-d978-43d4-9240-4c6e950d210f",
|
||
|
|
"indicator--56f295d4-8e74-42cc-8139-48e3950d210f",
|
||
|
|
"indicator--56f295d4-5a3c-46f7-b6f3-4358950d210f",
|
||
|
|
"indicator--56f295d4-5d10-439d-bfef-4e48950d210f",
|
||
|
|
"indicator--56f295d5-85dc-45b3-a3bf-4a2b950d210f",
|
||
|
|
"indicator--56f295d5-7ff4-4016-b78e-4b81950d210f",
|
||
|
|
"indicator--56f295d5-4b84-415e-9064-4231950d210f",
|
||
|
|
"indicator--56f295d6-b200-49c7-a211-4820950d210f",
|
||
|
|
"indicator--56f295d6-d6d4-41b2-8db7-4e59950d210f",
|
||
|
|
"indicator--56f295d6-2420-4003-bc11-4e74950d210f",
|
||
|
|
"indicator--56f295d7-b294-4f3b-9e9e-4ff9950d210f",
|
||
|
|
"indicator--56f295d7-3ec0-4c44-abd1-4be5950d210f",
|
||
|
|
"indicator--56f295d7-382c-4c66-be13-4482950d210f",
|
||
|
|
"indicator--56f295d8-d10c-40c4-95b6-4d51950d210f",
|
||
|
|
"indicator--56f295d8-d4a4-46be-a810-4b1a950d210f",
|
||
|
|
"indicator--56f295d8-a00c-41b1-8108-42e8950d210f",
|
||
|
|
"indicator--56f295d9-8c44-4a04-89ea-48af950d210f",
|
||
|
|
"indicator--56f295d9-5080-4862-aee5-41b1950d210f",
|
||
|
|
"indicator--56f295d9-fc58-4bf0-8fd1-464f950d210f",
|
||
|
|
"indicator--56f295da-eed8-4af6-bd9b-4901950d210f",
|
||
|
|
"indicator--56f295da-a5e8-41a4-9cd1-49cb950d210f",
|
||
|
|
"indicator--56f295da-97bc-40f8-adf3-4539950d210f",
|
||
|
|
"indicator--56f295db-705c-4339-bdd7-4316950d210f",
|
||
|
|
"indicator--56f295db-67d0-470d-8bd2-4532950d210f",
|
||
|
|
"indicator--56f295dc-1a6c-4743-89ad-48b0950d210f",
|
||
|
|
"indicator--56f295dc-5b64-441b-8f96-4155950d210f",
|
||
|
|
"indicator--56f295dc-15b0-4b53-80a0-40ad950d210f",
|
||
|
|
"indicator--56f295dd-dc78-4ab7-9ea9-4a4f950d210f",
|
||
|
|
"indicator--56f295dd-36e8-43d5-9d95-42bd950d210f",
|
||
|
|
"indicator--56f295dd-0bb4-46e4-8583-4fbf950d210f",
|
||
|
|
"indicator--56f295dd-7a70-487d-8521-4716950d210f",
|
||
|
|
"indicator--56f295de-0518-45cc-9834-4cf4950d210f",
|
||
|
|
"indicator--56f295de-aee0-4110-b2b0-4313950d210f",
|
||
|
|
"indicator--56f295de-d56c-4729-9125-4455950d210f",
|
||
|
|
"indicator--56f295df-d510-479e-92f6-48a3950d210f",
|
||
|
|
"indicator--56f295df-6c30-4ef1-ae5b-4a37950d210f",
|
||
|
|
"indicator--56f295df-f884-4baa-8bcb-434b950d210f",
|
||
|
|
"indicator--56f295df-0d20-427c-a7df-4181950d210f",
|
||
|
|
"indicator--56f295e0-ebdc-4fe3-9ad3-4c9e950d210f",
|
||
|
|
"indicator--56f295e0-cc28-4d69-a12d-4fd7950d210f",
|
||
|
|
"indicator--56f295e0-d3bc-4ce4-8933-4c11950d210f",
|
||
|
|
"indicator--56f295e1-3150-4925-9c33-4926950d210f",
|
||
|
|
"indicator--56f295e1-bbf4-4ad5-9754-44d4950d210f",
|
||
|
|
"indicator--56f295e1-c6cc-4d11-b64d-47e4950d210f",
|
||
|
|
"indicator--56f295e1-a6b0-4ddb-8cc1-46fa950d210f",
|
||
|
|
"indicator--56f295e2-b358-4bb5-90cd-41d2950d210f",
|
||
|
|
"indicator--56f295e2-c938-4c26-886e-4ea3950d210f",
|
||
|
|
"indicator--56f295e2-7554-42c9-b39f-456c950d210f",
|
||
|
|
"indicator--56f295e3-ca20-4896-845a-4cf6950d210f",
|
||
|
|
"indicator--56f295e3-287c-4b24-a15c-4aba950d210f",
|
||
|
|
"indicator--56f295e3-f6cc-4faf-8ed9-4eca950d210f",
|
||
|
|
"indicator--56f295e4-4830-42a4-adb0-4c4e950d210f",
|
||
|
|
"indicator--56f295e4-bf10-4331-a66c-40ab950d210f",
|
||
|
|
"indicator--56f295e4-2dd4-4291-93cb-4048950d210f",
|
||
|
|
"indicator--56f295e4-be48-413f-87e8-41d6950d210f",
|
||
|
|
"indicator--56f29605-dcb4-45b2-956b-45f6950d210f",
|
||
|
|
"indicator--56f29605-4a94-4fb1-abdc-4001950d210f",
|
||
|
|
"indicator--56f29606-6a10-402c-85c3-4115950d210f",
|
||
|
|
"indicator--56f29606-1cac-4e2c-a3e4-4d4f950d210f",
|
||
|
|
"indicator--56f29606-a8b8-41eb-9693-4814950d210f",
|
||
|
|
"indicator--56f29607-3ebc-4045-ac82-45d3950d210f",
|
||
|
|
"indicator--56f29607-1440-48c6-a5d4-4600950d210f",
|
||
|
|
"indicator--56f29607-3748-4341-8602-4087950d210f",
|
||
|
|
"indicator--56f29608-fc9c-440c-af6a-4f6c950d210f",
|
||
|
|
"indicator--56f29608-1d68-4f04-bf1a-4f8b950d210f",
|
||
|
|
"indicator--56f29608-14d4-43ca-8563-4323950d210f",
|
||
|
|
"indicator--56f29609-2acc-4e76-ac75-47e6950d210f",
|
||
|
|
"indicator--56f29609-179c-47ce-a49c-427b950d210f",
|
||
|
|
"indicator--56f29609-9318-4cc6-a402-4fdd950d210f",
|
||
|
|
"indicator--56f2960a-20cc-41a2-b1a7-4960950d210f",
|
||
|
|
"indicator--56f2960a-b054-4f4b-8884-4c11950d210f",
|
||
|
|
"indicator--56f2960b-2298-45d3-a5f2-48d3950d210f",
|
||
|
|
"indicator--56f2960b-5da0-4bbc-8984-4a19950d210f",
|
||
|
|
"indicator--56f2960b-b524-4de6-bddd-417b950d210f",
|
||
|
|
"indicator--56f2960c-9154-4456-8b86-45ef950d210f",
|
||
|
|
"indicator--56f2960c-ee40-4fd0-aff9-4807950d210f",
|
||
|
|
"indicator--56f2960c-26a0-4f05-8478-467c950d210f",
|
||
|
|
"indicator--56f2960d-12f8-428e-bf09-441c950d210f",
|
||
|
|
"indicator--56f2960d-7238-4fb4-aff5-4733950d210f",
|
||
|
|
"indicator--56f2960d-2cd8-464b-ad78-48ce950d210f",
|
||
|
|
"indicator--56f2960e-1d40-497e-b9aa-40d8950d210f",
|
||
|
|
"indicator--56f2960e-a38c-4959-ab39-410b950d210f",
|
||
|
|
"indicator--56f2960e-18f0-47f5-9589-46b5950d210f",
|
||
|
|
"indicator--56f2960f-2f20-4257-a618-402f950d210f",
|
||
|
|
"indicator--56f2960f-af7c-4466-b720-4a12950d210f",
|
||
|
|
"indicator--56f2960f-4c30-4b69-9927-4d90950d210f",
|
||
|
|
"indicator--56f29610-5c68-4b20-8037-4450950d210f",
|
||
|
|
"indicator--56f29610-220c-4556-838d-4bd3950d210f",
|
||
|
|
"indicator--56f29610-9900-42b9-8301-4344950d210f",
|
||
|
|
"indicator--56f29611-a658-4c6b-98b7-4841950d210f",
|
||
|
|
"indicator--56f29611-6ef8-46fb-b471-41a4950d210f",
|
||
|
|
"indicator--56f29611-f4cc-40ef-9a55-4f7e950d210f",
|
||
|
|
"indicator--56f29612-8160-4470-8948-4490950d210f",
|
||
|
|
"indicator--56f29612-dc4c-4c9c-8266-4389950d210f",
|
||
|
|
"indicator--56f29637-f1d0-4657-95ec-44f2950d210f",
|
||
|
|
"indicator--56f29637-9b2c-48a4-afed-4dee950d210f",
|
||
|
|
"indicator--56f29637-026c-4069-b17c-4cbf950d210f",
|
||
|
|
"indicator--56f29638-a3c4-4ec0-8175-4ddf950d210f",
|
||
|
|
"indicator--56f29638-8ee0-480f-bcd9-4efd950d210f",
|
||
|
|
"indicator--56f29638-6c10-4691-aa6a-4ced950d210f",
|
||
|
|
"indicator--56f29639-7fc8-489a-a4f1-4872950d210f",
|
||
|
|
"indicator--56f29639-c4d8-4551-8513-4d9a950d210f",
|
||
|
|
"indicator--56f29639-ae7c-45ef-a123-4892950d210f",
|
||
|
|
"indicator--56f2963a-dff8-4861-8775-466c950d210f",
|
||
|
|
"indicator--56f2963a-dd6c-448f-a883-497b950d210f",
|
||
|
|
"indicator--56f2963b-83e0-4000-9a0d-4303950d210f",
|
||
|
|
"indicator--56f2963b-2d6c-4fa7-8c67-4329950d210f",
|
||
|
|
"indicator--56f2963b-5b40-44e3-9291-48d1950d210f",
|
||
|
|
"indicator--56f2963c-e714-48d4-b6f3-4070950d210f",
|
||
|
|
"observed-data--56f296c0-5368-4dac-98c8-4749950d210f",
|
||
|
|
"url--56f296c0-5368-4dac-98c8-4749950d210f",
|
||
|
|
"x-misp-attribute--56f296d4-f290-47f5-a886-458b950d210f",
|
||
|
|
"indicator--56f29766-4ee0-4308-8fcd-47fb02de0b81",
|
||
|
|
"indicator--56f29767-2af0-4608-91c7-473302de0b81",
|
||
|
|
"observed-data--56f29767-5688-45af-a977-4ad302de0b81",
|
||
|
|
"url--56f29767-5688-45af-a977-4ad302de0b81",
|
||
|
|
"indicator--56f29767-ef3c-47ae-9fb2-4fb202de0b81",
|
||
|
|
"indicator--56f29768-a280-4afc-afbc-434102de0b81",
|
||
|
|
"observed-data--56f29768-7c70-447c-9669-4d9b02de0b81",
|
||
|
|
"url--56f29768-7c70-447c-9669-4d9b02de0b81",
|
||
|
|
"indicator--56f29768-6100-4706-a52f-438302de0b81",
|
||
|
|
"indicator--56f29768-4334-4d27-9a38-4a1302de0b81",
|
||
|
|
"observed-data--56f29769-5774-4a14-8b38-4c9d02de0b81",
|
||
|
|
"url--56f29769-5774-4a14-8b38-4c9d02de0b81",
|
||
|
|
"indicator--56f29769-e698-41ee-b6ce-465d02de0b81",
|
||
|
|
"indicator--56f29769-e184-4eba-9802-462e02de0b81",
|
||
|
|
"observed-data--56f2976a-45c8-40f2-ab6f-4f8002de0b81",
|
||
|
|
"url--56f2976a-45c8-40f2-ab6f-4f8002de0b81",
|
||
|
|
"indicator--56f2976a-45a8-487c-8d14-412d02de0b81",
|
||
|
|
"indicator--56f2976a-1420-4f6a-af85-4fc502de0b81",
|
||
|
|
"observed-data--56f2976b-f53c-4493-8772-4b5002de0b81",
|
||
|
|
"url--56f2976b-f53c-4493-8772-4b5002de0b81",
|
||
|
|
"indicator--56f2976b-3664-4532-9657-4bb702de0b81",
|
||
|
|
"indicator--56f2976b-1738-494a-a0bf-499b02de0b81",
|
||
|
|
"observed-data--56f2976b-69d8-4e7e-9eb0-484102de0b81",
|
||
|
|
"url--56f2976b-69d8-4e7e-9eb0-484102de0b81",
|
||
|
|
"indicator--56f2976c-9924-4995-8e0a-48ae02de0b81",
|
||
|
|
"indicator--56f2976c-5898-490f-8cd0-4fb002de0b81",
|
||
|
|
"observed-data--56f2976c-d548-4402-a446-4f9c02de0b81",
|
||
|
|
"url--56f2976c-d548-4402-a446-4f9c02de0b81",
|
||
|
|
"indicator--56f2976d-4638-4178-89d7-479c02de0b81",
|
||
|
|
"indicator--56f2976d-1a2c-47ad-811e-47f002de0b81",
|
||
|
|
"observed-data--56f2976d-88d0-441c-bd32-4a9602de0b81",
|
||
|
|
"url--56f2976d-88d0-441c-bd32-4a9602de0b81",
|
||
|
|
"indicator--56f2976e-86a4-47da-9b5a-40a102de0b81",
|
||
|
|
"indicator--56f2976e-f7f4-4bf3-8574-40d602de0b81",
|
||
|
|
"observed-data--56f2976e-c8f4-403e-b09b-4fb802de0b81",
|
||
|
|
"url--56f2976e-c8f4-403e-b09b-4fb802de0b81",
|
||
|
|
"indicator--56f2976e-b7a8-4602-bd54-487402de0b81",
|
||
|
|
"indicator--56f2976f-c188-4e57-8f49-431202de0b81",
|
||
|
|
"observed-data--56f2976f-05dc-4aa1-b025-49d102de0b81",
|
||
|
|
"url--56f2976f-05dc-4aa1-b025-49d102de0b81",
|
||
|
|
"indicator--56f2976f-ce4c-487d-b7ec-41f802de0b81",
|
||
|
|
"indicator--56f29770-4054-4c3f-b598-4be202de0b81",
|
||
|
|
"observed-data--56f29770-bb10-41cd-b53c-4c4502de0b81",
|
||
|
|
"url--56f29770-bb10-41cd-b53c-4c4502de0b81",
|
||
|
|
"indicator--56f29770-12b4-416f-9d7e-4fca02de0b81",
|
||
|
|
"indicator--56f29770-a120-47d6-9ca7-455d02de0b81",
|
||
|
|
"observed-data--56f29771-faf8-4cb9-a430-446902de0b81",
|
||
|
|
"url--56f29771-faf8-4cb9-a430-446902de0b81",
|
||
|
|
"indicator--56f29771-cd08-408b-a965-412802de0b81",
|
||
|
|
"indicator--56f29771-48fc-42f1-ba73-47b002de0b81",
|
||
|
|
"observed-data--56f29772-c480-4c87-aa5d-486702de0b81",
|
||
|
|
"url--56f29772-c480-4c87-aa5d-486702de0b81",
|
||
|
|
"indicator--56f29772-c0c4-4688-897a-470d02de0b81",
|
||
|
|
"indicator--56f29772-52b0-4886-b1b6-440202de0b81",
|
||
|
|
"observed-data--56f29772-ba58-4b32-ac42-43ac02de0b81",
|
||
|
|
"url--56f29772-ba58-4b32-ac42-43ac02de0b81",
|
||
|
|
"indicator--56f29773-00b0-405e-bb4f-408902de0b81",
|
||
|
|
"indicator--56f29773-31d0-4313-816d-4abb02de0b81",
|
||
|
|
"observed-data--56f29773-17a0-4a21-953c-4aa202de0b81",
|
||
|
|
"url--56f29773-17a0-4a21-953c-4aa202de0b81",
|
||
|
|
"indicator--56f29774-4be4-49cb-928c-467e02de0b81",
|
||
|
|
"indicator--56f29774-8460-44bb-8596-4a5b02de0b81",
|
||
|
|
"observed-data--56f29774-b0a4-47a9-a384-4e1e02de0b81",
|
||
|
|
"url--56f29774-b0a4-47a9-a384-4e1e02de0b81",
|
||
|
|
"indicator--56f29775-466c-4d9a-a1c2-464b02de0b81",
|
||
|
|
"indicator--56f29775-bb8c-4663-acff-4ed302de0b81",
|
||
|
|
"observed-data--56f29775-d05c-495a-b7f3-475902de0b81",
|
||
|
|
"url--56f29775-d05c-495a-b7f3-475902de0b81",
|
||
|
|
"indicator--56f29775-41e4-44a8-aa3a-475002de0b81",
|
||
|
|
"indicator--56f29776-1e08-4f91-976a-439b02de0b81",
|
||
|
|
"observed-data--56f29776-6f0c-408f-81ba-49b302de0b81",
|
||
|
|
"url--56f29776-6f0c-408f-81ba-49b302de0b81",
|
||
|
|
"indicator--56f29776-0a38-4076-81a9-4f2a02de0b81",
|
||
|
|
"indicator--56f29777-c2e4-4f5c-9e7c-476d02de0b81",
|
||
|
|
"observed-data--56f29777-6434-41aa-b8f0-4c4c02de0b81",
|
||
|
|
"url--56f29777-6434-41aa-b8f0-4c4c02de0b81",
|
||
|
|
"indicator--56f29777-13d4-41f2-bf64-42cb02de0b81",
|
||
|
|
"indicator--56f29777-8770-4746-8d5a-45fb02de0b81",
|
||
|
|
"observed-data--56f29778-50e8-4919-bdf1-457202de0b81",
|
||
|
|
"url--56f29778-50e8-4919-bdf1-457202de0b81",
|
||
|
|
"indicator--56f29778-3bfc-4201-be60-431202de0b81",
|
||
|
|
"indicator--56f29778-394c-41f7-8470-427102de0b81",
|
||
|
|
"observed-data--56f29779-aecc-4fbf-aa52-4bc102de0b81",
|
||
|
|
"url--56f29779-aecc-4fbf-aa52-4bc102de0b81",
|
||
|
|
"indicator--56f29779-ba50-4470-8a49-415202de0b81",
|
||
|
|
"indicator--56f29779-fce4-4790-a55d-4c4902de0b81",
|
||
|
|
"observed-data--56f2977a-01c8-4611-bb4a-445d02de0b81",
|
||
|
|
"url--56f2977a-01c8-4611-bb4a-445d02de0b81",
|
||
|
|
"indicator--56f2977a-3f58-4146-b44e-4b5002de0b81",
|
||
|
|
"indicator--56f2977a-5f64-4105-853d-46ac02de0b81",
|
||
|
|
"observed-data--56f2977b-3050-4d98-ab8f-41ce02de0b81",
|
||
|
|
"url--56f2977b-3050-4d98-ab8f-41ce02de0b81",
|
||
|
|
"indicator--56f2977b-2530-4f1d-b8a9-478302de0b81",
|
||
|
|
"indicator--56f2977b-bc98-4a28-b985-42a002de0b81",
|
||
|
|
"observed-data--56f2977c-1964-4f04-ba52-43b902de0b81",
|
||
|
|
"url--56f2977c-1964-4f04-ba52-43b902de0b81",
|
||
|
|
"indicator--56f2977c-429c-4ffd-9beb-4a8a02de0b81",
|
||
|
|
"indicator--56f2977c-1118-4b3f-852f-4e5f02de0b81",
|
||
|
|
"observed-data--56f2977c-497c-4cc9-bad5-43f402de0b81",
|
||
|
|
"url--56f2977c-497c-4cc9-bad5-43f402de0b81",
|
||
|
|
"indicator--56f2977d-cf10-40c1-8ce9-4bbc02de0b81",
|
||
|
|
"indicator--56f2977d-af38-4f8a-ade3-42d202de0b81",
|
||
|
|
"observed-data--56f2977d-400c-43fc-8cb2-436502de0b81",
|
||
|
|
"url--56f2977d-400c-43fc-8cb2-436502de0b81",
|
||
|
|
"indicator--56f2977e-b1dc-42d0-a2e3-46bb02de0b81",
|
||
|
|
"indicator--56f2977e-5138-47dc-873f-487702de0b81",
|
||
|
|
"observed-data--56f2977e-c1a0-4b75-9bb2-4bfb02de0b81",
|
||
|
|
"url--56f2977e-c1a0-4b75-9bb2-4bfb02de0b81",
|
||
|
|
"indicator--56f2977e-b028-4dba-8a85-409402de0b81",
|
||
|
|
"indicator--56f2977f-efb0-4d09-bda2-49b902de0b81",
|
||
|
|
"observed-data--56f2977f-ac18-4abc-be20-482602de0b81",
|
||
|
|
"url--56f2977f-ac18-4abc-be20-482602de0b81",
|
||
|
|
"indicator--56f2977f-b36c-4699-9d93-46c902de0b81",
|
||
|
|
"indicator--56f29780-6cd8-4406-9bcc-4af202de0b81",
|
||
|
|
"observed-data--56f29780-4c78-453b-bda1-444402de0b81",
|
||
|
|
"url--56f29780-4c78-453b-bda1-444402de0b81",
|
||
|
|
"indicator--56f29780-c02c-4c71-97e6-47e402de0b81",
|
||
|
|
"indicator--56f29780-fec0-420b-8f5d-4a4002de0b81",
|
||
|
|
"observed-data--56f29781-c948-435b-9cd5-41fe02de0b81",
|
||
|
|
"url--56f29781-c948-435b-9cd5-41fe02de0b81",
|
||
|
|
"indicator--56f29781-0f80-4b76-89da-45e502de0b81",
|
||
|
|
"indicator--56f29781-6800-4ebd-b349-4ced02de0b81",
|
||
|
|
"observed-data--56f29782-2f20-4a3e-8349-4e9102de0b81",
|
||
|
|
"url--56f29782-2f20-4a3e-8349-4e9102de0b81",
|
||
|
|
"indicator--56f29782-2f4c-4754-b7df-4d3502de0b81",
|
||
|
|
"indicator--56f29782-6fc4-4f04-a628-4f6202de0b81",
|
||
|
|
"observed-data--56f29782-fe6c-4d2d-893b-40c902de0b81",
|
||
|
|
"url--56f29782-fe6c-4d2d-893b-40c902de0b81",
|
||
|
|
"indicator--56f29783-9494-4c7d-af0e-45a502de0b81",
|
||
|
|
"indicator--56f29783-b964-4fed-9fda-436202de0b81",
|
||
|
|
"observed-data--56f29783-7e6c-4570-898b-4d9b02de0b81",
|
||
|
|
"url--56f29783-7e6c-4570-898b-4d9b02de0b81",
|
||
|
|
"indicator--56f29784-053c-48ee-89bb-427702de0b81",
|
||
|
|
"indicator--56f29784-08f8-437d-b80f-4c5502de0b81",
|
||
|
|
"observed-data--56f29784-9640-49b1-9a6c-464002de0b81",
|
||
|
|
"url--56f29784-9640-49b1-9a6c-464002de0b81",
|
||
|
|
"indicator--56f29785-bedc-4d42-8ff8-427302de0b81",
|
||
|
|
"indicator--56f29785-2468-4203-a9c3-4c8602de0b81",
|
||
|
|
"observed-data--56f29785-195c-4e7a-9139-43e702de0b81",
|
||
|
|
"url--56f29785-195c-4e7a-9139-43e702de0b81",
|
||
|
|
"indicator--56f29786-67b4-402e-8383-496402de0b81",
|
||
|
|
"indicator--56f29786-29b4-4467-a088-475302de0b81",
|
||
|
|
"observed-data--56f29786-8f68-46fe-a5e9-44c502de0b81",
|
||
|
|
"url--56f29786-8f68-46fe-a5e9-44c502de0b81",
|
||
|
|
"indicator--56f29787-0adc-4153-99fa-470d02de0b81",
|
||
|
|
"indicator--56f29787-bb70-4c71-9659-4b7002de0b81",
|
||
|
|
"observed-data--56f29787-24e0-4b1e-93a6-4cf502de0b81",
|
||
|
|
"url--56f29787-24e0-4b1e-93a6-4cf502de0b81",
|
||
|
|
"indicator--56f29788-3c34-4198-b821-43f502de0b81",
|
||
|
|
"indicator--56f29788-c934-4fbf-9df1-46d702de0b81",
|
||
|
|
"observed-data--56f29788-6a4c-451e-94b5-4faa02de0b81",
|
||
|
|
"url--56f29788-6a4c-451e-94b5-4faa02de0b81",
|
||
|
|
"indicator--56f29788-575c-41e3-a259-4ef102de0b81",
|
||
|
|
"indicator--56f29789-2424-4781-80ed-4c2402de0b81",
|
||
|
|
"observed-data--56f29789-12dc-4993-ac72-4e1302de0b81",
|
||
|
|
"url--56f29789-12dc-4993-ac72-4e1302de0b81",
|
||
|
|
"indicator--56f29789-296c-4a16-8a54-462a02de0b81",
|
||
|
|
"indicator--56f2978a-da40-4568-a80c-49e902de0b81",
|
||
|
|
"observed-data--56f2978a-9b4c-458d-a8ea-4c4002de0b81",
|
||
|
|
"url--56f2978a-9b4c-458d-a8ea-4c4002de0b81",
|
||
|
|
"indicator--56f2978a-149c-4413-964e-44ac02de0b81",
|
||
|
|
"indicator--56f2978a-555c-4f82-8b8c-482b02de0b81",
|
||
|
|
"observed-data--56f2978b-e834-4170-81b4-499d02de0b81",
|
||
|
|
"url--56f2978b-e834-4170-81b4-499d02de0b81",
|
||
|
|
"indicator--56f2978b-b880-403b-9277-491d02de0b81",
|
||
|
|
"indicator--56f2978b-8700-4677-9407-4ea402de0b81",
|
||
|
|
"observed-data--56f2978c-11c8-4c36-92a6-470602de0b81",
|
||
|
|
"url--56f2978c-11c8-4c36-92a6-470602de0b81",
|
||
|
|
"indicator--56f2978c-42a4-4016-baee-484302de0b81",
|
||
|
|
"indicator--56f2978c-0ffc-41d6-b3a0-4f1902de0b81",
|
||
|
|
"observed-data--56f2978d-4248-43ca-8ca5-4e4a02de0b81",
|
||
|
|
"url--56f2978d-4248-43ca-8ca5-4e4a02de0b81",
|
||
|
|
"indicator--56f2978d-674c-4a66-822e-41f102de0b81",
|
||
|
|
"indicator--56f2978d-4edc-4f21-8599-4fa502de0b81",
|
||
|
|
"observed-data--56f2978d-5dc4-4ff3-bf9c-4f3202de0b81",
|
||
|
|
"url--56f2978d-5dc4-4ff3-bf9c-4f3202de0b81",
|
||
|
|
"indicator--56f2978e-3044-45c6-8941-463402de0b81",
|
||
|
|
"indicator--56f2978e-5dbc-4044-a7eb-447802de0b81",
|
||
|
|
"observed-data--56f2978e-d24c-494d-a550-424502de0b81",
|
||
|
|
"url--56f2978e-d24c-494d-a550-424502de0b81",
|
||
|
|
"indicator--56f2978f-69e4-41bf-8f9a-4aee02de0b81",
|
||
|
|
"indicator--56f2978f-18f4-467d-99f4-444d02de0b81",
|
||
|
|
"observed-data--56f2978f-7ec0-4e13-85d1-4c1302de0b81",
|
||
|
|
"url--56f2978f-7ec0-4e13-85d1-4c1302de0b81",
|
||
|
|
"indicator--56f2978f-8bdc-4e67-9f2a-48ff02de0b81",
|
||
|
|
"indicator--56f29790-8364-426a-bb63-401c02de0b81",
|
||
|
|
"observed-data--56f29790-2474-4a0f-b413-4c6702de0b81",
|
||
|
|
"url--56f29790-2474-4a0f-b413-4c6702de0b81",
|
||
|
|
"indicator--56f29790-0058-46da-9662-4a5e02de0b81",
|
||
|
|
"indicator--56f29791-a170-4c2c-8e64-4e6b02de0b81",
|
||
|
|
"observed-data--56f29791-c938-45b5-a3fa-48a802de0b81",
|
||
|
|
"url--56f29791-c938-45b5-a3fa-48a802de0b81",
|
||
|
|
"indicator--56f29791-f410-4afd-aaa9-471202de0b81",
|
||
|
|
"indicator--56f29792-94f0-49fc-8509-4bc702de0b81",
|
||
|
|
"observed-data--56f29792-2b60-4b36-ab9e-49bb02de0b81",
|
||
|
|
"url--56f29792-2b60-4b36-ab9e-49bb02de0b81",
|
||
|
|
"indicator--56f29792-a928-4e1e-81ab-4c9702de0b81",
|
||
|
|
"indicator--56f29792-f6d0-4c7e-8e59-4adf02de0b81",
|
||
|
|
"observed-data--56f29793-eb28-4e0b-8569-407402de0b81",
|
||
|
|
"url--56f29793-eb28-4e0b-8569-407402de0b81",
|
||
|
|
"indicator--56f29793-6060-4a81-9e17-4a0302de0b81",
|
||
|
|
"indicator--56f29793-5030-4c02-b8e3-44f202de0b81",
|
||
|
|
"observed-data--56f29794-adb4-45ab-9dd8-4b5002de0b81",
|
||
|
|
"url--56f29794-adb4-45ab-9dd8-4b5002de0b81",
|
||
|
|
"indicator--56f29794-46bc-4e03-8645-4f5602de0b81",
|
||
|
|
"indicator--56f29794-8488-40bb-aa59-493702de0b81",
|
||
|
|
"observed-data--56f29794-a8cc-4fa0-b049-4eb002de0b81",
|
||
|
|
"url--56f29794-a8cc-4fa0-b049-4eb002de0b81",
|
||
|
|
"indicator--56f29795-1178-40dd-bad6-427202de0b81",
|
||
|
|
"indicator--56f29795-96c0-4498-9f52-4b4c02de0b81",
|
||
|
|
"observed-data--56f29795-ae78-4396-be84-4cf602de0b81",
|
||
|
|
"url--56f29795-ae78-4396-be84-4cf602de0b81",
|
||
|
|
"indicator--56f29796-d980-407d-a381-4f2402de0b81",
|
||
|
|
"indicator--56f29796-0c30-4479-b91d-4f6f02de0b81",
|
||
|
|
"observed-data--56f29796-c814-4a3f-a329-493e02de0b81",
|
||
|
|
"url--56f29796-c814-4a3f-a329-493e02de0b81",
|
||
|
|
"indicator--56f29796-d744-43ba-a29d-4a6902de0b81",
|
||
|
|
"indicator--56f29797-9990-4e25-a022-4e9702de0b81",
|
||
|
|
"observed-data--56f29797-7650-4709-8be6-462602de0b81",
|
||
|
|
"url--56f29797-7650-4709-8be6-462602de0b81",
|
||
|
|
"indicator--56f29797-0c68-4390-ae06-492d02de0b81",
|
||
|
|
"indicator--56f29798-8b68-42e8-b27e-4fc202de0b81",
|
||
|
|
"observed-data--56f29798-976c-442f-8dab-442802de0b81",
|
||
|
|
"url--56f29798-976c-442f-8dab-442802de0b81",
|
||
|
|
"indicator--56f29798-f0dc-49ad-8184-429902de0b81",
|
||
|
|
"indicator--56f29798-e78c-4d2e-896d-486502de0b81",
|
||
|
|
"observed-data--56f29799-9654-4a86-a390-4e9e02de0b81",
|
||
|
|
"url--56f29799-9654-4a86-a390-4e9e02de0b81",
|
||
|
|
"indicator--56f29799-4dc8-47ef-a71d-462c02de0b81",
|
||
|
|
"indicator--56f29799-8084-4fbc-b9f1-441b02de0b81",
|
||
|
|
"observed-data--56f2979a-fd00-4592-a198-4c8802de0b81",
|
||
|
|
"url--56f2979a-fd00-4592-a198-4c8802de0b81",
|
||
|
|
"indicator--56f2979a-0a48-4377-8cab-421702de0b81",
|
||
|
|
"indicator--56f2979a-1348-4556-9740-4a3002de0b81",
|
||
|
|
"observed-data--56f2979a-6614-4bd1-b901-40be02de0b81",
|
||
|
|
"url--56f2979a-6614-4bd1-b901-40be02de0b81",
|
||
|
|
"indicator--56f2979b-2038-4743-826a-446c02de0b81",
|
||
|
|
"indicator--56f2979b-cef8-44ce-9c5e-45ed02de0b81",
|
||
|
|
"observed-data--56f2979b-e708-4fda-aeff-4e4202de0b81",
|
||
|
|
"url--56f2979b-e708-4fda-aeff-4e4202de0b81",
|
||
|
|
"indicator--56f2979c-1f74-4f77-b213-49de02de0b81",
|
||
|
|
"indicator--56f2979c-8dec-4ed0-98ed-4c8502de0b81",
|
||
|
|
"observed-data--56f2979c-c968-413c-a82a-4bec02de0b81",
|
||
|
|
"url--56f2979c-c968-413c-a82a-4bec02de0b81",
|
||
|
|
"indicator--56f2979d-d008-4127-b8b0-464102de0b81",
|
||
|
|
"indicator--56f2979d-afe0-4c73-9a79-4d7a02de0b81",
|
||
|
|
"observed-data--56f2979d-683c-414e-a59e-4be302de0b81",
|
||
|
|
"url--56f2979d-683c-414e-a59e-4be302de0b81",
|
||
|
|
"indicator--56f2979d-0bfc-4a20-be22-486d02de0b81",
|
||
|
|
"indicator--56f2979e-1bd0-45cd-a980-4e4002de0b81",
|
||
|
|
"observed-data--56f2979e-d278-4313-b284-417402de0b81",
|
||
|
|
"url--56f2979e-d278-4313-b284-417402de0b81",
|
||
|
|
"indicator--56f2979e-0f60-4931-9894-4eae02de0b81",
|
||
|
|
"indicator--56f2979f-fd04-47eb-94c9-43d402de0b81",
|
||
|
|
"observed-data--56f2979f-0494-4c9c-8035-4bbd02de0b81",
|
||
|
|
"url--56f2979f-0494-4c9c-8035-4bbd02de0b81",
|
||
|
|
"indicator--56f2979f-6e54-4f19-96da-4c2402de0b81",
|
||
|
|
"indicator--56f2979f-6730-4e0f-ac37-4c7402de0b81",
|
||
|
|
"observed-data--56f297a0-92e8-4b3c-b531-45ed02de0b81",
|
||
|
|
"url--56f297a0-92e8-4b3c-b531-45ed02de0b81",
|
||
|
|
"indicator--56f297a0-ccd8-4197-98a3-4a3002de0b81",
|
||
|
|
"indicator--56f297a0-ff28-4331-b323-410c02de0b81",
|
||
|
|
"observed-data--56f297a1-8bac-4938-844c-49ce02de0b81",
|
||
|
|
"url--56f297a1-8bac-4938-844c-49ce02de0b81",
|
||
|
|
"indicator--56f297a1-8674-49be-95d3-4a5c02de0b81",
|
||
|
|
"indicator--56f297a1-7058-4acc-8c34-477d02de0b81",
|
||
|
|
"observed-data--56f297a1-1d0c-49dd-801f-4a5f02de0b81",
|
||
|
|
"url--56f297a1-1d0c-49dd-801f-4a5f02de0b81",
|
||
|
|
"indicator--56f297a2-32f4-4590-a0c7-443402de0b81",
|
||
|
|
"indicator--56f297a2-72f8-4e7f-812e-458302de0b81",
|
||
|
|
"observed-data--56f297a2-1808-49bb-a464-4c9402de0b81",
|
||
|
|
"url--56f297a2-1808-49bb-a464-4c9402de0b81",
|
||
|
|
"indicator--56f297a3-a904-467c-9614-465202de0b81",
|
||
|
|
"indicator--56f297a3-b94c-4a18-aa68-435602de0b81",
|
||
|
|
"observed-data--56f297a3-1ee4-470f-a795-492a02de0b81",
|
||
|
|
"url--56f297a3-1ee4-470f-a795-492a02de0b81",
|
||
|
|
"indicator--56f297a4-d07c-4555-ba18-415102de0b81",
|
||
|
|
"indicator--56f297a4-db3c-47ed-9d79-4e5d02de0b81",
|
||
|
|
"observed-data--56f297a4-2ae0-4f58-a051-49e402de0b81",
|
||
|
|
"url--56f297a4-2ae0-4f58-a051-49e402de0b81",
|
||
|
|
"indicator--56f297a4-4fa0-46f8-8c5e-422d02de0b81",
|
||
|
|
"indicator--56f297a5-1a7c-4cb6-a866-413402de0b81",
|
||
|
|
"observed-data--56f297a5-5c50-46b6-a17b-485102de0b81",
|
||
|
|
"url--56f297a5-5c50-46b6-a17b-485102de0b81",
|
||
|
|
"indicator--56f297a5-1848-45f5-ab50-4beb02de0b81",
|
||
|
|
"indicator--56f297a6-49c8-4cb5-94c9-4f8002de0b81",
|
||
|
|
"observed-data--56f297a6-f058-4644-9ea0-4c5102de0b81",
|
||
|
|
"url--56f297a6-f058-4644-9ea0-4c5102de0b81",
|
||
|
|
"indicator--56f297a6-e2a4-4b0c-a200-49f402de0b81",
|
||
|
|
"indicator--56f297a6-e828-470a-ac3b-439e02de0b81",
|
||
|
|
"observed-data--56f297a7-695c-4cde-8da9-437802de0b81",
|
||
|
|
"url--56f297a7-695c-4cde-8da9-437802de0b81",
|
||
|
|
"indicator--56f297a7-5f2c-4a53-b6a3-402702de0b81",
|
||
|
|
"indicator--56f297a7-8efc-4741-b43c-404a02de0b81",
|
||
|
|
"observed-data--56f297a8-3d78-469a-85e1-448e02de0b81",
|
||
|
|
"url--56f297a8-3d78-469a-85e1-448e02de0b81",
|
||
|
|
"indicator--56f297a8-3da8-46a3-a6c2-4eb002de0b81",
|
||
|
|
"indicator--56f297a8-b450-407a-a3e8-45c702de0b81",
|
||
|
|
"observed-data--56f297a8-d490-4a54-8862-418a02de0b81",
|
||
|
|
"url--56f297a8-d490-4a54-8862-418a02de0b81",
|
||
|
|
"indicator--56f297a9-6e04-4212-b027-421802de0b81",
|
||
|
|
"indicator--56f297a9-8b74-41fb-b858-433a02de0b81",
|
||
|
|
"observed-data--56f297a9-43bc-4640-a96e-44a502de0b81",
|
||
|
|
"url--56f297a9-43bc-4640-a96e-44a502de0b81",
|
||
|
|
"indicator--56f297aa-a904-4a2b-8850-4f6002de0b81",
|
||
|
|
"indicator--56f297aa-6d84-45be-a640-487302de0b81",
|
||
|
|
"observed-data--56f297aa-7498-4b27-b8c1-409f02de0b81",
|
||
|
|
"url--56f297aa-7498-4b27-b8c1-409f02de0b81",
|
||
|
|
"indicator--56f297aa-917c-4d40-a18c-413502de0b81",
|
||
|
|
"indicator--56f297ab-e840-4e69-b2ba-480f02de0b81",
|
||
|
|
"observed-data--56f297ab-0af0-46b2-b0c7-405d02de0b81",
|
||
|
|
"url--56f297ab-0af0-46b2-b0c7-405d02de0b81",
|
||
|
|
"indicator--56f297ab-e144-4108-b7ac-433602de0b81",
|
||
|
|
"indicator--56f297ac-1c0c-40a0-8de6-454f02de0b81",
|
||
|
|
"observed-data--56f297ac-91b4-47c0-b8b8-428502de0b81",
|
||
|
|
"url--56f297ac-91b4-47c0-b8b8-428502de0b81",
|
||
|
|
"indicator--56f297ac-a73c-4c67-902c-494202de0b81",
|
||
|
|
"indicator--56f297ad-ae80-49a2-9250-45dc02de0b81",
|
||
|
|
"observed-data--56f297ad-00b0-4713-8916-4eb202de0b81",
|
||
|
|
"url--56f297ad-00b0-4713-8916-4eb202de0b81",
|
||
|
|
"indicator--56f297ad-2a60-4546-9534-4b9302de0b81",
|
||
|
|
"indicator--56f297ad-b0d8-4ef9-8836-480c02de0b81",
|
||
|
|
"observed-data--56f297ae-cae8-4d23-8706-47d202de0b81",
|
||
|
|
"url--56f297ae-cae8-4d23-8706-47d202de0b81",
|
||
|
|
"indicator--56f297ae-1808-45c5-9cc6-408102de0b81",
|
||
|
|
"indicator--56f297ae-2f18-4caa-807f-4a3102de0b81",
|
||
|
|
"observed-data--56f297af-1474-495e-b5b6-408602de0b81",
|
||
|
|
"url--56f297af-1474-495e-b5b6-408602de0b81",
|
||
|
|
"indicator--56f297af-3858-49fa-93df-458502de0b81",
|
||
|
|
"indicator--56f297af-111c-4090-85bd-43fd02de0b81",
|
||
|
|
"observed-data--56f297af-4ab0-4498-b57f-40ed02de0b81",
|
||
|
|
"url--56f297af-4ab0-4498-b57f-40ed02de0b81",
|
||
|
|
"indicator--56f297b0-ce38-442b-8cd2-411e02de0b81",
|
||
|
|
"indicator--56f297b0-f680-4533-91e4-496e02de0b81",
|
||
|
|
"observed-data--56f297b0-f56c-471c-bd7a-4e2f02de0b81",
|
||
|
|
"url--56f297b0-f56c-471c-bd7a-4e2f02de0b81",
|
||
|
|
"indicator--56f297b1-5030-4f72-a9d1-4db602de0b81",
|
||
|
|
"indicator--56f297b1-5464-40fc-ba11-483f02de0b81",
|
||
|
|
"observed-data--56f297b1-7e2c-4d8a-868e-469c02de0b81",
|
||
|
|
"url--56f297b1-7e2c-4d8a-868e-469c02de0b81",
|
||
|
|
"indicator--56f297b1-aa98-477e-bb85-49be02de0b81",
|
||
|
|
"indicator--56f297b2-83dc-4f93-b60d-42fd02de0b81",
|
||
|
|
"observed-data--56f297b2-3858-4663-b2ba-424c02de0b81",
|
||
|
|
"url--56f297b2-3858-4663-b2ba-424c02de0b81",
|
||
|
|
"indicator--56f297b2-7868-4fcb-8bc2-48e702de0b81",
|
||
|
|
"indicator--56f297b3-9be4-48c3-a4a1-4d9202de0b81",
|
||
|
|
"observed-data--56f297b3-ede4-450b-88c7-418b02de0b81",
|
||
|
|
"url--56f297b3-ede4-450b-88c7-418b02de0b81",
|
||
|
|
"indicator--56f297b3-e244-46a8-908d-4c6902de0b81",
|
||
|
|
"indicator--56f297b3-5c4c-4109-bf37-435602de0b81",
|
||
|
|
"observed-data--56f297b4-f27c-4198-b6f4-405302de0b81",
|
||
|
|
"url--56f297b4-f27c-4198-b6f4-405302de0b81",
|
||
|
|
"indicator--56f297b4-1cd4-4027-a86a-49cd02de0b81",
|
||
|
|
"indicator--56f297b4-6920-407e-80eb-4c4402de0b81",
|
||
|
|
"observed-data--56f297b5-aee0-4d88-bc6b-4ad702de0b81",
|
||
|
|
"url--56f297b5-aee0-4d88-bc6b-4ad702de0b81",
|
||
|
|
"indicator--56f297b5-98e0-475c-88e9-42af02de0b81",
|
||
|
|
"indicator--56f297b5-e2a4-4e45-9514-437302de0b81",
|
||
|
|
"observed-data--56f297b5-f0d4-4f23-8e04-4c8e02de0b81",
|
||
|
|
"url--56f297b5-f0d4-4f23-8e04-4c8e02de0b81",
|
||
|
|
"indicator--56f297b6-bd5c-462c-817d-4cb902de0b81",
|
||
|
|
"indicator--56f297b6-3c18-4814-8019-43f402de0b81",
|
||
|
|
"observed-data--56f297b6-9b88-43c7-8f3c-41b502de0b81",
|
||
|
|
"url--56f297b6-9b88-43c7-8f3c-41b502de0b81",
|
||
|
|
"indicator--56f297b7-afa4-44aa-b4dc-40c902de0b81",
|
||
|
|
"indicator--56f297b7-58c4-4da6-8908-4bec02de0b81",
|
||
|
|
"observed-data--56f297b7-78bc-446b-b2e1-4e9602de0b81",
|
||
|
|
"url--56f297b7-78bc-446b-b2e1-4e9602de0b81",
