6101 lines
4 MiB
JSON
6101 lines
4 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--58787bf0-bf68-41ce-b679-457a950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:25.000Z",
|
||
|
"modified": "2017-01-13T07:32:25.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--58787bf0-bf68-41ce-b679-457a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:25.000Z",
|
||
|
"modified": "2017-01-13T07:32:25.000Z",
|
||
|
"name": "OSINT - shadow-brokers-windows",
|
||
|
"published": "2017-01-13T13:25:15Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--58787c21-0e9c-43ea-af81-404a950d210f",
|
||
|
"url--58787c21-0e9c-43ea-af81-404a950d210f",
|
||
|
"indicator--58787cef-1840-4808-b22c-4b27950d210f",
|
||
|
"indicator--58787cf1-df0c-4e97-8d54-48d4950d210f",
|
||
|
"indicator--58787cf2-8780-42dc-b391-45d4950d210f",
|
||
|
"indicator--58787cf4-02e4-41ee-b176-4b1b950d210f",
|
||
|
"indicator--58787cf6-2c3c-4e4c-ba6b-41db950d210f",
|
||
|
"indicator--58787cf7-c69c-4484-b1fa-42f0950d210f",
|
||
|
"indicator--58787cf9-2240-497e-9dee-44d1950d210f",
|
||
|
"indicator--58787cfa-28a4-41f7-a0d8-417f950d210f",
|
||
|
"indicator--58787cfb-2cf8-447d-ba73-41d4950d210f",
|
||
|
"indicator--58787cfd-1064-420f-b3a5-424c950d210f",
|
||
|
"indicator--58787cfe-deb4-43ce-80c7-4624950d210f",
|
||
|
"indicator--58787cff-af20-43ce-bf8c-4299950d210f",
|
||
|
"indicator--58787d01-6744-4a7c-9fa6-4d70950d210f",
|
||
|
"indicator--58787d02-7a2c-41af-8514-43e8950d210f",
|
||
|
"indicator--58787d03-78a8-46b3-99d0-4eb1950d210f",
|
||
|
"indicator--58787d05-0b8c-487f-a26f-408b950d210f",
|
||
|
"indicator--58787d07-7cec-4d48-9a21-4a22950d210f",
|
||
|
"indicator--58787d08-5c20-4b2f-868b-418f950d210f",
|
||
|
"indicator--58787d0a-3430-4faa-8eb2-4a62950d210f",
|
||
|
"indicator--58787d0b-3a00-487b-a2f3-492f950d210f",
|
||
|
"indicator--58787d0c-8fcc-4d1b-844c-4615950d210f",
|
||
|
"indicator--58787d0e-6c98-416e-ac56-4d09950d210f",
|
||
|
"indicator--58787d0f-19a8-4852-b312-4207950d210f",
|
||
|
"indicator--58787d11-9aa0-4da0-a855-4839950d210f",
|
||
|
"indicator--58787d12-17d4-49f4-8697-46ba950d210f",
|
||
|
"indicator--58787d14-cdf8-4b85-bc44-412b950d210f",
|
||
|
"indicator--58787d15-fc70-4639-ba02-4adb950d210f",
|
||
|
"indicator--58787d17-9d70-48be-aab3-47f2950d210f",
|
||
|
"indicator--58787d18-8bc8-48de-850e-4a53950d210f",
|
||
|
"indicator--58787d1a-af18-497b-b4ac-4d2e950d210f",
|
||
|
"indicator--58787d1b-c370-40f0-97d2-46fc950d210f",
|
||
|
"indicator--58787d1d-5a74-4a67-a4bc-4e1b950d210f",
|
||
|
"indicator--58787d1e-7ba4-4e30-8811-40a2950d210f",
|
||
|
"indicator--58787d20-f544-4fed-98a7-4e55950d210f",
|
||
|
"indicator--58787d21-9564-4aae-a379-4860950d210f",
|
||
|
"indicator--58787d23-9a1c-45ff-a685-46f6950d210f",
|
||
|
"indicator--58787d25-bb74-4b92-b069-4b06950d210f",
|
||
|
"indicator--58787d26-3278-4a2c-82f0-4359950d210f",
|
||
|
"indicator--58787d28-3834-4ecd-b157-4c6e950d210f",
|
||
|
"indicator--58787d29-6b6c-434a-8459-4ffc950d210f",
|
||
|
"indicator--58787d2b-8b10-4e7b-af3d-4cca950d210f",
|
||
|
"indicator--58787d2c-8af0-49a1-97a4-4b65950d210f",
|
||
|
"indicator--58787d2e-5b14-4fb9-8e6b-4944950d210f",
|
||
|
"indicator--58787d2f-d128-4ee1-bd14-4578950d210f",
|
||
|
"indicator--58787d31-0cb0-4217-b2e4-49c5950d210f",
|
||
|
"indicator--58787d32-0bf4-4850-b515-4064950d210f",
|
||
|
"indicator--58787d34-28fc-443e-aee5-4a38950d210f",
|
||
|
"indicator--58787d35-0168-4be6-9a14-4357950d210f",
|
||
|
"indicator--58787d36-d77c-4824-ab55-433d950d210f",
|
||
|
"indicator--58787d38-6d48-4ad2-a76c-4a33950d210f",
|
||
|
"indicator--58787d3a-8af4-4e81-a294-4358950d210f",
|
||
|
"indicator--58787d3b-bd94-4023-80f0-4219950d210f",
|
||
|
"indicator--58787d3c-62a0-4ee3-a4ae-45ac950d210f",
|
||
|
"indicator--58787d3e-23cc-4710-9f77-4e48950d210f",
|
||
|
"indicator--58787d3f-0ec0-49c4-b00a-400b950d210f",
|
||
|
"indicator--58787d41-a160-4726-847f-4dbf950d210f",
|
||
|
"indicator--58787d42-3b90-4e23-942a-4664950d210f",
|
||
|
"indicator--58787d44-585c-42ce-984b-425f950d210f",
|
||
|
"indicator--58787d45-fc2c-4518-bd56-42d9950d210f",
|
||
|
"indicator--58787d47-cd9c-4ff4-978f-4222950d210f",
|
||
|
"indicator--58787d48-83cc-4a3c-8f72-47ff950d210f",
|
||
|
"indicator--58787d81-edc8-4075-91cc-493e950d210f",
|
||
|
"indicator--58787d83-9704-478d-b6d2-49ef950d210f",
|
||
|
"indicator--58787d84-59d8-4390-a260-4c5f950d210f",
|
||
|
"indicator--58787d86-1c50-45ee-82ef-4726950d210f",
|
||
|
"indicator--58787d87-d138-47d6-9191-4eeb950d210f",
|
||
|
"indicator--58787d89-0ee8-437d-a6db-412f950d210f",
|
||
|
"indicator--58787d8a-1f4c-436d-bff0-4304950d210f",
|
||
|
"indicator--58787d8c-7b78-4eee-bcc1-40f4950d210f",
|
||
|
"indicator--58787d8d-dcdc-43f1-9401-4ac8950d210f",
|
||
|
"indicator--58787d8f-8610-4bef-b58f-4d0a950d210f",
|
||
|
"indicator--58787d90-1980-4156-a722-47e0950d210f",
|
||
|
"indicator--58787d92-d29c-4755-901f-4a2b950d210f",
|
||
|
"indicator--58787d93-5fbc-4138-90fe-46e5950d210f",
|
||
|
"indicator--58787d95-97d8-4eae-91f6-4483950d210f",
|
||
|
"indicator--58787d96-e274-4f35-bc9c-4c84950d210f",
|
||
|
"indicator--58787d98-da98-4038-9acd-4e0a950d210f",
|
||
|
"indicator--58787d99-3ab0-4191-b330-40eb950d210f",
|
||
|
"indicator--58787d9a-0ac4-4ae1-991c-4fba950d210f",
|
||
|
"indicator--58787d9c-fcb4-4fea-8e16-45d1950d210f",
|
||
|
"indicator--58787d9d-6edc-4ff8-859a-4300950d210f",
|
||
|
"indicator--58787d9f-a9fc-4687-b2cd-42da950d210f",
|
||
|
"indicator--58787da0-6bc0-4bc7-add8-4e4a950d210f",
|
||
|
"indicator--58787da1-3bbc-4b34-9632-4cf1950d210f",
|
||
|
"indicator--58787da3-9494-4e4a-8284-434c950d210f",
|
||
|
"indicator--58787da4-fb4c-40aa-94f5-4e0a950d210f",
|
||
|
"indicator--58787da6-18b4-4cc3-8e1c-471a950d210f",
|
||
|
"indicator--58787da7-6054-4dcb-88e6-4f06950d210f",
|
||
|
"indicator--58787da9-9274-4778-a13c-43d4950d210f",
|
||
|
"indicator--58787daa-10c0-4316-b25d-4dfb950d210f",
|
||
|
"indicator--58787dab-50e4-495f-a40d-4d9d950d210f",
|
||
|
"indicator--58787dad-f98c-4438-8c1c-4ef7950d210f",
|
||
|
"indicator--58787dae-dd7c-411c-8500-4d1b950d210f",
|
||
|
"indicator--58787db0-9084-4d1e-96c9-40b4950d210f",
|
||
|
"indicator--58787db1-339c-4457-a3fb-4cbb950d210f",
|
||
|
"indicator--58787db3-2c5c-4b3c-8847-4b9e950d210f",
|
||
|
"indicator--58787db4-f2a8-4a27-981d-459a950d210f",
|
||
|
"indicator--58787db5-4cbc-43ef-9bef-41e7950d210f",
|
||
|
"indicator--58787db7-e460-4f38-b687-4caf950d210f",
|
||
|
"indicator--58787db9-2834-4016-bbb9-44d6950d210f",
|
||
|
"indicator--58787dba-87dc-44a4-8849-40de950d210f",
|
||
|
"indicator--58787dbc-8228-47cc-b2b7-45dc950d210f",
|
||
|
"indicator--58787dbd-f264-4b27-aecd-4ff2950d210f",
|
||
|
"indicator--58787dbf-e858-4031-b347-491a950d210f",
|
||
|
"indicator--58787dc0-fdd8-4b99-8f26-4205950d210f",
|
||
|
"indicator--58787dc1-78b8-447b-9148-46d9950d210f",
|
||
|
"indicator--58787dc3-159c-449d-a8e5-416b950d210f",
|
||
|
"indicator--58787dc4-3e38-4baf-9846-4c15950d210f",
|
||
|
"indicator--58787dc6-fbb0-4454-b0f9-49e1950d210f",
|
||
|
"indicator--58787dc8-0514-4d3c-ba52-45cc950d210f",
|
||
|
"indicator--58787dc9-98ac-442f-871a-479a950d210f",
|
||
|
"indicator--58787dcb-00ec-4036-8f66-4d4c950d210f",
|
||
|
"indicator--58787dcc-4db0-4dac-a05a-40de950d210f",
|
||
|
"indicator--58787dce-0844-402b-9ee5-4015950d210f",
|
||
|
"indicator--58787dcf-0600-45c7-9a92-4150950d210f",
|
||
|
"indicator--58787dd0-9bd8-4778-ba6c-4151950d210f",
|
||
|
"indicator--58787dd2-7744-4c66-93a0-47dc950d210f",
|
||
|
"indicator--58787dd4-3f48-4b97-8a7b-4ef3950d210f",
|
||
|
"indicator--58787dd5-7ce4-48ac-92e7-41a6950d210f",
|
||
|
"indicator--58787dd7-7564-4d05-bb51-447c950d210f",
|
||
|
"indicator--58787dd8-1e78-4bfe-b976-4d32950d210f",
|
||
|
"indicator--58787dda-5594-47b3-ba73-41be950d210f",
|
||
|
"indicator--58787e14-ce3c-4fe3-b452-40e7950d210f",
|
||
|
"indicator--58787e16-31ac-48cb-a77e-4123950d210f",
|
||
|
"indicator--58787e17-744c-4eb0-9081-4db6950d210f",
|
||
|
"indicator--58787e19-1d88-4aca-b963-4222950d210f",
|
||
|
"indicator--58787e1a-4b24-4035-a71e-4454950d210f",
|
||
|
"indicator--58787e1c-ba78-4f7b-a93c-41c5950d210f",
|
||
|
"indicator--58787e1d-4b38-4df6-ba8f-4a89950d210f",
|
||
|
"indicator--58787e1f-c1cc-4463-beff-41aa950d210f",
|
||
|
"indicator--58787e21-7e14-49b5-8e3e-4f3c950d210f",
|
||
|
"indicator--58787e22-5fd4-4ee4-b452-4754950d210f",
|
||
|
"indicator--58787e24-61f0-41a8-b063-48f8950d210f",
|
||
|
"indicator--58787e26-fee0-459b-8f5f-41f7950d210f",
|
||
|
"indicator--58787e27-ea70-425a-9986-49ba950d210f",
|
||
|
"indicator--58787e29-f1e0-48c5-9fc8-4ae9950d210f",
|
||
|
"indicator--58787e2a-88cc-41c1-ba63-44ef950d210f",
|
||
|
"indicator--58787e2c-5838-4aa2-8a81-4ca6950d210f",
|
||
|
"indicator--58787e2d-5864-4bbe-a21f-4d6a950d210f",
|
||
|
"indicator--58787e2f-639c-4d80-9088-40f4950d210f",
|
||
|
"indicator--58787e30-a9fc-411e-be44-472c950d210f",
|
||
|
"indicator--58787e32-ae80-457d-8a93-4bcb950d210f",
|
||
|
"indicator--58787e33-31b0-4a3b-9f4a-4a07950d210f",
|
||
|
"indicator--58787e34-976c-480e-b267-4c77950d210f",
|
||
|
"indicator--58787e36-1314-40ea-afe9-4d82950d210f",
|
||
|
"indicator--58787e37-2250-4556-a1da-4659950d210f",
|
||
|
"indicator--58787e39-96cc-4180-a453-461c950d210f",
|
||
|
"indicator--58787e3a-07ac-41b4-8dd7-489e950d210f",
|
||
|
"indicator--58787e3b-4690-4183-9d56-48d7950d210f",
|
||
|
"indicator--58787e3d-35c4-47a5-ba87-469f950d210f",
|
||
|
"indicator--58787e3e-4194-494f-816b-417f950d210f",
|
||
|
"indicator--58787e40-8ddc-4862-a0f3-46d6950d210f",
|
||
|
"indicator--58787e41-ab5c-44c9-a0a1-4d6d950d210f",
|
||
|
"indicator--58787e42-9200-494e-a468-41b1950d210f",
|
||
|
"indicator--58787e44-f3f4-4d07-9e12-491e950d210f",
|
||
|
"indicator--58787e45-8f9c-4484-9c0a-493d950d210f",
|
||
|
"indicator--58787e47-656c-4ef4-a54f-43b8950d210f",
|
||
|
"indicator--58787e48-66d4-4a07-89df-4b5a950d210f",
|
||
|
"indicator--58787e49-a440-455b-994e-4d20950d210f",
|
||
|
"indicator--58787e4b-0518-45ac-85bf-452c950d210f",
|
||
|
"indicator--58787e4c-376c-4e48-a375-4ab5950d210f",
|
||
|
"indicator--58787e4e-615c-42b5-a785-4bbf950d210f",
|
||
|
"indicator--58787e4f-088c-4aee-a488-4806950d210f",
|
||
|
"indicator--58787e51-1e38-41a1-869a-4815950d210f",
|
||
|
"indicator--58787e52-8cc4-42ac-a58a-45b3950d210f",
|
||
|
"indicator--58787e54-e130-4a6b-8347-4528950d210f",
|
||
|
"indicator--58787e55-d004-4aba-9d07-4680950d210f",
|
||
|
"indicator--58787e57-d830-4585-9242-454d950d210f",
|
||
|
"indicator--58787e58-5698-4727-8f2f-4d66950d210f",
|
||
|
"indicator--58787e59-b44c-4838-844e-41f9950d210f",
|
||
|
"indicator--58787e5b-f9b8-4e1a-be2b-4146950d210f",
|
||
|
"indicator--58787e5c-edb4-47e0-8cc8-4047950d210f",
|
||
|
"indicator--58787e5e-4b30-4cf6-9171-486c950d210f",
|
||
|
"indicator--58787e5f-8e7c-44ed-97d5-4f31950d210f",
|
||
|
"indicator--58787e61-f848-4534-ba39-4a4a950d210f",
|
||
|
"indicator--58787e62-7004-4f53-a896-49f8950d210f",
|
||
|
"indicator--58787e64-45e8-4eca-916f-4c23950d210f",
|
||
|
"indicator--58787e65-3a94-43a9-a373-490a950d210f",
|
||
|
"indicator--58787e67-9a74-4977-b276-488b950d210f",
|
||
|
"indicator--58787e68-5158-47ab-8019-4ea2950d210f",
|
||
|
"indicator--58787e69-ac70-44f2-b31c-4fb0950d210f",
|
||
|
"indicator--58787e6b-695c-4dda-822b-4305950d210f",
|
||
|
"indicator--58787e6c-73d0-471b-81b8-4bfa950d210f",
|
||
|
"observed-data--58788289-7f48-463e-bc85-401c02de0b81",
|
||
|
"url--58788289-7f48-463e-bc85-401c02de0b81",
|
||
|
"observed-data--58788289-f178-47e4-89b8-420f02de0b81",
|
||
|
"url--58788289-f178-47e4-89b8-420f02de0b81",
|
||
|
"observed-data--5878828a-feb4-467a-a844-4f9c02de0b81",
|
||
|
"url--5878828a-feb4-467a-a844-4f9c02de0b81",
|
||
|
"observed-data--5878828b-39d8-4995-9ede-468f02de0b81",
|
||
|
"url--5878828b-39d8-4995-9ede-468f02de0b81",
|
||
|
"observed-data--5878828c-35a4-4a20-84fe-4f2602de0b81",
|
||
|
"url--5878828c-35a4-4a20-84fe-4f2602de0b81",
|
||
|
"observed-data--5878828c-e328-49b6-a170-4d4102de0b81",
|
||
|
"url--5878828c-e328-49b6-a170-4d4102de0b81",
|
||
|
"observed-data--5878828d-00a4-4abf-a756-409102de0b81",
|
||
|
"url--5878828d-00a4-4abf-a756-409102de0b81",
|
||
|
"observed-data--5878828e-b350-47e1-be89-441d02de0b81",
|
||
|
"url--5878828e-b350-47e1-be89-441d02de0b81",
|
||
|
"observed-data--5878828f-1f2c-49b2-9d4f-485502de0b81",
|
||
|
"url--5878828f-1f2c-49b2-9d4f-485502de0b81",
|
||
|
"observed-data--5878828f-9b18-4683-8008-476e02de0b81",
|
||
|
"url--5878828f-9b18-4683-8008-476e02de0b81",
|
||
|
"observed-data--58788290-cf10-4b30-bcfe-4f2f02de0b81",
|
||
|
"url--58788290-cf10-4b30-bcfe-4f2f02de0b81",
|
||
|
"observed-data--58788291-2130-4578-b7cd-4ac102de0b81",
|
||
|
"url--58788291-2130-4578-b7cd-4ac102de0b81",
|
||
|
"observed-data--58788291-4ce8-422b-a6ae-47ae02de0b81",
|
||
|
"url--58788291-4ce8-422b-a6ae-47ae02de0b81",
|
||
|
"observed-data--58788292-33f0-4130-a0e6-4f5c02de0b81",
|
||
|
"url--58788292-33f0-4130-a0e6-4f5c02de0b81",
|
||
|
"observed-data--58788293-1444-4dff-bcaa-455e02de0b81",
|
||
|
"url--58788293-1444-4dff-bcaa-455e02de0b81",
|
||
|
"observed-data--58788294-491c-49c8-bf08-441902de0b81",
|
||
|
"url--58788294-491c-49c8-bf08-441902de0b81",
|
||
|
"observed-data--58788294-a134-42da-8a3e-4f3a02de0b81",
|
||
|
"url--58788294-a134-42da-8a3e-4f3a02de0b81",
|
||
|
"observed-data--58788295-1bfc-419e-b0d4-4aed02de0b81",
|
||
|
"url--58788295-1bfc-419e-b0d4-4aed02de0b81",
|
||
|
"observed-data--58788296-ef38-44c4-baab-4b4c02de0b81",
|
||
|
"url--58788296-ef38-44c4-baab-4b4c02de0b81",
|
||
|
"observed-data--58788297-7790-49c2-8e67-419c02de0b81",
|
||
|
"url--58788297-7790-49c2-8e67-419c02de0b81",
|
||
|
"observed-data--58788297-a9a8-4a84-b1d6-49bc02de0b81",
|
||
|
"url--58788297-a9a8-4a84-b1d6-49bc02de0b81",
|
||
|
"observed-data--58788298-9b7c-4e56-9c50-44c202de0b81",
|
||
|
"url--58788298-9b7c-4e56-9c50-44c202de0b81",
|
||
|
"observed-data--58788299-2b04-46bd-a2d7-444302de0b81",
|
||
|
"url--58788299-2b04-46bd-a2d7-444302de0b81",
|
||
|
"observed-data--58788299-0ee4-474f-9048-4eb802de0b81",
|
||
|
"url--58788299-0ee4-474f-9048-4eb802de0b81",
|
||
|
"observed-data--5878829a-1df4-4960-afb2-499e02de0b81",
|
||
|
"url--5878829a-1df4-4960-afb2-499e02de0b81",
|
||
|
"observed-data--5878829b-60d8-45f3-af61-4d2d02de0b81",
|
||
|
"url--5878829b-60d8-45f3-af61-4d2d02de0b81",
|
||
|
"observed-data--5878829c-8b58-4c24-9907-495202de0b81",
|
||
|
"url--5878829c-8b58-4c24-9907-495202de0b81",
|
||
|
"observed-data--5878829c-f090-4bfc-99e9-4b2c02de0b81",
|
||
|
"url--5878829c-f090-4bfc-99e9-4b2c02de0b81",
|
||
|
"observed-data--5878829d-9e3c-4247-b728-442002de0b81",
|
||
|
"url--5878829d-9e3c-4247-b728-442002de0b81",
|
||
|
