adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5784f9df-02ac-4e17-92bc-7e4502de0b81.json

1549 lines
73 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5784f9df-02ac-4e17-92bc-7e4502de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:31.000Z",
"modified": "2016-07-12T14:16:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5784f9df-02ac-4e17-92bc-7e4502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:31.000Z",
"modified": "2016-07-12T14:16:31.000Z",
"name": "OSINT - NetTraveler APT Targets Russian, European Interests",
"published": "2016-07-12T14:17:18Z",
"object_refs": [
"observed-data--5784fa2a-8458-4a0c-a95c-810502de0b81",
"url--5784fa2a-8458-4a0c-a95c-810502de0b81",
"x-misp-attribute--5784fa38-74cc-477f-bd43-7e5002de0b81",
"indicator--5784fa79-d184-473b-a5ae-810902de0b81",
"indicator--5784fa79-21b8-4987-be1e-810902de0b81",
"indicator--5784fa7a-60b8-45c9-a1e5-810902de0b81",
"indicator--5784fa7a-84a0-4486-ac75-810902de0b81",
"indicator--5784fa7a-a708-4990-b0b2-810902de0b81",
"indicator--5784fa7a-cda4-48c9-979b-810902de0b81",
"indicator--5784fa7a-9d6c-445a-b764-810902de0b81",
"indicator--5784fa7b-5d80-4866-a6ab-810902de0b81",
"indicator--5784fa7b-ea18-4c8e-a69c-810902de0b81",
"indicator--5784fab0-412c-417b-be07-4f2802de0b81",
"indicator--5784fab0-dda0-445d-ae25-465902de0b81",
"indicator--5784fab0-4e48-4ce6-812d-472602de0b81",
"indicator--5784fab1-fd54-4eb4-88e7-4d2802de0b81",
"indicator--5784fab1-b3f8-4eef-ba14-4c9d02de0b81",
"indicator--5784fb8d-2db8-494b-ba32-810b02de0b81",
"indicator--5784fb8d-1060-456c-8e3f-810b02de0b81",
"indicator--5784fb8d-dd64-4930-b8b6-810b02de0b81",
"indicator--5784fb8e-2738-4a94-8c2d-810b02de0b81",
"indicator--5784fb8e-f0c8-4566-a390-810b02de0b81",
"indicator--5784fb8e-d22c-457f-9847-810b02de0b81",
"indicator--5784fb8e-da98-44f7-881c-810b02de0b81",
"indicator--5784fb8e-ca60-4b4d-9e2a-810b02de0b81",
"indicator--5784fb8f-bc08-4eaa-afff-810b02de0b81",
"indicator--5784fb8f-9bb8-47b7-9915-810b02de0b81",
"indicator--5784fb8f-701c-4f5b-b8c5-810b02de0b81",
"indicator--5784fbbf-7edc-492c-9f2b-897902de0b81",
"indicator--5784fbbf-6c38-4ec2-a5d0-897902de0b81",
"observed-data--5784fbbf-51b0-4f31-a3af-897902de0b81",
"url--5784fbbf-51b0-4f31-a3af-897902de0b81",
"indicator--5784fbbf-9694-43fd-8d94-897902de0b81",
"indicator--5784fbc0-3ef8-4c30-854a-897902de0b81",
"observed-data--5784fbc0-5880-40f8-99d8-897902de0b81",
"url--5784fbc0-5880-40f8-99d8-897902de0b81",
"indicator--5784fbc0-961c-4588-89ba-897902de0b81",
"indicator--5784fbc0-d858-4ebf-a529-897902de0b81",
"observed-data--5784fbc0-a28c-48a2-b05a-897902de0b81",
"url--5784fbc0-a28c-48a2-b05a-897902de0b81",
"indicator--5784fbc1-d30c-4ceb-8366-897902de0b81",
"indicator--5784fbc1-1264-47ad-950a-897902de0b81",
"observed-data--5784fbc1-7b7c-4c2f-94cb-897902de0b81",
"url--5784fbc1-7b7c-4c2f-94cb-897902de0b81",
"indicator--5784fbc1-5c88-4863-a24a-897902de0b81",
"indicator--5784fbc1-5928-4195-840d-897902de0b81",
"observed-data--5784fbc2-2194-4940-aa90-897902de0b81",
"url--5784fbc2-2194-4940-aa90-897902de0b81",
"indicator--5784fbc2-07c4-46d6-b2bd-897902de0b81",
"indicator--5784fbc2-4718-443f-bc6e-897902de0b81",
"observed-data--5784fbc2-fb6c-4d07-b42f-897902de0b81",
"url--5784fbc2-fb6c-4d07-b42f-897902de0b81",
"indicator--5784fbc3-5210-4c19-b102-897902de0b81",
"indicator--5784fbc3-319c-4095-9990-897902de0b81",
"observed-data--5784fbc3-e1a4-475f-89b7-897902de0b81",
"url--5784fbc3-e1a4-475f-89b7-897902de0b81",
"indicator--5784fbc3-4c24-43c1-b5d5-897902de0b81",
"indicator--5784fbc3-4960-474d-b472-897902de0b81",
"observed-data--5784fbc4-fbc0-4c27-8494-897902de0b81",
"url--5784fbc4-fbc0-4c27-8494-897902de0b81",
"indicator--5784fbc4-b124-4199-ae5f-897902de0b81",
"indicator--5784fbc4-3b24-448e-9ad8-897902de0b81",
"observed-data--5784fbc4-88d8-4785-816b-897902de0b81",
"url--5784fbc4-88d8-4785-816b-897902de0b81",
"indicator--5784fbc5-f5b8-4f27-91bd-897902de0b81",
"indicator--5784fbc5-f5a8-4fa8-ab4e-897902de0b81",
"observed-data--5784fbc5-f4fc-485d-8226-897902de0b81",
"url--5784fbc5-f4fc-485d-8226-897902de0b81",
"indicator--5784fbc5-bd04-447a-a61d-897902de0b81",
"indicator--5784fbc5-572c-41b3-88f3-897902de0b81",
"observed-data--5784fbc6-c44c-42ed-8ce6-897902de0b81",
"url--5784fbc6-c44c-42ed-8ce6-897902de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fa2a-8458-4a0c-a95c-810502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:09:46.000Z",
"modified": "2016-07-12T14:09:46.000Z",
"first_observed": "2016-07-12T14:09:46Z",
"last_observed": "2016-07-12T14:09:46Z",
"number_observed": 1,
"object_refs": [
"url--5784fa2a-8458-4a0c-a95c-810502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fa2a-8458-4a0c-a95c-810502de0b81",
"value": "https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5784fa38-74cc-477f-bd43-7e5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:10:00.000Z",