|
||
|
|
"indicator--56f297b7-8ee4-4918-9f13-45dc02de0b81",
|
||
|
|
"indicator--56f297b8-814c-478d-b531-4c4b02de0b81",
|
||
|
|
"observed-data--56f297b8-0ca4-4219-94de-479402de0b81",
|
||
|
|
"url--56f297b8-0ca4-4219-94de-479402de0b81",
|
||
|
|
"indicator--56f297b8-ff08-4790-83f7-482102de0b81",
|
||
|
|
"indicator--56f297b9-2918-4176-9677-42ff02de0b81",
|
||
|
|
"observed-data--56f297b9-1c4c-4ab0-9794-481802de0b81",
|
||
|
|
"url--56f297b9-1c4c-4ab0-9794-481802de0b81",
|
||
|
|
"indicator--56f297b9-3a44-4242-82d3-486602de0b81",
|
||
|
|
"indicator--56f297ba-4c78-4831-85cf-4b8902de0b81",
|
||
|
|
"observed-data--56f297ba-8e50-47ee-9cc1-455e02de0b81",
|
||
|
|
"url--56f297ba-8e50-47ee-9cc1-455e02de0b81",
|
||
|
|
"indicator--56f297ba-9f34-4035-8800-446b02de0b81",
|
||
|
|
"indicator--56f297ba-a298-4b24-bea2-4dd002de0b81",
|
||
|
|
"observed-data--56f297bb-ee48-4def-bc8e-417902de0b81",
|
||
|
|
"url--56f297bb-ee48-4def-bc8e-417902de0b81",
|
||
|
|
"indicator--56f297bb-5ec8-4305-b068-416e02de0b81",
|
||
|
|
"indicator--56f297bb-09a0-4556-bdda-498402de0b81",
|
||
|
|
"observed-data--56f297bc-92e4-401e-b9f7-4ee502de0b81",
|
||
|
|
"url--56f297bc-92e4-401e-b9f7-4ee502de0b81",
|
||
|
|
"indicator--56f297bc-9078-45c7-b583-4cc802de0b81",
|
||
|
|
"indicator--56f297bc-879c-40ed-a908-498702de0b81",
|
||
|
|
"observed-data--56f297bc-95dc-461d-9d40-45ed02de0b81",
|
||
|
|
"url--56f297bc-95dc-461d-9d40-45ed02de0b81",
|
||
|
|
"indicator--56f297bd-fde0-4304-9083-442502de0b81",
|
||
|
|
"indicator--56f297bd-e810-4d7f-9e25-49c402de0b81",
|
||
|
|
"observed-data--56f297bd-2618-4426-add9-4cfc02de0b81",
|
||
|
|
"url--56f297bd-2618-4426-add9-4cfc02de0b81",
|
||
|
|
"indicator--56f297be-c9bc-48e1-8bc5-425802de0b81",
|
||
|
|
"indicator--56f297be-37e8-4e05-b385-401502de0b81",
|
||
|
|
"observed-data--56f297be-97e8-499d-a9bc-465202de0b81",
|
||
|
|
"url--56f297be-97e8-499d-a9bc-465202de0b81",
|
||
|
|
"indicator--56f297be-7c2c-481a-99a8-460b02de0b81",
|
||
|
|
"indicator--56f297bf-725c-476f-9c5a-441202de0b81",
|
||
|
|
"observed-data--56f297bf-6224-43a3-a26b-4f6502de0b81",
|
||
|
|
"url--56f297bf-6224-43a3-a26b-4f6502de0b81",
|
||
|
|
"indicator--56f297bf-6bf8-4e60-b081-495602de0b81",
|
||
|
|
"indicator--56f297c0-94b8-4c46-80c7-43c302de0b81",
|
||
|
|
"observed-data--56f297c0-a02c-43c3-aa14-431902de0b81",
|
||
|
|
"url--56f297c0-a02c-43c3-aa14-431902de0b81",
|
||
|
|
"indicator--56f297c0-8438-4e1e-a532-457a02de0b81",
|
||
|
|
"indicator--56f297c0-49a8-4887-9113-4d9202de0b81",
|
||
|
|
"observed-data--56f297c1-56bc-40fb-a699-42d802de0b81",
|
||
|
|
"url--56f297c1-56bc-40fb-a699-42d802de0b81",
|
||
|
|
"indicator--56f297c1-5d60-4a08-a366-4e9402de0b81",
|
||
|
|
"indicator--56f297c1-bffc-4dcc-8035-46c002de0b81",
|
||
|
|
"observed-data--56f297c2-c7c8-4851-860d-4d9602de0b81",
|
||
|
|
"url--56f297c2-c7c8-4851-860d-4d9602de0b81",
|
||
|
|
"indicator--56f297c2-2de0-43ca-9e3d-48ff02de0b81",
|
||
|
|
"indicator--56f297c2-9188-42f4-b593-4a7302de0b81",
|
||
|
|
"observed-data--56f297c3-c784-4143-b641-48f202de0b81",
|
||
|
|
"url--56f297c3-c784-4143-b641-48f202de0b81",
|
||
|
|
"indicator--56f297c3-9630-4ff6-848b-4eba02de0b81",
|
||
|
|
"indicator--56f297c3-00a0-490a-aa74-4dd302de0b81",
|
||
|
|
"observed-data--56f297c3-9144-41af-bedb-446e02de0b81",
|
||
|
|
"url--56f297c3-9144-41af-bedb-446e02de0b81",
|
||
|
|
"indicator--56f297c4-b864-4768-852d-4d6102de0b81",
|
||
|
|
"indicator--56f297c4-497c-4a4a-a9b8-42f302de0b81",
|
||
|
|
"observed-data--56f297c4-d560-4231-97d8-4a7102de0b81",
|
||
|
|
"url--56f297c4-d560-4231-97d8-4a7102de0b81",
|
||
|
|
"indicator--56f297c5-c3d4-4d0f-bc57-4ba402de0b81",
|
||
|
|
"indicator--56f297c5-873c-4ee6-b6bd-49bc02de0b81",
|
||
|
|
"observed-data--56f297c5-3390-4162-988d-4de502de0b81",
|
||
|
|
"url--56f297c5-3390-4162-988d-4de502de0b81",
|
||
|
|
"indicator--56f297c5-bb48-4cb5-ac34-4a8102de0b81",
|
||
|
|
"indicator--56f297c6-7c18-4c44-8011-424902de0b81",
|
||
|
|
"observed-data--56f297c6-eaa0-4008-8eca-47a802de0b81",
|
||
|
|
"url--56f297c6-eaa0-4008-8eca-47a802de0b81",
|
||
|
|
"indicator--56f297c6-6b08-4c33-9560-41c602de0b81",
|
||
|
|
"indicator--56f297c7-0488-45e8-99d0-413502de0b81",
|
||
|
|
"observed-data--56f297c7-7de4-4c31-aa58-4f9f02de0b81",
|
||
|
|
"url--56f297c7-7de4-4c31-aa58-4f9f02de0b81",
|
||
|
|
"indicator--56f297c7-7614-478a-806f-45a302de0b81",
|
||
|
|
"indicator--56f297c7-6afc-4b6b-a59b-42ab02de0b81",
|
||
|
|
"observed-data--56f297c8-5140-46d8-a64e-406f02de0b81",
|
||
|
|
"url--56f297c8-5140-46d8-a64e-406f02de0b81",
|
||
|
|
"indicator--56f297c8-d6d4-433f-96a6-45dc02de0b81",
|
||
|
|
"indicator--56f297c8-f4d0-4b7d-8cc0-464702de0b81",
|
||
|
|
"observed-data--56f297c9-3690-4ae9-98f9-4ee102de0b81",
|
||
|
|
"url--56f297c9-3690-4ae9-98f9-4ee102de0b81",
|
||
|
|
"indicator--56f297c9-15a4-4a0b-a427-4c4402de0b81",
|
||
|
|
"indicator--56f297c9-b2f8-49cf-9507-49c602de0b81",
|
||
|
|
"observed-data--56f297c9-9530-409e-a4f0-474202de0b81",
|
||
|
|
"url--56f297c9-9530-409e-a4f0-474202de0b81",
|
||
|
|
"indicator--56f297ca-ae5c-4f0d-a5af-4b2302de0b81",
|
||
|
|
"indicator--56f297ca-d240-4261-b413-425102de0b81",
|
||
|
|
"observed-data--56f297ca-2914-4020-9a39-46fd02de0b81",
|
||
|
|
"url--56f297ca-2914-4020-9a39-46fd02de0b81",
|
||
|
|
"indicator--56f297cb-f9d8-43b2-810d-454b02de0b81",
|
||
|
|
"indicator--56f297cb-8da8-4d32-9496-495302de0b81",
|
||
|
|
"observed-data--56f297cb-ca70-42ba-9cfe-4e9a02de0b81",
|
||
|
|
"url--56f297cb-ca70-42ba-9cfe-4e9a02de0b81",
|
||
|
|
"indicator--56f297cc-e728-4ec3-8fb2-4ef402de0b81",
|
||
|
|
"indicator--56f297cc-7e28-4cac-bed9-451402de0b81",
|
||
|
|
"observed-data--56f297cc-9f04-4a04-b948-49b102de0b81",
|
||
|
|
"url--56f297cc-9f04-4a04-b948-49b102de0b81",
|
||
|
|
"indicator--56f297cc-de44-4639-a540-4fe002de0b81",
|
||
|
|
"indicator--56f297cd-8cd8-43ee-99d0-4d0302de0b81",
|
||
|
|
"observed-data--56f297cd-1b1c-4a61-a4c0-4f5602de0b81",
|
||
|
|
"url--56f297cd-1b1c-4a61-a4c0-4f5602de0b81",
|
||
|
|
"indicator--56f297cd-4720-47bd-858d-487202de0b81",
|
||
|
|
"indicator--56f297ce-f4e4-4daf-9212-440202de0b81",
|
||
|
|
"observed-data--56f297ce-7c7c-41f2-b07b-476c02de0b81",
|
||
|
|
"url--56f297ce-7c7c-41f2-b07b-476c02de0b81",
|
||
|
|
"indicator--56f297ce-1f4c-4a05-94d6-4b1e02de0b81",
|
||
|
|
"indicator--56f297ce-d804-4a53-b7b2-464c02de0b81",
|
||
|
|
"observed-data--56f297cf-0938-4729-88d5-4e2202de0b81",
|
||
|
|
"url--56f297cf-0938-4729-88d5-4e2202de0b81",
|
||
|
|
"indicator--56f297cf-9a2c-4e98-a262-441202de0b81",
|
||
|
|
"indicator--56f297cf-37b4-43ac-889c-453402de0b81",
|
||
|
|
"observed-data--56f297d0-067c-4365-b09c-476102de0b81",
|
||
|
|
"url--56f297d0-067c-4365-b09c-476102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"Threat-Report",
|
||
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
|
"type:OSINT"
|
||
|
|
],
|
||
|
|
"object_marking_refs": [
|
||
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29542-7bc4-4deb-abc4-47c4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:18.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:18.000Z",
|
||
|
|
"description": "On port 5552",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.101.23.190']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29542-d630-4eb8-a662-4421950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:18.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:18.000Z",
|
||
|
|
"description": "On port 10000",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.164.131.58']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29543-f58c-4ace-909e-4c45950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:19.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:19.000Z",
|
||
|
|
"description": "On port 9990",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.37.152.28']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29543-03d4-4b81-93df-4024950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:19.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:19.000Z",
|
||
|
|
"description": "On port 10101",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.136.64.119']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29544-3ebc-4911-af6a-4af3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:20.000Z",
|
||
|
|
"description": "On port 10001",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.136.87.122']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29544-45ec-4167-870c-4cf3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:20.000Z",
|
||
|
|
"description": "On port 1453",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.137.8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29544-0278-48c4-8611-4c14950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:20.000Z",
|
||
|
|
"description": "On port 11114",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.143.225']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29544-d688-4045-818e-4d21950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:20.000Z",
|
||
|
|
"description": "On port 12200",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.152.147']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29545-18e4-40f1-8eeb-461b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:21.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:21.000Z",
|
||
|
|
"description": "On port 7866",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.167.23']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:21Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29545-312c-4bd6-b2a5-44a3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:21.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:21.000Z",
|
||
|
|
"description": "On port 12010",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.167.65']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:21Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29546-a734-45dd-9fe4-4da8950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:22.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:22.000Z",
|
||
|
|
"description": "On port 10000",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.241.221.109']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:22Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29546-1688-47d8-b753-4bfa950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:22.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:22.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[domain-name:value = 'afgcloud7.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:22Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"domain\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29546-bdd8-4440-bd29-47df950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:22.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:22.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[domain-name:value = 'attachment.biz']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:22Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"domain\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29547-ef20-472f-ab8a-461f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:23.000Z",
|
||
|
|
"description": "On port 10110",
|
||
|
|
"pattern": "[domain-name:value = 'bhai1.ddns.net']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"hostname\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29547-50c8-420f-a777-434c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:23.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://bbmsync2727.com/upd/ss1.dll']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29547-6f3c-4780-96d4-47d5950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:23.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/bbm/bbm.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29548-776c-47bc-864b-4b5d950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:24.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/bzu/ordc.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29548-239c-4dff-a065-4fa5950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:24.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/cum/orc.crm']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29548-b65c-43bb-9a9f-4bfc950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:24.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/cum/ordd.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29549-7e2c-4f48-b678-4ca5950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:25.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/ord/bb1j.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29549-92bc-4212-94b2-45fe950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:25.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/ord/dc1j.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29549-10a4-4306-9eb1-4a8c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:25.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/patch2/perfect.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954a-64c0-44c0-87db-4706950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:26.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/sms/bbms.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954a-1eec-4d9e-936f-4cd7950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:26.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://ordering-checks.com/sms/ordapr.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954a-56c4-4e79-a6e6-423a950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:26.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'http://thefriendsmedia.com/est/controller.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954b-7cf8-44d1-8a99-46dd950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:27.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[domain-name:value = 'hussainibuilder.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"domain\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954b-da1c-44d2-867a-4989950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:27.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[domain-name:value = 'knockknock-jokes.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"domain\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954c-9588-4064-b6a8-4489950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:28.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'ordering-checks.com/bzu/ordc.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954c-5d70-45db-9d04-4050950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:28.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[url:value = 'ordering-checks.com/bzu/ss.exe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"url\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2954c-8af0-459e-b07a-451b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:08:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:08:28.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[domain-name:value = 'pradahandbagsshoes.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:08:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"domain\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29577-b168-454a-bddc-4016950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:09:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:09:11.000Z",
|
||
|
|
"description": "On port 4782",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.10.136.96']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:09:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29577-35e4-4a84-8852-4bae950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:09:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:09:11.000Z",
|
||
|
|
"description": "On port 7861",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.238.228.113']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:09:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29577-c9c0-447a-81b1-43e8950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:09:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:09:11.000Z",
|
||
|
|
"description": "On port 52399",
|
||
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.238.235.143']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:09:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Network activity"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst\"",
|
||
|
|
"misp:category=\"Network activity\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2958b-0318-4104-a90e-4e10950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:09:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:09:31.000Z",
|
||
|
|
"description": "Android sample hashes",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0441109fe1408d412e8cb61362c8169981156a29']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:09:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2958b-8650-4d64-ae9b-46ec950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:09:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:09:31.000Z",
|
||
|
|
"description": "Android sample hashes",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '9288811c9747d151eab4ec708b368fc6cc4e2cb5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:09:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295cf-a9c0-4cc7-b2d1-4ab5950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:39.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0007a5cbdfcda9175635bd1b30e5d3a8683bdcb6']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295cf-5b6c-4635-be57-4ce9950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:39.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0306d2ba75656cefc171edf4ab2495f7d79407c3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295cf-87d0-4fa6-a0dd-41d0950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:39.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '038f970e9292c921c2a97fe4f80a2213b7b624d7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d0-a674-407d-83fe-4fa3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:40.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '03b10fd1a78b7bd1dc64042991f1ebaf38fee7f6']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d0-18d0-496c-b1ef-48b2950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:40.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '08a93ca86a8770f5d971e78d018628428052292a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d0-690c-4174-89a2-431e950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:40.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '08e25cc3674d9b5cead2c883132b7f8996f7bf10']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d1-10d0-4190-968f-4fe0950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0bebfcdb6f23b7bb749633068e176c35a72768cc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d1-cb40-4b9c-83af-49cd950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0cff5cc4c46e148d3d8c93d11c459f7ede3a854c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d1-fa38-4953-a1fb-4cc0950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0edc71cc01ec8d16aeddf0c807bb696966c83266']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d1-b3f4-483e-b490-40b3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0efbc946db0d865aa443eba0f00333efab20ba06']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d2-794c-4fd4-ad7c-438c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:42.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '0f570eabe749b05d59cb2eca9dcef81ad9b044bc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d2-243c-4630-b826-4abf950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:42.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '12fef517621b28f94dadb7d45fc2a4731909aaab']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d2-c1dc-4a9d-a647-4a7f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:42.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '13d59ec2aa935f80342b5bccc9d1bf447948feff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d3-ad24-485d-96cf-4d2c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '1421c353bfba53249fcbf0504b8580095cdd7e86']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d3-d2f0-44e7-a612-4fb4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '156a22ae48bf7b0e6ae604cec30eb793cf3a1e35']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d3-12c4-4653-86be-4c8f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '1ac9991fb65dd30d9a085046da27c04ce1cf6948']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d3-d978-43d4-9240-4c6e950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '1bf850ec4dacd43323e75be040ee6bc7a3d05fe9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d4-8e74-42cc-8139-48e3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:44.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '1c104d02048ad62224e0f725cee1becfb75d4976']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d4-5a3c-46f7-b6f3-4358950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:44.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '1ff42d996489812602d65f9eb7433c8018b17acc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d4-5d10-439d-bfef-4e48950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:44.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '20bd67010fe69f56bdb00667100a0c1bc1e7c906']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d5-85dc-45b3-a3bf-4a2b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:45.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '2114d6763cb93ac34d6bd773c2ab261e2510deba']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d5-7ff4-4016-b78e-4b81950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:45.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '23dcec87435af17e695c8612f1453d38950bc61d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d5-4b84-415e-9064-4231950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:45.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '2504320598b8e603f46936037491111718907e98']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d6-b200-49c7-a211-4820950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:46.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '27385b5fdfab1fd83dcac32750879ff4c2f82797']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d6-d6d4-41b2-8db7-4e59950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:46.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '281ebc259e96531d4512b5ee9c5d4dc646feda2c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d6-2420-4003-bc11-4e74950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:46.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '2873f5215cd6e62b4b0a12861fce64685e557fdf']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d7-b294-4f3b-9e9e-4ff9950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:47.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '28f9a68807b06b1464d7663eb6164969142959c9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d7-3ec0-4c44-abd1-4be5950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:47.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '2d97f9f42aeafdae2cceb79d538e5036b8e5bbff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d7-382c-4c66-be13-4482950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:47.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '2f5c5627ae45f1244927aa02a3bf4a0b81d312de']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d8-d10c-40c4-95b6-4d51950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:48.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '313049a0594f50b0015a06b44703d903ad36bc68']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d8-d4a4-46be-a810-4b1a950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:48.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '32a0618dde949902a02cf39c59b609c31d976ffe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d8-a00c-41b1-8108-42e8950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:48.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '340a13547cef341ee99e5d2bc49a0e850310b6e3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d9-8c44-4a04-89ea-48af950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:49.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '349f6ad58fdb5708abd97fd39a338ebbe0818a74']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d9-5080-4862-aee5-41b1950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:49.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '3abd37f20fa74462f4e49d24b38e33889da22a63']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295d9-fc58-4bf0-8fd1-464f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:49.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '3b3866ab32843d6a717fee0be718fbfb7b5eff67']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295da-eed8-4af6-bd9b-4901950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:50.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '3cc931db58298134cbaec5dfd0c8030447b673d7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295da-a5e8-41a4-9cd1-49cb950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:50.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '3d44cf9a814e57ded1590b008d1e9b28545f6bc3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295da-97bc-40f8-adf3-4539950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:50.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '40fd6d368bce6dcf6a933c6494d74f01a07587af']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295db-705c-4339-bdd7-4316950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:51.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4336f402037d48321331c89c2848f971a6838ffb']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295db-67d0-470d-8bd2-4532950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:51.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4382d38acfd62bddd6858393b3d47cecde7e3d6e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dc-1a6c-4743-89ad-48b0950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:51.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '43b836a3293c41bf45906fb1eefd09d8a1a9ed87']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dc-5b64-441b-8f96-4155950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:52.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '44ffd554b2a4ece3b0283bd5674434e09f8bfbbc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dc-15b0-4b53-80a0-40ad950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:52.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4796aa0b2415f127feef35bfe183c5297f291e50']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dd-dc78-4ab7-9ea9-4a4f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:53.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4909a5c48c1d2684b830567e18bfcba8d05a267f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dd-36e8-43d5-9d95-42bd950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:53.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4aae973372d5eeaff5b1b1b9f53ed5cd2d3ea15e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dd-0bb4-46e4-8583-4fbf950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:53.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4ad5ded6f7ebb033c8c854700e329eec5ccb0f0f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295dd-7a70-487d-8521-4716950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:53.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4af62f9021e86e30be1bc31c2113e0c1e019aa14']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295de-0518-45cc-9834-4cf4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:54.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '4fe5eb02299fbbca4157e6e8b414f8a575a465d0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295de-aee0-4110-b2b0-4313950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:54.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '58b7cdbf101fe762d34fa21a61b5896e6eb15b6f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295de-d56c-4729-9125-4455950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:54.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '591d8dcea6ec8c65f0c3140abec7ff63a90cdd11']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295df-d510-479e-92f6-48a3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:55.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '5ab950210e46a2aa600844e2168b8acb9c1a1780']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295df-6c30-4ef1-ae5b-4a37950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:55.