"observed-data--5878829e-a1fc-4ad9-a160-43d402de0b81",
|
||
|
"url--5878829e-a1fc-4ad9-a160-43d402de0b81",
|
||
|
"observed-data--5878829f-aa3c-42ed-9a0e-4a0702de0b81",
|
||
|
"url--5878829f-aa3c-42ed-9a0e-4a0702de0b81",
|
||
|
"observed-data--5878829f-7a1c-4f46-ae6d-49da02de0b81",
|
||
|
"url--5878829f-7a1c-4f46-ae6d-49da02de0b81",
|
||
|
"observed-data--587882a0-1510-434a-9541-427102de0b81",
|
||
|
"url--587882a0-1510-434a-9541-427102de0b81",
|
||
|
"observed-data--587882a1-b54c-45f6-b553-412802de0b81",
|
||
|
"url--587882a1-b54c-45f6-b553-412802de0b81",
|
||
|
"observed-data--587882a2-c1a8-4b88-9894-4e4e02de0b81",
|
||
|
"url--587882a2-c1a8-4b88-9894-4e4e02de0b81",
|
||
|
"observed-data--587882a2-c758-4569-865a-4c2902de0b81",
|
||
|
"url--587882a2-c758-4569-865a-4c2902de0b81",
|
||
|
"observed-data--587882a3-646c-4d26-ab34-4eeb02de0b81",
|
||
|
"url--587882a3-646c-4d26-ab34-4eeb02de0b81",
|
||
|
"observed-data--587882a4-a00c-4be4-8796-4a9702de0b81",
|
||
|
"url--587882a4-a00c-4be4-8796-4a9702de0b81",
|
||
|
"observed-data--587882a5-e214-4a3f-b2d7-426c02de0b81",
|
||
|
"url--587882a5-e214-4a3f-b2d7-426c02de0b81",
|
||
|
"observed-data--587882a5-2c20-4859-856e-4d6002de0b81",
|
||
|
"url--587882a5-2c20-4859-856e-4d6002de0b81",
|
||
|
"observed-data--587882a6-2dd8-4602-af38-460d02de0b81",
|
||
|
"url--587882a6-2dd8-4602-af38-460d02de0b81",
|
||
|
"observed-data--587882a7-da70-41b9-89c3-454302de0b81",
|
||
|
"url--587882a7-da70-41b9-89c3-454302de0b81",
|
||
|
"observed-data--587882a8-1678-4f4d-a681-416a02de0b81",
|
||
|
"url--587882a8-1678-4f4d-a681-416a02de0b81",
|
||
|
"observed-data--587882a8-ba4c-496f-8f64-412602de0b81",
|
||
|
"url--587882a8-ba4c-496f-8f64-412602de0b81",
|
||
|
"observed-data--587882a9-5834-4f38-9a23-402002de0b81",
|
||
|
"url--587882a9-5834-4f38-9a23-402002de0b81",
|
||
|
"observed-data--587882aa-b0cc-45f5-9b81-41aa02de0b81",
|
||
|
"url--587882aa-b0cc-45f5-9b81-41aa02de0b81",
|
||
|
"observed-data--587882aa-dd68-4b82-82a0-441302de0b81",
|
||
|
"url--587882aa-dd68-4b82-82a0-441302de0b81",
|
||
|
"observed-data--587882ab-6b84-4d91-8cc2-4e4c02de0b81",
|
||
|
"url--587882ab-6b84-4d91-8cc2-4e4c02de0b81",
|
||
|
"observed-data--587882ac-15a8-4135-9c7c-462002de0b81",
|
||
|
"url--587882ac-15a8-4135-9c7c-462002de0b81",
|
||
|
"observed-data--587882ad-4b10-4945-a173-485002de0b81",
|
||
|
"url--587882ad-4b10-4945-a173-485002de0b81",
|
||
|
"observed-data--587882ae-0914-4d43-b093-4bf102de0b81",
|
||
|
"url--587882ae-0914-4d43-b093-4bf102de0b81",
|
||
|
"observed-data--587882ae-a4b8-4a45-be25-4f6802de0b81",
|
||
|
"url--587882ae-a4b8-4a45-be25-4f6802de0b81",
|
||
|
"observed-data--587882af-f4fc-46c9-9c69-462202de0b81",
|
||
|
"url--587882af-f4fc-46c9-9c69-462202de0b81",
|
||
|
"observed-data--587882b0-cdbc-47d9-bae9-45b002de0b81",
|
||
|
"url--587882b0-cdbc-47d9-bae9-45b002de0b81",
|
||
|
"observed-data--587882b1-0fe0-4731-ba6b-49af02de0b81",
|
||
|
"url--587882b1-0fe0-4731-ba6b-49af02de0b81",
|
||
|
"observed-data--587882b1-c034-4d22-b4a5-4c3102de0b81",
|
||
|
"url--587882b1-c034-4d22-b4a5-4c3102de0b81",
|
||
|
"observed-data--587882b2-3a24-4622-aaad-429d02de0b81",
|
||
|
"url--587882b2-3a24-4622-aaad-429d02de0b81",
|
||
|
"observed-data--587882b3-44c8-4b93-8e85-406702de0b81",
|
||
|
"url--587882b3-44c8-4b93-8e85-406702de0b81",
|
||
|
"observed-data--587882b4-e360-4189-8307-49a902de0b81",
|
||
|
"url--587882b4-e360-4189-8307-49a902de0b81",
|
||
|
"observed-data--587882b5-01a8-4f5a-8106-432002de0b81",
|
||
|
"url--587882b5-01a8-4f5a-8106-432002de0b81",
|
||
|
"indicator--5878d523-883c-4ed7-924b-eb83950d210f",
|
||
|
"indicator--5878d525-edf4-4d19-843c-eb83950d210f",
|
||
|
"indicator--5878d526-be98-4ee1-86eb-eb83950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"admiralty-scale:information-credibility=\"3\"",
|
||
|
"osint:source-type=\"source-code-repository\"",
|
||
|
"misp-galaxy:threat-actor=\"Equation Group\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58787c21-0e9c-43ea-af81-404a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:05:05.000Z",
|
||
|
"modified": "2017-01-13T07:05:05.000Z",
|
||
|
"first_observed": "2017-01-13T07:05:05Z",
|
||
|
"last_observed": "2017-01-13T07:05:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58787c21-0e9c-43ea-af81-404a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58787c21-0e9c-43ea-af81-404a950d210f",
|
||
|
"value": "https://github.com/shadowbrokers2017/shadow-brokers-windows"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cef-1840-4808-b22c-4b27950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:31.000Z",
|
||
|
"modified": "2017-01-13T07:08:31.000Z",
|
||
|
"pattern": "[file:name = 'DoubleFeatureDll.dll.unfinalized' AND file:hashes.SHA256 = '515374423b8b132258bd91acf6f29168dcc267a3f45ecb9d1fe18ee3a253195b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cf1-df0c-4e97-8d54-48d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:33.000Z",
|
||
|
"modified": "2017-01-13T07:08:33.000Z",
|
||
|
"pattern": "[file:name = 'DuplicateToken_Implant.dll' AND file:hashes.SHA256 = '94c4733eebf19013df3b42d76c11ed5d153a56bdab57e1c748e07cc7da38f3ba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cf2-8780-42dc-b391-45d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:34.000Z",
|
||
|
"modified": "2017-01-13T07:08:34.000Z",
|
||
|
"pattern": "[file:name = 'DuplicateToken_Lp.dll' AND file:hashes.SHA256 = '694be2698bcc5c7a1cce11f8ef65c1c96a883d14b98148c36b32888fb58b6a7e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cf4-02e4-41ee-b176-4b1b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:36.000Z",
|
||
|
"modified": "2017-01-13T07:08:36.000Z",
|
||
|
"pattern": "[file:name = 'DXGHLP16.SYS' AND file:hashes.SHA256 = 'fcfb56fa79d2383d34c471ef439314edc2239d632a880aa2de3cea430f6b5665']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cf6-2c3c-4e4c-ba6b-41db950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:38.000Z",
|
||
|
"modified": "2017-01-13T07:08:38.000Z",
|
||
|
"pattern": "[file:name = 'EventLogEdit_Implant.dll' AND file:hashes.SHA256 = '0bb750195fbd93d174c2a8e20bcbcae4efefc881f7961fdca8fa6ebd68ac1edf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cf7-c69c-4484-b1fa-42f0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:39.000Z",
|
||
|
"modified": "2017-01-13T07:08:39.000Z",
|
||
|
"pattern": "[file:name = 'EventLogEdit_Lp.dll' AND file:hashes.SHA256 = '73d1d55493886639c619e9f5e312daab93e4feeb74f24dbe51593842baac8d15']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cf9-2240-497e-9dee-44d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:41.000Z",
|
||
|
"modified": "2017-01-13T07:08:41.000Z",
|
||
|
"pattern": "[file:name = 'GetAdmin_Implant.dll' AND file:hashes.SHA256 = 'c8b354793ad5a16744cf1d4efdc5fe48d5a0cf0657974eb7145e0088fcf609ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cfa-28a4-41f7-a0d8-417f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:42.000Z",
|
||
|
"modified": "2017-01-13T07:08:42.000Z",
|
||
|
"pattern": "[file:name = 'GetAdmin_Lp.dll' AND file:hashes.SHA256 = 'e1c9c9f031d902e69e42f684ae5b35a2513f7d5f8bca83dfbab10e8de6254c78']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cfb-2cf8-447d-ba73-41d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:43.000Z",
|
||
|
"modified": "2017-01-13T07:08:43.000Z",
|
||
|
"pattern": "[file:name = 'kill_Implant9x.dll' AND file:hashes.SHA256 = '53ecd7b9879f12d17c88089fcf796c85ca29ea4639e34b8ca96819517c2a059a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cfd-1064-420f-b3a5-424c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:45.000Z",
|
||
|
"modified": "2017-01-13T07:08:45.000Z",
|
||
|
"pattern": "[file:name = 'kill_Implant.dll' AND file:hashes.SHA256 = 'c3d8ffbb4ecdf6486da175e5381e855d8224acd339199c1057846bd5b74badac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cfe-deb4-43ce-80c7-4624950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:46.000Z",
|
||
|
"modified": "2017-01-13T07:08:46.000Z",
|
||
|
"pattern": "[file:name = 'LSADUMP_Implant.dll' AND file:hashes.SHA256 = '5f06ec411f127f23add9f897dc165eaa68cbe8bb99da8f00a4a360f108bb8741']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787cff-af20-43ce-bf8c-4299950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:47.000Z",
|
||
|
"modified": "2017-01-13T07:08:47.000Z",
|
||
|
"pattern": "[file:name = 'LSADUMP_Lp.dll' AND file:hashes.SHA256 = 'c7bf4c012293e7de56d86f4f5b4eeb6c1c5263568cc4d9863a286a86b5daf194']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d01-6744-4a7c-9fa6-4d70950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:49.000Z",
|
||
|
"modified": "2017-01-13T07:08:49.000Z",
|
||
|
"pattern": "[file:name = 'modifyAudit_Implant.dll' AND file:hashes.SHA256 = 'b7902809a15c4c3864a14f009768693c66f9e9234204b873d29a87f4c3009a50']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d02-7a2c-41af-8514-43e8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:50.000Z",
|
||
|
"modified": "2017-01-13T07:08:50.000Z",
|
||
|
"pattern": "[file:name = 'modifyAudit_Lp.dll' AND file:hashes.SHA256 = '2a1f2034e80421359e3bf65cbd12a55a95bd00f2eb86cf2c2d287711ee1d56ad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d03-78a8-46b3-99d0-4eb1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:51.000Z",
|
||
|
"modified": "2017-01-13T07:08:51.000Z",
|
||
|
"pattern": "[file:name = 'modifyAuthentication_Implant.dll' AND file:hashes.SHA256 = 'e1dff24af5bfc991dca21b4e3a19ffbc069176d674179eef691afc6b1ac6f805']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d05-0b8c-487f-a26f-408b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:53.000Z",
|
||
|
"modified": "2017-01-13T07:08:53.000Z",
|
||
|
"pattern": "[file:name = 'modifyAuthentication_Lp.dll' AND file:hashes.SHA256 = '8f5b97124de9fce16e2cfecb7dd2e171824c9e07546db7b3bee7c5f2c92ceda9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d07-7cec-4d48-9a21-4a22950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:55.000Z",
|
||
|
"modified": "2017-01-13T07:08:55.000Z",
|
||
|
"pattern": "[file:name = 'ModifyGroup_Implant.dll' AND file:hashes.SHA256 = 'd382e598544a739dd17b407466a536070203cbe375c56c54792b6d0eded678cd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d08-5c20-4b2f-868b-418f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:56.000Z",
|
||
|
"modified": "2017-01-13T07:08:56.000Z",
|
||
|
"pattern": "[file:name = 'ModifyGroup_Lp.dll' AND file:hashes.SHA256 = 'dfb38ed2ca3870faf351df1bd447a3dc4470ed568553bf83df07bf07967bf520']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d0a-3430-4faa-8eb2-4a62950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:58.000Z",
|
||
|
"modified": "2017-01-13T07:08:58.000Z",
|
||
|
"pattern": "[file:name = 'ModifyPrivilege_Implant.dll' AND file:hashes.SHA256 = '104c466732154ec25eb8b81efa88c74cec0a5baeaba76f6fd6eaa30c285c212b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d0b-3a00-487b-a2f3-492f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:08:59.000Z",
|
||
|
"modified": "2017-01-13T07:08:59.000Z",
|
||
|
"pattern": "[file:name = 'ModifyPrivilege_Lp.dll' AND file:hashes.SHA256 = 'd92928a867a685274b0a74ec55c0b83690fca989699310179e184e2787d47f48']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:08:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d0c-8fcc-4d1b-844c-4615950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:00.000Z",
|
||
|
"modified": "2017-01-13T07:09:00.000Z",
|
||
|
"pattern": "[file:name = 'msgkd.ex_' AND file:hashes.SHA256 = '25eec68fc9f0d8d1b5d72c9eae7bee29035918e9dcbeab13e276dec4b2ad2a56']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d0e-6c98-416e-ac56-4d09950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:02.000Z",
|
||
|
"modified": "2017-01-13T07:09:02.000Z",
|
||
|
"pattern": "[file:name = 'msgki.ex_' AND file:hashes.SHA256 = '9191e9bc8b64af9545b0e6e2ac022ad20b7905a6b327f768d822ff62233f3726']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d0f-19a8-4852-b312-4207950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:03.000Z",
|
||
|
"modified": "2017-01-13T07:09:03.000Z",
|
||
|
"pattern": "[file:name = 'msgks.ex_' AND file:hashes.SHA256 = '7b4986aee8f5c4dca255431902907b36408f528f6c0f7d7fa21f079fa0a42e09']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d11-9aa0-4da0-a855-4839950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:05.000Z",
|
||
|
"modified": "2017-01-13T07:09:05.000Z",
|
||
|
"pattern": "[file:name = 'msgku.ex_' AND file:hashes.SHA256 = 'ef906b8a8ad9dca7407e0a467b32d7f7cf32814210964be2bfb5b0e6d2ca1998']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d12-17d4-49f4-8697-46ba950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:06.000Z",
|
||
|
"modified": "2017-01-13T07:09:06.000Z",
|
||
|
"pattern": "[file:name = 'mssld.dll' AND file:hashes.SHA256 = '69dcc150468f7707cc8ef618a4cea4643a817171babfba9290395ada9611c63c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d14-cdf8-4b85-bc44-412b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:08.000Z",
|
||
|
"modified": "2017-01-13T07:09:08.000Z",
|
||
|
"pattern": "[file:name = 'msslu.dll' AND file:hashes.SHA256 = '9022a6ece80e75a58a7e41b44aa27497ea3f8e4713c0af5e0887d60cde1fe3ba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d15-fc70-4639-ba02-4adb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:09.000Z",
|
||
|
"modified": "2017-01-13T07:09:09.000Z",
|
||
|
"pattern": "[file:name = 'mstcp32.sys' AND file:hashes.SHA256 = '26215bc56dc31d2466d72f1f4e1b6388e62606e9949bc41c28968fcb9a9d60a6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d17-9d70-48be-aab3-47f2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:11.000Z",
|
||
|
"modified": "2017-01-13T07:09:11.000Z",
|
||
|
"pattern": "[file:name = 'nethide_Implant.dll' AND file:hashes.SHA256 = 'b2daf9058fdc5e2affd5a409aebb90343ddde4239331d3de8edabeafdb3a48fa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d18-8bc8-48de-850e-4a53950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:12.000Z",
|
||
|
"modified": "2017-01-13T07:09:12.000Z",
|
||
|
"pattern": "[file:name = 'nethide_Lp.dll' AND file:hashes.SHA256 = '137749c0fbb8c12d1a650f0bfc73be2739ff084165d02e4cb68c6496d828bf1d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d1a-af18-497b-b4ac-4d2e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:14.000Z",
|
||
|
"modified": "2017-01-13T07:09:14.000Z",
|
||
|
"pattern": "[file:name = 'ntevt.sys' AND file:hashes.SHA256 = '45e5e1ea3456d7852f5c610c7f4447776b9f15b56df7e3a53d57996123e0cebf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d1b-c370-40f0-97d2-46fc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:15.000Z",