"modified": "2016-07-12T14:10:00.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Throughout 2016, Proofpoint researchers tracked a cyber-espionage campaign targeting victims in Russia and neighboring countries. The actor utilizes spear phishing campaigns to deliver NetTraveler, also known as TravNet. First observed as early as 2004, NetTraveler is a Trojan used widely in targeted attacks. We believe that this attacker operates out of China. In addition to Russia, targeted regions include neighboring countries such as Mongolia, Belarus, and other European countries. The spear-phishing campaigns we detected use links to RAR-compressed executables and Microsoft Word attachments that exploit the CVE-2012-0158 vulnerability.\r\n\r\nThis particular APT is targeting organizations that include weapons manufacturers, human rights activists, and pro-democracy groups, among others."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa79-d184-473b-a5ae-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:05.000Z",
"modified": "2016-07-12T14:11:05.000Z",
"description": "NetTraveler C&C and payload hosting site",
"pattern": "[domain-name:value = 'www.interfaxru.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa79-21b8-4987-be1e-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:05.000Z",
"modified": "2016-07-12T14:11:05.000Z",
"description": "NetTraveler C&C and payload hosting site",
"pattern": "[domain-name:value = 'www.info-spb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7a-60b8-45c9-a1e5-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:06.000Z",
"modified": "2016-07-12T14:11:06.000Z",
"description": "NetTraveler C&C",
"pattern": "[domain-name:value = 'www.tassnews.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7a-84a0-4486-ac75-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:06.000Z",
"modified": "2016-07-12T14:11:06.000Z",
"description": "NetTraveler C&C",
"pattern": "[domain-name:value = 'www.riaru.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7a-a708-4990-b0b2-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:06.000Z",
"modified": "2016-07-12T14:11:06.000Z",
"description": "NetTraveler C&C",
"pattern": "[domain-name:value = 'www.voennovosti.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7a-cda4-48c9-979b-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:06.000Z",
"modified": "2016-07-12T14:11:06.000Z",
"description": "NetTraveler C&C",
"pattern": "[domain-name:value = 'www.mogoogle.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7a-9d6c-445a-b764-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:06.000Z",
"modified": "2016-07-12T14:11:06.000Z",
"description": "NetTraveler C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.231.184.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7b-5d80-4866-a6ab-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:07.000Z",
"modified": "2016-07-12T14:11:07.000Z",
"description": "NetTraveler C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.231.184.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fa7b-ea18-4c8e-a69c-810902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:11:07.000Z",
"modified": "2016-07-12T14:11:07.000Z",
"description": "NetTraveler C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.126.38.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:11:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fab0-412c-417b-be07-4f2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:12:00.000Z",
"modified": "2016-07-12T14:12:00.000Z",
"description": "NetTraveler payload URL",
"pattern": "[url:value = 'http://www.interfaxru.com/html/rostechnologii/20160420.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:12:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fab0-dda0-445d-ae25-465902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:12:00.000Z",
"modified": "2016-07-12T14:12:00.000Z",
"description": "NetTraveler payload URL",
"pattern": "[url:value = 'http://www.info-spb.com/analiz/voennye_kommentaria/n148584.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:12:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fab0-4e48-4ce6-812d-472602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:12:00.000Z",
"modified": "2016-07-12T14:12:00.000Z",
"description": "NetTraveler payload URL",
"pattern": "[url:value = 'http://www.info-spb.com//worldnews/almaz-antey/no.15.02.2016.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:12:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fab1-fd54-4eb4-88e7-4d2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:12:01.000Z",
"modified": "2016-07-12T14:12:01.000Z",
"description": "NetTraveler payload URL",
"pattern": "[url:value = 'http://www.info-spb.com/worldnews/mfa/ua/2016-02-16.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:12:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fab1-b3f8-4eef-ba14-4c9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:12:01.000Z",
"modified": "2016-07-12T14:12:01.000Z",
"description": "NetTraveler payload URL",
"pattern": "[url:value = 'http://www.info-spb.com/worldnews/mfa/uz/03.02.2016.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:12:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8d-2db8-494b-ba32-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:41.000Z",
"modified": "2016-07-12T14:15:41.000Z",
"description": "20160420.rar",
"pattern": "[file:hashes.SHA256 = '5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8d-1060-456c-8e3f-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:41.000Z",