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '5b29e5e7ee100af6cdb4269fc4cc174550c7c869']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295df-f884-4baa-8bcb-434b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:55.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '61c1f54434e373df9be0426dce5cabae4d46612f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295df-0d20-427c-a7df-4181950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:55.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '61ff8373337e21910291021301c36cf8216e13cb']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e0-ebdc-4fe3-9ad3-4c9e950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:56.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '63203e01d8d648f30d322ba8e7d85a694edb8241']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e0-cc28-4d69-a12d-4fd7950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:56.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '637edcd549c8be0e2e8b7bc61c932ca0a58ca77d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e0-d3bc-4ce4-8933-4c11950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:56.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '66802d4bd6d405458dcf9ebf081e347a946f0f8b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e1-3150-4925-9c33-4926950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:57.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '6c286d171ecf588bc16efe4847e57711cd5e74bf']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e1-bbf4-4ad5-9754-44d4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:57.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '6d4e788a36fc95899e035d8a1871a135c56ba1b5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e1-c6cc-4d11-b64d-47e4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:57.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '6e3e89e2f3d096ee09d4bf88410e80ef17536ab7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e1-a6b0-4ddb-8cc1-46fa950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:57.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '6e9f7890dbe523a5cadcb33e20a2e78a69936b01']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e2-b358-4bb5-90cd-41d2950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:58.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '702104c7b7b7ff2176d7a0718f19196ff392af34']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e2-c938-4c26-886e-4ea3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:58.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '71e51de9a64d3378165f8bc4bfb495daec21ed53']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e2-7554-42c9-b39f-456c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:58.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '72adf01044e7ceeefc7b50977b329a903cbcb6cb']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e3-ca20-4896-845a-4cf6950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:59.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '75dd19ec9719f82b94d1e207102fa1f0bca55c9f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e3-287c-4b24-a15c-4aba950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:59.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '75dec30eb62c03b917f62a091971c5640e556170']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e3-f6cc-4faf-8ed9-4eca950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:10:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:10:59.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '79bbacbbe55c1065fe2e6a07aac852ef5c0c86ba']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:10:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e4-4830-42a4-adb0-4c4e950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:00.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '7b930d3516d1396a4f374ee30339e2003714e51a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e4-bf10-4331-a66c-40ab950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:00.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '82488d289d724f0dfb6432062a227d8ad009335d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e4-2dd4-4291-93cb-4048950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:00.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '880fa1a65d8c529753e64e4ed22d0e3622b9b030']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f295e4-be48-413f-87e8-41d6950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:00.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '8a99a63a1f283be8056f872bacf458c0b764668c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29605-dcb4-45b2-956b-45f6950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:33.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '8afaec7a8d1e17bbf18c3a00bd13a2af5901711f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29605-4a94-4fb1-abdc-4001950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:33.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '8f645390ceff5e1eb93dd3a152aea57d6489e2ff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29606-6a10-402c-85c3-4115950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:34.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '8f70d77577ccc3428dd0f33c5b83858b5c5f5cff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29606-1cac-4e2c-a3e4-4d4f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:34.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '8fc1f5f09f918816b5f5ff2ceb133d5c0c336bdd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29606-a8b8-41eb-9693-4814950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:34.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '900b78ead56dfdfa7ec22fda8b1ad9b4e4dcaf6f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29607-3ebc-4045-ac82-45d3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:35.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '916bd8577a7454ac4ba4dc480ade4fe465eb4386']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29607-1440-48c6-a5d4-4600950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:35.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '92acf54e2532aff41ad6d99e4c83c223088ab077']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29607-3748-4341-8602-4087950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:35.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '963d63b93f28f7077c77bdbdc2ec5dc39e909a3f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29608-fc9c-440c-af6a-4f6c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:36.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '98414f9455d6a86d5abe444d983f337266bbd56b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29608-1d68-4f04-bf1a-4f8b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:36.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '98afd9d5cd9a651c346441e8ab01ec080b3d2bee']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29608-14d4-43ca-8563-4323950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:36.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '9b9599ee504272c90d01c93225d999cdc8431795']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29609-2acc-4e76-ac75-47e6950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:37.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'a39ec00c5cc51db7fcdb28cdc04aa0cdf154f322']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29609-179c-47ce-a49c-427b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:37.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'a85238cb1bb67a8b7e6a9def967f13fd1bd0b731']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29609-9318-4cc6-a402-4fdd950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:37.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'acf3761c0bf627be5dfa25c4bb89451ec8a2ff8f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960a-20cc-41a2-b1a7-4960950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:38.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'ad505ac717d8a76d926503d0d0c26ae72f2014be']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960a-b054-4f4b-8884-4c11950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:38.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'b0f9c9caa24bf105bc85a1ef959a8a662d187fa3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960b-2298-45d3-a5f2-48d3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:39.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'b354767bde1b493570a8f56a8facefd195eb3842']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960b-5da0-4bbc-8984-4a19950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:39.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'b38d2d37030b2b43555b6a184cfebca55f524f80']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960b-b524-4de6-bddd-417b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:39.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'b589dfe2d215d93b0c8d4ab4cb9ec2b407c53b84']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960c-9154-4456-8b86-45ef950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:40.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'b9c59c248adaa8e50dc7d05f12d01bd134ca16a9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960c-ee40-4fd0-aff9-4807950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:40.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'b9fc15f37996096889ed889a422e56303e209a6f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960c-26a0-4f05-8478-467c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:40.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'baf96699ad162d7c9d55108a7c083937b0290956']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960d-12f8-428e-bf09-441c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'bcca68cc9af142fefb70a3721a2e87973e0c988e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960d-7238-4fb4-aff5-4733950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'bd92fc6363e38592893e7c87b327ff879dd4d5b5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960d-2cd8-464b-ad78-48ce950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:41.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'bdbec6894729e6d550d3000a00433b5fc23987ac']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960e-1d40-497e-b9aa-40d8950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:42.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'bf18bc2e10a458bf1172b0abaad90d065dd2da69']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960e-a38c-4959-ab39-410b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:42.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'c1740206e858bc8526553c7eab8fdf3ec4cfb92c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960e-18f0-47f5-9589-46b5950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:42.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'c38b85c1eac3beacd7cb7841202376b15ac90d8c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960f-2f20-4257-a618-402f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'c79ffb9fe8ad886f85ce6b070f3a98996fdfe250']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960f-af7c-4466-b720-4a12950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'c7fc5c49edfab9b77b70e03047d57583f27d2f5c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2960f-4c30-4b69-9927-4d90950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:43.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'c91df56b7d387d7ae8f207ecf84ef3c0674f8927']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29610-5c68-4b20-8037-4450950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:44.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'c9d3cd219021d0a64716c185ea38105d3f17e97e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29610-220c-4556-838d-4bd3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:44.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'cacb10f08b6c3fa72a7cf03f163a4acde97f6eb0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29610-9900-42b9-8301-4344950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:44.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'ce429271292095ca04f6231e1f403ad914db81b1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29611-a658-4c6b-98b7-4841950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:45.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'd140c6cc6929db8666f4b6b2c8734c013755a514']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29611-6ef8-46fb-b471-41a4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:45.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'd4d68ec24deedbd526d8b153be9d5370aed02618']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29611-f4cc-40ef-9a55-4f7e950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:45.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'dc9a686a37ad0275f65f267a0c6b1ab7d35b35b8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29612-8160-4470-8948-4490950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:46.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'df42097d95236bbad6d05839aa55a8bac68d26cd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29612-dc4c-4c9c-8266-4389950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:11:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:11:46.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'df8822b47f7bea4a8b21a0708dd48b1cbced8e90']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:11:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29637-f1d0-4657-95ec-44f2950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:23.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'dfff31642cddc28498df7e67682eef4a7647c61a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29637-9b2c-48a4-afed-4dee950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:23.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'e4b95a1f7d17b5a46a21d5a65290a87ace0077e5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29637-026c-4069-b17c-4cbf950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:23.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'e654542942839c8441f79209e5a7c565af682667']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29638-a3c4-4ec0-8175-4ddf950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:24.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'e861c257c257401a5bd4c5487a45696d7796135c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29638-8ee0-480f-bcd9-4efd950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:24.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'ea342e170658732483329218a6bd76d127ba39bb']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29638-6c10-4691-aa6a-4ced950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:24.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'eb5df6b6b4037a4117d203ce643371e68d13355c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29639-7fc8-489a-a4f1-4872950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:25.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'ec1df6ba0af285931bab81205e8c177e727cade5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29639-c4d8-4551-8513-4d9a950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:25.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'edb9006f9a1ee46000727f99e4049c4163675e2c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29639-ae7c-45ef-a123-4892950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:25.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'f3683123c76b0806ebf7cf2951a9754cadb2c149']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2963a-dff8-4861-8775-466c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:26.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'f3f27b29c534d919a1261c2e6b7b9c2eaa404d41']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2963a-dd6c-448f-a883-497b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:26.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'f83048f505a2dc298a130d8e4af66fc3eb44863f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2963b-83e0-4000-9a0d-4303950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:27.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'fa4b8715b344b12bc2387e1c1a9248b4780b265f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2963b-2d6c-4fa7-8c67-4329950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:27.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'fa930506d5ae47abe9c9a5b48f3bfc57e6a1b4e8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2963b-5b40-44e3-9291-48d1950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:27.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'fcc8ac89581e1625a05ef54cee9ce8d3a48a8144']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2963c-e714-48d4-b6f3-4070950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:12:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:12:28.000Z",
|
||
|
|
"description": "Imported via the freetext import.",
|
||
|
|
"pattern": "[file:hashes.SHA1 = 'fd9622452d02c6d84532b51b3599f2015301371d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:12:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f296c0-5368-4dac-98c8-4749950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:14:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:14:40.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:14:40Z",
|
||
|
|
"last_observed": "2016-03-23T13:14:40Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f296c0-5368-4dac-98c8-4749950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f296c0-5368-4dac-98c8-4749950d210f",
|
||
|
|
"value": "http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--56f296d4-f290-47f5-a886-458b950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:15:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:15:00.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"comment\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "External analysis",
|
||
|
|
"x_misp_type": "comment",
|
||
|
|
"x_misp_value": "Introduction\r\nThe Trend Micro Forward-Looking Threat Research team recently uncovered an information\r\ntheft campaign in India that has stolen passport scans, photo IDs, and tax information of highranking\r\nIndian military officers, non-Indian military attach\u00c3\u00a9 based in the said country, among\r\nothers. We came across this operation while monitoring other targeted attack campaigns,\r\n1,2\r\nand\r\nwhat caught our interest, apart from its highly targeted nature, is the lack of sophistication in the\r\ntools and tactics it used.\r\nApart from using email and social engineering as entry point, this operation exploits a relatively\r\nold vulnerability, uses a malware that can easily be decompiled for a researcher to map out its\r\nnetwork infrastructure, and has command-and-control (C&C) servers with open directories\r\nwhere exfiltrated data can be accessed and analyzed. Compared to its contemporaries, in terms\r\nof technique this targeted attack campaign is amateur at best, sloppy at worst. Despite this, it\r\nwas able to get at least 16 gigabytes\u00e2\u20ac\u2122 worth of data from 160 targets.\r\nOur analysis also leads us to believe that the attackers are located in Pakistan, although there is\r\nno evidence to suggest this attack is tied to the Pakistani government. We also have reason to\r\nbelieve that this operation also goes for information found in mobile devices of its targets.\r\nThis technical brief provides a detailed look into the operation: its targets, its tools and its\r\ntactics.\r\nThe attack\r\nLike most targeted attacks, the actors behind this campaign use email as their point of entry. As\r\nin most targeted attacks, the attackers have a very good idea what the individual targets are\r\ninterested in, what subjects they are most likely to click on, and use this to their advantage.\r\nBelow is a sample email from this group, which was sent to the military attach\u00c3\u00a9 of a foreign\r\ncountry who was assigned to India:"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29766-4ee0-4308-8fcd-47fb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:26.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fd9622452d02c6d84532b51b3599f2015301371d",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7b3e71c2a0c0d725e13244e976a19a3661471ced667af58b22ad70671baea0fe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29767-2af0-4608-91c7-473302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:27.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fd9622452d02c6d84532b51b3599f2015301371d",
|
||
|
|
"pattern": "[file:hashes.MD5 = '07defabf004c891ae836de91260e6c82']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29767-5688-45af-a977-4ad302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:27.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:27Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:27Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29767-5688-45af-a977-4ad302de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29767-5688-45af-a977-4ad302de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/7b3e71c2a0c0d725e13244e976a19a3661471ced667af58b22ad70671baea0fe/analysis/1457502307/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29767-ef3c-47ae-9fb2-4fb202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:27.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fcc8ac89581e1625a05ef54cee9ce8d3a48a8144",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29768-a280-4afc-afbc-434102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:28.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fcc8ac89581e1625a05ef54cee9ce8d3a48a8144",
|
||
|
|
"pattern": "[file:hashes.MD5 = '9e73d275202b02b3f0ed23951fda30da']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29768-7c70-447c-9669-4d9b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:28.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:28Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:28Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29768-7c70-447c-9669-4d9b02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29768-7c70-447c-9669-4d9b02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40/analysis/1457023703/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29768-6100-4706-a52f-438302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:28.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fa930506d5ae47abe9c9a5b48f3bfc57e6a1b4e8",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '2ad32f3d0310d51ab22356bd7c994c57bcdaff5b9b6c043b137f84316916b0d4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29768-4334-4d27-9a38-4a1302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:28.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fa930506d5ae47abe9c9a5b48f3bfc57e6a1b4e8",
|
||
|
|
"pattern": "[file:hashes.MD5 = '9079f06a955a4ad20de17fa605476619']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29769-5774-4a14-8b38-4c9d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:29.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:29.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:29Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:29Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29769-5774-4a14-8b38-4c9d02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29769-5774-4a14-8b38-4c9d02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/2ad32f3d0310d51ab22356bd7c994c57bcdaff5b9b6c043b137f84316916b0d4/analysis/1446805993/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29769-e698-41ee-b6ce-465d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:29.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:29.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fa4b8715b344b12bc2387e1c1a9248b4780b265f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '0597dc8096146ebe49f7ca4bbc275856dd08ad2b69351095a94321901e6ae9dc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:29Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29769-e184-4eba-9802-462e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:29.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:29.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: fa4b8715b344b12bc2387e1c1a9248b4780b265f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '840d7016616564d4a89e96acc99106e5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:29Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976a-45c8-40f2-ab6f-4f8002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:30.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:30Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:30Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976a-45c8-40f2-ab6f-4f8002de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976a-45c8-40f2-ab6f-4f8002de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/0597dc8096146ebe49f7ca4bbc275856dd08ad2b69351095a94321901e6ae9dc/analysis/1457335884/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976a-45a8-487c-8d14-412d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:30.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: f83048f505a2dc298a130d8e4af66fc3eb44863f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '43e973e87611c27c40b131a880a1718ce9c689dabc82c102aa918e1b920eea89']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976a-1420-4f6a-af85-4fc502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:30.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: f83048f505a2dc298a130d8e4af66fc3eb44863f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '2abf53905c6b0c8f8728a343089723d8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976b-f53c-4493-8772-4b5002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:31.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:31Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:31Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976b-f53c-4493-8772-4b5002de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976b-f53c-4493-8772-4b5002de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/43e973e87611c27c40b131a880a1718ce9c689dabc82c102aa918e1b920eea89/analysis/1449386982/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976b-3664-4532-9657-4bb702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:31.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: f3f27b29c534d919a1261c2e6b7b9c2eaa404d41",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '8a57ff67453ba40ebfeaba564c95f855b307f2f322c02d04de569ade58ffd0b0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976b-1738-494a-a0bf-499b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:31.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: f3f27b29c534d919a1261c2e6b7b9c2eaa404d41",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f7369c556966cde86b98bfe5c2f5717a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976b-69d8-4e7e-9eb0-484102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:31.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:31Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:31Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976b-69d8-4e7e-9eb0-484102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976b-69d8-4e7e-9eb0-484102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/8a57ff67453ba40ebfeaba564c95f855b307f2f322c02d04de569ade58ffd0b0/analysis/1457660449/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976c-9924-4995-8e0a-48ae02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:32.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: edb9006f9a1ee46000727f99e4049c4163675e2c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '1ecdf49da74cd502fe10fc145eadcc1a72987dffae187f06507c797380949d78']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:32Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976c-5898-490f-8cd0-4fb002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:32.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: edb9006f9a1ee46000727f99e4049c4163675e2c",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f4123e7f09961479452f0f42b3706293']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:32Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976c-d548-4402-a446-4f9c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:32.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:32Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:32Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976c-d548-4402-a446-4f9c02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976c-d548-4402-a446-4f9c02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/1ecdf49da74cd502fe10fc145eadcc1a72987dffae187f06507c797380949d78/analysis/1445879905/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976d-4638-4178-89d7-479c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:33.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ec1df6ba0af285931bab81205e8c177e727cade5",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '6d77ec735345787c611367717c8e5eb70f24e0b6f4c25ed2073f1750caa79419']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976d-1a2c-47ad-811e-47f002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:33.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ec1df6ba0af285931bab81205e8c177e727cade5",