|
||
|
"modified": "2017-01-13T07:09:15.000Z",
|
||
|
"pattern": "[file:name = 'ntevtx64.sys' AND file:hashes.SHA256 = '4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d1d-5a74-4a67-a4bc-4e1b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:17.000Z",
|
||
|
"modified": "2017-01-13T07:09:17.000Z",
|
||
|
"pattern": "[file:name = 'ntfltmgr.sys' AND file:hashes.SHA256 = 'f7a886ee10ee6f9c6be48c20f370514be62a3fd2da828b0dff44ff3d485ff5c5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d1e-7ba4-4e30-8811-40a2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:18.000Z",
|
||
|
"modified": "2017-01-13T07:09:18.000Z",
|
||
|
"pattern": "[file:name = 'PassFreely_Implant.dll' AND file:hashes.SHA256 = 'c68f420b5a5e085a508a2529ac001284a255090920a0236df1b5656d010966e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d20-f544-4fed-98a7-4e55950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:20.000Z",
|
||
|
"modified": "2017-01-13T07:09:20.000Z",
|
||
|
"pattern": "[file:name = 'PassFreely_Lp.dll' AND file:hashes.SHA256 = 'fe42139748c8e9ba27a812466d9395b3a0818b0cd7b41d6769cb7239e57219fb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d21-9564-4aae-a379-4860950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:21.000Z",
|
||
|
"modified": "2017-01-13T07:09:21.000Z",
|
||
|
"pattern": "[file:name = 'PC_Legacy_dll' AND file:hashes.SHA256 = '0cbc5cc2e24f25cb645fb57d6088bcfb893f9eb9f27f8851503a1b33378ff22d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d23-9a1c-45ff-a685-46f6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:23.000Z",
|
||
|
"modified": "2017-01-13T07:09:23.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_dll' AND file:hashes.SHA256 = 'e44fe9432c5e11b51660efc37bf9b553260ad4130651a604ad11ca784d7f9238']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d25-bb74-4b92-b069-4b06950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:25.000Z",
|
||
|
"modified": "2017-01-13T07:09:25.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_dll_x64' AND file:hashes.SHA256 = '339855618fb3ef53987b8c14a61bd4519b2616e766149e0c21cbd7cbe7a632c9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d26-3278-4a2c-82f0-4359950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:26.000Z",
|
||
|
"modified": "2017-01-13T07:09:26.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_flav_dll' AND file:hashes.SHA256 = '412efa09d71223208f3d24a661b8539d98aad6b61157707e865e288a96cda806']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d28-3834-4ecd-b157-4c6e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:28.000Z",
|
||
|
"modified": "2017-01-13T07:09:28.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_flav_dll_x64' AND file:hashes.SHA256 = '7352bece317e6e6896d7667faa2b38bb4f1a38112821567136d60369a91bcbef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d29-6b6c-434a-8459-4ffc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:29.000Z",
|
||
|
"modified": "2017-01-13T07:09:29.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_dll' AND file:hashes.SHA256 = '4ebfc1f6ec6a0e68e47e5b231331470a4483184cf715a578191b91ba7c32094d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d2b-8b10-4e7b-af3d-4cca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:31.000Z",
|
||
|
"modified": "2017-01-13T07:09:31.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_dll_x64' AND file:hashes.SHA256 = 'fb693eb9612d5e039a7a0fc5a183d0407cc2bce5617e7e22d2bd56caa5191e5f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d2c-8af0-49a1-97a4-4b65950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:32.000Z",
|
||
|
"modified": "2017-01-13T07:09:32.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_flav_dll' AND file:hashes.SHA256 = '27972d636b05a794d17cb3203d537bcf7c379fafd1802792e7fb8e72f130a0c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d2e-5b14-4fb9-8e6b-4944950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:34.000Z",
|
||
|
"modified": "2017-01-13T07:09:34.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_flav_dll_x64' AND file:hashes.SHA256 = '4e0209b4f5990148f5d6dee47dbc7021bf78a782b85cef4d6c8be22d698b884f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d2f-d128-4ee1-bd14-4578950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:35.000Z",
|
||
|
"modified": "2017-01-13T07:09:35.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_dll' AND file:hashes.SHA256 = '227faeb770ba538fb85692b3dfcd00f76a0a5205d1594bd0969a1e535ee90ee1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d31-0cb0-4217-b2e4-49c5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:37.000Z",
|
||
|
"modified": "2017-01-13T07:09:37.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_dll_x64' AND file:hashes.SHA256 = '25a2549031cb97b8a3b569b1263c903c6c0247f7fff866e7ec63f0add1b4921c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d32-0bf4-4850-b515-4064950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:38.000Z",
|
||
|
"modified": "2017-01-13T07:09:38.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_exe' AND file:hashes.SHA256 = '33ba9f103186b6e52d8d69499512e7fbac9096e7c5278838127488acc3b669a9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d34-28fc-443e-aee5-4a38950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:40.000Z",
|
||
|
"modified": "2017-01-13T07:09:40.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_http_flav_dll' AND file:hashes.SHA256 = '0df9d223d6bf3e1c4ba8fec7522dceb63902d1f9ddd7c26da1560da54dce2f3b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d35-0168-4be6-9a14-4357950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:41.000Z",
|
||
|
"modified": "2017-01-13T07:09:41.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_http_flav_dll_x64' AND file:hashes.SHA256 = '7a6488dd13936e505ec738dcc84b9fec57a5e46aab8aff59b8cfad8f599ea86a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d36-d77c-4824-ab55-433d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:42.000Z",
|
||
|
"modified": "2017-01-13T07:09:42.000Z",
|
||
|
"pattern": "[file:name = 'PortMap_Implant.dll' AND file:hashes.SHA256 = '964762416840738b1235ed4ae479a4b117b8cdcc762a6737e83bc2062c0cf236']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d38-6d48-4ad2-a76c-4a33950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:44.000Z",
|
||
|
"modified": "2017-01-13T07:09:44.000Z",
|
||
|
"pattern": "[file:name = 'PortMap_Lp.dll' AND file:hashes.SHA256 = '2b27f2faae9de6330f17f60a1d19f9831336f57fdfef06c3b8876498882624a6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d3a-8af4-4e81-a294-4358950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:46.000Z",
|
||
|
"modified": "2017-01-13T07:09:46.000Z",
|
||
|
"pattern": "[file:name = 'ProcessHide_Implant.dll' AND file:hashes.SHA256 = '28a9a86f0f0a3cc4383c9f6632ee0129309afe4102d0cee1a110702a95dc0022']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d3b-bd94-4023-80f0-4219950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:47.000Z",
|
||
|
"modified": "2017-01-13T07:09:47.000Z",
|
||
|
"pattern": "[file:name = 'ProcessHide_Lp.dll' AND file:hashes.SHA256 = 'cdee0daa816f179e74c90c850abd427fbfe0888dcfbc38bf21173f543cdcdc66']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d3c-62a0-4ee3-a4ae-45ac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:48.000Z",
|
||
|
"modified": "2017-01-13T07:09:48.000Z",
|
||
|
"pattern": "[file:name = 'processinfo_Implant9x.dll' AND file:hashes.SHA256 = '00f782e2d4b901f0d860c3da00e154d5f0ccaf2fe758c61a27b1c0a85a927a34']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d3e-23cc-4710-9f77-4e48950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:50.000Z",
|
||
|
"modified": "2017-01-13T07:09:50.000Z",
|
||
|
"pattern": "[file:name = 'processinfo_Implant.dll' AND file:hashes.SHA256 = 'aadfa0b1aec4456b10e4fb82f5cfa918dbf4e87d19a02bcc576ac499dda0fb68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d3f-0ec0-49c4-b00a-400b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:51.000Z",
|
||
|
"modified": "2017-01-13T07:09:51.000Z",
|
||
|
"pattern": "[file:name = 'ProcessOptions_Implant.dll' AND file:hashes.SHA256 = '03f22bf2f33d1032959ca68aad78ccecc201a4e5f07f446f9d1284a60fbe3361']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d41-a160-4726-847f-4dbf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:53.000Z",
|
||
|
"modified": "2017-01-13T07:09:53.000Z",
|
||
|
"pattern": "[file:name = 'ProcessOptions_Lp.dll' AND file:hashes.SHA256 = '31d86f77137f0b3697af03dd28d6552258314cecd3c1d9dc18fcf609eb24229a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d42-3b90-4e23-942a-4664950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:54.000Z",
|
||
|
"modified": "2017-01-13T07:09:54.000Z",
|
||
|
"pattern": "[file:name = 'pwdump_Implant.dll' AND file:hashes.SHA256 = 'dfd5768a4825d1c7329c2e262fde27e2b3d9c810653585b058fcf9efa9815964']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d44-585c-42ce-984b-425f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:56.000Z",
|
||
|
"modified": "2017-01-13T07:09:56.000Z",
|
||
|
"pattern": "[file:name = 'pwdump_Lp.dll' AND file:hashes.SHA256 = 'fda57a2ba99bc610d3ff71b2d0ea2829915eabca168df99709a8fdd24288c5e5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d45-fc2c-4518-bd56-42d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:57.000Z",
|
||
|
"modified": "2017-01-13T07:09:57.000Z",
|
||
|
"pattern": "[file:name = 'RunAsChild_Implant.dll' AND file:hashes.SHA256 = '7d51e97251917d5def89d77aa318f82603548afc8bde906efc1b445a47585c7b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d47-cd9c-4ff4-978f-4222950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:09:59.000Z",
|
||
|
"modified": "2017-01-13T07:09:59.000Z",
|
||
|
"pattern": "[file:name = 'RunAsChild_Lp.dll' AND file:hashes.SHA256 = '1097e1d562341858e241f1f67788534c0e340a2dc2e75237d57e3f473e024464']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:09:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d48-83cc-4a3c-8f72-47ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:10:00.000Z",
|
||
|
"modified": "2017-01-13T07:10:00.000Z",
|
||
|
"pattern": "[file:name = 'tdi6.sys' AND file:hashes.SHA256 = '12c082f74c0916a0e926488642236de3a12072a18d29c97bead15bb301f4b3f8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d81-edc8-4075-91cc-493e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:10:57.000Z",
|
||
|
"modified": "2017-01-13T07:10:57.000Z",
|
||
|
"pattern": "[file:name = 'DoubleFeatureDll.dll.unfinalized' AND file:hashes.SHA1 = 'c53e46d77ff1293940344ce10d930355bfea57a1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:10:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d83-9704-478d-b6d2-49ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:10:59.000Z",
|
||
|
"modified": "2017-01-13T07:10:59.000Z",
|
||
|
"pattern": "[file:name = 'DuplicateToken_Implant.dll' AND file:hashes.SHA1 = 'd0741be473aad45e74c92af6cc27920be00eaf1e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:10:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d84-59d8-4390-a260-4c5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:00.000Z",
|
||
|
"modified": "2017-01-13T07:11:00.000Z",
|
||
|
"pattern": "[file:name = 'DuplicateToken_Lp.dll' AND file:hashes.SHA1 = 'a98c5a6fccca1c2e622c426c88cf9983fc4d497b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d86-1c50-45ee-82ef-4726950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:02.000Z",
|
||
|
"modified": "2017-01-13T07:11:02.000Z",
|
||
|
"pattern": "[file:name = 'DXGHLP16.SYS' AND file:hashes.SHA1 = '99244fa9fbab44c896a89e58d64ef57ad3ec8833']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d87-d138-47d6-9191-4eeb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:03.000Z",
|
||
|
"modified": "2017-01-13T07:11:03.000Z",
|
||
|
"pattern": "[file:name = 'EventLogEdit_Implant.dll' AND file:hashes.SHA1 = '2f7e8262aa8cdf4c805895bbf8071540f97c5343']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d89-0ee8-437d-a6db-412f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:05.000Z",
|
||
|
"modified": "2017-01-13T07:11:05.000Z",
|
||
|
"pattern": "[file:name = 'EventLogEdit_Lp.dll' AND file:hashes.SHA1 = '3b2d0abe170efe1d7ec9a6675c731d92968c165e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d8a-1f4c-436d-bff0-4304950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:06.000Z",
|
||
|
"modified": "2017-01-13T07:11:06.000Z",
|
||
|
"pattern": "[file:name = 'GetAdmin_Implant.dll' AND file:hashes.SHA1 = 'd02c6d88db9828b44b0148f96b8407f7b238f844']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d8c-7b78-4eee-bcc1-40f4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:08.000Z",
|
||
|
"modified": "2017-01-13T07:11:08.000Z",
|
||
|
"pattern": "[file:name = 'GetAdmin_Lp.dll' AND file:hashes.SHA1 = 'ce21c2bc0097bb1b6dc128421af5a2b838c11771']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d8d-dcdc-43f1-9401-4ac8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:09.000Z",
|
||
|
"modified": "2017-01-13T07:11:09.000Z",
|
||
|
"pattern": "[file:name = 'kill_Implant9x.dll' AND file:hashes.SHA1 = '2c044ecb4b18f13c2c7ea259bb1942da2347ec02']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d8f-8610-4bef-b58f-4d0a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:11.000Z",
|
||
|
"modified": "2017-01-13T07:11:11.000Z",
|
||
|
"pattern": "[file:name = 'kill_Implant.dll' AND file:hashes.SHA1 = '8180e2945687920e76a691a89ab3aa8cf7b5e379']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d90-1980-4156-a722-47e0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:12.000Z",
|
||
|
"modified": "2017-01-13T07:11:12.000Z",
|
||
|
"pattern": "[file:name = 'LSADUMP_Implant.dll' AND file:hashes.SHA1 = '7d25e03171dd3852d4283ecab7824845fe68c2dc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d92-d29c-4755-901f-4a2b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:14.000Z",
|
||
|
"modified": "2017-01-13T07:11:14.000Z",
|
||
|
"pattern": "[file:name = 'LSADUMP_Lp.dll' AND file:hashes.SHA1 = 'b415a5d0092395a5795e6f86b7dc2568cfac69b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d93-5fbc-4138-90fe-46e5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:15.000Z",
|
||
|
"modified": "2017-01-13T07:11:15.000Z",
|
||
|
"pattern": "[file:name = 'modifyAudit_Implant.dll' AND file:hashes.SHA1 = 'bf535071da4d99d92c62702d99d260961ac675cd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d95-97d8-4eae-91f6-4483950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:17.000Z",
|
||
|
"modified": "2017-01-13T07:11:17.000Z",
|
||
|