"modified": "2016-07-12T14:15:41.000Z",
"description": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar",
"pattern": "[file:hashes.SHA256 = '67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8d-dd64-4930-b8b6-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:41.000Z",
"modified": "2016-07-12T14:15:41.000Z",
"description": "20160330.rar",
"pattern": "[file:hashes.SHA256 = 'f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8e-2738-4a94-8c2d-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:42.000Z",
"modified": "2016-07-12T14:15:42.000Z",
"description": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar",
"pattern": "[file:hashes.SHA256 = '69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8e-f0c8-4566-a390-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:42.000Z",
"modified": "2016-07-12T14:15:42.000Z",
"description": "13_11.rar",
"pattern": "[file:hashes.SHA256 = '8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8e-d22c-457f-9847-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:42.000Z",
"modified": "2016-07-12T14:15:42.000Z",
"description": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar",
"pattern": "[file:hashes.SHA256 = '1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8e-da98-44f7-881c-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:42.000Z",
"modified": "2016-07-12T14:15:42.000Z",
"description": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar",
"pattern": "[file:hashes.SHA256 = '409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8e-ca60-4b4d-9e2a-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:42.000Z",
"modified": "2016-07-12T14:15:42.000Z",
"description": "n148584.rar",
"pattern": "[file:hashes.SHA256 = '3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8f-bc08-4eaa-afff-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:43.000Z",
"modified": "2016-07-12T14:15:43.000Z",
"description": "20160623.doc",
"pattern": "[file:hashes.SHA256 = '80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8f-9bb8-47b7-9915-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:43.000Z",
"modified": "2016-07-12T14:15:43.000Z",
"description": "20160607.doc",
"pattern": "[file:hashes.SHA256 = '60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fb8f-701c-4f5b-b8c5-810b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:15:43.000Z",
"modified": "2016-07-12T14:15:43.000Z",
"description": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc",
"pattern": "[file:hashes.SHA256 = 'b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbbf-7edc-492c-9f2b-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:31.000Z",
"modified": "2016-07-12T14:16:31.000Z",
"description": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a",
"pattern": "[file:hashes.SHA1 = 'c64ac1fed412c4abaf7b65342441db01a53d497e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbbf-6c38-4ec2-a5d0-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:31.000Z",
"modified": "2016-07-12T14:16:31.000Z",
"description": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a",
"pattern": "[file:hashes.MD5 = 'e7f1589362f77d770063922b068e47aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbbf-51b0-4f31-a3af-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:31.000Z",
"modified": "2016-07-12T14:16:31.000Z",
"first_observed": "2016-07-12T14:16:31Z",
"last_observed": "2016-07-12T14:16:31Z",
"number_observed": 1,
"object_refs": [
"url--5784fbbf-51b0-4f31-a3af-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbbf-51b0-4f31-a3af-897902de0b81",
"value": "https://www.virustotal.com/file/b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a/analysis/1453440894/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbbf-9694-43fd-8d94-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:31.000Z",
"modified": "2016-07-12T14:16:31.000Z",
"description": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe",
"pattern": "[file:hashes.SHA1 = '65335358fab48ab899c29dc488a47aeb97ce607c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc0-3ef8-4c30-854a-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:32.000Z",
"modified": "2016-07-12T14:16:32.000Z",
"description": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe",
"pattern": "[file:hashes.MD5 = 'aa5a1cd27c964bc229156a521fbd6a4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc0-5880-40f8-99d8-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:32.000Z",
"modified": "2016-07-12T14:16:32.000Z",
"first_observed": "2016-07-12T14:16:32Z",
"last_observed": "2016-07-12T14:16:32Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc0-5880-40f8-99d8-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc0-5880-40f8-99d8-897902de0b81",
"value": "https://www.virustotal.com/file/60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe/analysis/1468011599/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc0-961c-4588-89ba-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:32.000Z",
"modified": "2016-07-12T14:16:32.000Z",
"description": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692",