|
||
|
|
"pattern": "[file:hashes.MD5 = '148403235614461c1f088d524fbd9fd0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976d-88d0-441c-bd32-4a9602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:33.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:33Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:33Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976d-88d0-441c-bd32-4a9602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976d-88d0-441c-bd32-4a9602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/6d77ec735345787c611367717c8e5eb70f24e0b6f4c25ed2073f1750caa79419/analysis/1457677181/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976e-86a4-47da-9b5a-40a102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:34.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: eb5df6b6b4037a4117d203ce643371e68d13355c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '86f6bdf40e132a9788415f6bda100f20fdaa07638c0ddc80ded99c59e8f0fd83']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976e-f7f4-4bf3-8574-40d602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:34.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: eb5df6b6b4037a4117d203ce643371e68d13355c",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'c303a6ac44e3c59a9c3613ac9f92373b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976e-c8f4-403e-b09b-4fb802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:34.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:34Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:34Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976e-c8f4-403e-b09b-4fb802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976e-c8f4-403e-b09b-4fb802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/86f6bdf40e132a9788415f6bda100f20fdaa07638c0ddc80ded99c59e8f0fd83/analysis/1457677561/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976e-b7a8-4602-bd54-487402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:34.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ea342e170658732483329218a6bd76d127ba39bb",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'bd1746091ff430fbb749fc11ae3374b45375303840379f98b2576ad5bfc94104']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976f-c188-4e57-8f49-431202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:35.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ea342e170658732483329218a6bd76d127ba39bb",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e7ad33bb7c7af173c7a0b1f66ab4c7ae']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2976f-05dc-4aa1-b025-49d102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:35.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:35Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:35Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2976f-05dc-4aa1-b025-49d102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2976f-05dc-4aa1-b025-49d102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/bd1746091ff430fbb749fc11ae3374b45375303840379f98b2576ad5bfc94104/analysis/1454913445/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2976f-ce4c-487d-b7ec-41f802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:35.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: e861c257c257401a5bd4c5487a45696d7796135c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7761193ab931db800772708912b9455e687b6df8112a674fac4fba45c3e8ee3b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29770-4054-4c3f-b598-4be202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:36.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: e861c257c257401a5bd4c5487a45696d7796135c",
|
||
|
|
"pattern": "[file:hashes.MD5 = '7920862303764a55050d2da38b8bf4db']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29770-bb10-41cd-b53c-4c4502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:36.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:36Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:36Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29770-bb10-41cd-b53c-4c4502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29770-bb10-41cd-b53c-4c4502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/7761193ab931db800772708912b9455e687b6df8112a674fac4fba45c3e8ee3b/analysis/1457023669/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29770-12b4-416f-9d7e-4fca02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:36.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: e654542942839c8441f79209e5a7c565af682667",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '76e2ad3fdaf9b3cf089e3f3743fde96bbcab215ab44579c06f644eeb7e361ba0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29770-a120-47d6-9ca7-455d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:36.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: e654542942839c8441f79209e5a7c565af682667",
|
||
|
|
"pattern": "[file:hashes.MD5 = '76b25ed7b130f6e38111415651de45dd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29771-faf8-4cb9-a430-446902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:37.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:37Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:37Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29771-faf8-4cb9-a430-446902de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29771-faf8-4cb9-a430-446902de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/76e2ad3fdaf9b3cf089e3f3743fde96bbcab215ab44579c06f644eeb7e361ba0/analysis/1431463639/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29771-cd08-408b-a965-412802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:37.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: e4b95a1f7d17b5a46a21d5a65290a87ace0077e5",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4be5eabe47a3d5ed1fb9c7ed8f3374f5ddb58247598d1a71d4131549e6faeca8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29771-48fc-42f1-ba73-47b002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:37.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: e4b95a1f7d17b5a46a21d5a65290a87ace0077e5",
|
||
|
|
"pattern": "[file:hashes.MD5 = '3a3d93c99de8c02371844dd21650e399']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29772-c480-4c87-aa5d-486702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:38.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:38Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:38Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29772-c480-4c87-aa5d-486702de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29772-c480-4c87-aa5d-486702de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4be5eabe47a3d5ed1fb9c7ed8f3374f5ddb58247598d1a71d4131549e6faeca8/analysis/1458551818/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29772-c0c4-4688-897a-470d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:38.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: dfff31642cddc28498df7e67682eef4a7647c61a",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'f23142e54092231ccc04960598d8d17f3a79a5bf0719a9a0cb73c588afae3808']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29772-52b0-4886-b1b6-440202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:38.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: dfff31642cddc28498df7e67682eef4a7647c61a",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'cb0768c89e83f2328952ba51e4d4b7f1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29772-ba58-4b32-ac42-43ac02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:38.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:38Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:38Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29772-ba58-4b32-ac42-43ac02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29772-ba58-4b32-ac42-43ac02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/f23142e54092231ccc04960598d8d17f3a79a5bf0719a9a0cb73c588afae3808/analysis/1457677575/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29773-00b0-405e-bb4f-408902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:39.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: df8822b47f7bea4a8b21a0708dd48b1cbced8e90",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '819a689239d1354c4cc4fadb398d42fee4a066af0235c7d2af997a4d1617e3d7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29773-31d0-4313-816d-4abb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:39.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: df8822b47f7bea4a8b21a0708dd48b1cbced8e90",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'a74165ec1d55b682ed232ffde62b3b11']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29773-17a0-4a21-953c-4aa202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:39.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:39Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:39Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29773-17a0-4a21-953c-4aa202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29773-17a0-4a21-953c-4aa202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/819a689239d1354c4cc4fadb398d42fee4a066af0235c7d2af997a4d1617e3d7/analysis/1457023689/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29774-4be4-49cb-928c-467e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:40.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: df42097d95236bbad6d05839aa55a8bac68d26cd",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '6ebce511f734ef292f88889c599b391ecbf5992eabc76a4c429270e98af4b299']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29774-8460-44bb-8596-4a5b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:40.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: df42097d95236bbad6d05839aa55a8bac68d26cd",
|
||
|
|
"pattern": "[file:hashes.MD5 = '41a0e4f9745e4bd5ad7b9d500deb76fa']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29774-b0a4-47a9-a384-4e1e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:40.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:40Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:40Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29774-b0a4-47a9-a384-4e1e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29774-b0a4-47a9-a384-4e1e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/6ebce511f734ef292f88889c599b391ecbf5992eabc76a4c429270e98af4b299/analysis/1457023648/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29775-466c-4d9a-a1c2-464b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:41.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: dc9a686a37ad0275f65f267a0c6b1ab7d35b35b8",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '813f4d0dac6ee943f7583baaa1727a53927ec0fb11226663d04458181f4feb1d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29775-bb8c-4663-acff-4ed302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:41.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: dc9a686a37ad0275f65f267a0c6b1ab7d35b35b8",
|
||
|
|
"pattern": "[file:hashes.MD5 = '811eb99fb1aca98052db4b78c288889c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29775-d05c-495a-b7f3-475902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:41.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:41Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:41Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29775-d05c-495a-b7f3-475902de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29775-d05c-495a-b7f3-475902de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/813f4d0dac6ee943f7583baaa1727a53927ec0fb11226663d04458181f4feb1d/analysis/1457023661/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29775-41e4-44a8-aa3a-475002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:41.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d4d68ec24deedbd526d8b153be9d5370aed02618",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'ca21481a6d7c16ad87efaf83604da8e9b51ff783d8f123cdb8aa3a17bfbb5d23']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29776-1e08-4f91-976a-439b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:42.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d4d68ec24deedbd526d8b153be9d5370aed02618",
|
||
|
|
"pattern": "[file:hashes.MD5 = '98bdcd97cd536ff6bcb2d39d9a097319']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29776-6f0c-408f-81ba-49b302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:42.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:42Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:42Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29776-6f0c-408f-81ba-49b302de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29776-6f0c-408f-81ba-49b302de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/ca21481a6d7c16ad87efaf83604da8e9b51ff783d8f123cdb8aa3a17bfbb5d23/analysis/1457518988/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29776-0a38-4076-81a9-4f2a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:42.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d140c6cc6929db8666f4b6b2c8734c013755a514",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '5c1f7c4ebf49ebcc1e07309d90049ffcc47a83318ae041330e777ad9a3befc52']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29777-c2e4-4f5c-9e7c-476d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:43.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d140c6cc6929db8666f4b6b2c8734c013755a514",
|
||
|
|
"pattern": "[file:hashes.MD5 = '708a1af68d532df35c34f7088b8e798f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29777-6434-41aa-b8f0-4c4c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:43.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:43Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:43Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29777-6434-41aa-b8f0-4c4c02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29777-6434-41aa-b8f0-4c4c02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/5c1f7c4ebf49ebcc1e07309d90049ffcc47a83318ae041330e777ad9a3befc52/analysis/1458152678/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29777-13d4-41f2-bf64-42cb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:43.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ce429271292095ca04f6231e1f403ad914db81b1",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '95a9643bbedc2145c9c8b60e36796dc4ebfeecd1bad00edd07c8fc720894bc7b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29777-8770-4746-8d5a-45fb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:43.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ce429271292095ca04f6231e1f403ad914db81b1",
|
||
|
|
"pattern": "[file:hashes.MD5 = '0b651ef0eb7b919e91a2c5c5dbccd27e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29778-50e8-4919-bdf1-457202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:44.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:44Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:44Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29778-50e8-4919-bdf1-457202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29778-50e8-4919-bdf1-457202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/95a9643bbedc2145c9c8b60e36796dc4ebfeecd1bad00edd07c8fc720894bc7b/analysis/1453901915/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29778-3bfc-4201-be60-431202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:44.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: cacb10f08b6c3fa72a7cf03f163a4acde97f6eb0",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '42fd86674abbc793aa1baeae6bc67d6d565dd95f730e8ed7b4311603a9381c81']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29778-394c-41f7-8470-427102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:44.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: cacb10f08b6c3fa72a7cf03f163a4acde97f6eb0",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'eee91d8de7ea7c0ac3372f65c43e916a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29779-aecc-4fbf-aa52-4bc102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:45.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:45Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:45Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29779-aecc-4fbf-aa52-4bc102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29779-aecc-4fbf-aa52-4bc102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/42fd86674abbc793aa1baeae6bc67d6d565dd95f730e8ed7b4311603a9381c81/analysis/1455198981/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29779-ba50-4470-8a49-415202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:45.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c9d3cd219021d0a64716c185ea38105d3f17e97e",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '901284810daf81a6130eda3d35878acbf84af10324bedc4e1ea8059f15cb665b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29779-fce4-4790-a55d-4c4902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:45.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c9d3cd219021d0a64716c185ea38105d3f17e97e",
|
||
|
|
"pattern": "[file:hashes.MD5 = '0964887f6f709f9c3f11701412acb9c1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977a-01c8-4611-bb4a-445d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:46.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:46Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:46Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977a-01c8-4611-bb4a-445d02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977a-01c8-4611-bb4a-445d02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/901284810daf81a6130eda3d35878acbf84af10324bedc4e1ea8059f15cb665b/analysis/1457023657/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977a-3f58-4146-b44e-4b5002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:46.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c91df56b7d387d7ae8f207ecf84ef3c0674f8927",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '1866f3ce039a8fda70bc2f906bd3e9e8479be85d5430373fd085e9ebca073b1c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977a-5f64-4105-853d-46ac02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:46.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c91df56b7d387d7ae8f207ecf84ef3c0674f8927",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'd53de7c980eb34f9369e342d5d235c9b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977b-3050-4d98-ab8f-41ce02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:47.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:47Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:47Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977b-3050-4d98-ab8f-41ce02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977b-3050-4d98-ab8f-41ce02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/1866f3ce039a8fda70bc2f906bd3e9e8479be85d5430373fd085e9ebca073b1c/analysis/1451206536/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977b-2530-4f1d-b8a9-478302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:47.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c7fc5c49edfab9b77b70e03047d57583f27d2f5c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b7b22712d01821d03a6f5631a126b4caf52d4bc1c7c95a83702f95b1f75227ec']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977b-bc98-4a28-b985-42a002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:47.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c7fc5c49edfab9b77b70e03047d57583f27d2f5c",
|
||
|
|
"pattern": "[file:hashes.MD5 = '77c7c0117a0e457d7e3ceef4ab82c2ca']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977c-1964-4f04-ba52-43b902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:48.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:48Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:48Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977c-1964-4f04-ba52-43b902de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977c-1964-4f04-ba52-43b902de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/b7b22712d01821d03a6f5631a126b4caf52d4bc1c7c95a83702f95b1f75227ec/analysis/1457023669/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977c-429c-4ffd-9beb-4a8a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:48.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c79ffb9fe8ad886f85ce6b070f3a98996fdfe250",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '6844afd2266ffd25e6647c2306d0e75e81798c128cdf215107964993243975a0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977c-1118-4b3f-852f-4e5f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:48.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c79ffb9fe8ad886f85ce6b070f3a98996fdfe250",
|
||
|
|
"pattern": "[file:hashes.MD5 = '8eb28796f88a8d760cfe96354be89b7f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977c-497c-4cc9-bad5-43f402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:48.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:48Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:48Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977c-497c-4cc9-bad5-43f402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977c-497c-4cc9-bad5-43f402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/6844afd2266ffd25e6647c2306d0e75e81798c128cdf215107964993243975a0/analysis/1425544498/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977d-cf10-40c1-8ce9-4bbc02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:49.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c38b85c1eac3beacd7cb7841202376b15ac90d8c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'dc7dfbdcbc85a53687aab5badf1ba72a3de0f4f408ee1d6a617e70f8a0366093']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977d-af38-4f8a-ade3-42d202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:49.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c38b85c1eac3beacd7cb7841202376b15ac90d8c",
|
||
|
|
"pattern": "[file:hashes.MD5 = '796ae0b75c0e0b08ea84668495df4070']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977d-400c-43fc-8cb2-436502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:49.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:49Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:49Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977d-400c-43fc-8cb2-436502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977d-400c-43fc-8cb2-436502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/dc7dfbdcbc85a53687aab5badf1ba72a3de0f4f408ee1d6a617e70f8a0366093/analysis/1457677431/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977e-b1dc-42d0-a2e3-46bb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:50.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c1740206e858bc8526553c7eab8fdf3ec4cfb92c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '82a82c5e89825d8c84216d579c9dde9e42a125a8394de60f682e4c2474498ba8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977e-5138-47dc-873f-487702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:50.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c1740206e858bc8526553c7eab8fdf3ec4cfb92c",
|
||
|
|
"pattern": "[file:hashes.MD5 = '65f6143d69cb1246a117a704e9f07fdc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977e-c1a0-4b75-9bb2-4bfb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:50.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:50Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:50Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977e-c1a0-4b75-9bb2-4bfb02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977e-c1a0-4b75-9bb2-4bfb02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/82a82c5e89825d8c84216d579c9dde9e42a125a8394de60f682e4c2474498ba8/analysis/1457677394/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977e-b028-4dba-8a85-409402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:50.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bf18bc2e10a458bf1172b0abaad90d065dd2da69",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '839569f031a2cb6e9ae1dc797b1bd7cce53d3528c8b5fbec21cecb0de3f5ac88']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977f-efb0-4d09-bda2-49b902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:51.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bf18bc2e10a458bf1172b0abaad90d065dd2da69",
|
||
|
|
"pattern": "[file:hashes.MD5 = '3fafced0432cfe9c8efe00043f386b6a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2977f-ac18-4abc-be20-482602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:51.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:51Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:51Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2977f-ac18-4abc-be20-482602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2977f-ac18-4abc-be20-482602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/839569f031a2cb6e9ae1dc797b1bd7cce53d3528c8b5fbec21cecb0de3f5ac88/analysis/1455252698/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2977f-b36c-4699-9d93-46c902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:51.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bdbec6894729e6d550d3000a00433b5fc23987ac",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b56073581d6f2863688d779c800b2cc884a2e40e72c681b419bc3fa9c9814956']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29780-6cd8-4406-9bcc-4af202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:52.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bdbec6894729e6d550d3000a00433b5fc23987ac",
|
||
|
|
"pattern": "[file:hashes.MD5 = '85429d5f2745d813e53b28d3d953d1cd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29780-4c78-453b-bda1-444402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:52.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:52Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:52Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29780-4c78-453b-bda1-444402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29780-4c78-453b-bda1-444402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/b56073581d6f2863688d779c800b2cc884a2e40e72c681b419bc3fa9c9814956/analysis/1457349886/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29780-c02c-4c71-97e6-47e402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:52.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bd92fc6363e38592893e7c87b327ff879dd4d5b5",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'fff6108603e65fc999432695744f404e77eb86d783b62a80ee73317c46e4d432']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29780-fec0-420b-8f5d-4a4002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:52.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bd92fc6363e38592893e7c87b327ff879dd4d5b5",
|
||
|
|
"pattern": "[file:hashes.MD5 = '694ab36c875c223c561a338b5a84cec6']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29781-c948-435b-9cd5-41fe02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:53.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:53Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:53Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29781-c948-435b-9cd5-41fe02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29781-c948-435b-9cd5-41fe02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/fff6108603e65fc999432695744f404e77eb86d783b62a80ee73317c46e4d432/analysis/1453112964/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29781-0f80-4b76-89da-45e502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:53.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bcca68cc9af142fefb70a3721a2e87973e0c988e",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'fee91b1424ddd161cd089a71a86649c83284ec2eac793b3666ce31e524dd7412']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29781-6800-4ebd-b349-4ced02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:53.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bcca68cc9af142fefb70a3721a2e87973e0c988e",
|
||
|
|
"pattern": "[file:hashes.MD5 = '870c0312cea7b3b6b82be01633b071cd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29782-2f20-4a3e-8349-4e9102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:54.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:54Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:54Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29782-2f20-4a3e-8349-4e9102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29782-2f20-4a3e-8349-4e9102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/fee91b1424ddd161cd089a71a86649c83284ec2eac793b3666ce31e524dd7412/analysis/1457677452/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29782-2f4c-4754-b7df-4d3502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:54.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: baf96699ad162d7c9d55108a7c083937b0290956",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'f5950107efd6ea23bff4a17c0855cde5dc80f59b337b43cbe92801e24039d5d4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29782-6fc4-4f04-a628-4f6202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:54.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: baf96699ad162d7c9d55108a7c083937b0290956",
|
||
|
|
"pattern": "[file:hashes.MD5 = '55c8c8e02c351d00dbbc9072d7b935f2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29782-fe6c-4d2d-893b-40c902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:54.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:54Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:54Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29782-fe6c-4d2d-893b-40c902de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29782-fe6c-4d2d-893b-40c902de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/f5950107efd6ea23bff4a17c0855cde5dc80f59b337b43cbe92801e24039d5d4/analysis/1458241451/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29783-9494-4c7d-af0e-45a502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:55.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b9fc15f37996096889ed889a422e56303e209a6f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '0de80caf5f1369419852d26f28f7a4abff53d1f7861cf639c25ab20a67a3c7d7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29783-b964-4fed-9fda-436202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:55.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b9fc15f37996096889ed889a422e56303e209a6f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '17495ce3d11e9cddf5a98ec34ee91d6a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29783-7e6c-4570-898b-4d9b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:55.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:55Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:55Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29783-7e6c-4570-898b-4d9b02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29783-7e6c-4570-898b-4d9b02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/0de80caf5f1369419852d26f28f7a4abff53d1f7861cf639c25ab20a67a3c7d7/analysis/1457677187/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29784-053c-48ee-89bb-427702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:56.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b9c59c248adaa8e50dc7d05f12d01bd134ca16a9",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'adf87e5e72e29fb1912db9aa2b5f72a86ce3cbe8484ff998cbd7d4ebdbb3c92f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29784-08f8-437d-b80f-4c5502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:56.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b9c59c248adaa8e50dc7d05f12d01bd134ca16a9",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'c0bf5a0f535380edec9b42a3cebb84c4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29784-9640-49b1-9a6c-464002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:56.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:56Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:56Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29784-9640-49b1-9a6c-464002de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29784-9640-49b1-9a6c-464002de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/adf87e5e72e29fb1912db9aa2b5f72a86ce3cbe8484ff998cbd7d4ebdbb3c92f/analysis/1453111781/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29785-bedc-4d42-8ff8-427302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:57.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b589dfe2d215d93b0c8d4ab4cb9ec2b407c53b84",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '49608d42dd02db2c7b94268cdeea587c07b7586608f12ca1fe2b45ff94ebf12a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29785-2468-4203-a9c3-4c8602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:57.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b589dfe2d215d93b0c8d4ab4cb9ec2b407c53b84",
|
||
|
|
"pattern": "[file:hashes.MD5 = '43ffbc0f74d4bf61b2a71c8c552fa52b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29785-195c-4e7a-9139-43e702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:57.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:57Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:57Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29785-195c-4e7a-9139-43e702de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29785-195c-4e7a-9139-43e702de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/49608d42dd02db2c7b94268cdeea587c07b7586608f12ca1fe2b45ff94ebf12a/analysis/1454992771/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29786-67b4-402e-8383-496402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:58.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b38d2d37030b2b43555b6a184cfebca55f524f80",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '3e894a4dde25f7967004664ac7a01077c8ffa8eb8c5e19470391441739249fb4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29786-29b4-4467-a088-475302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:58.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b38d2d37030b2b43555b6a184cfebca55f524f80",
|
||
|
|
"pattern": "[file:hashes.MD5 = '882c4c86989022878ff192f7f7cd3a86']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29786-8f68-46fe-a5e9-44c502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:58.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:58Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:58Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29786-8f68-46fe-a5e9-44c502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29786-8f68-46fe-a5e9-44c502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/3e894a4dde25f7967004664ac7a01077c8ffa8eb8c5e19470391441739249fb4/analysis/1454983420/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29787-0adc-4153-99fa-470d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:59.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b354767bde1b493570a8f56a8facefd195eb3842",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4071f8d9b084209a30c58608d7f07e05855955de74b49ae57f17cda53ecb3ce6']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29787-bb70-4c71-9659-4b7002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:59.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b354767bde1b493570a8f56a8facefd195eb3842",
|
||
|
|
"pattern": "[file:hashes.MD5 = '6563ef05ae9b3381c3d0caaa208af7dc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:17:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29787-24e0-4b1e-93a6-4cf502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:17:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:17:59.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:17:59Z",
|
||
|
|
"last_observed": "2016-03-23T13:17:59Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29787-24e0-4b1e-93a6-4cf502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29787-24e0-4b1e-93a6-4cf502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4071f8d9b084209a30c58608d7f07e05855955de74b49ae57f17cda53ecb3ce6/analysis/1451891023/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29788-3c34-4198-b821-43f502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:00.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b0f9c9caa24bf105bc85a1ef959a8a662d187fa3",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '534442b1b0f319d0aca34644378535bbb8ff16dcc0060e33e36907d4a649c354']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29788-c934-4fbf-9df1-46d702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:00.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b0f9c9caa24bf105bc85a1ef959a8a662d187fa3",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e7a36059159d24a68e153ebbc1341391']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29788-6a4c-451e-94b5-4faa02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:00.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:00Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:00Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29788-6a4c-451e-94b5-4faa02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29788-6a4c-451e-94b5-4faa02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/534442b1b0f319d0aca34644378535bbb8ff16dcc0060e33e36907d4a649c354/analysis/1441814792/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29788-575c-41e3-a259-4ef102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:00.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ad505ac717d8a76d926503d0d0c26ae72f2014be",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'd143ceb1a3e33d3eb56baa4b3a050ae9595ad4c4c65c7f804a5323e27924f903']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29789-2424-4781-80ed-4c2402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:01.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ad505ac717d8a76d926503d0d0c26ae72f2014be",
|
||
|
|
"pattern": "[file:hashes.MD5 = '3e91836b89b6d6249741dc8ee0d2895a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29789-12dc-4993-ac72-4e1302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:01.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:01Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:01Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29789-12dc-4993-ac72-4e1302de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29789-12dc-4993-ac72-4e1302de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/d143ceb1a3e33d3eb56baa4b3a050ae9595ad4c4c65c7f804a5323e27924f903/analysis/1457023688/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29789-296c-4a16-8a54-462a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:01.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: acf3761c0bf627be5dfa25c4bb89451ec8a2ff8f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9b700a05d2abf489f830b6649e9f6ab0b570b3b1472b48f34ad122d90560bdbd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978a-da40-4568-a80c-49e902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:02.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: acf3761c0bf627be5dfa25c4bb89451ec8a2ff8f",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'cf5e472613921dc330008c79870b23ab']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978a-9b4c-458d-a8ea-4c4002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:02.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:02Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:02Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978a-9b4c-458d-a8ea-4c4002de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978a-9b4c-458d-a8ea-4c4002de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9b700a05d2abf489f830b6649e9f6ab0b570b3b1472b48f34ad122d90560bdbd/analysis/1457503213/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978a-149c-4413-964e-44ac02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:02.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: a85238cb1bb67a8b7e6a9def967f13fd1bd0b731",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4d2ea7e21dc01b1f09eb9a407f375a118b2ffd4b42300ec601832a30eb0d089c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978a-555c-4f82-8b8c-482b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:02.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: a85238cb1bb67a8b7e6a9def967f13fd1bd0b731",
|
||
|
|
"pattern": "[file:hashes.MD5 = '50eb7ae1d3c075dfc9c9e82a9fa9caf5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978b-e834-4170-81b4-499d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:03.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:03Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:03Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978b-e834-4170-81b4-499d02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978b-e834-4170-81b4-499d02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4d2ea7e21dc01b1f09eb9a407f375a118b2ffd4b42300ec601832a30eb0d089c/analysis/1446814737/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978b-b880-403b-9277-491d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:03.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: a39ec00c5cc51db7fcdb28cdc04aa0cdf154f322",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '3df271bc8eead20c1c9ca59f5ff5ff69221dbff9945e2f2c5b8430a801513064']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:03Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978b-8700-4677-9407-4ea402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:03.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: a39ec00c5cc51db7fcdb28cdc04aa0cdf154f322",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ea33c3029546f0124d0fcb3d9c426641']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:03Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978c-11c8-4c36-92a6-470602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:04.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:04.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:04Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:04Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978c-11c8-4c36-92a6-470602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978c-11c8-4c36-92a6-470602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/3df271bc8eead20c1c9ca59f5ff5ff69221dbff9945e2f2c5b8430a801513064/analysis/1452525958/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978c-42a4-4016-baee-484302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:04.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:04.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 9b9599ee504272c90d01c93225d999cdc8431795",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'cceef110cce627efc934e35638a0b2bc0aa7a8d3effa6bd2744d0e7be4ba9749']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978c-0ffc-41d6-b3a0-4f1902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:04.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:04.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 9b9599ee504272c90d01c93225d999cdc8431795",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'eaee83a376914616924eab9b4b96b050']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978d-4248-43ca-8ca5-4e4a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:05.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:05Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:05Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978d-4248-43ca-8ca5-4e4a02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978d-4248-43ca-8ca5-4e4a02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/cceef110cce627efc934e35638a0b2bc0aa7a8d3effa6bd2744d0e7be4ba9749/analysis/1457677654/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978d-674c-4a66-822e-41f102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:05.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 98afd9d5cd9a651c346441e8ab01ec080b3d2bee",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '5f5ff374738b97ab0b644e803d4125e28de8c08d43276769a4262948db52ac91']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978d-4edc-4f21-8599-4fa502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:05.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 98afd9d5cd9a651c346441e8ab01ec080b3d2bee",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e49edc719eaab11a40158c15c9dd9b7b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978d-5dc4-4ff3-bf9c-4f3202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:05.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:05Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:05Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978d-5dc4-4ff3-bf9c-4f3202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978d-5dc4-4ff3-bf9c-4f3202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/5f5ff374738b97ab0b644e803d4125e28de8c08d43276769a4262948db52ac91/analysis/1457503342/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978e-3044-45c6-8941-463402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:06.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:06.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 98414f9455d6a86d5abe444d983f337266bbd56b",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'eaac9ce3a76ac2324c3e217ab3d5ec0025ccfc35aa804380bb2c2800505730e7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:06Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978e-5dbc-4044-a7eb-447802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:06.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:06.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 98414f9455d6a86d5abe444d983f337266bbd56b",
|
||
|
|
"pattern": "[file:hashes.MD5 = '22ca86070e05d29f7d39443c446a223e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:06Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978e-d24c-494d-a550-424502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:06.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:06.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:06Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:06Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978e-d24c-494d-a550-424502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978e-d24c-494d-a550-424502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/eaac9ce3a76ac2324c3e217ab3d5ec0025ccfc35aa804380bb2c2800505730e7/analysis/1445832771/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978f-69e4-41bf-8f9a-4aee02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:07.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 963d63b93f28f7077c77bdbdc2ec5dc39e909a3f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9262613b8a407e538462aec5902d6e8d84ad9f1345e350be3ed45098fd9a8d1b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978f-18f4-467d-99f4-444d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:07.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 963d63b93f28f7077c77bdbdc2ec5dc39e909a3f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '59e0fc469d1af7532507c19b47f19960']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2978f-7ec0-4e13-85d1-4c1302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:07.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:07Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:07Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2978f-7ec0-4e13-85d1-4c1302de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2978f-7ec0-4e13-85d1-4c1302de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9262613b8a407e538462aec5902d6e8d84ad9f1345e350be3ed45098fd9a8d1b/analysis/1457023659/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2978f-8bdc-4e67-9f2a-48ff02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:07.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 92acf54e2532aff41ad6d99e4c83c223088ab077",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '523b6dc8b48f56860e338718e9e202804d516e09b0d7b59d07276a1abe0eca7e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29790-8364-426a-bb63-401c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:08.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 92acf54e2532aff41ad6d99e4c83c223088ab077",
|
||
|
|
"pattern": "[file:hashes.MD5 = '0747848ae0fc45b3eae1d142024e700e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29790-2474-4a0f-b413-4c6702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:08.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:08Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:08Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29790-2474-4a0f-b413-4c6702de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29790-2474-4a0f-b413-4c6702de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/523b6dc8b48f56860e338718e9e202804d516e09b0d7b59d07276a1abe0eca7e/analysis/1450864014/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29790-0058-46da-9662-4a5e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:08.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 900b78ead56dfdfa7ec22fda8b1ad9b4e4dcaf6f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '887c3b26bdf3bdbbb4281dced992bc7ba8632efb7526835ff1b5b21f6d6bb3aa']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29791-a170-4c2c-8e64-4e6b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:09.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 900b78ead56dfdfa7ec22fda8b1ad9b4e4dcaf6f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '23eeae68157ddfbb0e5480c5d97e23f8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29791-c938-45b5-a3fa-48a802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:09.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:09Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:09Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29791-c938-45b5-a3fa-48a802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29791-c938-45b5-a3fa-48a802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/887c3b26bdf3bdbbb4281dced992bc7ba8632efb7526835ff1b5b21f6d6bb3aa/analysis/1453320438/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29791-f410-4afd-aaa9-471202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:09.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8fc1f5f09f918816b5f5ff2ceb133d5c0c336bdd",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9aefdda207f4ee5d8621b25eb605bbe6bdd861e56f8de1b885f08d090b86338e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29792-94f0-49fc-8509-4bc702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:09.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8fc1f5f09f918816b5f5ff2ceb133d5c0c336bdd",
|
||
|
|
"pattern": "[file:hashes.MD5 = '99d93e0c6bf9cf9acb92580686f6b743']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29792-2b60-4b36-ab9e-49bb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:10.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:10Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29792-2b60-4b36-ab9e-49bb02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29792-2b60-4b36-ab9e-49bb02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9aefdda207f4ee5d8621b25eb605bbe6bdd861e56f8de1b885f08d090b86338e/analysis/1457023694/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29792-a928-4e1e-81ab-4c9702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:10.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8f70d77577ccc3428dd0f33c5b83858b5c5f5cff",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7150ed7a0b12a08183bfec3281b1f3b8d4f01577bc24811a03a9d6223d0e6d8a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29792-f6d0-4c7e-8e59-4adf02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:10.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8f70d77577ccc3428dd0f33c5b83858b5c5f5cff",
|
||
|
|
"pattern": "[file:hashes.MD5 = '6a1c037c66184aa39096933f75d2d8ca']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29793-eb28-4e0b-8569-407402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:11.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:11Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29793-eb28-4e0b-8569-407402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29793-eb28-4e0b-8569-407402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/7150ed7a0b12a08183bfec3281b1f3b8d4f01577bc24811a03a9d6223d0e6d8a/analysis/1457023694/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29793-6060-4a81-9e17-4a0302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:11.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8f645390ceff5e1eb93dd3a152aea57d6489e2ff",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b51f05bc7a55494b0d24a8e81a906d2704b90673fb37f8e26029ed27aebea415']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29793-5030-4c02-b8e3-44f202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:11.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8f645390ceff5e1eb93dd3a152aea57d6489e2ff",
|
||
|
|
"pattern": "[file:hashes.MD5 = '0e93b58193fe8ff8b84d543b535f313c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29794-adb4-45ab-9dd8-4b5002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:12.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:12.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:12Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:12Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29794-adb4-45ab-9dd8-4b5002de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29794-adb4-45ab-9dd8-4b5002de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/b51f05bc7a55494b0d24a8e81a906d2704b90673fb37f8e26029ed27aebea415/analysis/1457023636/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29794-46bc-4e03-8645-4f5602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:12.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:12.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8afaec7a8d1e17bbf18c3a00bd13a2af5901711f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29794-8488-40bb-aa59-493702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:12.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:12.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8afaec7a8d1e17bbf18c3a00bd13a2af5901711f",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f1a2caf0dd7922ea3a64231fd5af7715']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29794-a8cc-4fa0-b049-4eb002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:12.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:12.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:12Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:12Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29794-a8cc-4fa0-b049-4eb002de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29794-a8cc-4fa0-b049-4eb002de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437/analysis/1454754177/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29795-1178-40dd-bad6-427202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:13.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:13.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8a99a63a1f283be8056f872bacf458c0b764668c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'e71fc2a8fabff0161d82731979c4dd4c2d8c1c698161c2354374c7402eef7fea']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:13Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29795-96c0-4498-9f52-4b4c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:13.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:13.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 8a99a63a1f283be8056f872bacf458c0b764668c",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'da56347c80bb441eee4a78bf355b1099']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:13Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29795-ae78-4396-be84-4cf602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:13.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:13.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:13Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:13Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29795-ae78-4396-be84-4cf602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29795-ae78-4396-be84-4cf602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/e71fc2a8fabff0161d82731979c4dd4c2d8c1c698161c2354374c7402eef7fea/analysis/1454929995/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29796-d980-407d-a381-4f2402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:14.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:14.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 880fa1a65d8c529753e64e4ed22d0e3622b9b030",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '1cb8ca75dbc6c42d9f76281c7cc73333a146832f444f69c0ebf47ccb9bfdd010']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:14Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29796-0c30-4479-b91d-4f6f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:14.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:14.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 880fa1a65d8c529753e64e4ed22d0e3622b9b030",
|
||
|
|
"pattern": "[file:hashes.MD5 = '139a346c537ab91a38b438c82c8c219f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:14Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29796-c814-4a3f-a329-493e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:14.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:14.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:14Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29796-c814-4a3f-a329-493e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29796-c814-4a3f-a329-493e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/1cb8ca75dbc6c42d9f76281c7cc73333a146832f444f69c0ebf47ccb9bfdd010/analysis/1458378676/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29796-d744-43ba-a29d-4a6902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:14.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:14.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 82488d289d724f0dfb6432062a227d8ad009335d",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b6615097e0d7428028d98b5fc7fe63474fe10b3ef5a2cfeafbc71315e280ccf8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:14Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29797-9990-4e25-a022-4e9702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:15.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:15.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 82488d289d724f0dfb6432062a227d8ad009335d",
|
||
|
|
"pattern": "[file:hashes.MD5 = '417fa395f91b1b61e5fd73cd586953e1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:15Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29797-7650-4709-8be6-462602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:15.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:15.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:15Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:15Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29797-7650-4709-8be6-462602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29797-7650-4709-8be6-462602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/b6615097e0d7428028d98b5fc7fe63474fe10b3ef5a2cfeafbc71315e280ccf8/analysis/1452290155/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29797-0c68-4390-ae06-492d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:15.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:15.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 7b930d3516d1396a4f374ee30339e2003714e51a",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '84fb5d99db36d869cf03b6b3c559fa976d0ea17e112e91596ddc0b0079a6b2e0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:15Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29798-8b68-42e8-b27e-4fc202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:16.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:16.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 7b930d3516d1396a4f374ee30339e2003714e51a",
|
||
|
|
"pattern": "[file:hashes.MD5 = '5a6bec1a9c38f6857525cca40f64b2ed']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:16Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29798-976c-442f-8dab-442802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:16.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:16.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:16Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29798-976c-442f-8dab-442802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29798-976c-442f-8dab-442802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/84fb5d99db36d869cf03b6b3c559fa976d0ea17e112e91596ddc0b0079a6b2e0/analysis/1453989606/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29798-f0dc-49ad-8184-429902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:16.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:16.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 79bbacbbe55c1065fe2e6a07aac852ef5c0c86ba",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '61fec7d90f2313f1a0fe12453c0b41481ea6d327b5275b144d1938ba296a914d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:16Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29798-e78c-4d2e-896d-486502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:16.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:16.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 79bbacbbe55c1065fe2e6a07aac852ef5c0c86ba",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'bcbac2241977c976aec01592fb514aa4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:16Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f29799-9654-4a86-a390-4e9e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:17.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:17.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:17Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f29799-9654-4a86-a390-4e9e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f29799-9654-4a86-a390-4e9e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/61fec7d90f2313f1a0fe12453c0b41481ea6d327b5275b144d1938ba296a914d/analysis/1454933097/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29799-4dc8-47ef-a71d-462c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:17.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:17.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 75dec30eb62c03b917f62a091971c5640e556170",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a5e6752aa1b9689201a98c92f8077b8f483435f0d8d38da1dfe74bb12b47dc74']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:17Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f29799-8084-4fbc-b9f1-441b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:17.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:17.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 75dec30eb62c03b917f62a091971c5640e556170",
|
||
|
|
"pattern": "[file:hashes.MD5 = '950eb314435bdb3c46c9f0954c935287']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:17Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979a-fd00-4592-a198-4c8802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:18.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:18.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:18Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979a-fd00-4592-a198-4c8802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979a-fd00-4592-a198-4c8802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/a5e6752aa1b9689201a98c92f8077b8f483435f0d8d38da1dfe74bb12b47dc74/analysis/1455821916/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979a-0a48-4377-8cab-421702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:18.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:18.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 75dd19ec9719f82b94d1e207102fa1f0bca55c9f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9c5186016229c89364544973423cc47b28c0c1ed47da267c54e5f1a80a76363e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979a-1348-4556-9740-4a3002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:18.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:18.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 75dd19ec9719f82b94d1e207102fa1f0bca55c9f",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ef0ab9f731e7c980b163c7e1b5db9746']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979a-6614-4bd1-b901-40be02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:18.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:18.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:18Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979a-6614-4bd1-b901-40be02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979a-6614-4bd1-b901-40be02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9c5186016229c89364544973423cc47b28c0c1ed47da267c54e5f1a80a76363e/analysis/1457677676/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979b-2038-4743-826a-446c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:19.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:19.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 72adf01044e7ceeefc7b50977b329a903cbcb6cb",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'ac9d6c79646a6603072e17e8514e70e416cff60abccc0ca45b61b8b8a69f6d20']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979b-cef8-44ce-9c5e-45ed02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:19.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:19.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 72adf01044e7ceeefc7b50977b329a903cbcb6cb",
|
||
|
|
"pattern": "[file:hashes.MD5 = '19b9f62f29f3689b1db4c56deed7e162']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979b-e708-4fda-aeff-4e4202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:19.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:19.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:19Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979b-e708-4fda-aeff-4e4202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979b-e708-4fda-aeff-4e4202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/ac9d6c79646a6603072e17e8514e70e416cff60abccc0ca45b61b8b8a69f6d20/analysis/1457023657/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979c-1f74-4f77-b213-49de02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:20.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 71e51de9a64d3378165f8bc4bfb495daec21ed53",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '375be6a07745d99002bf6923c71036e9814e48835f08c1dec81785694bcbca1b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979c-8dec-4ed0-98ed-4c8502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:20.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 71e51de9a64d3378165f8bc4bfb495daec21ed53",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f04b6fed9fcdb8fa480419f75047c8d2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979c-c968-413c-a82a-4bec02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:20.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:20Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:20Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979c-c968-413c-a82a-4bec02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979c-c968-413c-a82a-4bec02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/375be6a07745d99002bf6923c71036e9814e48835f08c1dec81785694bcbca1b/analysis/1450724102/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979d-d008-4127-b8b0-464102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:20.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:20.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 702104c7b7b7ff2176d7a0718f19196ff392af34",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4ab67af94e60a67fc42462bd42d82530281c12d1ca7ccf1ecc8baaa832cfdb4f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979d-afe0-4c73-9a79-4d7a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:21.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:21.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 702104c7b7b7ff2176d7a0718f19196ff392af34",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f710e3ad19a682dab374c167c7c2796a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:21Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979d-683c-414e-a59e-4be302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:21.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:21.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:21Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:21Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979d-683c-414e-a59e-4be302de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979d-683c-414e-a59e-4be302de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4ab67af94e60a67fc42462bd42d82530281c12d1ca7ccf1ecc8baaa832cfdb4f/analysis/1457023701/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979d-0bfc-4a20-be22-486d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:21.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:21.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6e9f7890dbe523a5cadcb33e20a2e78a69936b01",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '78175b44c1cbedb79c179c33c3def3ea140b209f15dde8fa3f8c45004394a76e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:21Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979e-1bd0-45cd-a980-4e4002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:22.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:22.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6e9f7890dbe523a5cadcb33e20a2e78a69936b01",
|
||
|
|
"pattern": "[file:hashes.MD5 = '943f35200dce22766d0c2906d25be187']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:22Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979e-d278-4313-b284-417402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:22.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:22.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:22Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:22Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979e-d278-4313-b284-417402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979e-d278-4313-b284-417402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/78175b44c1cbedb79c179c33c3def3ea140b209f15dde8fa3f8c45004394a76e/analysis/1457677480/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979e-0f60-4931-9894-4eae02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:22.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:22.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6e3e89e2f3d096ee09d4bf88410e80ef17536ab7",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '56ec7c81e26fbbab76fa82cce7b9efc16722bb0ff918cde091559b2d2dd7ee2c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:22Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979f-fd04-47eb-94c9-43d402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:23.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6e3e89e2f3d096ee09d4bf88410e80ef17536ab7",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'a3aa3a12d81c9862b18f83a77d7215ca']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f2979f-0494-4c9c-8035-4bbd02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:23.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:23Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:23Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f2979f-0494-4c9c-8035-4bbd02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f2979f-0494-4c9c-8035-4bbd02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/56ec7c81e26fbbab76fa82cce7b9efc16722bb0ff918cde091559b2d2dd7ee2c/analysis/1457780863/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979f-6e54-4f19-96da-4c2402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:23.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6d4e788a36fc95899e035d8a1871a135c56ba1b5",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4c0b74954692a7dba196bcc0b4ddf761440541187d2e0bd79ecfec8fcf67f406']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f2979f-6730-4e0f-ac37-4c7402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:23.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:23.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6d4e788a36fc95899e035d8a1871a135c56ba1b5",
|
||
|
|
"pattern": "[file:hashes.MD5 = '799701a29d1ff649d5656b66f4bf85f3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a0-92e8-4b3c-b531-45ed02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:24.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:24Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:24Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a0-92e8-4b3c-b531-45ed02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a0-92e8-4b3c-b531-45ed02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4c0b74954692a7dba196bcc0b4ddf761440541187d2e0bd79ecfec8fcf67f406/analysis/1455089137/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a0-ccd8-4197-98a3-4a3002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:24.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 66802d4bd6d405458dcf9ebf081e347a946f0f8b",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '84b3c94d98ff57d10f265f2c1a4f5b5923c5746e5e18b7b505348cf6d01b390d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a0-ff28-4331-b323-410c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:24.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:24.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 66802d4bd6d405458dcf9ebf081e347a946f0f8b",
|
||
|
|
"pattern": "[file:hashes.MD5 = '05ccf90e3d6ad057a67dffd80119cda1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a1-8bac-4938-844c-49ce02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:25.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:25Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:25Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a1-8bac-4938-844c-49ce02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a1-8bac-4938-844c-49ce02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/84b3c94d98ff57d10f265f2c1a4f5b5923c5746e5e18b7b505348cf6d01b390d/analysis/1435132712/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a1-8674-49be-95d3-4a5c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:25.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 637edcd549c8be0e2e8b7bc61c932ca0a58ca77d",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'ba298f10531c462f507a1e1c8f9fd80a938531a637e0bada3fa8a068f7febd80']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a1-7058-4acc-8c34-477d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:25.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 637edcd549c8be0e2e8b7bc61c932ca0a58ca77d",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'b467df662af8a1fbafa845c894d917e3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a1-1d0c-49dd-801f-4a5f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:25.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:25.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:25Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:25Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a1-1d0c-49dd-801f-4a5f02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a1-1d0c-49dd-801f-4a5f02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/ba298f10531c462f507a1e1c8f9fd80a938531a637e0bada3fa8a068f7febd80/analysis/1457023704/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a2-32f4-4590-a0c7-443402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:26.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 63203e01d8d648f30d322ba8e7d85a694edb8241",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '2f0ed2224fc36162f89147e5303a9bd5dfdd9a3c39d64035cef0840a4926b0a3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a2-72f8-4e7f-812e-458302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:26.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 63203e01d8d648f30d322ba8e7d85a694edb8241",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f0c1785e8d0dfa1d9e16c57d66cd448c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a2-1808-49bb-a464-4c9402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:26.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:26.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:26Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:26Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a2-1808-49bb-a464-4c9402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a2-1808-49bb-a464-4c9402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/2f0ed2224fc36162f89147e5303a9bd5dfdd9a3c39d64035cef0840a4926b0a3/analysis/1450976442/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a3-a904-467c-9614-465202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:27.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 61ff8373337e21910291021301c36cf8216e13cb",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '0ccb062ea14e7a7c622f988553d2a81a43e6e572d6744f1bfa4fa917b27ec735']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a3-b94c-4a18-aa68-435602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:27.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 61ff8373337e21910291021301c36cf8216e13cb",
|
||
|
|
"pattern": "[file:hashes.MD5 = '10a604876b7530c1a6a37eb6f66a201d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a3-1ee4-470f-a795-492a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:27.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:27.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:27Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:27Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a3-1ee4-470f-a795-492a02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a3-1ee4-470f-a795-492a02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/0ccb062ea14e7a7c622f988553d2a81a43e6e572d6744f1bfa4fa917b27ec735/analysis/1450380299/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a4-d07c-4555-ba18-415102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:28.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 61c1f54434e373df9be0426dce5cabae4d46612f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'f972091af73ef029b1ea53c6dfad96dbe61c66fbd869b213644750ce9ffaf86b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a4-db3c-47ed-9d79-4e5d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:28.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 61c1f54434e373df9be0426dce5cabae4d46612f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '06c18c72f9f136bacc5c9b0d8fa93195']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a4-2ae0-4f58-a051-49e402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:28.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:28Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:28Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a4-2ae0-4f58-a051-49e402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a4-2ae0-4f58-a051-49e402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/f972091af73ef029b1ea53c6dfad96dbe61c66fbd869b213644750ce9ffaf86b/analysis/1456464580/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a4-4fa0-46f8-8c5e-422d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:28.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:28.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 5b29e5e7ee100af6cdb4269fc4cc174550c7c869",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '22d41b74d2ec8028c4e7e7d60e59bbb209523a943ec50581a7b3ae4603c64fba']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a5-1a7c-4cb6-a866-413402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:29.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:29.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 5b29e5e7ee100af6cdb4269fc4cc174550c7c869",
|
||
|
|
"pattern": "[file:hashes.MD5 = '819715180810caaaa969c816eb2b7491']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:29Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a5-5c50-46b6-a17b-485102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:29.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:29.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:29Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:29Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a5-5c50-46b6-a17b-485102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a5-5c50-46b6-a17b-485102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/22d41b74d2ec8028c4e7e7d60e59bbb209523a943ec50581a7b3ae4603c64fba/analysis/1457023661/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a5-1848-45f5-ab50-4beb02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:29.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:29.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 5ab950210e46a2aa600844e2168b8acb9c1a1780",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '180925df10e301723d51700e3b62c28a323c6b25d1e62fd6ce3ee3a431b4401c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:29Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a6-49c8-4cb5-94c9-4f8002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:30.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 5ab950210e46a2aa600844e2168b8acb9c1a1780",
|
||
|
|
"pattern": "[file:hashes.MD5 = '9fcc3e18b9c0bd7380325f24a4623439']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a6-f058-4644-9ea0-4c5102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:30.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:30Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:30Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a6-f058-4644-9ea0-4c5102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a6-f058-4644-9ea0-4c5102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/180925df10e301723d51700e3b62c28a323c6b25d1e62fd6ce3ee3a431b4401c/analysis/1457502881/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a6-e2a4-4b0c-a200-49f402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:30.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 591d8dcea6ec8c65f0c3140abec7ff63a90cdd11",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'bb3e132763ec034a5f022ce503d12fc50c324009d4268293f80ae66b6c07b7ab']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a6-e828-470a-ac3b-439e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:30.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:30.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 591d8dcea6ec8c65f0c3140abec7ff63a90cdd11",
|
||
|
|
"pattern": "[file:hashes.MD5 = '127ee83854f47628984ab47de725ee2f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a7-695c-4cde-8da9-437802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:31.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:31Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:31Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a7-695c-4cde-8da9-437802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a7-695c-4cde-8da9-437802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/bb3e132763ec034a5f022ce503d12fc50c324009d4268293f80ae66b6c07b7ab/analysis/1457023706/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a7-5f2c-4a53-b6a3-402702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:31.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 58b7cdbf101fe762d34fa21a61b5896e6eb15b6f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '6a69cd7a2cb993994fccec7b7e99c5daa5ec8083ba887142cb0242031d7d4966']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a7-8efc-4741-b43c-404a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:31.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:31.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 58b7cdbf101fe762d34fa21a61b5896e6eb15b6f",
|
||
|
|
"pattern": "[file:hashes.MD5 = '3a67ebcab5dc3563dc161fdc3c7fb161']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a8-3d78-469a-85e1-448e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:32.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:32Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:32Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a8-3d78-469a-85e1-448e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a8-3d78-469a-85e1-448e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/6a69cd7a2cb993994fccec7b7e99c5daa5ec8083ba887142cb0242031d7d4966/analysis/1457677274/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a8-3da8-46a3-a6c2-4eb002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:32.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4fe5eb02299fbbca4157e6e8b414f8a575a465d0",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'c254e35f28045b68249b57b5d09942fee823a3e459d7f47b0ccb1b3b3b9f419f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:32Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a8-b450-407a-a3e8-45c702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:32.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4fe5eb02299fbbca4157e6e8b414f8a575a465d0",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'df6be8accc487bf63260aacf5e582fe2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:32Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a8-d490-4a54-8862-418a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:32.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:32.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:32Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:32Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a8-d490-4a54-8862-418a02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a8-d490-4a54-8862-418a02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/c254e35f28045b68249b57b5d09942fee823a3e459d7f47b0ccb1b3b3b9f419f/analysis/1457023656/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a9-6e04-4212-b027-421802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:33.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4af62f9021e86e30be1bc31c2113e0c1e019aa14",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '464260a1d72bc3ce079353ddec92e05339253ab577956f3736d94b917bcda91e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297a9-8b74-41fb-b858-433a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:33.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4af62f9021e86e30be1bc31c2113e0c1e019aa14",
|
||
|
|
"pattern": "[file:hashes.MD5 = '552fcd0a37433a3dcaedeaafe8666f69']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297a9-43bc-4640-a96e-44a502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:33.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:33.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:33Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:33Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297a9-43bc-4640-a96e-44a502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297a9-43bc-4640-a96e-44a502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/464260a1d72bc3ce079353ddec92e05339253ab577956f3736d94b917bcda91e/analysis/1445921618/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297aa-a904-4a2b-8850-4f6002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:34.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4ad5ded6f7ebb033c8c854700e329eec5ccb0f0f",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'c0398f10fda0501073d3d87cf413f7c185fd65badd1210d27e5b1f25a105b0da']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297aa-6d84-45be-a640-487302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:34.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4ad5ded6f7ebb033c8c854700e329eec5ccb0f0f",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ba4978ed1084707dfaedfa2fded65851']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297aa-7498-4b27-b8c1-409f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:34.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:34Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:34Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297aa-7498-4b27-b8c1-409f02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297aa-7498-4b27-b8c1-409f02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/c0398f10fda0501073d3d87cf413f7c185fd65badd1210d27e5b1f25a105b0da/analysis/1456253397/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297aa-917c-4d40-a18c-413502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:34.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:34.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4aae973372d5eeaff5b1b1b9f53ed5cd2d3ea15e",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'bd4e0a30d74f4537f29a6a603427489e1d3f7d6da030afc5c199fe6b1a4d271f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ab-e840-4e69-b2ba-480f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:35.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4aae973372d5eeaff5b1b1b9f53ed5cd2d3ea15e",
|
||
|
|
"pattern": "[file:hashes.MD5 = '34ad98510d4d6e24b7e38f27a24ad9f6']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ab-0af0-46b2-b0c7-405d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:35.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:35Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:35Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ab-0af0-46b2-b0c7-405d02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ab-0af0-46b2-b0c7-405d02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/bd4e0a30d74f4537f29a6a603427489e1d3f7d6da030afc5c199fe6b1a4d271f/analysis/1455193335/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ab-e144-4108-b7ac-433602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:35.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:35.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4796aa0b2415f127feef35bfe183c5297f291e50",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'ed5a60a0e3db1545bdf8e5418a62c4c0a7d8802728e7c2e48590831e727c0bb9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ac-1c0c-40a0-8de6-454f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:36.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4796aa0b2415f127feef35bfe183c5297f291e50",
|
||
|
|
"pattern": "[file:hashes.MD5 = '19bbb6ca66f346ebfa295237dec7cee8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ac-91b4-47c0-b8b8-428502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:36.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:36Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:36Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ac-91b4-47c0-b8b8-428502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ac-91b4-47c0-b8b8-428502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/ed5a60a0e3db1545bdf8e5418a62c4c0a7d8802728e7c2e48590831e727c0bb9/analysis/1451316158/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ac-a73c-4c67-902c-494202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:36.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:36.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 44ffd554b2a4ece3b0283bd5674434e09f8bfbbc",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4a0728a48c393a480dc328c0e972d57c5493ee5619699e9c21ff7e800948c8e8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ad-ae80-49a2-9250-45dc02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:37.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 44ffd554b2a4ece3b0283bd5674434e09f8bfbbc",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'b8b70732a105372d05cd2d8e03a75ff9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ad-00b0-4713-8916-4eb202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:37.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:37Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:37Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ad-00b0-4713-8916-4eb202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ad-00b0-4713-8916-4eb202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4a0728a48c393a480dc328c0e972d57c5493ee5619699e9c21ff7e800948c8e8/analysis/1455252724/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ad-2a60-4546-9534-4b9302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:37.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 43b836a3293c41bf45906fb1eefd09d8a1a9ed87",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'd037bc88a0823efdd1aeb930f8e61f88107281363df386cf7dc04d1c55664293']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ad-b0d8-4ef9-8836-480c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:37.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:37.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 43b836a3293c41bf45906fb1eefd09d8a1a9ed87",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e89e1b0cd70075df5d13b3bab2de0513']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ae-cae8-4d23-8706-47d202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:38.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:38Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:38Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ae-cae8-4d23-8706-47d202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ae-cae8-4d23-8706-47d202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/d037bc88a0823efdd1aeb930f8e61f88107281363df386cf7dc04d1c55664293/analysis/1432435469/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ae-1808-45c5-9cc6-408102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:38.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4382d38acfd62bddd6858393b3d47cecde7e3d6e",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'd611e5fc28b7de9d560de544b14542ba667214d53d0969046872d9309f1d3325']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ae-2f18-4caa-807f-4a3102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:38.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:38.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4382d38acfd62bddd6858393b3d47cecde7e3d6e",
|
||
|
|
"pattern": "[file:hashes.MD5 = '0ad849121b4656a239e85379948e5f5d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297af-1474-495e-b5b6-408602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:39.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:39Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:39Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297af-1474-495e-b5b6-408602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297af-1474-495e-b5b6-408602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/d611e5fc28b7de9d560de544b14542ba667214d53d0969046872d9309f1d3325/analysis/1456148017/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297af-3858-49fa-93df-458502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:39.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4336f402037d48321331c89c2848f971a6838ffb",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '3711819b67d8bef318aaaa6a364288f919b1f08e15ae0e72add627da2b44825f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297af-111c-4090-85bd-43fd02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:39.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 4336f402037d48321331c89c2848f971a6838ffb",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ee23470258397f29914a44309817aa5a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297af-4ab0-4498-b57f-40ed02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:39.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:39.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:39Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:39Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297af-4ab0-4498-b57f-40ed02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297af-4ab0-4498-b57f-40ed02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/3711819b67d8bef318aaaa6a364288f919b1f08e15ae0e72add627da2b44825f/analysis/1455122052/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b0-ce38-442b-8cd2-411e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:40.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 40fd6d368bce6dcf6a933c6494d74f01a07587af",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '582ec7ab3f31b9d5ad45bc792e4097e6b4377cceabc7b626a548491b9ff8b406']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b0-f680-4533-91e4-496e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:40.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 40fd6d368bce6dcf6a933c6494d74f01a07587af",
|
||
|
|
"pattern": "[file:hashes.MD5 = '5b6beb9ee6e604f4e474b8129e6135f4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:40Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b0-f56c-471c-bd7a-4e2f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:40.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:40.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:40Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:40Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b0-f56c-471c-bd7a-4e2f02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b0-f56c-471c-bd7a-4e2f02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/582ec7ab3f31b9d5ad45bc792e4097e6b4377cceabc7b626a548491b9ff8b406/analysis/1457023649/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b1-5030-4f72-a9d1-4db602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:41.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3d44cf9a814e57ded1590b008d1e9b28545f6bc3",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '63275154c99227e3ae277590636accaaca7efcc0f8a7838312d66d4c30685c22']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b1-5464-40fc-ba11-483f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:41.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3d44cf9a814e57ded1590b008d1e9b28545f6bc3",
|
||
|
|
"pattern": "[file:hashes.MD5 = '2463d1ff1166e845e52a0c580fd3cb7d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b1-7e2c-4d8a-868e-469c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:41.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:41Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:41Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b1-7e2c-4d8a-868e-469c02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b1-7e2c-4d8a-868e-469c02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/63275154c99227e3ae277590636accaaca7efcc0f8a7838312d66d4c30685c22/analysis/1457023667/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b1-aa98-477e-bb85-49be02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:41.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:41.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3cc931db58298134cbaec5dfd0c8030447b673d7",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '6509788606fd69882b1c470dc0d3ee5579cc7074c68971ddeae3af5ea63b5f36']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:41Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b2-83dc-4f93-b60d-42fd02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:42.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3cc931db58298134cbaec5dfd0c8030447b673d7",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ef4f497daf81b22cd63e42f16e3f49ff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b2-3858-4663-b2ba-424c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:42.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:42Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:42Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b2-3858-4663-b2ba-424c02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b2-3858-4663-b2ba-424c02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/6509788606fd69882b1c470dc0d3ee5579cc7074c68971ddeae3af5ea63b5f36/analysis/1457677676/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b2-7868-4fcb-8bc2-48e702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:42.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:42.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3b3866ab32843d6a717fee0be718fbfb7b5eff67",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7f470cedb72ebb46fc952f0d75be621bdfda4bb9614850ee14816bc5193bb8fd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b3-9be4-48c3-a4a1-4d9202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:43.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3b3866ab32843d6a717fee0be718fbfb7b5eff67",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'a65325ed2d3fac32526e619715e9a33b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b3-ede4-450b-88c7-418b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:43.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:43Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:43Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b3-ede4-450b-88c7-418b02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b3-ede4-450b-88c7-418b02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/7f470cedb72ebb46fc952f0d75be621bdfda4bb9614850ee14816bc5193bb8fd/analysis/1455086661/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b3-e244-46a8-908d-4c6902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:43.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3abd37f20fa74462f4e49d24b38e33889da22a63",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b3-5c4c-4109-bf37-435602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:43.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:43.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 3abd37f20fa74462f4e49d24b38e33889da22a63",
|
||
|
|
"pattern": "[file:hashes.MD5 = '92f78a182faf26550d6fab2d9ec0692d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b4-f27c-4198-b6f4-405302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:44.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:44Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:44Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b4-f27c-4198-b6f4-405302de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b4-f27c-4198-b6f4-405302de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786/analysis/1457023661/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b4-1cd4-4027-a86a-49cd02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:44.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 340a13547cef341ee99e5d2bc49a0e850310b6e3",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7927fb4016f3e4bb4118e3eb0e58593b9642e5b709d7ce2936c719c4fe2f9a69']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b4-6920-407e-80eb-4c4402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:44.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:44.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 340a13547cef341ee99e5d2bc49a0e850310b6e3",
|
||
|
|
"pattern": "[file:hashes.MD5 = '131b4ed3df80e2f794a3e353e2c7f8fb']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b5-aee0-4d88-bc6b-4ad702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:45.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:45Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:45Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b5-aee0-4d88-bc6b-4ad702de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b5-aee0-4d88-bc6b-4ad702de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/7927fb4016f3e4bb4118e3eb0e58593b9642e5b709d7ce2936c719c4fe2f9a69/analysis/1457502369/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b5-98e0-475c-88e9-42af02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:45.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 32a0618dde949902a02cf39c59b609c31d976ffe",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '07239cd6b23b16164251ca229d4f9ce15248d45a13642ada6aa5936ccd0228f3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b5-e2a4-4e45-9514-437302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:45.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 32a0618dde949902a02cf39c59b609c31d976ffe",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'c0ff05a6bf05465adfc9a1dfd5305bde']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:45Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b5-f0d4-4f23-8e04-4c8e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:45.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:45.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:45Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:45Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b5-f0d4-4f23-8e04-4c8e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b5-f0d4-4f23-8e04-4c8e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/07239cd6b23b16164251ca229d4f9ce15248d45a13642ada6aa5936ccd0228f3/analysis/1450593452/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b6-bd5c-462c-817d-4cb902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:46.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 313049a0594f50b0015a06b44703d903ad36bc68",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9a8ad801d1b9c97eb38ed7b829968fce71723ccf4b1087b283863996efbb6e89']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b6-3c18-4814-8019-43f402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:46.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 313049a0594f50b0015a06b44703d903ad36bc68",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'd3094c89cad5f8d1ea5f0a7f23f0a2b1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b6-9b88-43c7-8f3c-41b502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:46.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:46.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:46Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:46Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b6-9b88-43c7-8f3c-41b502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b6-9b88-43c7-8f3c-41b502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9a8ad801d1b9c97eb38ed7b829968fce71723ccf4b1087b283863996efbb6e89/analysis/1455821930/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b7-afa4-44aa-b4dc-40c902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:47.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2f5c5627ae45f1244927aa02a3bf4a0b81d312de",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '69a3c67c646cfc968eb4de63da40087b8a65c23bd348ceb164a641c84936cd8d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b7-58c4-4da6-8908-4bec02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:47.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2f5c5627ae45f1244927aa02a3bf4a0b81d312de",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e138ef887be5526246f9a083c4ba925e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b7-78bc-446b-b2e1-4e9602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:47.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:47Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:47Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b7-78bc-446b-b2e1-4e9602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b7-78bc-446b-b2e1-4e9602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/69a3c67c646cfc968eb4de63da40087b8a65c23bd348ceb164a641c84936cd8d/analysis/1455773303/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b7-8ee4-4918-9f13-45dc02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:47.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:47.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2d97f9f42aeafdae2cceb79d538e5036b8e5bbff",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a6f8b4b528d67fe5b985ad0a394e46f5c116bb80b7cb8ca9a094d92f4dc614c1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b8-814c-478d-b531-4c4b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:48.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2d97f9f42aeafdae2cceb79d538e5036b8e5bbff",
|
||
|
|
"pattern": "[file:hashes.MD5 = '9b98abb9a9fa714e05d43b08b76c0afa']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b8-0ca4-4219-94de-479402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:48.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:48Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:48Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b8-0ca4-4219-94de-479402de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b8-0ca4-4219-94de-479402de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/a6f8b4b528d67fe5b985ad0a394e46f5c116bb80b7cb8ca9a094d92f4dc614c1/analysis/1458185317/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b8-ff08-4790-83f7-482102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:48.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:48.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 28f9a68807b06b1464d7663eb6164969142959c9",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4f163bbdb90fa72e8fb87aee7e2853754977abc1a3118170ebd63a7058aaf113']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b9-2918-4176-9677-42ff02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:49.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 28f9a68807b06b1464d7663eb6164969142959c9",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e187911d0ba69380956c3b5037700bee']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297b9-1c4c-4ab0-9794-481802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:49.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:49Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:49Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297b9-1c4c-4ab0-9794-481802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297b9-1c4c-4ab0-9794-481802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4f163bbdb90fa72e8fb87aee7e2853754977abc1a3118170ebd63a7058aaf113/analysis/1457332348/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297b9-3a44-4242-82d3-486602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:49.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:49.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2873f5215cd6e62b4b0a12861fce64685e557fdf",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ba-4c78-4831-85cf-4b8902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:50.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2873f5215cd6e62b4b0a12861fce64685e557fdf",
|
||
|
|
"pattern": "[file:hashes.MD5 = '897fc3a65f84e1c3db932965a574d982']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ba-8e50-47ee-9cc1-455e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:50.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:50Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:50Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ba-8e50-47ee-9cc1-455e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ba-8e50-47ee-9cc1-455e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934/analysis/1457677453/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ba-9f34-4035-8800-446b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:50.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 281ebc259e96531d4512b5ee9c5d4dc646feda2c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4fb7d5887a8305738abf81fd51d585cc0ab3816e7a54da57591797bbefab7509']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ba-a298-4b24-bea2-4dd002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:50.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:50.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 281ebc259e96531d4512b5ee9c5d4dc646feda2c",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'e456d6035e41962a4e49345b00393dcd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297bb-ee48-4def-bc8e-417902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:51.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:51Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:51Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297bb-ee48-4def-bc8e-417902de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297bb-ee48-4def-bc8e-417902de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/4fb7d5887a8305738abf81fd51d585cc0ab3816e7a54da57591797bbefab7509/analysis/1457023644/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bb-5ec8-4305-b068-416e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:51.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 27385b5fdfab1fd83dcac32750879ff4c2f82797",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a88967fdec2b2d21a766be305df9daf8c0d719f5de191b6cae659aa258ed1714']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bb-09a0-4556-bdda-498402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:51.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:51.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 27385b5fdfab1fd83dcac32750879ff4c2f82797",
|
||
|
|
"pattern": "[file:hashes.MD5 = '37b93ed2e803c35d2f0dee28864a5d02']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297bc-92e4-401e-b9f7-4ee502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:52.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:52Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:52Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297bc-92e4-401e-b9f7-4ee502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297bc-92e4-401e-b9f7-4ee502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/a88967fdec2b2d21a766be305df9daf8c0d719f5de191b6cae659aa258ed1714/analysis/1458148744/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bc-9078-45c7-b583-4cc802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:52.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2504320598b8e603f46936037491111718907e98",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'd6a027b99eb946ae215cf495ba124e9f97bc58e857844e9d406bc1bb9d4f5dac']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bc-879c-40ed-a908-498702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:52.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2504320598b8e603f46936037491111718907e98",
|
||
|
|
"pattern": "[file:hashes.MD5 = '3c922fab76a6c48be4036a2d0d2146c1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:52Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297bc-95dc-461d-9d40-45ed02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:52.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:52.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:52Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:52Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297bc-95dc-461d-9d40-45ed02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297bc-95dc-461d-9d40-45ed02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/d6a027b99eb946ae215cf495ba124e9f97bc58e857844e9d406bc1bb9d4f5dac/analysis/1458244109/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bd-fde0-4304-9083-442502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:53.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 23dcec87435af17e695c8612f1453d38950bc61d",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '02283ec4ecef511350c644689aadf37e5eaf1f4d0eac249e16baac0b1298ac8d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bd-e810-4d7f-9e25-49c402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:53.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 23dcec87435af17e695c8612f1453d38950bc61d",
|
||
|
|
"pattern": "[file:hashes.MD5 = '4297041e3a701ed8c01e40d6c54264a1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:53Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297bd-2618-4426-add9-4cfc02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:53.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:53.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:53Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:53Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297bd-2618-4426-add9-4cfc02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297bd-2618-4426-add9-4cfc02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/02283ec4ecef511350c644689aadf37e5eaf1f4d0eac249e16baac0b1298ac8d/analysis/1457023658/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297be-c9bc-48e1-8bc5-425802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:54.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2114d6763cb93ac34d6bd773c2ab261e2510deba",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9cccd499953a753ef1cc064bd0be4178a2c027c58319d95da43e9f298e1c1929']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297be-37e8-4e05-b385-401502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:54.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2114d6763cb93ac34d6bd773c2ab261e2510deba",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'fd5a419924a0816c6357b47f4e375732']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297be-97e8-499d-a9bc-465202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:54.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:54Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:54Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297be-97e8-499d-a9bc-465202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297be-97e8-499d-a9bc-465202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9cccd499953a753ef1cc064bd0be4178a2c027c58319d95da43e9f298e1c1929/analysis/1408177767/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297be-7c2c-481a-99a8-460b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:54.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:54.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 20bd67010fe69f56bdb00667100a0c1bc1e7c906",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '28f457b4582701907d1cdaabbd9fdbea169185dc3e97925fd48589ef44e72812']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bf-725c-476f-9c5a-441202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:55.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 20bd67010fe69f56bdb00667100a0c1bc1e7c906",
|
||
|
|
"pattern": "[file:hashes.MD5 = '79f7e1d6389c73a7e2525d0ec8fa3ce2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297bf-6224-43a3-a26b-4f6502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:55.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:55Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:55Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297bf-6224-43a3-a26b-4f6502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297bf-6224-43a3-a26b-4f6502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/28f457b4582701907d1cdaabbd9fdbea169185dc3e97925fd48589ef44e72812/analysis/1446814738/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297bf-6bf8-4e60-b081-495602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:55.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:55.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1ff42d996489812602d65f9eb7433c8018b17acc",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '5f688cf7b9b960d15f208ebd6af7614f2b7793cdb7f5766074f525d8ed007278']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c0-94b8-4c46-80c7-43c302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:56.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1ff42d996489812602d65f9eb7433c8018b17acc",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'bf1400105c97a28fefd33d8c0df5d4c1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c0-a02c-43c3-aa14-431902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:56.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:56Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:56Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c0-a02c-43c3-aa14-431902de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c0-a02c-43c3-aa14-431902de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/5f688cf7b9b960d15f208ebd6af7614f2b7793cdb7f5766074f525d8ed007278/analysis/1453218333/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c0-8438-4e1e-a532-457a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:56.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1c104d02048ad62224e0f725cee1becfb75d4976",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '8a20bca39e9c61120ec2c2d5730e4945ec9c092fc2cd0c9e778937d3dfa0a6b5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c0-49a8-4887-9113-4d9202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:56.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:56.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1c104d02048ad62224e0f725cee1becfb75d4976",
|
||
|
|
"pattern": "[file:hashes.MD5 = '75798547f0ddca076070bcea67a0b064']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c1-56bc-40fb-a699-42d802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:57.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:57Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:57Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c1-56bc-40fb-a699-42d802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c1-56bc-40fb-a699-42d802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/8a20bca39e9c61120ec2c2d5730e4945ec9c092fc2cd0c9e778937d3dfa0a6b5/analysis/1457677426/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c1-5d60-4a08-a366-4e9402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:57.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1bf850ec4dacd43323e75be040ee6bc7a3d05fe9",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '6c36554956617d2996a89a0ff7f867ee9b70769e4f1b70943fbf2babb8d97bfd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c1-bffc-4dcc-8035-46c002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:57.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:57.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1bf850ec4dacd43323e75be040ee6bc7a3d05fe9",
|
||
|
|
"pattern": "[file:hashes.MD5 = '18711f1db99f6a6f73f8ab64f563accc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c2-c7c8-4851-860d-4d9602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:58.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:58Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:58Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c2-c7c8-4851-860d-4d9602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c2-c7c8-4851-860d-4d9602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/6c36554956617d2996a89a0ff7f867ee9b70769e4f1b70943fbf2babb8d97bfd/analysis/1457023638/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c2-2de0-43ca-9e3d-48ff02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:58.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1ac9991fb65dd30d9a085046da27c04ce1cf6948",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9c439d584e7298863640ec32adc171bac98f2f239163c31755a8c919a8d433d9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c2-9188-42f4-b593-4a7302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:58.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:58.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1ac9991fb65dd30d9a085046da27c04ce1cf6948",
|
||
|
|
"pattern": "[file:hashes.MD5 = '8253dd13c126c44483bcbde23e61d53d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c3-c784-4143-b641-48f202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:59.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:59Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:59Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c3-c784-4143-b641-48f202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c3-c784-4143-b641-48f202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/9c439d584e7298863640ec32adc171bac98f2f239163c31755a8c919a8d433d9/analysis/1453972709/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c3-9630-4ff6-848b-4eba02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:59.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1421c353bfba53249fcbf0504b8580095cdd7e86",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b1e19b637dc7c677d8d80de7b62220b2c92299acfc99246d369c6fd0d04472f0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c3-00a0-490a-aa74-4dd302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:59.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 1421c353bfba53249fcbf0504b8580095cdd7e86",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f0f6544ddb26c55df2d6184f433d8c17']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:18:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c3-9144-41af-bedb-446e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:18:59.000Z",
|
||
|
|
"modified": "2016-03-23T13:18:59.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:18:59Z",
|
||
|
|
"last_observed": "2016-03-23T13:18:59Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c3-9144-41af-bedb-446e02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c3-9144-41af-bedb-446e02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/b1e19b637dc7c677d8d80de7b62220b2c92299acfc99246d369c6fd0d04472f0/analysis/1457677679/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c4-b864-4768-852d-4d6102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:00.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 13d59ec2aa935f80342b5bccc9d1bf447948feff",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '156dad889b4b84ed06106d3a6e76162927358f15e6115cd98601cab6f478e3bb']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c4-497c-4a4a-a9b8-42f302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:00.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 13d59ec2aa935f80342b5bccc9d1bf447948feff",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'f4e28e1d1fcd2ab1215e636c8e4838bf']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c4-d560-4231-97d8-4a7102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:00.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:00.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:00Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:00Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c4-d560-4231-97d8-4a7102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c4-d560-4231-97d8-4a7102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/156dad889b4b84ed06106d3a6e76162927358f15e6115cd98601cab6f478e3bb/analysis/1451724531/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c5-c3d4-4d0f-bc57-4ba402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:01.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 12fef517621b28f94dadb7d45fc2a4731909aaab",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '1fdb547e39569d1e4db162f2739138e471eb43c936636cfd698a37cdd8803832']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c5-873c-4ee6-b6bd-49bc02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:01.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 12fef517621b28f94dadb7d45fc2a4731909aaab",
|
||
|
|
"pattern": "[file:hashes.MD5 = '58c126aad9c7228b4648de7d0b5b3307']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c5-3390-4162-988d-4de502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:01.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:01Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:01Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c5-3390-4162-988d-4de502de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c5-3390-4162-988d-4de502de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/1fdb547e39569d1e4db162f2739138e471eb43c936636cfd698a37cdd8803832/analysis/1448037874/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c5-bb48-4cb5-ac34-4a8102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:01.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:01.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0f570eabe749b05d59cb2eca9dcef81ad9b044bc",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'fa72b66dc74ff7e3f8531bf835c2d61d298410fdcb0eadbf874068b9bc05c2b1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c6-7c18-4c44-8011-424902de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:02.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0f570eabe749b05d59cb2eca9dcef81ad9b044bc",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'c33c79c437d94fad3476f78361df0f24']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c6-eaa0-4008-8eca-47a802de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:02.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:02Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:02Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c6-eaa0-4008-8eca-47a802de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c6-eaa0-4008-8eca-47a802de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/fa72b66dc74ff7e3f8531bf835c2d61d298410fdcb0eadbf874068b9bc05c2b1/analysis/1457023671/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c6-6b08-4c33-9560-41c602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:02.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:02.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0efbc946db0d865aa443eba0f00333efab20ba06",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '89aec94464cfe94778e236733c0c2b91c9de79490e8ce40a26b212f5f169f079']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c7-0488-45e8-99d0-413502de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:03.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0efbc946db0d865aa443eba0f00333efab20ba06",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'd273d3d4497c956fab2bcec50fad6ad8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:03Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c7-7de4-4c31-aa58-4f9f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:03.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:03Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:03Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c7-7de4-4c31-aa58-4f9f02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c7-7de4-4c31-aa58-4f9f02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/89aec94464cfe94778e236733c0c2b91c9de79490e8ce40a26b212f5f169f079/analysis/1447306580/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c7-7614-478a-806f-45a302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:03.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0edc71cc01ec8d16aeddf0c807bb696966c83266",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:03Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c7-6afc-4b6b-a59b-42ab02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:03.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:03.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0edc71cc01ec8d16aeddf0c807bb696966c83266",
|
||
|
|
"pattern": "[file:hashes.MD5 = '6746c430f978d0bc9bbecff87c651fa2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:03Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c8-5140-46d8-a64e-406f02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:04.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:04.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:04Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:04Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c8-5140-46d8-a64e-406f02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c8-5140-46d8-a64e-406f02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714/analysis/1456617341/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c8-d6d4-433f-96a6-45dc02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:04.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:04.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0cff5cc4c46e148d3d8c93d11c459f7ede3a854c",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '3dd14366762547c4aa2307489c6248dec4a57bec2231433b58cdf8c5e830785a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c8-f4d0-4b7d-8cc0-464702de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:04.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:04.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0cff5cc4c46e148d3d8c93d11c459f7ede3a854c",
|
||
|
|
"pattern": "[file:hashes.MD5 = '14be26aa207cff81ff814c8a7a8e2f03']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c9-3690-4ae9-98f9-4ee102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:05.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:05Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:05Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c9-3690-4ae9-98f9-4ee102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c9-3690-4ae9-98f9-4ee102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/3dd14366762547c4aa2307489c6248dec4a57bec2231433b58cdf8c5e830785a/analysis/1457023657/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c9-15a4-4a0b-a427-4c4402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:05.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0bebfcdb6f23b7bb749633068e176c35a72768cc",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'dd3406409f33590aabf9bdfa7e55b6872f1d42ef96f1dec24072328072f54cec']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297c9-b2f8-49cf-9507-49c602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:05.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0bebfcdb6f23b7bb749633068e176c35a72768cc",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'eb01bbfe8ca7e8f59aab475ad1f18245']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297c9-9530-409e-a4f0-474202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:05.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:05.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:05Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:05Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297c9-9530-409e-a4f0-474202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297c9-9530-409e-a4f0-474202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/dd3406409f33590aabf9bdfa7e55b6872f1d42ef96f1dec24072328072f54cec/analysis/1457677655/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ca-ae5c-4f0d-a5af-4b2302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:06.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:06.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 08a93ca86a8770f5d971e78d018628428052292a",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '1a87713da4005f37c669d7a6d78417634b06352b1aba6d9237a8afaf22e6b09f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:06Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ca-d240-4261-b413-425102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:06.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:06.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 08a93ca86a8770f5d971e78d018628428052292a",
|
||
|
|
"pattern": "[file:hashes.MD5 = '6c3b38bf90a203b2f7542d0359b8e60e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:06Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ca-2914-4020-9a39-46fd02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:06.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:06.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:06Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:06Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ca-2914-4020-9a39-46fd02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ca-2914-4020-9a39-46fd02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/1a87713da4005f37c669d7a6d78417634b06352b1aba6d9237a8afaf22e6b09f/analysis/1453359184/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cb-f9d8-43b2-810d-454b02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:07.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 03b10fd1a78b7bd1dc64042991f1ebaf38fee7f6",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '869a9bf4a98221be8111d3185880eb2f8f859a418d7485fb60147552fb657b92']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cb-8da8-4d32-9496-495302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:07.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 03b10fd1a78b7bd1dc64042991f1ebaf38fee7f6",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'd9cac24eba32d7c5e45accf5d22603dc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297cb-ca70-42ba-9cfe-4e9a02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:07.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:07.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:07Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:07Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297cb-ca70-42ba-9cfe-4e9a02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297cb-ca70-42ba-9cfe-4e9a02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/869a9bf4a98221be8111d3185880eb2f8f859a418d7485fb60147552fb657b92/analysis/1445739243/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cc-e728-4ec3-8fb2-4ef402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:08.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 038f970e9292c921c2a97fe4f80a2213b7b624d7",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'e147645b3216c02d1bdd6f99292cf6efbfe447430c3a3ec2d48cc99722cd4b4a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cc-7e28-4cac-bed9-451402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:08.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 038f970e9292c921c2a97fe4f80a2213b7b624d7",
|
||
|
|
"pattern": "[file:hashes.MD5 = '032bacaea0d335daec271f228db6bc88']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297cc-9f04-4a04-b948-49b102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:08.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:08Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:08Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297cc-9f04-4a04-b948-49b102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297cc-9f04-4a04-b948-49b102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/e147645b3216c02d1bdd6f99292cf6efbfe447430c3a3ec2d48cc99722cd4b4a/analysis/1457502273/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cc-de44-4639-a540-4fe002de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:08.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:08.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0306d2ba75656cefc171edf4ab2495f7d79407c3",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '66446ae2392316b7278007490a9e5ca81efbd949419fb175ffb22fcd1b5ea4cc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cd-8cd8-43ee-99d0-4d0302de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:09.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0306d2ba75656cefc171edf4ab2495f7d79407c3",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'eb06f2fe88438ec20c0ed27702abe01a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297cd-1b1c-4a61-a4c0-4f5602de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:09.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:09Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:09Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297cd-1b1c-4a61-a4c0-4f5602de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297cd-1b1c-4a61-a4c0-4f5602de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/66446ae2392316b7278007490a9e5ca81efbd949419fb175ffb22fcd1b5ea4cc/analysis/1441856496/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cd-4720-47bd-858d-487202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:09.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:09.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0007a5cbdfcda9175635bd1b30e5d3a8683bdcb6",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'd1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ce-f4e4-4daf-9212-440202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:10.000Z",
|
||
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 0007a5cbdfcda9175635bd1b30e5d3a8683bdcb6",
|
||
|
|
"pattern": "[file:hashes.MD5 = '0437655995f4d3104989fb963aa41339']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297ce-7c7c-41f2-b07b-476c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:10.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:10Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297ce-7c7c-41f2-b07b-476c02de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297ce-7c7c-41f2-b07b-476c02de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf/analysis/1457502278/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ce-1f4c-4a05-94d6-4b1e02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:10.000Z",
|
||
|
|
"description": "Android sample hashes - Xchecked via VT: 9288811c9747d151eab4ec708b368fc6cc4e2cb5",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'e6753bba53d7cca4a534c3089f24cd0546462667d110c0d48974f9e76714fe1c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297ce-d804-4a53-b7b2-464c02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:10.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:10.000Z",
|
||
|
|
"description": "Android sample hashes - Xchecked via VT: 9288811c9747d151eab4ec708b368fc6cc4e2cb5",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ce59958c01e437f4bdc68b4896222b8e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297cf-0938-4729-88d5-4e2202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:11.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:11Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297cf-0938-4729-88d5-4e2202de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297cf-0938-4729-88d5-4e2202de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/e6753bba53d7cca4a534c3089f24cd0546462667d110c0d48974f9e76714fe1c/analysis/1455226080/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cf-9a2c-4e98-a262-441202de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:11.000Z",
|
||
|
|
"description": "Android sample hashes - Xchecked via VT: 0441109fe1408d412e8cb61362c8169981156a29",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '1f97ae393d45549054d2e8b6ec9e25acbd8ce727b2c1c5f01022c48c9b997af2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56f297cf-37b4-43ac-889c-453402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:11.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:11.000Z",
|
||
|
|
"description": "Android sample hashes - Xchecked via VT: 0441109fe1408d412e8cb61362c8169981156a29",
|
||
|
|
"pattern": "[file:hashes.MD5 = '18d037f4d7d55a11f5b800cd44ecf5b9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-03-23T13:19:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"md5\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--56f297d0-067c-4365-b09c-476102de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2016-03-23T13:19:12.000Z",
|
||
|
|
"modified": "2016-03-23T13:19:12.000Z",
|
||
|
|
"first_observed": "2016-03-23T13:19:12Z",
|
||
|
|
"last_observed": "2016-03-23T13:19:12Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--56f297d0-067c-4365-b09c-476102de0b81"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--56f297d0-067c-4365-b09c-476102de0b81",
|
||
|
|
"value": "https://www.virustotal.com/file/1f97ae393d45549054d2e8b6ec9e25acbd8ce727b2c1c5f01022c48c9b997af2/analysis/1455731914/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "marking-definition",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
|
"definition_type": "tlp",
|
||
|
|
"name": "TLP:WHITE",
|
||
|
|
"definition": {
|
||
|
|
"tlp": "white"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|