"pattern": "[file:name = 'modifyAudit_Lp.dll' AND file:hashes.SHA1 = '58bd1d927094737cbd03b03a5aa9e971fa68a17a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d96-e274-4f35-bc9c-4c84950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:18.000Z",
|
||
|
"modified": "2017-01-13T07:11:18.000Z",
|
||
|
"pattern": "[file:name = 'modifyAuthentication_Implant.dll' AND file:hashes.SHA1 = '91fd653da569240f5affeab496134c497bd16030']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d98-da98-4038-9acd-4e0a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:20.000Z",
|
||
|
"modified": "2017-01-13T07:11:20.000Z",
|
||
|
"pattern": "[file:name = 'modifyAuthentication_Lp.dll' AND file:hashes.SHA1 = 'af93d04155377f06ed5c47959e4c74b68e1f11f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d99-3ab0-4191-b330-40eb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:21.000Z",
|
||
|
"modified": "2017-01-13T07:11:21.000Z",
|
||
|
"pattern": "[file:name = 'ModifyGroup_Implant.dll' AND file:hashes.SHA1 = '698b3db33fac7937803721253a58840a5ec778d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d9a-0ac4-4ae1-991c-4fba950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:22.000Z",
|
||
|
"modified": "2017-01-13T07:11:22.000Z",
|
||
|
"pattern": "[file:name = 'ModifyGroup_Lp.dll' AND file:hashes.SHA1 = '68f0b95c2d5d1d9ea8e14a6659432c8cd38b5534']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d9c-fcb4-4fea-8e16-45d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:24.000Z",
|
||
|
"modified": "2017-01-13T07:11:24.000Z",
|
||
|
"pattern": "[file:name = 'ModifyPrivilege_Implant.dll' AND file:hashes.SHA1 = '4f8e2729aa82454a460405135430a990a798c93b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d9d-6edc-4ff8-859a-4300950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:25.000Z",
|
||
|
"modified": "2017-01-13T07:11:25.000Z",
|
||
|
"pattern": "[file:name = 'ModifyPrivilege_Lp.dll' AND file:hashes.SHA1 = '67a28adba8d6454463d469bc5c1b82a069fd0320']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787d9f-a9fc-4687-b2cd-42da950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:27.000Z",
|
||
|
"modified": "2017-01-13T07:11:27.000Z",
|
||
|
"pattern": "[file:name = 'msgkd.ex_' AND file:hashes.SHA1 = 'd200eeafa2ad7c0674f003d3bdc42b27abfb16e0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da0-6bc0-4bc7-add8-4e4a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:28.000Z",
|
||
|
"modified": "2017-01-13T07:11:28.000Z",
|
||
|
"pattern": "[file:name = 'msgki.ex_' AND file:hashes.SHA1 = 'a489966dddc9941d00c7a6e31675ff9cd67c911d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da1-3bbc-4b34-9632-4cf1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:29.000Z",
|
||
|
"modified": "2017-01-13T07:11:29.000Z",
|
||
|
"pattern": "[file:name = 'msgks.ex_' AND file:hashes.SHA1 = 'f2cdb7878c4b56e7137345b87edf89b142863ecc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da3-9494-4e4a-8284-434c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:31.000Z",
|
||
|
"modified": "2017-01-13T07:11:31.000Z",
|
||
|
"pattern": "[file:name = 'msgku.ex_' AND file:hashes.SHA1 = '76d69713f79b475d58925a74d33ededb56703d0a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da4-fb4c-40aa-94f5-4e0a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:32.000Z",
|
||
|
"modified": "2017-01-13T07:11:32.000Z",
|
||
|
"pattern": "[file:name = 'mssld.dll' AND file:hashes.SHA1 = '3fec5724f67e76d0864d407e9e3687b4ad85f2cd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da6-18b4-4cc3-8e1c-471a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:34.000Z",
|
||
|
"modified": "2017-01-13T07:11:34.000Z",
|
||
|
"pattern": "[file:name = 'msslu.dll' AND file:hashes.SHA1 = 'd7c26a63b4c2d7677c5938c3ddd09249a35da32b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da7-6054-4dcb-88e6-4f06950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:35.000Z",
|
||
|
"modified": "2017-01-13T07:11:35.000Z",
|
||
|
"pattern": "[file:name = 'mstcp32.sys' AND file:hashes.SHA1 = '26e787997a338d8111d96c9a4c103cf8ff0201ce']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787da9-9274-4778-a13c-43d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:37.000Z",
|
||
|
"modified": "2017-01-13T07:11:37.000Z",
|
||
|
"pattern": "[file:name = 'nethide_Implant.dll' AND file:hashes.SHA1 = '805a0e34b76231625cccf9f61f021cf6febbdcc0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787daa-10c0-4316-b25d-4dfb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:38.000Z",
|
||
|
"modified": "2017-01-13T07:11:38.000Z",
|
||
|
"pattern": "[file:name = 'nethide_Lp.dll' AND file:hashes.SHA1 = 'f83c07663f5e72a81a18c0e8da6a265d6d96b050']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dab-50e4-495f-a40d-4d9d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:39.000Z",
|
||
|
"modified": "2017-01-13T07:11:39.000Z",
|
||
|
"pattern": "[file:name = 'ntevt.sys' AND file:hashes.SHA1 = 'ada66fa6f56bbb75f52b704078705d722db2adf7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dad-f98c-4438-8c1c-4ef7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:41.000Z",
|
||
|
"modified": "2017-01-13T07:11:41.000Z",
|
||
|
"pattern": "[file:name = 'ntevtx64.sys' AND file:hashes.SHA1 = 'a86fa83d589dbc730c0a963b6aec9fccb6662d23']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dae-dd7c-411c-8500-4d1b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:42.000Z",
|
||
|
"modified": "2017-01-13T07:11:42.000Z",
|
||
|
"pattern": "[file:name = 'ntfltmgr.sys' AND file:hashes.SHA1 = '21fb290118943b97555f7b90c30603cf8c4f8b41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db0-9084-4d1e-96c9-40b4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:44.000Z",
|
||
|
"modified": "2017-01-13T07:11:44.000Z",
|
||
|
"pattern": "[file:name = 'PassFreely_Implant.dll' AND file:hashes.SHA1 = 'b54b96345fb893dead150ec9bcc408c7d71331b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db1-339c-4457-a3fb-4cbb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:45.000Z",
|
||
|
"modified": "2017-01-13T07:11:45.000Z",
|
||
|
"pattern": "[file:name = 'PassFreely_Lp.dll' AND file:hashes.SHA1 = '4099f10dad59b8fe49e248e90072e26da998085e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db3-2c5c-4b3c-8847-4b9e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:47.000Z",
|
||
|
"modified": "2017-01-13T07:11:47.000Z",
|
||
|
"pattern": "[file:name = 'PC_Legacy_dll' AND file:hashes.SHA1 = '9635dd3a41eb58c30180afb1ec94c72929b0837e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db4-f2a8-4a27-981d-459a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:48.000Z",
|
||
|
"modified": "2017-01-13T07:11:48.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_dll' AND file:hashes.SHA1 = '183285faa67d75b63469cf0082a33196a73799eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db5-4cbc-43ef-9bef-41e7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:49.000Z",
|
||
|
"modified": "2017-01-13T07:11:49.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_dll_x64' AND file:hashes.SHA1 = 'ee1c1b31a2e4098dd49fa6fecd85bb296151f275']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db7-e460-4f38-b687-4caf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:51.000Z",
|
||
|
"modified": "2017-01-13T07:11:51.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_flav_dll' AND file:hashes.SHA1 = '407e5ff021877f4dedf95b51050738f89b448904']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787db9-2834-4016-bbb9-44d6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:53.000Z",
|
||
|
"modified": "2017-01-13T07:11:53.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_flav_dll_x64' AND file:hashes.SHA1 = 'e71591fff218e5f1e32f891983efef31fa1d1f9d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dba-87dc-44a4-8849-40de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:54.000Z",
|
||
|
"modified": "2017-01-13T07:11:54.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_dll' AND file:hashes.SHA1 = '4b2e190b472d110ba1f9d45e76fae2c3a98cc7b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dbc-8228-47cc-b2b7-45dc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:56.000Z",
|
||
|
"modified": "2017-01-13T07:11:56.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_dll_x64' AND file:hashes.SHA1 = 'dbfab7c040fd812bdce7533eb41ef40a0719e940']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dbd-f264-4b27-aecd-4ff2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:57.000Z",
|
||
|
"modified": "2017-01-13T07:11:57.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_flav_dll' AND file:hashes.SHA1 = 'ea7e1ae365f2c4f0430990f1deda230dbdd7f324']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dbf-e858-4031-b347-491a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:11:59.000Z",
|
||
|
"modified": "2017-01-13T07:11:59.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_flav_dll_x64' AND file:hashes.SHA1 = '3160d8781cd22a4eacad42c17777948e5f2b7a40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:11:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc0-fdd8-4b99-8f26-4205950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:00.000Z",
|
||
|
"modified": "2017-01-13T07:12:00.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_dll' AND file:hashes.SHA1 = 'fafdbc45f9d91dbe603755e77652e2f26aa74ddf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc1-78b8-447b-9148-46d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:01.000Z",
|
||
|
"modified": "2017-01-13T07:12:01.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_dll_x64' AND file:hashes.SHA1 = '0a74f4bbefa8784d82bb4d7f70cc762d059ed282']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc3-159c-449d-a8e5-416b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:03.000Z",
|
||
|
"modified": "2017-01-13T07:12:03.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_exe' AND file:hashes.SHA1 = '0b9ba306c6861f990d6219dbd815cc2e25262061']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc4-3e38-4baf-9846-4c15950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:04.000Z",
|
||
|
"modified": "2017-01-13T07:12:04.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_http_flav_dll' AND file:hashes.SHA1 = '7df59549f0b94a4d8fb7079d7f5e792863e72a79']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc6-fbb0-4454-b0f9-49e1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:06.000Z",
|
||
|
"modified": "2017-01-13T07:12:06.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_http_flav_dll_x64' AND file:hashes.SHA1 = 'c11c5c9faac8c04c7f3155799f9d78407a4cf793']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc8-0514-4d3c-ba52-45cc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:08.000Z",
|
||
|
"modified": "2017-01-13T07:12:08.000Z",
|
||
|
"pattern": "[file:name = 'PortMap_Implant.dll' AND file:hashes.SHA1 = 'c739a883197642b32074f03fb4454a99ec8bb31f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dc9-98ac-442f-871a-479a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:09.000Z",
|
||
|
"modified": "2017-01-13T07:12:09.000Z",
|
||
|
"pattern": "[file:name = 'PortMap_Lp.dll' AND file:hashes.SHA1 = 'fae0ba5eb512461b307118a8f63ea4cd626af182']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dcb-00ec-4036-8f66-4d4c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:11.000Z",
|
||
|
"modified": "2017-01-13T07:12:11.000Z",
|
||
|
"pattern": "[file:name = 'ProcessHide_Implant.dll' AND file:hashes.SHA1 = '920439ce68fe1e234ae90165e00e8aa02ab76e06']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dcc-4db0-4dac-a05a-40de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:12.000Z",
|
||
|
"modified": "2017-01-13T07:12:12.000Z",
|
||
|
"pattern": "[file:name = 'ProcessHide_Lp.dll' AND file:hashes.SHA1 = 'f6f31c39bdec2e313c7dd686f31e142b9430643d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dce-0844-402b-9ee5-4015950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:14.000Z",
|
||
|
"modified": "2017-01-13T07:12:14.000Z",
|
||
|
"pattern": "[file:name = 'processinfo_Implant9x.dll' AND file:hashes.SHA1 = 'f98735393d6cf47deed940e7fc4b663523b033ab']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dcf-0600-45c7-9a92-4150950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:15.000Z",
|
||
|
"modified": "2017-01-13T07:12:15.000Z",
|
||
|
"pattern": "[file:name = 'processinfo_Implant.dll' AND file:hashes.SHA1 = '3671a43edecd1c4cd04dc43d3630fe7f64ae7cf5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dd0-9bd8-4778-ba6c-4151950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:16.000Z",
|
||
|
"modified": "2017-01-13T07:12:16.000Z",
|
||
|
"pattern": "[file:name = 'ProcessOptions_Implant.dll' AND file:hashes.SHA1 = 'b0146f5d8e12585220b070dd24f0ece55a8c457f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dd2-7744-4c66-93a0-47dc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:18.000Z",
|
||
|
"modified": "2017-01-13T07:12:18.000Z",
|
||
|
"pattern": "[file:name = 'ProcessOptions_Lp.dll' AND file:hashes.SHA1 = 'a885c20e1e177ce03e9815b5356c8369659648c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dd4-3f48-4b97-8a7b-4ef3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:20.000Z",
|
||
|
"modified": "2017-01-13T07:12:20.000Z",
|
||
|
"pattern": "[file:name = 'pwdump_Implant.dll' AND file:hashes.SHA1 = '8252f8dea7dd7e6d88029f7fd3b7093f43cbd927']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dd5-7ce4-48ac-92e7-41a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:21.000Z",
|
||
|
"modified": "2017-01-13T07:12:21.000Z",
|
||
|
"pattern": "[file:name = 'pwdump_Lp.dll' AND file:hashes.SHA1 = 'e270394943929a932d08fd11b6e372432f8cb84b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dd7-7564-4d05-bb51-447c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:23.000Z",
|
||
|
"modified": "2017-01-13T07:12:23.000Z",
|
||
|
"pattern": "[file:name = 'RunAsChild_Implant.dll' AND file:hashes.SHA1 = 'c71f6d2a0f5380d95c68e6ff72a1c6d2d1133286']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dd8-1e78-4bfe-b976-4d32950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:24.000Z",
|
||
|
"modified": "2017-01-13T07:12:24.000Z",
|
||
|
"pattern": "[file:name = 'RunAsChild_Lp.dll' AND file:hashes.SHA1 = 'fad53d58adcf4194ba71affe8f7588999a4a24af']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787dda-5594-47b3-ba73-41be950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:12:26.000Z",
|
||
|
"modified": "2017-01-13T07:12:26.000Z",
|
||
|
"pattern": "[file:name = 'tdi6.sys' AND file:hashes.SHA1 = '8f9d7787ff05b6b393f8a5484701f78e886dcf53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:12:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e14-ce3c-4fe3-b452-40e7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:24.000Z",
|
||
|
"modified": "2017-01-13T07:13:24.000Z",
|
||
|
"pattern": "[file:name = 'DoubleFeatureDll.dll.unfinalized' AND file:hashes.MD5 = '61110bea272972903985d5d5e452802c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e16-31ac-48cb-a77e-4123950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:26.000Z",
|
||
|
"modified": "2017-01-13T07:13:26.000Z",
|
||
|
"pattern": "[file:name = 'DuplicateToken_Implant.dll' AND file:hashes.MD5 = '997ba8c988340a1c644cf9a5f67e4177']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e17-744c-4eb0-9081-4db6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:27.000Z",
|
||
|
"modified": "2017-01-13T07:13:27.000Z",
|
||
|
"pattern": "[file:name = 'DuplicateToken_Lp.dll' AND file:hashes.MD5 = 'a33f13f57ab2ce36a29796996c5e58e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e19-1d88-4aca-b963-4222950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:29.000Z",
|
||
|
"modified": "2017-01-13T07:13:29.000Z",
|
||
|
"pattern": "[file:name = 'DXGHLP16.SYS' AND file:hashes.MD5 = '4a184a987d297e6b1d578d5c25a4980c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e1a-4b24-4035-a71e-4454950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:30.000Z",
|
||
|
"modified": "2017-01-13T07:13:30.000Z",
|
||
|
"pattern": "[file:name = 'EventLogEdit_Implant.dll' AND file:hashes.MD5 = '425fb612ba62fc1ecad9fb24d10f9bfa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e1c-ba78-4f7b-a93c-41c5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:32.000Z",
|
||
|
"modified": "2017-01-13T07:13:32.000Z",
|
||
|
"pattern": "[file:name = 'EventLogEdit_Lp.dll' AND file:hashes.MD5 = '2b8d4a2f9e28f4fb84cbecdfa7858e43']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e1d-4b38-4df6-ba8f-4a89950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:33.000Z",
|
||
|
"modified": "2017-01-13T07:13:33.000Z",
|
||
|
"pattern": "[file:name = 'GetAdmin_Implant.dll' AND file:hashes.MD5 = 'c11142caa3013f852ccb698cc6008b51']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e1f-c1cc-4463-beff-41aa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:35.000Z",
|
||
|
"modified": "2017-01-13T07:13:35.000Z",
|
||
|
"pattern": "[file:name = 'GetAdmin_Lp.dll' AND file:hashes.MD5 = 'a5d04eada9c99ea2d110ce5d4bfa1d21']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e21-7e14-49b5-8e3e-4f3c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:37.000Z",
|
||
|
"modified": "2017-01-13T07:13:37.000Z",
|
||
|
"pattern": "[file:name = 'kill_Implant9x.dll' AND file:hashes.MD5 = 'b10035b584fd0aa353ff05f3998546f0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e22-5fd4-4ee4-b452-4754950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:38.000Z",
|
||
|
"modified": "2017-01-13T07:13:38.000Z",
|
||
|
"pattern": "[file:name = 'kill_Implant.dll' AND file:hashes.MD5 = 'bdd2b462e050ef2fa7778526ea4a2a58']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e24-61f0-41a8-b063-48f8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:40.000Z",
|
||
|
"modified": "2017-01-13T07:13:40.000Z",
|
||
|
"pattern": "[file:name = 'LSADUMP_Implant.dll' AND file:hashes.MD5 = '199796e3f413074d5fdef7fe8334eccf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e26-fee0-459b-8f5f-41f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:42.000Z",
|
||
|
"modified": "2017-01-13T07:13:42.000Z",
|
||
|
"pattern": "[file:name = 'LSADUMP_Lp.dll' AND file:hashes.MD5 = '530edfca04227e4a0abe2ea6aa0d372a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e27-ea70-425a-9986-49ba950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:43.000Z",
|
||
|
"modified": "2017-01-13T07:13:43.000Z",
|
||
|
"pattern": "[file:name = 'modifyAudit_Implant.dll' AND file:hashes.MD5 = 'cf5b0d82d39669f584258389f4307b82']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e29-f1e0-48c5-9fc8-4ae9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:45.000Z",
|
||
|
"modified": "2017-01-13T07:13:45.000Z",
|
||
|
"pattern": "[file:name = 'modifyAudit_Lp.dll' AND file:hashes.MD5 = 'f9f26a2ee950abc1cd4e768dd03a0671']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e2a-88cc-41c1-ba63-44ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:46.000Z",
|
||
|
"modified": "2017-01-13T07:13:46.000Z",
|
||
|
"pattern": "[file:name = 'modifyAuthentication_Implant.dll' AND file:hashes.MD5 = '8187650eb74ccb3f0fb647335fd54d30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e2c-5838-4aa2-8a81-4ca6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:48.000Z",
|
||
|
"modified": "2017-01-13T07:13:48.000Z",
|
||
|
"pattern": "[file:name = 'modifyAuthentication_Lp.dll' AND file:hashes.MD5 = '09445eebba047f25e36fed573d0db4fc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e2d-5864-4bbe-a21f-4d6a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:49.000Z",
|
||
|
"modified": "2017-01-13T07:13:49.000Z",
|
||
|
"pattern": "[file:name = 'ModifyGroup_Implant.dll' AND file:hashes.MD5 = 'b46df0dbe9774125cdc6f3b2befee900']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e2f-639c-4d80-9088-40f4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:51.000Z",
|
||
|
"modified": "2017-01-13T07:13:51.000Z",
|
||
|
"pattern": "[file:name = 'ModifyGroup_Lp.dll' AND file:hashes.MD5 = 'a1923d73b0488e0ab174bf759580f7ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e30-a9fc-411e-be44-472c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:52.000Z",
|
||
|
"modified": "2017-01-13T07:13:52.000Z",
|
||
|
"pattern": "[file:name = 'ModifyPrivilege_Implant.dll' AND file:hashes.MD5 = 'fbd7816d2e3e36f8976e18dcf0301ce8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e32-ae80-457d-8a93-4bcb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:54.000Z",
|
||
|
"modified": "2017-01-13T07:13:54.000Z",
|
||
|
"pattern": "[file:name = 'ModifyPrivilege_Lp.dll' AND file:hashes.MD5 = '0d5b61f7f515a3b7a9d5566b6f4a7be5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e33-31b0-4a3b-9f4a-4a07950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:55.000Z",
|
||
|
"modified": "2017-01-13T07:13:55.000Z",
|
||
|
"pattern": "[file:name = 'msgkd.ex_' AND file:hashes.MD5 = 'ecb7174bafed0c53cdc1227e301cf003']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e34-976c-480e-b267-4c77950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:56.000Z",
|
||
|
"modified": "2017-01-13T07:13:56.000Z",
|
||
|
"pattern": "[file:name = 'msgki.ex_' AND file:hashes.MD5 = '2f0cd139c60ae484de4b076d34b8b39e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e36-1314-40ea-afe9-4d82950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:58.000Z",
|
||
|
"modified": "2017-01-13T07:13:58.000Z",
|
||
|
"pattern": "[file:name = 'msgks.ex_' AND file:hashes.MD5 = '9dab2f84eb817aab4ccf8c237f88b422']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e37-2250-4556-a1da-4659950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:13:59.000Z",
|
||
|
"modified": "2017-01-13T07:13:59.000Z",
|
||
|
"pattern": "[file:name = 'msgku.ex_' AND file:hashes.MD5 = 'a54f0112500c956c21dc13285f43fc7e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:13:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e39-96cc-4180-a453-461c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:01.000Z",
|
||
|
"modified": "2017-01-13T07:14:01.000Z",
|
||
|
"pattern": "[file:name = 'mssld.dll' AND file:hashes.MD5 = '88c6980345e31fb53df122348985c13d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e3a-07ac-41b4-8dd7-489e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:02.000Z",
|
||
|
"modified": "2017-01-13T07:14:02.000Z",
|
||
|
"pattern": "[file:name = 'msslu.dll' AND file:hashes.MD5 = 'd05a64df9a4aded3c5906764b2f69476']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e3b-4690-4183-9d56-48d7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:03.000Z",
|
||
|
"modified": "2017-01-13T07:14:03.000Z",
|
||
|
"pattern": "[file:name = 'mstcp32.sys' AND file:hashes.MD5 = '74de13b5ea68b3da24addc009f84baee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e3d-35c4-47a5-ba87-469f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:05.000Z",
|
||
|
"modified": "2017-01-13T07:14:05.000Z",
|
||
|
"pattern": "[file:name = 'nethide_Implant.dll' AND file:hashes.MD5 = '1aea840c3ec3ebaeeebd20a6a8d7e03f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e3e-4194-494f-816b-417f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:06.000Z",
|
||
|
"modified": "2017-01-13T07:14:06.000Z",
|
||
|
"pattern": "[file:name = 'nethide_Lp.dll' AND file:hashes.MD5 = 'e8a2645855578188e57fccf74026aa6a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e40-8ddc-4862-a0f3-46d6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:08.000Z",
|
||
|
"modified": "2017-01-13T07:14:08.000Z",
|
||
|
"pattern": "[file:name = 'ntevt.sys' AND file:hashes.MD5 = '48496c7db1c66656e054cccbc01930cc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e41-ab5c-44c9-a0a1-4d6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:09.000Z",
|
||
|
"modified": "2017-01-13T07:14:09.000Z",
|
||
|
"pattern": "[file:name = 'ntevtx64.sys' AND file:hashes.MD5 = 'f9fdc58c2a3ea2c00d0caa3c33d6a575']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e42-9200-494e-a468-41b1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:10.000Z",
|
||
|
"modified": "2017-01-13T07:14:10.000Z",
|
||
|
"pattern": "[file:name = 'ntfltmgr.sys' AND file:hashes.MD5 = '0d81f9972863c6d8c90100a73b0600ab']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e44-f3f4-4d07-9e12-491e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:12.000Z",
|
||
|
"modified": "2017-01-13T07:14:12.000Z",
|
||
|
"pattern": "[file:name = 'PassFreely_Implant.dll' AND file:hashes.MD5 = '13031e736ee4698b8c4813a8f2ae1848']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e45-8f9c-4484-9c0a-493d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:13.000Z",
|
||
|
"modified": "2017-01-13T07:14:13.000Z",
|
||
|
"pattern": "[file:name = 'PassFreely_Lp.dll' AND file:hashes.MD5 = '3a63d2a31f60db565c61ee5307076980']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e47-656c-4ef4-a54f-43b8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:15.000Z",
|
||
|
"modified": "2017-01-13T07:14:15.000Z",
|
||
|
"pattern": "[file:name = 'PC_Legacy_dll' AND file:hashes.MD5 = 'b91c125ee67eccb5843000fd22be0935']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e48-66d4-4a07-89df-4b5a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:16.000Z",
|
||
|
"modified": "2017-01-13T07:14:16.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_dll' AND file:hashes.MD5 = '164f2f1132a8ae98a4ffa070eb2ac8ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e49-a440-455b-994e-4d20950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:17.000Z",
|
||
|
"modified": "2017-01-13T07:14:17.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_dll_x64' AND file:hashes.MD5 = '22e03cff8f2f6bc56e61196fa98b19e1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e4b-0518-45ac-85bf-452c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:19.000Z",
|
||
|
"modified": "2017-01-13T07:14:19.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_flav_dll' AND file:hashes.MD5 = 'd2effa60a83e6fc5533e6ba5a3c306d4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e4c-376c-4e48-a375-4ab5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:20.000Z",
|
||
|
"modified": "2017-01-13T07:14:20.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_flav_dll_x64' AND file:hashes.MD5 = '2ece5c84446a46f80bb7701ae922c8d7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e4e-615c-42b5-a785-4bbf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:22.000Z",
|
||
|
"modified": "2017-01-13T07:14:22.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_dll' AND file:hashes.MD5 = '6f55a9c081989468043c1e9887d45aea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e4f-088c-4aee-a488-4806950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:23.000Z",
|
||
|
"modified": "2017-01-13T07:14:23.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_dll_x64' AND file:hashes.MD5 = '2c6cee802cfe8a7489d4782b123ec7ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e51-1e38-41a1-869a-4815950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:25.000Z",
|
||
|
"modified": "2017-01-13T07:14:25.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_flav_dll' AND file:hashes.MD5 = '42e2e64e897606eb936372a8ee616ab0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e52-8cc4-42ac-a58a-45b3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:26.000Z",
|
||
|
"modified": "2017-01-13T07:14:26.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level3_http_flav_dll_x64' AND file:hashes.MD5 = 'd962749f06e24167c61e67a7c1bc1abd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e54-e130-4a6b-8347-4528950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:28.000Z",
|
||
|
"modified": "2017-01-13T07:14:28.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_dll' AND file:hashes.MD5 = '7a3e60615f2b3283fe95e80719e901a3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e55-d004-4aba-9d07-4680950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:29.000Z",
|
||
|
"modified": "2017-01-13T07:14:29.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_dll_x64' AND file:hashes.MD5 = 'd093db7f175af28d6e7492918d38234f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e57-d830-4585-9242-454d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:31.000Z",
|
||
|
"modified": "2017-01-13T07:14:31.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_flav_exe' AND file:hashes.MD5 = '43406f7487979e55751d9f8a1174b33c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e58-5698-4727-8f2f-4d66950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:32.000Z",
|
||
|
"modified": "2017-01-13T07:14:32.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_http_flav_dll' AND file:hashes.MD5 = '609f9d1b05d217e8b05feab6ebf6fc52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e59-b44c-4838-844e-41f9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:33.000Z",
|
||
|
"modified": "2017-01-13T07:14:33.000Z",
|
||
|
"pattern": "[file:name = 'PC_Level4_http_flav_dll_x64' AND file:hashes.MD5 = 'fb97f8b8535de1e2cb7eac6177226cca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e5b-f9b8-4e1a-be2b-4146950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:35.000Z",
|
||
|
"modified": "2017-01-13T07:14:35.000Z",
|
||
|
"pattern": "[file:name = 'PortMap_Implant.dll' AND file:hashes.MD5 = 'eb6aece07b1a2e2dce95a1faa2657bf2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e5c-edb4-47e0-8cc8-4047950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:36.000Z",
|
||
|
"modified": "2017-01-13T07:14:36.000Z",
|
||
|
"pattern": "[file:name = 'PortMap_Lp.dll' AND file:hashes.MD5 = '4ae51c9701d8a910f37591cb45215ca5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e5e-4b30-4cf6-9171-486c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:38.000Z",
|
||
|
"modified": "2017-01-13T07:14:38.000Z",
|
||
|
"pattern": "[file:name = 'ProcessHide_Implant.dll' AND file:hashes.MD5 = '0be1b2fa181721aff98b0bc05b814734']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e5f-8e7c-44ed-97d5-4f31950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:39.000Z",
|
||
|
"modified": "2017-01-13T07:14:39.000Z",
|
||
|
"pattern": "[file:name = 'ProcessHide_Lp.dll' AND file:hashes.MD5 = 'a7bd6d21e3dded0f6342f170ce9613a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e61-f848-4534-ba39-4a4a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:41.000Z",
|
||
|
"modified": "2017-01-13T07:14:41.000Z",
|
||
|
"pattern": "[file:name = 'processinfo_Implant9x.dll' AND file:hashes.MD5 = '6042ea9707316784fbc77a8b450e0991']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e62-7004-4f53-a896-49f8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:42.000Z",
|
||
|
"modified": "2017-01-13T07:14:42.000Z",
|
||
|
"pattern": "[file:name = 'processinfo_Implant.dll' AND file:hashes.MD5 = '0c93eee98a5a389ca7ac14064a2445b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e64-45e8-4eca-916f-4c23950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:44.000Z",
|
||
|
"modified": "2017-01-13T07:14:44.000Z",
|
||
|
"pattern": "[file:name = 'ProcessOptions_Implant.dll' AND file:hashes.MD5 = 'b3ecaf9399df17a5dcddb45e9556beff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e65-3a94-43a9-a373-490a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:45.000Z",
|
||
|
"modified": "2017-01-13T07:14:45.000Z",
|
||
|
"pattern": "[file:name = 'ProcessOptions_Lp.dll' AND file:hashes.MD5 = 'aea3434d75fb81373ff275006686043c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e67-9a74-4977-b276-488b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:47.000Z",
|
||
|
"modified": "2017-01-13T07:14:47.000Z",
|
||
|
"pattern": "[file:name = 'pwdump_Implant.dll' AND file:hashes.MD5 = 'dec51cf04be82ed22948a3275ef541f9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e68-5158-47ab-8019-4ea2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:48.000Z",
|
||
|
"modified": "2017-01-13T07:14:48.000Z",
|
||
|
"pattern": "[file:name = 'pwdump_Lp.dll' AND file:hashes.MD5 = '6d8454150934d75fd0506f1d5a2d227f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e69-ac70-44f2-b31c-4fb0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:49.000Z",
|
||
|
"modified": "2017-01-13T07:14:49.000Z",
|
||
|
"pattern": "[file:name = 'RunAsChild_Implant.dll' AND file:hashes.MD5 = 'ba1711b9cd87a10f2ad1816fb55c10b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e6b-695c-4dda-822b-4305950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:51.000Z",
|
||
|
"modified": "2017-01-13T07:14:51.000Z",
|
||
|
"pattern": "[file:name = 'RunAsChild_Lp.dll' AND file:hashes.MD5 = '97e3baee87b396716f647fe41d03f218']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58787e6c-73d0-471b-81b8-4bfa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:14:52.000Z",
|
||
|
"modified": "2017-01-13T07:14:52.000Z",
|
||
|
"pattern": "[file:name = 'tdi6.sys' AND file:hashes.MD5 = 'e14ab6e6ae835792979ff50e647b89c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T07:14:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788289-7f48-463e-bc85-401c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:25.000Z",
|
||
|
"modified": "2017-01-13T07:32:25.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:25Z",
|
||
|
"last_observed": "2017-01-13T07:32:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788289-7f48-463e-bc85-401c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788289-7f48-463e-bc85-401c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/12c082f74c0916a0e926488642236de3a12072a18d29c97bead15bb301f4b3f8/analysis/1484237932/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788289-f178-47e4-89b8-420f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:25.000Z",
|
||
|
"modified": "2017-01-13T07:32:25.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:25Z",
|
||
|
"last_observed": "2017-01-13T07:32:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788289-f178-47e4-89b8-420f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788289-f178-47e4-89b8-420f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1097e1d562341858e241f1f67788534c0e340a2dc2e75237d57e3f473e024464/analysis/1484235970/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828a-feb4-467a-a844-4f9c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:26.000Z",
|
||
|
"modified": "2017-01-13T07:32:26.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:26Z",
|
||
|
"last_observed": "2017-01-13T07:32:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828a-feb4-467a-a844-4f9c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828a-feb4-467a-a844-4f9c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7d51e97251917d5def89d77aa318f82603548afc8bde906efc1b445a47585c7b/analysis/1484248912/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828b-39d8-4995-9ede-468f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:27.000Z",
|
||
|
"modified": "2017-01-13T07:32:27.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:27Z",
|
||
|
"last_observed": "2017-01-13T07:32:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828b-39d8-4995-9ede-468f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828b-39d8-4995-9ede-468f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fda57a2ba99bc610d3ff71b2d0ea2829915eabca168df99709a8fdd24288c5e5/analysis/1484236025/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828c-35a4-4a20-84fe-4f2602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:28.000Z",
|
||
|
"modified": "2017-01-13T07:32:28.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:28Z",
|
||
|
"last_observed": "2017-01-13T07:32:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828c-35a4-4a20-84fe-4f2602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828c-35a4-4a20-84fe-4f2602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dfd5768a4825d1c7329c2e262fde27e2b3d9c810653585b058fcf9efa9815964/analysis/1484248910/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828c-e328-49b6-a170-4d4102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:28.000Z",
|
||
|
"modified": "2017-01-13T07:32:28.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:28Z",
|
||
|
"last_observed": "2017-01-13T07:32:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828c-e328-49b6-a170-4d4102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828c-e328-49b6-a170-4d4102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/31d86f77137f0b3697af03dd28d6552258314cecd3c1d9dc18fcf609eb24229a/analysis/1484290313/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828d-00a4-4abf-a756-409102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:29.000Z",
|
||
|
"modified": "2017-01-13T07:32:29.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:29Z",
|
||
|
"last_observed": "2017-01-13T07:32:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828d-00a4-4abf-a756-409102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828d-00a4-4abf-a756-409102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/03f22bf2f33d1032959ca68aad78ccecc201a4e5f07f446f9d1284a60fbe3361/analysis/1484248908/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828e-b350-47e1-be89-441d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:30.000Z",
|
||
|
"modified": "2017-01-13T07:32:30.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:30Z",
|
||
|
"last_observed": "2017-01-13T07:32:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828e-b350-47e1-be89-441d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828e-b350-47e1-be89-441d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/aadfa0b1aec4456b10e4fb82f5cfa918dbf4e87d19a02bcc576ac499dda0fb68/analysis/1484248906/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828f-1f2c-49b2-9d4f-485502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:31.000Z",
|
||
|
"modified": "2017-01-13T07:32:31.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:31Z",
|
||
|
"last_observed": "2017-01-13T07:32:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828f-1f2c-49b2-9d4f-485502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828f-1f2c-49b2-9d4f-485502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/00f782e2d4b901f0d860c3da00e154d5f0ccaf2fe758c61a27b1c0a85a927a34/analysis/1484248907/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878828f-9b18-4683-8008-476e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:31.000Z",
|
||
|
"modified": "2017-01-13T07:32:31.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:31Z",
|
||
|
"last_observed": "2017-01-13T07:32:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878828f-9b18-4683-8008-476e02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878828f-9b18-4683-8008-476e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cdee0daa816f179e74c90c850abd427fbfe0888dcfbc38bf21173f543cdcdc66/analysis/1484248905/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788290-cf10-4b30-bcfe-4f2f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:32.000Z",
|
||
|
"modified": "2017-01-13T07:32:32.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:32Z",
|
||
|
"last_observed": "2017-01-13T07:32:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788290-cf10-4b30-bcfe-4f2f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788290-cf10-4b30-bcfe-4f2f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/28a9a86f0f0a3cc4383c9f6632ee0129309afe4102d0cee1a110702a95dc0022/analysis/1484291076/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788291-2130-4578-b7cd-4ac102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:33.000Z",
|
||
|
"modified": "2017-01-13T07:32:33.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:33Z",
|
||
|
"last_observed": "2017-01-13T07:32:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788291-2130-4578-b7cd-4ac102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788291-2130-4578-b7cd-4ac102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2b27f2faae9de6330f17f60a1d19f9831336f57fdfef06c3b8876498882624a6/analysis/1484256258/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788291-4ce8-422b-a6ae-47ae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:33.000Z",
|
||
|
"modified": "2017-01-13T07:32:33.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:33Z",
|
||
|
"last_observed": "2017-01-13T07:32:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788291-4ce8-422b-a6ae-47ae02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788291-4ce8-422b-a6ae-47ae02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/964762416840738b1235ed4ae479a4b117b8cdcc762a6737e83bc2062c0cf236/analysis/1484239672/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788292-33f0-4130-a0e6-4f5c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:34.000Z",
|
||
|
"modified": "2017-01-13T07:32:34.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:34Z",
|
||
|
"last_observed": "2017-01-13T07:32:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788292-33f0-4130-a0e6-4f5c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788292-33f0-4130-a0e6-4f5c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7a6488dd13936e505ec738dcc84b9fec57a5e46aab8aff59b8cfad8f599ea86a/analysis/1484248901/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788293-1444-4dff-bcaa-455e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:35.000Z",
|
||
|
"modified": "2017-01-13T07:32:35.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:35Z",
|
||
|
"last_observed": "2017-01-13T07:32:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788293-1444-4dff-bcaa-455e02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788293-1444-4dff-bcaa-455e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0df9d223d6bf3e1c4ba8fec7522dceb63902d1f9ddd7c26da1560da54dce2f3b/analysis/1484238342/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788294-491c-49c8-bf08-441902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:36.000Z",
|
||
|
"modified": "2017-01-13T07:32:36.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:36Z",
|
||
|
"last_observed": "2017-01-13T07:32:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788294-491c-49c8-bf08-441902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788294-491c-49c8-bf08-441902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/33ba9f103186b6e52d8d69499512e7fbac9096e7c5278838127488acc3b669a9/analysis/1484238360/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788294-a134-42da-8a3e-4f3a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:36.000Z",
|
||
|
"modified": "2017-01-13T07:32:36.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:36Z",
|
||
|
"last_observed": "2017-01-13T07:32:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788294-a134-42da-8a3e-4f3a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788294-a134-42da-8a3e-4f3a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/25a2549031cb97b8a3b569b1263c903c6c0247f7fff866e7ec63f0add1b4921c/analysis/1484248899/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788295-1bfc-419e-b0d4-4aed02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:37.000Z",
|
||
|
"modified": "2017-01-13T07:32:37.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:37Z",
|
||
|
"last_observed": "2017-01-13T07:32:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788295-1bfc-419e-b0d4-4aed02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788295-1bfc-419e-b0d4-4aed02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/227faeb770ba538fb85692b3dfcd00f76a0a5205d1594bd0969a1e535ee90ee1/analysis/1484248898/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788296-ef38-44c4-baab-4b4c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:38.000Z",
|
||
|
"modified": "2017-01-13T07:32:38.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:38Z",
|
||
|
"last_observed": "2017-01-13T07:32:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788296-ef38-44c4-baab-4b4c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788296-ef38-44c4-baab-4b4c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4e0209b4f5990148f5d6dee47dbc7021bf78a782b85cef4d6c8be22d698b884f/analysis/1484248897/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788297-7790-49c2-8e67-419c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:39.000Z",
|
||
|
"modified": "2017-01-13T07:32:39.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:39Z",
|
||
|
"last_observed": "2017-01-13T07:32:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788297-7790-49c2-8e67-419c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788297-7790-49c2-8e67-419c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/27972d636b05a794d17cb3203d537bcf7c379fafd1802792e7fb8e72f130a0c4/analysis/1484239323/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788297-a9a8-4a84-b1d6-49bc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:39.000Z",
|
||
|
"modified": "2017-01-13T07:32:39.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:39Z",
|
||
|
"last_observed": "2017-01-13T07:32:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788297-a9a8-4a84-b1d6-49bc02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788297-a9a8-4a84-b1d6-49bc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fb693eb9612d5e039a7a0fc5a183d0407cc2bce5617e7e22d2bd56caa5191e5f/analysis/1484248892/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788298-9b7c-4e56-9c50-44c202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:40.000Z",
|
||
|
"modified": "2017-01-13T07:32:40.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:40Z",
|
||
|
"last_observed": "2017-01-13T07:32:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788298-9b7c-4e56-9c50-44c202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788298-9b7c-4e56-9c50-44c202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4ebfc1f6ec6a0e68e47e5b231331470a4483184cf715a578191b91ba7c32094d/analysis/1484248890/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788299-2b04-46bd-a2d7-444302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:41.000Z",
|
||
|
"modified": "2017-01-13T07:32:41.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:41Z",
|
||
|
"last_observed": "2017-01-13T07:32:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788299-2b04-46bd-a2d7-444302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788299-2b04-46bd-a2d7-444302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7352bece317e6e6896d7667faa2b38bb4f1a38112821567136d60369a91bcbef/analysis/1484248888/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58788299-0ee4-474f-9048-4eb802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:41.000Z",
|
||
|
"modified": "2017-01-13T07:32:41.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:41Z",
|
||
|
"last_observed": "2017-01-13T07:32:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58788299-0ee4-474f-9048-4eb802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58788299-0ee4-474f-9048-4eb802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/412efa09d71223208f3d24a661b8539d98aad6b61157707e865e288a96cda806/analysis/1484248888/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829a-1df4-4960-afb2-499e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:42.000Z",
|
||
|
"modified": "2017-01-13T07:32:42.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:42Z",
|
||
|
"last_observed": "2017-01-13T07:32:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829a-1df4-4960-afb2-499e02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829a-1df4-4960-afb2-499e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/339855618fb3ef53987b8c14a61bd4519b2616e766149e0c21cbd7cbe7a632c9/analysis/1484248886/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829b-60d8-45f3-af61-4d2d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:43.000Z",
|
||
|
"modified": "2017-01-13T07:32:43.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:43Z",
|
||
|
"last_observed": "2017-01-13T07:32:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829b-60d8-45f3-af61-4d2d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829b-60d8-45f3-af61-4d2d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e44fe9432c5e11b51660efc37bf9b553260ad4130651a604ad11ca784d7f9238/analysis/1484248885/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829c-8b58-4c24-9907-495202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:44.000Z",
|
||
|
"modified": "2017-01-13T07:32:44.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:44Z",
|
||
|
"last_observed": "2017-01-13T07:32:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829c-8b58-4c24-9907-495202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829c-8b58-4c24-9907-495202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0cbc5cc2e24f25cb645fb57d6088bcfb893f9eb9f27f8851503a1b33378ff22d/analysis/1484248884/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829c-f090-4bfc-99e9-4b2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:44.000Z",
|
||
|
"modified": "2017-01-13T07:32:44.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:44Z",
|
||
|
"last_observed": "2017-01-13T07:32:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829c-f090-4bfc-99e9-4b2c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829c-f090-4bfc-99e9-4b2c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fe42139748c8e9ba27a812466d9395b3a0818b0cd7b41d6769cb7239e57219fb/analysis/1484239433/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829d-9e3c-4247-b728-442002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:45.000Z",
|
||
|
"modified": "2017-01-13T07:32:45.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:45Z",
|
||
|
"last_observed": "2017-01-13T07:32:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829d-9e3c-4247-b728-442002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829d-9e3c-4247-b728-442002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c68f420b5a5e085a508a2529ac001284a255090920a0236df1b5656d010966e8/analysis/1484248882/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829e-a1fc-4ad9-a160-43d402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:46.000Z",
|
||
|
"modified": "2017-01-13T07:32:46.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:46Z",
|
||
|
"last_observed": "2017-01-13T07:32:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829e-a1fc-4ad9-a160-43d402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829e-a1fc-4ad9-a160-43d402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f7a886ee10ee6f9c6be48c20f370514be62a3fd2da828b0dff44ff3d485ff5c5/analysis/1484248880/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829f-aa3c-42ed-9a0e-4a0702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:47.000Z",
|
||
|
"modified": "2017-01-13T07:32:47.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:47Z",
|
||
|
"last_observed": "2017-01-13T07:32:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829f-aa3c-42ed-9a0e-4a0702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829f-aa3c-42ed-9a0e-4a0702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf/analysis/1484248879/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5878829f-7a1c-4f46-ae6d-49da02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:47.000Z",
|
||
|
"modified": "2017-01-13T07:32:47.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:47Z",
|
||
|
"last_observed": "2017-01-13T07:32:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5878829f-7a1c-4f46-ae6d-49da02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5878829f-7a1c-4f46-ae6d-49da02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/45e5e1ea3456d7852f5c610c7f4447776b9f15b56df7e3a53d57996123e0cebf/analysis/1484238600/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a0-1510-434a-9541-427102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:48.000Z",
|
||
|
"modified": "2017-01-13T07:32:48.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:48Z",
|
||
|
"last_observed": "2017-01-13T07:32:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a0-1510-434a-9541-427102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a0-1510-434a-9541-427102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/137749c0fbb8c12d1a650f0bfc73be2739ff084165d02e4cb68c6496d828bf1d/analysis/1484248877/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a1-b54c-45f6-b553-412802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:49.000Z",
|
||
|
"modified": "2017-01-13T07:32:49.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:49Z",
|
||
|
"last_observed": "2017-01-13T07:32:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a1-b54c-45f6-b553-412802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a1-b54c-45f6-b553-412802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b2daf9058fdc5e2affd5a409aebb90343ddde4239331d3de8edabeafdb3a48fa/analysis/1484248876/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a2-c1a8-4b88-9894-4e4e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:50.000Z",
|
||
|
"modified": "2017-01-13T07:32:50.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:50Z",
|
||
|
"last_observed": "2017-01-13T07:32:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a2-c1a8-4b88-9894-4e4e02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a2-c1a8-4b88-9894-4e4e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/26215bc56dc31d2466d72f1f4e1b6388e62606e9949bc41c28968fcb9a9d60a6/analysis/1484232443/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a2-c758-4569-865a-4c2902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:50.000Z",
|
||
|
"modified": "2017-01-13T07:32:50.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:50Z",
|
||
|
"last_observed": "2017-01-13T07:32:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a2-c758-4569-865a-4c2902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a2-c758-4569-865a-4c2902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9022a6ece80e75a58a7e41b44aa27497ea3f8e4713c0af5e0887d60cde1fe3ba/analysis/1484248874/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a3-646c-4d26-ab34-4eeb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:51.000Z",
|
||
|
"modified": "2017-01-13T07:32:51.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:51Z",
|
||
|
"last_observed": "2017-01-13T07:32:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a3-646c-4d26-ab34-4eeb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a3-646c-4d26-ab34-4eeb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/69dcc150468f7707cc8ef618a4cea4643a817171babfba9290395ada9611c63c/analysis/1484248873/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a4-a00c-4be4-8796-4a9702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:52.000Z",
|
||
|
"modified": "2017-01-13T07:32:52.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:52Z",
|
||
|
"last_observed": "2017-01-13T07:32:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a4-a00c-4be4-8796-4a9702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a4-a00c-4be4-8796-4a9702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ef906b8a8ad9dca7407e0a467b32d7f7cf32814210964be2bfb5b0e6d2ca1998/analysis/1484239546/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a5-e214-4a3f-b2d7-426c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:53.000Z",
|
||
|
"modified": "2017-01-13T07:32:53.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:53Z",
|
||
|
"last_observed": "2017-01-13T07:32:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a5-e214-4a3f-b2d7-426c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a5-e214-4a3f-b2d7-426c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7b4986aee8f5c4dca255431902907b36408f528f6c0f7d7fa21f079fa0a42e09/analysis/1484248871/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a5-2c20-4859-856e-4d6002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:53.000Z",
|
||
|
"modified": "2017-01-13T07:32:53.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:53Z",
|
||
|
"last_observed": "2017-01-13T07:32:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a5-2c20-4859-856e-4d6002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a5-2c20-4859-856e-4d6002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9191e9bc8b64af9545b0e6e2ac022ad20b7905a6b327f768d822ff62233f3726/analysis/1484248870/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a6-2dd8-4602-af38-460d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:54.000Z",
|
||
|
"modified": "2017-01-13T07:32:54.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:54Z",
|
||
|
"last_observed": "2017-01-13T07:32:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a6-2dd8-4602-af38-460d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a6-2dd8-4602-af38-460d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/25eec68fc9f0d8d1b5d72c9eae7bee29035918e9dcbeab13e276dec4b2ad2a56/analysis/1484248868/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a7-da70-41b9-89c3-454302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:55.000Z",
|
||
|
"modified": "2017-01-13T07:32:55.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:55Z",
|
||
|
"last_observed": "2017-01-13T07:32:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a7-da70-41b9-89c3-454302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a7-da70-41b9-89c3-454302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d92928a867a685274b0a74ec55c0b83690fca989699310179e184e2787d47f48/analysis/1484238779/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a8-1678-4f4d-a681-416a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:56.000Z",
|
||
|
"modified": "2017-01-13T07:32:56.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:56Z",
|
||
|
"last_observed": "2017-01-13T07:32:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a8-1678-4f4d-a681-416a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a8-1678-4f4d-a681-416a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/104c466732154ec25eb8b81efa88c74cec0a5baeaba76f6fd6eaa30c285c212b/analysis/1484248866/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a8-ba4c-496f-8f64-412602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:56.000Z",
|
||
|
"modified": "2017-01-13T07:32:56.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:56Z",
|
||
|
"last_observed": "2017-01-13T07:32:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a8-ba4c-496f-8f64-412602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a8-ba4c-496f-8f64-412602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dfb38ed2ca3870faf351df1bd447a3dc4470ed568553bf83df07bf07967bf520/analysis/1484248866/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882a9-5834-4f38-9a23-402002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:57.000Z",
|
||
|
"modified": "2017-01-13T07:32:57.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:57Z",
|
||
|
"last_observed": "2017-01-13T07:32:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882a9-5834-4f38-9a23-402002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882a9-5834-4f38-9a23-402002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d382e598544a739dd17b407466a536070203cbe375c56c54792b6d0eded678cd/analysis/1484248864/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882aa-b0cc-45f5-9b81-41aa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:58.000Z",
|
||
|
"modified": "2017-01-13T07:32:58.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:58Z",
|
||
|
"last_observed": "2017-01-13T07:32:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882aa-b0cc-45f5-9b81-41aa02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882aa-b0cc-45f5-9b81-41aa02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8f5b97124de9fce16e2cfecb7dd2e171824c9e07546db7b3bee7c5f2c92ceda9/analysis/1484248863/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882aa-dd68-4b82-82a0-441302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:58.000Z",
|
||
|
"modified": "2017-01-13T07:32:58.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:58Z",
|
||
|
"last_observed": "2017-01-13T07:32:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882aa-dd68-4b82-82a0-441302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882aa-dd68-4b82-82a0-441302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e1dff24af5bfc991dca21b4e3a19ffbc069176d674179eef691afc6b1ac6f805/analysis/1484248859/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882ab-6b84-4d91-8cc2-4e4c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:32:59.000Z",
|
||
|
"modified": "2017-01-13T07:32:59.000Z",
|
||
|
"first_observed": "2017-01-13T07:32:59Z",
|
||
|
"last_observed": "2017-01-13T07:32:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882ab-6b84-4d91-8cc2-4e4c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882ab-6b84-4d91-8cc2-4e4c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2a1f2034e80421359e3bf65cbd12a55a95bd00f2eb86cf2c2d287711ee1d56ad/analysis/1484248858/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882ac-15a8-4135-9c7c-462002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:00.000Z",
|
||
|
"modified": "2017-01-13T07:33:00.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:00Z",
|
||
|
"last_observed": "2017-01-13T07:33:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882ac-15a8-4135-9c7c-462002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882ac-15a8-4135-9c7c-462002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b7902809a15c4c3864a14f009768693c66f9e9234204b873d29a87f4c3009a50/analysis/1484248857/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882ad-4b10-4945-a173-485002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:01.000Z",
|
||
|
"modified": "2017-01-13T07:33:01.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:01Z",
|
||
|
"last_observed": "2017-01-13T07:33:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882ad-4b10-4945-a173-485002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882ad-4b10-4945-a173-485002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c7bf4c012293e7de56d86f4f5b4eeb6c1c5263568cc4d9863a286a86b5daf194/analysis/1484248856/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882ae-0914-4d43-b093-4bf102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:02.000Z",
|
||
|
"modified": "2017-01-13T07:33:02.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:02Z",
|
||
|
"last_observed": "2017-01-13T07:33:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882ae-0914-4d43-b093-4bf102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882ae-0914-4d43-b093-4bf102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5f06ec411f127f23add9f897dc165eaa68cbe8bb99da8f00a4a360f108bb8741/analysis/1484248854/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882ae-a4b8-4a45-be25-4f6802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:02.000Z",
|
||
|
"modified": "2017-01-13T07:33:02.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:02Z",
|
||
|
"last_observed": "2017-01-13T07:33:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882ae-a4b8-4a45-be25-4f6802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882ae-a4b8-4a45-be25-4f6802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c3d8ffbb4ecdf6486da175e5381e855d8224acd339199c1057846bd5b74badac/analysis/1484235110/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882af-f4fc-46c9-9c69-462202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:03.000Z",
|
||
|
"modified": "2017-01-13T07:33:03.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:03Z",
|
||
|
"last_observed": "2017-01-13T07:33:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882af-f4fc-46c9-9c69-462202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882af-f4fc-46c9-9c69-462202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e1c9c9f031d902e69e42f684ae5b35a2513f7d5f8bca83dfbab10e8de6254c78/analysis/1484248853/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b0-cdbc-47d9-bae9-45b002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:04.000Z",
|
||
|
"modified": "2017-01-13T07:33:04.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:04Z",
|
||
|
"last_observed": "2017-01-13T07:33:04Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b0-cdbc-47d9-bae9-45b002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b0-cdbc-47d9-bae9-45b002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c8b354793ad5a16744cf1d4efdc5fe48d5a0cf0657974eb7145e0088fcf609ff/analysis/1484248852/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b1-0fe0-4731-ba6b-49af02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:05.000Z",
|
||
|
"modified": "2017-01-13T07:33:05.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:05Z",
|
||
|
"last_observed": "2017-01-13T07:33:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b1-0fe0-4731-ba6b-49af02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b1-0fe0-4731-ba6b-49af02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/73d1d55493886639c619e9f5e312daab93e4feeb74f24dbe51593842baac8d15/analysis/1484235679/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b1-c034-4d22-b4a5-4c3102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:05.000Z",
|
||
|
"modified": "2017-01-13T07:33:05.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:05Z",
|
||
|
"last_observed": "2017-01-13T07:33:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b1-c034-4d22-b4a5-4c3102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b1-c034-4d22-b4a5-4c3102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0bb750195fbd93d174c2a8e20bcbcae4efefc881f7961fdca8fa6ebd68ac1edf/analysis/1484235541/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b2-3a24-4622-aaad-429d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:06.000Z",
|
||
|
"modified": "2017-01-13T07:33:06.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:06Z",
|
||
|
"last_observed": "2017-01-13T07:33:06Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b2-3a24-4622-aaad-429d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b2-3a24-4622-aaad-429d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fcfb56fa79d2383d34c471ef439314edc2239d632a880aa2de3cea430f6b5665/analysis/1484235929/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b3-44c8-4b93-8e85-406702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:07.000Z",
|
||
|
"modified": "2017-01-13T07:33:07.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:07Z",
|
||
|
"last_observed": "2017-01-13T07:33:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b3-44c8-4b93-8e85-406702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b3-44c8-4b93-8e85-406702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/694be2698bcc5c7a1cce11f8ef65c1c96a883d14b98148c36b32888fb58b6a7e/analysis/1484248848/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b4-e360-4189-8307-49a902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:08.000Z",
|
||
|
"modified": "2017-01-13T07:33:08.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:08Z",
|
||
|
"last_observed": "2017-01-13T07:33:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b4-e360-4189-8307-49a902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b4-e360-4189-8307-49a902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/94c4733eebf19013df3b42d76c11ed5d153a56bdab57e1c748e07cc7da38f3ba/analysis/1484235878/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--587882b5-01a8-4f5a-8106-432002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T07:33:09.000Z",
|
||
|
"modified": "2017-01-13T07:33:09.000Z",
|
||
|
"first_observed": "2017-01-13T07:33:09Z",
|
||
|
"last_observed": "2017-01-13T07:33:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--587882b5-01a8-4f5a-8106-432002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--587882b5-01a8-4f5a-8106-432002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/515374423b8b132258bd91acf6f29168dcc267a3f45ecb9d1fe18ee3a253195b/analysis/1484248847/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5878d523-883c-4ed7-924b-eb83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T13:24:51.000Z",
|
||
|
"modified": "2017-01-13T13:24:51.000Z",
|
||
|
"description": "Sample released by shadow brokers",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABprLUrAHO7F+0ItACBKLQAgABwANjAxNDFkMjdhZDNjYmZiODRiY2ZhZTQwMTQyMWE1NWRVVAkAAyPVeFgj1XhYdXgLAAEEIQAAAAQhAAAArOBaGx6ZpiGUe86GrZih35tQpsZ4BuhqcdGqy8iOwHWMmSiHSW4sHF689ID3fSdiAw10CVFA9Pr/jeUpG4z1rSZ9UAC4dgArPC6vZbP7huefZfUFf18KDZceObm+5RWcrhwQ227RODAEKBfsg+TVqKRM42G0zInX9cbRf5vFlnLZ+RC2kUD+bLvN8ocnVWd+Tf9TOILDnlMkx8s8b8kRMeA9Y/PF3kA3rXLLycBHfy+xG6eoLfgAYDVj0JsN8TRTpxwioyODsvc1SQ22WNg64V57vu+LlCMhfvCYzzX8NoxkIcbQ/yd53ZUdAqMdnVs9dQE/E5ylGHQI17Ik9rviY+rAxvfo5oY1q8iPyJoOeDougvfvrL2R7uaeVln05JQkfxPXbZiOtWkej1TOJbPEyZJ5Bbh59244gz+ZW2ZSQ1n3TcGLK0eUoL+jFQR6DfMKF2vXuTspfLttRM0ERp4fTefmIk0+l3gqzudl7JJ36KfMNmCGdV5p4uAuXiS1CEdqOJXlrJQqtz3mtRTlUn+ievLyKYYN2WzGKtoXO/IsNrZyLipJOwJIbcz28oz1xs14gT5uRKMRkfbU2frGcuhX8zHWNnvn7GqWUWVOH5G5BK2ltBrwQOqdHy4UmLYEolY5rceir09De92FGoKiKsfberjngBbIITjuYclMWwAXW9HDHfxKERi1O6Zui8WA9+dSFbzOKP3UdbbkQk4nI8vmlATIB8y58z4MRvYjPKXXGGapxpa7K/fXEB9MqJB817zXg5jOREwP/Z2J+5OxdSILNl1gAm80DlkqMUpDuubRBkJc9xRSoztfqtttyE/Vt01ilO3RcGXKh11YMYcJ6JRnlggGOwcjAmayP+IeyiG6qLl0RrT6lATWRyxP2QxH0re/1Ikmn8aaz7kyYaLfFz1IDLyjTH0CHWgGq0fg9AHBbzBGI84Yu6RA0hGODnBvpRiyF2RMqukmFNk50zCvxMQZw9YRNdMBE4vUX5UoT/791qrIFFjukzhoAn7+XT1tB4Cp7jlWu3f9fLYVaojp5S+qgFnIxNKTvdG1FyVPEfVb/9hDeQeLrppizliqwNbt54H1R4ifDis8P8UTzpv1xrIDWCmtngWZKLI3mWbG91xqJZG4lSNAcj6ydcYUtnG1tYITMmRSU/ZY0beoJc+06ZT7s0pVhz5JhGpTX3blOMMujks8J1ChWeUIwNBynSH3NNTfYfT/p1nMQngNTJOQ4zVNirA8bUCGEnQlLclAnHGwidSBRBdGYW42I5zERf9nqAG5C4pf9maXV/H0GY71kLB9WbajDlOZTlsgbO2y65g5iYBhhS+1dhUyV1j8uHEjb1JlMUANrashEdOR/5tXHr0Wmu53lCMkEol8ZdGII017DTc+8r8R+59XmDTEaIkxmHQ3c2aYFf4twvS+rzlwqgE0UUzRw7on7We2/w3J9Es1hx7ICn3gcF540o4yu5+bPpa4qH3mcU851wm7hZV3WoDoN2V5fPg5f15WQLyeEBgRfiaaH/kcOlzB+p1G+/KTBfQmuiYixBqYNEZNnw9vUSSZh8ofoodbMM2imNvzxx4+AMfy/GQH1bXgXlXbaPFT8Z84j7kWTe6LSznJCH9HccNCVmhNlufuM0NQdf7CIJB0PoK+0h3nwFK5HlfQVjfbEAoNDhD9Dogc23s2TgxeAMkJmgu6l26N0psYHmtgJjepVgCZiclOfQQhYIb38xGGwfoALAt/kzCod1mm2W1SF2h2n5mcSdSiCc/y1b+fdnFyfiVjSwWlJ5St3TZHyk7quepArIGyWpCBPKKqs/W2WtULZbUnks+RMXBOdpDutVJgCTfPoRbDkkNGu3arqPsva+ttolHXG8/Zmg1WhERjhjUmNJbYhjJ55mvHe+eWQbfzYMGKVsyRa7gYJZXUekwf1VokmsmQguGf+oF3EBB3o++0F/EqwlyX5uoM4eyZQ0o7RFUb4iMwUEMGt19dy8OxnCCvTdV/rRdOIZWqjdP6rwcCpeUvaKTzvvR+Gy7DmZDWoGEWJmKWWhd4ee7gfgNoHBTP1IVs38JmYKP4mouyqe6OC2Xptw262hr47tvLijGEihsKiS1eoBvwcmHdTYPtJcvzM5cHpoCLRBasUVWVXTkl71iADFV2jtMyrJtLDAwa2x4rRgke/8Bln5HcKWZSB69bcNair5RATTYyQrBLhyS0LZl3ScV4zoPS9VkI8WRAx5O4ZflmtOpmEwOC9YwV2Xz5gbDxP2zCa7lX2+093GmYNyKIrGEkfLnT6VFHcKHWPTNqTgIsAbGOMlrWfUafUPCFIT7GNiDK8OXvz42wdTZ/codO1nwrSPKZ1peHMxXR9n3toRtWLVCnC2t55XWthRQU01nA/6oRrqzCn8r7oj9/M8tYsSedCetNm9Wi0WorZj+eXZ1cKlr7hne23nB+shw7yFkg9RlTiSjBTMO/snhcRXnuiQMMBpN51TSelgCrtSoRQGz1Y+PYFLfO9frQPRJpJlTh8LmWsaknwPmENdArsHCPXDUmM09VpWFxz5caUVyT9ofNgisOlW1kCXfyWLU3W9dWOdKgbhqOvmCJ6igHrHpokEZ8Pjvz5BXp8h5GE6f0ftDVwVwIwbdyo8fqAKHuAgSwGqJC65eO5ur/GMqakgDP1msyQlcy7admZLjR+DymS9Tu3R+HVw5HAXnmMy1JTOV0Uy/J2oJI9BsMyI80swm1tTcxTiuYLQ51JKTs2TTSZWcLfXqDFzcdxD8US7QA0fxdnKKO6yth/bZKEZvE9DILkaqKAbJT+/h7G7FeZoFO+ruxNeSiY+cGKsDOo1AFE3SCjmPXcz7Zn3bIW4HalBcYDS98IjyvLWQK5SZb1o/Pb0gUnqgY1eyxUUWTVFZ36JJoujhvH1nMk3P5JUMuGQsXuJIuzUliioEmh1Xvf6cgsbbfpfUe0u0uRv5bP6uVUqtN2IGUK5wKQhogN5KoPnDdvU07NjQmh2a6jAMgTU4CecWjlCvV8ibTMzcX/Nphvl360flGrebEIFCFnzXc2t0E8ZGtnVPYBmBYZhM1F76mLdCWpVc4Ezonf5hsmRPQ0ifaGWtJv5M7/9TheCnIrmqF6AZJOer2fcaNwutJMbnItV6NZfvc14LEUSQaV9Xtjenpk8HMPKoKJD8Kmh7Juq7YybME2kcvQnET0LPkuJnCKO7Lv1Kxyx4kEjI8Q6nWfaUCUci5D6XzqG+RQ1zLE4Fqk9oJwjFTthdMp+Hhk5CzIA3Eb10/ZN1oV2ybsOy4VXLMomkB9MgD1KJQwYS+6Rg8ymfOF59+jaNzMQL/gZny1vbpjVCDZ9yTtsJW4I4Sjo7RlZe7qv+ancAvQ7ognexMBiAD4WDQ2BTljQHrLWXkqrm5qkZ29BOP5NNxHgDfn+Ti8lVOk0ynzmjkux8kDs5Rk07HGh6tjkkQ1cYRKD4LqwLLADCervJIrvcY3QeYGv3XFiafgA/xaZvrA8iGvyGFBlIPsEJHgM7N+OTMshleaCtHdaeJJDzh71KPLp8NGy/mh33ty14rlQlYB2djfVk2KGb4RU9NslhLcy6m82D52vw3gWmo9wG8sCFjaNb9GGr/uS1NTE1Q1gpRT+jZXKzbNPJjvRqmvHNUXLw13lEai87Ym2WgPgh9dW+BIPq/5oZx3/Hsm5Nr6kk9QxRYzh4FKBdAd0x2lC8YidTJ0EyZf9yElKGKlc+04zzzKepqHPTUy9s1HKsTCrMgOHJD9yLNpfBItwjETyIE1Zh7jERWPyVbA1ttVisLTRc8V8nt0Gj5gS9NdTMkclLH/rGuvxhtmdkoRoy2z6AyoYV35oMsvuiL80I6VKaDcUHTpVmjx/FKQFpd6/wdkpwtUZK5eCQ3i6Wi0CI14X15TtfqcsgAPhSFTPdHNB0+WM85Cf14OA9v897fYjXXZT
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T13:24:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5878d525-edf4-4d19-843c-eb83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T13:24:53.000Z",
|
||
|
"modified": "2017-01-13T13:24:53.000Z",
|
||
|
"description": "Sample released by shadow brokers",
|
||
|
"pattern": "[file:name = 'equation_drug.tar.gz' AND file:hashes.SHA1 = 'b3c39554cb909d5280837398c6f2effc65a87518']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T13:24:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5878d526-be98-4ee1-86eb-eb83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-01-13T13:24:54.000Z",
|
||
|
"modified": "2017-01-13T13:24:54.000Z",
|
||
|
"description": "Sample released by shadow brokers",
|
||
|
"pattern": "[file:name = 'equation_drug.tar.gz' AND file:hashes.SHA256 = '3d60ecef6990cddd6114c82bd92a8aa39c7929d9f8b66292e47d51f8aa81c67a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-01-13T13:24:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|