"pattern": "[file:hashes.SHA1 = 'a617e7da200fff238fcb0e61409ef18e6888f189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc0-d858-4ebf-a529-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:32.000Z",
"modified": "2016-07-12T14:16:32.000Z",
"description": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692",
"pattern": "[file:hashes.MD5 = '45782441c73fa949495ffafdb8f9bb62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc0-a28c-48a2-b05a-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:32.000Z",
"modified": "2016-07-12T14:16:32.000Z",
"first_observed": "2016-07-12T14:16:32Z",
"last_observed": "2016-07-12T14:16:32Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc0-a28c-48a2-b05a-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc0-a28c-48a2-b05a-897902de0b81",
"value": "https://www.virustotal.com/file/80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692/analysis/1468011596/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc1-d30c-4ceb-8366-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:33.000Z",
"modified": "2016-07-12T14:16:33.000Z",
"description": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1",
"pattern": "[file:hashes.SHA1 = '68507a30c659d2b3f165b9450b6776c58c8f3a23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc1-1264-47ad-950a-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:33.000Z",
"modified": "2016-07-12T14:16:33.000Z",
"description": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1",
"pattern": "[file:hashes.MD5 = '31413f6a097a9e07722d122ecdb62f79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc1-7b7c-4c2f-94cb-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:33.000Z",
"modified": "2016-07-12T14:16:33.000Z",
"first_observed": "2016-07-12T14:16:33Z",
"last_observed": "2016-07-12T14:16:33Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc1-7b7c-4c2f-94cb-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc1-7b7c-4c2f-94cb-897902de0b81",
"value": "https://www.virustotal.com/file/3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1/analysis/1468011596/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc1-5c88-4863-a24a-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:33.000Z",
"modified": "2016-07-12T14:16:33.000Z",
"description": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1",
"pattern": "[file:hashes.SHA1 = '135e0e646a8ca2aa08283f85690d0fae654c085f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc1-5928-4195-840d-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:33.000Z",
"modified": "2016-07-12T14:16:33.000Z",
"description": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1",
"pattern": "[file:hashes.MD5 = 'a4571b830569d85c0f7d07297219bde9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc2-2194-4940-aa90-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:34.000Z",
"modified": "2016-07-12T14:16:34.000Z",
"first_observed": "2016-07-12T14:16:34Z",
"last_observed": "2016-07-12T14:16:34Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc2-2194-4940-aa90-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc2-2194-4940-aa90-897902de0b81",
"value": "https://www.virustotal.com/file/409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1/analysis/1457504808/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc2-07c4-46d6-b2bd-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:34.000Z",
"modified": "2016-07-12T14:16:34.000Z",
"description": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599",
"pattern": "[file:hashes.SHA1 = 'a047912dfb7c811d9f0c72d662eb081206fad322']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc2-4718-443f-bc6e-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:34.000Z",
"modified": "2016-07-12T14:16:34.000Z",
"description": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599",
"pattern": "[file:hashes.MD5 = 'af8a9d91f30566b2ed77617a045761ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc2-fb6c-4d07-b42f-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:34.000Z",
"modified": "2016-07-12T14:16:34.000Z",
"first_observed": "2016-07-12T14:16:34Z",
"last_observed": "2016-07-12T14:16:34Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc2-fb6c-4d07-b42f-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc2-fb6c-4d07-b42f-897902de0b81",
"value": "https://www.virustotal.com/file/1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599/analysis/1468011597/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc3-5210-4c19-b102-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:35.000Z",
"modified": "2016-07-12T14:16:35.000Z",
"description": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4",
"pattern": "[file:hashes.SHA1 = '6a5082d6b5eb17b832be4a71284a4e1efc7054e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc3-319c-4095-9990-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:35.000Z",
"modified": "2016-07-12T14:16:35.000Z",
"description": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4",
"pattern": "[file:hashes.MD5 = '024baaaa8247f1d06a6f803a2226efc4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc3-e1a4-475f-89b7-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:35.000Z",
"modified": "2016-07-12T14:16:35.000Z",
"first_observed": "2016-07-12T14:16:35Z",
"last_observed": "2016-07-12T14:16:35Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc3-e1a4-475f-89b7-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc3-e1a4-475f-89b7-897902de0b81",
"value": "https://www.virustotal.com/file/8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4/analysis/1468011598/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc3-4c24-43c1-b5d5-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:35.000Z",
"modified": "2016-07-12T14:16:35.000Z",
"description": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf",
"pattern": "[file:hashes.SHA1 = '24cd712a744b4b290341417fe2fcde0bdbacd18a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc3-4960-474d-b472-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:35.000Z",
"modified": "2016-07-12T14:16:35.000Z",
"description": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf",
"pattern": "[file:hashes.MD5 = 'a93c47161adc1645e2018e5d03cbd104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc4-fbc0-4c27-8494-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:36.000Z",
"modified": "2016-07-12T14:16:36.000Z",
"first_observed": "2016-07-12T14:16:36Z",
"last_observed": "2016-07-12T14:16:36Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc4-fbc0-4c27-8494-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc4-fbc0-4c27-8494-897902de0b81",
"value": "https://www.virustotal.com/file/69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf/analysis/1468011598/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc4-b124-4199-ae5f-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:36.000Z",
"modified": "2016-07-12T14:16:36.000Z",
"description": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6",
"pattern": "[file:hashes.SHA1 = '5cb432180a440b67f0493654514e8378014baad9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc4-3b24-448e-9ad8-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:36.000Z",
"modified": "2016-07-12T14:16:36.000Z",
"description": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6",
"pattern": "[file:hashes.MD5 = '1b3cafb71e8e1ccd13bcbe79e3d5c05c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc4-88d8-4785-816b-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:36.000Z",
"modified": "2016-07-12T14:16:36.000Z",
"first_observed": "2016-07-12T14:16:36Z",
"last_observed": "2016-07-12T14:16:36Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc4-88d8-4785-816b-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc4-88d8-4785-816b-897902de0b81",
"value": "https://www.virustotal.com/file/f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6/analysis/1468011597/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc5-f5b8-4f27-91bd-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:37.000Z",
"modified": "2016-07-12T14:16:37.000Z",
"description": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d",
"pattern": "[file:hashes.SHA1 = '13df492660de3497d11808e1160463437c20c7c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc5-f5a8-4fa8-ab4e-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:37.000Z",
"modified": "2016-07-12T14:16:37.000Z",
"description": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d",
"pattern": "[file:hashes.MD5 = 'a6777d7632039897a4a7abebb887cba0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc5-f4fc-485d-8226-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:37.000Z",
"modified": "2016-07-12T14:16:37.000Z",
"first_observed": "2016-07-12T14:16:37Z",
"last_observed": "2016-07-12T14:16:37Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc5-f4fc-485d-8226-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc5-f4fc-485d-8226-897902de0b81",
"value": "https://www.virustotal.com/file/67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d/analysis/1467988434/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc5-bd04-447a-a61d-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:37.000Z",
"modified": "2016-07-12T14:16:37.000Z",
"description": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de",
"pattern": "[file:hashes.SHA1 = 'd8137dce31b5e05d8a855fcd1217a1853c05794d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5784fbc5-572c-41b3-88f3-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:37.000Z",
"modified": "2016-07-12T14:16:37.000Z",
"description": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de",
"pattern": "[file:hashes.MD5 = '3de759a545bc530f0ca846a141201597']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-12T14:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5784fbc6-c44c-42ed-8ce6-897902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-12T14:16:38.000Z",
"modified": "2016-07-12T14:16:38.000Z",
"first_observed": "2016-07-12T14:16:38Z",
"last_observed": "2016-07-12T14:16:38Z",
"number_observed": 1,
"object_refs": [
"url--5784fbc6-c44c-42ed-8ce6-897902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5784fbc6-c44c-42ed-8ce6-897902de0b81",
"value": "https://www.virustotal.com/file/5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de/analysis/1468011596/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink