adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/58a60ba3-3418-4578-99b2-75a202de0b81.json

4250 lines
180 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58a60ba3-3418-4578-99b2-75a202de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:40:33.000Z",
"modified": "2017-02-16T20:40:33.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58a60ba3-3418-4578-99b2-75a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:40:33.000Z",
"modified": "2017-02-16T20:40:33.000Z",
"name": "OSINT - menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations",
"published": "2017-02-16T20:40:39Z",
"object_refs": [
"observed-data--58a60bc4-3630-4124-b7e4-066002de0b81",
"url--58a60bc4-3630-4124-b7e4-066002de0b81",
"x-misp-attribute--58a60bd8-fa1c-4087-adc0-431602de0b81",
"indicator--58a60c10-960c-4b66-bcb3-2b8c02de0b81",
"indicator--58a60c11-cea0-4fc5-afd0-2b8c02de0b81",
"indicator--58a60c12-9e60-409a-a1a6-2b8c02de0b81",
"indicator--58a60c13-ce90-4d8d-b22e-2b8c02de0b81",
"indicator--58a60c13-c43c-4017-8c83-2b8c02de0b81",
"indicator--58a60c14-b3a0-4a54-a94c-2b8c02de0b81",
"indicator--58a60c15-9fbc-4086-96c0-2b8c02de0b81",
"indicator--58a60c16-20fc-4d00-8fb9-2b8c02de0b81",
"indicator--58a60c16-76f4-48a7-95e2-2b8c02de0b81",
"indicator--58a60c17-395c-4b5a-84fd-2b8c02de0b81",
"indicator--58a60c18-1030-45bd-bfb7-2b8c02de0b81",
"indicator--58a60c19-0d08-47ea-83f4-2b8c02de0b81",
"indicator--58a60c1a-87b4-4255-b7a9-2b8c02de0b81",
"indicator--58a60c1b-07a0-40cb-abe0-2b8c02de0b81",
"indicator--58a60c1b-904c-4568-a5df-2b8c02de0b81",
"indicator--58a60c1c-e5a4-4656-ae99-2b8c02de0b81",
"indicator--58a60c1d-e2f4-4e99-9b88-2b8c02de0b81",
"indicator--58a60c1e-28a0-4bae-89e9-2b8c02de0b81",
"indicator--58a60c1f-22e4-46b1-aaf6-2b8c02de0b81",
"indicator--58a60c1f-e620-46c8-9344-2b8c02de0b81",
"indicator--58a60c20-16c8-48fa-8795-2b8c02de0b81",
"indicator--58a60c21-3928-45c7-8bb0-2b8c02de0b81",
"indicator--58a60c22-3cd4-4c97-8f10-2b8c02de0b81",
"indicator--58a60c22-46e8-4503-895d-2b8c02de0b81",
"indicator--58a60c23-09d8-4f8e-bc6c-2b8c02de0b81",
"indicator--58a60c24-1da8-464f-8c9e-2b8c02de0b81",
"indicator--58a60c3d-17c8-47cf-8165-75a002de0b81",
"indicator--58a60c3e-ebe8-4a1d-84e0-75a002de0b81",
"indicator--58a60c3e-b7f0-46ed-8446-75a002de0b81",
"indicator--58a60c3f-9ee4-4751-b078-75a002de0b81",
"indicator--58a60c59-14f8-4cb5-9add-066002de0b81",
"indicator--58a60c59-f7d8-48f0-bf67-066002de0b81",
"indicator--58a60c5a-2bac-4f93-ae80-066002de0b81",
"indicator--58a60c5b-7790-415f-8646-066002de0b81",
"indicator--58a60c5b-44a0-47d4-9482-066002de0b81",
"indicator--58a60c5c-9ae8-4760-879f-066002de0b81",
"indicator--58a60c5d-c8ac-4f89-9144-066002de0b81",
"indicator--58a60c5e-a098-47f3-a065-066002de0b81",
"indicator--58a60c5e-6cdc-46e3-af85-066002de0b81",
"indicator--58a60c5f-e4a8-410a-93d0-066002de0b81",
"indicator--58a60c98-a390-45ae-b0fd-453002de0b81",
"indicator--58a60c99-2ba0-4857-a73a-487c02de0b81",
"indicator--58a60c9a-eaf8-455d-9fe6-4e2002de0b81",
"indicator--58a60c9b-e0b0-41d4-83ae-4dbd02de0b81",
"indicator--58a60c9b-d504-48ff-8f7c-440502de0b81",
"indicator--58a60c9c-8ab0-4783-8088-4a8402de0b81",
"indicator--58a60c9d-4bbc-4a06-8ad9-4f0702de0b81",
"indicator--58a60c9e-7308-40e3-81fa-438402de0b81",
"indicator--58a60c9f-dbf0-4a80-8136-452002de0b81",
"indicator--58a60ca0-fdec-429a-93a6-456f02de0b81",
"indicator--58a60ca0-7ea8-4796-961a-467702de0b81",
"indicator--58a60ca1-bec8-4c02-8d9b-42d802de0b81",
"indicator--58a60ca2-8ea0-4853-be88-453e02de0b81",
"indicator--58a60ca3-6a74-4242-ab01-43fe02de0b81",
"indicator--58a60ca3-e640-4e34-8442-4a6902de0b81",
"indicator--58a60ca4-fbd4-4682-aff8-492f02de0b81",
"indicator--58a60ca5-7218-4c56-9028-4a7702de0b81",
"indicator--58a60ca6-bac8-4f40-af6d-44b002de0b81",
"indicator--58a60ca7-5304-4918-9a4b-47f902de0b81",
"indicator--58a60ca7-b9f8-4cf7-9b47-452502de0b81",
"indicator--58a60ca8-cd54-49f1-ac7c-48ff02de0b81",
"indicator--58a60ca9-fec0-4a46-bb47-4b1602de0b81",
"indicator--58a60caa-47c8-4941-a30d-49e402de0b81",
"indicator--58a60caa-bbb4-4d7e-875d-455402de0b81",
"indicator--58a60cab-3274-4eab-a04c-409402de0b81",
"indicator--58a60cac-6718-4e37-ab37-49b902de0b81",
"indicator--58a60d0d-b4b4-4d04-958a-75a002de0b81",
"indicator--58a60d0f-3460-4082-ba59-75a002de0b81",
"observed-data--58a60d10-21e4-4f2d-bc7c-75a002de0b81",
"url--58a60d10-21e4-4f2d-bc7c-75a002de0b81",
"indicator--58a60d12-7168-43f2-b39e-75a002de0b81",
"indicator--58a60d13-725c-4c4b-b944-75a002de0b81",
"observed-data--58a60d14-18fc-4999-8578-75a002de0b81",
"url--58a60d14-18fc-4999-8578-75a002de0b81",
"indicator--58a60d16-7834-453a-a7d1-75a002de0b81",
"indicator--58a60d17-1e30-4a07-9b79-75a002de0b81",
"observed-data--58a60d19-d938-4617-b8c1-75a002de0b81",
"url--58a60d19-d938-4617-b8c1-75a002de0b81",
"indicator--58a60d1a-6e54-4c50-8d60-75a002de0b81",
"indicator--58a60d1c-d0a0-447c-b6a7-75a002de0b81",
"observed-data--58a60d1d-8c64-4223-b948-75a002de0b81",
"url--58a60d1d-8c64-4223-b948-75a002de0b81",
"indicator--58a60d1f-ccb8-4ba2-ba8a-75a002de0b81",
"indicator--58a60d20-5b48-4425-a695-75a002de0b81",
"observed-data--58a60d22-aec4-4e2f-a70e-75a002de0b81",
"url--58a60d22-aec4-4e2f-a70e-75a002de0b81",
"indicator--58a60d23-825c-44ee-9c02-75a002de0b81",
"indicator--58a60d24-5d40-4e6a-a348-75a002de0b81",
"observed-data--58a60d25-0220-42fa-b9cf-75a002de0b81",
"url--58a60d25-0220-42fa-b9cf-75a002de0b81",
"indicator--58a60d26-af04-402f-ab33-75a002de0b81",
"indicator--58a60d27-bcd0-4b12-9565-75a002de0b81",
"observed-data--58a60d28-8d04-434e-81b6-75a002de0b81",
"url--58a60d28-8d04-434e-81b6-75a002de0b81",
"indicator--58a60d29-6948-40eb-a0b3-75a002de0b81",
"indicator--58a60d2a-10fc-45ca-b246-75a002de0b81",
"observed-data--58a60d2b-e538-44d9-9622-75a002de0b81",
"url--58a60d2b-e538-44d9-9622-75a002de0b81",
"indicator--58a60d2d-d024-4f18-a8f8-75a002de0b81",
"indicator--58a60d2e-f6bc-4e31-b921-75a002de0b81",
"observed-data--58a60d2f-1084-4ae4-b98d-75a002de0b81",
"url--58a60d2f-1084-4ae4-b98d-75a002de0b81",
"indicator--58a60d30-eb38-49dc-ae41-75a002de0b81",
"indicator--58a60d31-3ab0-4cd4-b7d4-75a002de0b81",
"observed-data--58a60d33-9618-49a1-86ad-75a002de0b81",
"url--58a60d33-9618-49a1-86ad-75a002de0b81",
"indicator--58a60d35-88e8-4daa-8650-75a002de0b81",
"indicator--58a60d36-58f8-47a1-a800-75a002de0b81",
"observed-data--58a60d38-3304-47da-8361-75a002de0b81",
"url--58a60d38-3304-47da-8361-75a002de0b81",
"indicator--58a60d39-8d4c-4c55-b09b-75a002de0b81",
"indicator--58a60d3a-c24c-40b6-a595-75a002de0b81",
"observed-data--58a60d3c-b360-4f28-9a10-75a002de0b81",
"url--58a60d3c-b360-4f28-9a10-75a002de0b81",
"indicator--58a60d3e-9a60-4364-9d9a-75a002de0b81",
"indicator--58a60d3f-76a0-4e92-910b-75a002de0b81",
"observed-data--58a60d41-3328-4089-aba1-75a002de0b81",
"url--58a60d41-3328-4089-aba1-75a002de0b81",
"indicator--58a60d42-4a84-4383-b87f-75a002de0b81",
"indicator--58a60d44-1c14-4d05-81eb-75a002de0b81",
"observed-data--58a60d46-49f0-4fdb-8003-75a002de0b81",
"url--58a60d46-49f0-4fdb-8003-75a002de0b81",
"indicator--58a60d47-0304-41d1-b510-75a002de0b81",
"indicator--58a60d49-aea8-484b-b84b-75a002de0b81",
"observed-data--58a60d4b-bb24-4769-b725-75a002de0b81",
"url--58a60d4b-bb24-4769-b725-75a002de0b81",
"indicator--58a60d4c-28f4-4433-86b7-75a002de0b81",
"indicator--58a60d4e-c6e4-42eb-bacb-75a002de0b81",
"observed-data--58a60d4f-999c-473a-9278-75a002de0b81",
"url--58a60d4f-999c-473a-9278-75a002de0b81",
"indicator--58a60d51-7670-41e1-b452-75a002de0b81",
"indicator--58a60d52-0204-433c-88ac-75a002de0b81",
"observed-data--58a60d54-6724-4332-956f-75a002de0b81",
"url--58a60d54-6724-4332-956f-75a002de0b81",
"indicator--58a60d55-ab7c-4514-a66d-75a002de0b81",
"indicator--58a60d57-ed48-45a4-919f-75a002de0b81",
"observed-data--58a60d58-48ec-4c3e-a67c-75a002de0b81",
"url--58a60d58-48ec-4c3e-a67c-75a002de0b81",
"indicator--58a60d5a-2a10-4d39-b056-75a002de0b81",
"indicator--58a60d5c-a2a0-4c7d-ba48-75a002de0b81",
"observed-data--58a60d5d-f85c-48a3-98c3-75a002de0b81",
"url--58a60d5d-f85c-48a3-98c3-75a002de0b81",
"indicator--58a60d5f-821c-48a0-9e7b-75a002de0b81",
"indicator--58a60d60-e2e0-4908-b956-75a002de0b81",
"observed-data--58a60d61-a27c-476f-8e91-75a002de0b81",
"url--58a60d61-a27c-476f-8e91-75a002de0b81",
"indicator--58a60d63-6068-4b06-bcf2-75a002de0b81",
"indicator--58a60d65-49a0-499f-a43e-75a002de0b81",
"observed-data--58a60d66-4704-48cc-b694-75a002de0b81",
"url--58a60d66-4704-48cc-b694-75a002de0b81",
"indicator--58a60d68-43fc-40aa-8ae0-75a002de0b81",
"indicator--58a60d69-9614-4545-a2ec-066a02de0b81",
"observed-data--58a60d69-8248-4ab6-8431-75a002de0b81",
"url--58a60d69-8248-4ab6-8431-75a002de0b81",
"indicator--58a60d6a-1264-453d-b5f3-066a02de0b81",
"indicator--58a60d6b-d2b8-4954-8bf2-75a002de0b81",
"observed-data--58a60d6c-9158-47b9-a85d-066a02de0b81",
"url--58a60d6c-9158-47b9-a85d-066a02de0b81",
"indicator--58a60d6d-0598-487f-9bf5-75a002de0b81",
"indicator--58a60d6e-d544-4d29-a266-066a02de0b81",
"observed-data--58a60d6e-ffa8-48c3-9904-75a002de0b81",
"url--58a60d6e-ffa8-48c3-9904-75a002de0b81",
"indicator--58a60d70-0624-4968-aba4-75a002de0b81",
"indicator--58a60d70-7fa4-4958-815e-066a02de0b81",
"observed-data--58a60d70-fb90-47b0-aa39-75a002de0b81",
"url--58a60d70-fb90-47b0-aa39-75a002de0b81",
"indicator--58a60d71-91e0-4cdb-a4ed-066a02de0b81",
"indicator--58a60d72-ef8c-4819-a8b3-75a002de0b81",
"observed-data--58a60d73-67d0-423a-955b-066a02de0b81",
"url--58a60d73-67d0-423a-955b-066a02de0b81",
"indicator--58a60d73-9b54-4ff7-8ce8-75a002de0b81",
"indicator--58a60d74-23b8-46cd-8c62-066a02de0b81",
"observed-data--58a60d75-acec-4b2d-9b66-75a002de0b81",
"url--58a60d75-acec-4b2d-9b66-75a002de0b81",
"indicator--58a60d76-5f10-43a1-b660-066a02de0b81",
"indicator--58a60d76-fc74-4912-8ce8-75a002de0b81",
"observed-data--58a60d77-87f0-492a-8088-75a002de0b81",
"url--58a60d77-87f0-492a-8088-75a002de0b81",
"indicator--58a60d77-a6a0-45b7-b656-066a02de0b81",
"indicator--58a60d78-731c-4476-8f33-75a002de0b81",
"observed-data--58a60d79-a0a8-4b03-b7e0-066a02de0b81",
"url--58a60d79-a0a8-4b03-b7e0-066a02de0b81",
"indicator--58a60d79-ccd0-4449-b4be-75a002de0b81",
"indicator--58a60d7a-91cc-4d95-abae-066a02de0b81",
"observed-data--58a60d7b-28f4-4f38-9b32-75a002de0b81",
"url--58a60d7b-28f4-4f38-9b32-75a002de0b81",
"indicator--58a60d7c-27e4-40cd-8f66-066a02de0b81",
"indicator--58a60d7d-1bb0-44ff-8e1e-066a02de0b81",
"observed-data--58a60d7d-91f4-4147-aba1-75a002de0b81",
"url--58a60d7d-91f4-4147-aba1-75a002de0b81",
"indicator--58a60d7d-4760-482b-9c6f-066a02de0b81",
"indicator--58a60d7e-0458-47f2-8c50-75a002de0b81",
"observed-data--58a60d7f-881c-4f0f-8c0e-066a02de0b81",
"url--58a60d7f-881c-4f0f-8c0e-066a02de0b81",
"indicator--58a60d80-4974-4732-8a24-75a002de0b81",
"indicator--58a60d80-4c9c-4e5b-9617-066a02de0b81",
"observed-data--58a60d81-8ac8-47e4-ae62-75a002de0b81",
"url--58a60d81-8ac8-47e4-ae62-75a002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Stone Panda\"",
"osint:source-type=\"blog-post\"",
"osint:certainty=\"75\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60bc4-3630-4124-b7e4-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:38:40.000Z",
"modified": "2017-02-16T20:38:40.000Z",
"first_observed": "2017-02-16T20:38:40Z",
"last_observed": "2017-02-16T20:38:40Z",
"number_observed": 1,
"object_refs": [
"url--58a60bc4-3630-4124-b7e4-066002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60bc4-3630-4124-b7e4-066002de0b81",
"value": "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58a60bd8-fa1c-4087-adc0-431602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "In 2016, from September through November, an APT campaign known as \u00e2\u20ac\u0153menuPass\u00e2\u20ac\u009d targeted Japanese academics working in several areas of science, along with Japanese pharmaceutical and a US-based subsidiary of a Japanese manufacturing organizations. In addition to using PlugX and Poison Ivy (PIVY), both known to be used the group, they also used a new Trojan called \u00e2\u20ac\u0153ChChes\u00e2\u20ac\u009d by the Japan Computer Emergency Response Team Coordination Center (JPCERT). In contrast to PlugX and PIVY, which are used by multiple campaigns, ChChes appears to be unique to this group. An analysis of the malware family can be found later in this blog.\r\n\r\nInterestingly, the ChChes samples we observed were digitally signed using a certificate originally used by HackingTeam and later part of the data leaked when they were themselves hacked. Wapack labs also observed a similar sample targeting Japan in November. It\u00e2\u20ac\u2122s not clear why the attackers chose to use this certificate, as it was old, had been leaked online, and had already been revoked by the time they used it. Digital certificates are typically used because they afford an air of legitimacy, which this one definitely does not.\r\n\r\nThe attackers spoofed several sender email addresses to send spear phishing emails, most notably public addresses associated with the Sasakawa Peace Foundation and The White House. All the spear phishes were socially engineered with subjects appropriate for the target and the apparent sender. One of the more interesting subject lines was used in the White House attack; \u00e2\u20ac\u0153[UNCLASSIFIED] The impact of Trump\u00e2\u20ac\u2122s victory to Japan,\u00e2\u20ac\u009d sent two days after the election. Most of the attacks against academics involved webmail addresses using names of academics but are not tied to those academics openly online. However, all the spear phish recipients used email addresses tied to them online."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c10-960c-4b66-bcb3-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'dick.ccfchrist.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c11-cea0-4fc5-afd0-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'trout.belowto.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c12-9e60-409a-a1a6-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'sakai.unhamj.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c13-ce90-4d8d-b22e-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'zebra.wthelpdesk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c13-c43c-4017-8c83-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'area.wthelpdesk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c14-b3a0-4a54-a94c-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'kawasaki.cloud-maste.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c15-9fbc-4086-96c0-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'kawasaki.unhamj.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c16-20fc-4d00-8fb9-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'fukuoka.cloud-maste.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c16-76f4-48a7-95e2-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'scorpion.poulsenv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c17-395c-4b5a-84fd-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'lion.wchildress.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c18-1030-45bd-bfb7-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'fbi.sexxxy.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c19-0d08-47ea-83f4-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'cia.toh.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1a-87b4-4255-b7a9-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = '2014.zzux.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1b-07a0-40cb-abe0-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'nttdata.otzo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1b-904c-4568-a5df-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'iphone.vizvaz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1c-e5a4-4656-ae99-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'app.lehigtapp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1d-e2f4-4e99-9b88-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'jimin.jimindaddy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1e-28a0-4bae-89e9-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'jepsen.r3u8.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1f-22e4-46b1-aaf6-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'inspgon.re26.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c1f-e620-46c8-9344-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'nunluck.re26.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c20-16c8-48fa-8795-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'yahoo.incloud-go.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c21-3928-45c7-8bb0-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'msn.incloud-go.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c22-3cd4-4c97-8f10-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'www.mseupdate.ourhobby.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c22-46e8-4503-895d-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'contractus.qpoe.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c23-09d8-4f8e-bc6c-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'apple.cmdnetview.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c24-1da8-464f-8c9e-2b8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'cvnx.zyns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c3d-17c8-47cf-8165-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PIVY",
"pattern": "[file:hashes.SHA256 = 'f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c3e-ebe8-4a1d-84e0-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PIVY",
"pattern": "[file:hashes.SHA256 = '412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c3e-b7f0-46ed-8446-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PIVY",
"pattern": "[file:hashes.SHA256 = '44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c3f-9ee4-4751-b078-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PIVY",
"pattern": "[file:hashes.SHA256 = '9edf191c6ca1e4eddc40c33e2a2edf104ce8dfff37b2a8b57b8224312ff008fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c59-14f8-4cb5-9add-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = 'f1ca9998ca9078c27a6dab286dfe25fcdfb1ad734cc2af390bdcb97da1214563']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c59-f7d8-48f0-bf67-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5a-2bac-4f93-ae80-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5b-7790-415f-8646-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '9f01dd2b19a1032e848619428dd46bfeb6772be2e78b33723d2fa076f1320c57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5b-44a0-47d4-9482-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5c-9ae8-4760-879f-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = 'dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5d-c8ac-4f89-9144-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5e-a098-47f3-a065-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = 'a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5e-6cdc-46e3-af85-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c5f-e4a8-410a-93d0-066002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "PlugX",
"pattern": "[file:hashes.SHA256 = '92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c98-a390-45ae-b0fd-453002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c99-2ba0-4857-a73a-487c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9a-eaf8-455d-9fe6-4e2002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9b-e0b0-41d4-83ae-4dbd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9b-d504-48ff-8f7c-440502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9c-8ab0-4783-8088-4a8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9d-4bbc-4a06-8ad9-4f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9e-7308-40e3-81fa-438402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60c9f-dbf0-4a80-8136-452002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca0-fdec-429a-93a6-456f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca0-7ea8-4796-961a-467702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca1-bec8-4c02-8d9b-42d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'd26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca2-8ea0-4853-be88-453e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca3-6a74-4242-ab01-43fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca3-e640-4e34-8442-4a6902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca4-fbd4-4682-aff8-492f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca5-7218-4c56-9028-4a7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca6-bac8-4f40-af6d-44b002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca7-5304-4918-9a4b-47f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'c6b8ed157eed54958da73716f8db253ba5124a0e4b649f08de060c4aa6531afc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca7-b9f8-4cf7-9b47-452502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca8-cd54-49f1-ac7c-48ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60ca9-fec0-4a46-bb47-4b1602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = 'cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60caa-47c8-4941-a30d-49e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60caa-bbb4-4d7e-875d-455402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60cab-3274-4eab-a04c-409402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60cac-6718-4e37-ab37-49b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:12.000Z",
"modified": "2017-02-16T20:35:12.000Z",
"description": "ChChes",
"pattern": "[file:hashes.SHA256 = '19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d0d-b4b4-4d04-958a-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:25.000Z",
"modified": "2017-02-16T20:35:25.000Z",
"description": "PIVY - Xchecked via VT: f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06",
"pattern": "[file:hashes.SHA1 = '256b8c23e55402cd5a83d19d6bd4c9f41ded187a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d0f-3460-4082-ba59-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:27.000Z",
"modified": "2017-02-16T20:35:27.000Z",
"description": "PIVY - Xchecked via VT: f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06",
"pattern": "[file:hashes.MD5 = 'f6264ad9ce8757e5d40a4050ae1f6f9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d10-21e4-4f2d-bc7c-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:28.000Z",
"modified": "2017-02-16T20:35:28.000Z",
"first_observed": "2017-02-16T20:35:28Z",
"last_observed": "2017-02-16T20:35:28Z",
"number_observed": 1,
"object_refs": [
"url--58a60d10-21e4-4f2d-bc7c-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d10-21e4-4f2d-bc7c-75a002de0b81",
"value": "https://www.virustotal.com/file/f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06/analysis/1425113895/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d12-7168-43f2-b39e-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:30.000Z",
"modified": "2017-02-16T20:35:30.000Z",
"description": "PIVY - Xchecked via VT: 412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356",
"pattern": "[file:hashes.SHA1 = '466bebb26375db4236a2864028414d48cdf01e62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d13-725c-4c4b-b944-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:31.000Z",
"modified": "2017-02-16T20:35:31.000Z",
"description": "PIVY - Xchecked via VT: 412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356",
"pattern": "[file:hashes.MD5 = '83ddbc17900e325f6a0f7ebf375c8c1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d14-18fc-4999-8578-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:32.000Z",
"modified": "2017-02-16T20:35:32.000Z",
"first_observed": "2017-02-16T20:35:32Z",
"last_observed": "2017-02-16T20:35:32Z",
"number_observed": 1,
"object_refs": [
"url--58a60d14-18fc-4999-8578-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d14-18fc-4999-8578-75a002de0b81",
"value": "https://www.virustotal.com/file/412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356/analysis/1432201012/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d16-7834-453a-a7d1-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:34.000Z",
"modified": "2017-02-16T20:35:34.000Z",
"description": "PIVY - Xchecked via VT: 44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce",
"pattern": "[file:hashes.SHA1 = 'b23d698df6594f690f3462e238e1e9f2ec029bbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d17-1e30-4a07-9b79-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:35.000Z",
"modified": "2017-02-16T20:35:35.000Z",
"description": "PIVY - Xchecked via VT: 44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce",
"pattern": "[file:hashes.MD5 = '4f505ca0ea4540e6662def1c1ddadd03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d19-d938-4617-b8c1-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:37.000Z",
"modified": "2017-02-16T20:35:37.000Z",
"first_observed": "2017-02-16T20:35:37Z",
"last_observed": "2017-02-16T20:35:37Z",
"number_observed": 1,
"object_refs": [
"url--58a60d19-d938-4617-b8c1-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d19-d938-4617-b8c1-75a002de0b81",
"value": "https://www.virustotal.com/file/44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce/analysis/1450425230/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d1a-6e54-4c50-8d60-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:38.000Z",
"modified": "2017-02-16T20:35:38.000Z",
"description": "PlugX - Xchecked via VT: 6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3",
"pattern": "[file:hashes.SHA1 = '1f412a62f50ff71f0b2b2f54aaa980962ebfd8a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d1c-d0a0-447c-b6a7-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:40.000Z",
"modified": "2017-02-16T20:35:40.000Z",
"description": "PlugX - Xchecked via VT: 6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3",
"pattern": "[file:hashes.MD5 = '0f6b00b0c5a26a5aa8942ae356329945']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d1d-8c64-4223-b948-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:41.000Z",
"modified": "2017-02-16T20:35:41.000Z",
"first_observed": "2017-02-16T20:35:41Z",
"last_observed": "2017-02-16T20:35:41Z",
"number_observed": 1,
"object_refs": [
"url--58a60d1d-8c64-4223-b948-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d1d-8c64-4223-b948-75a002de0b81",
"value": "https://www.virustotal.com/file/6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3/analysis/1481374586/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d1f-ccb8-4ba2-ba8a-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:43.000Z",
"modified": "2017-02-16T20:35:43.000Z",
"description": "PlugX - Xchecked via VT: 6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586",
"pattern": "[file:hashes.SHA1 = '4132068417bcbffec16ac655a14f29aa74189fcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d20-5b48-4425-a695-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:44.000Z",
"modified": "2017-02-16T20:35:44.000Z",
"description": "PlugX - Xchecked via VT: 6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586",
"pattern": "[file:hashes.MD5 = 'd316848ce47c098ccfe72aa7311aaffa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d22-aec4-4e2f-a70e-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:46.000Z",
"modified": "2017-02-16T20:35:46.000Z",
"first_observed": "2017-02-16T20:35:46Z",
"last_observed": "2017-02-16T20:35:46Z",
"number_observed": 1,
"object_refs": [
"url--58a60d22-aec4-4e2f-a70e-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d22-aec4-4e2f-a70e-75a002de0b81",
"value": "https://www.virustotal.com/file/6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586/analysis/1425539181/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d23-825c-44ee-9c02-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:47.000Z",
"modified": "2017-02-16T20:35:47.000Z",
"description": "PlugX - Xchecked via VT: 76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03",
"pattern": "[file:hashes.SHA1 = '2d5c5e210c7db4ba6012bd761154db0d1f5cd658']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d24-5d40-4e6a-a348-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:48.000Z",
"modified": "2017-02-16T20:35:48.000Z",
"description": "PlugX - Xchecked via VT: 76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03",
"pattern": "[file:hashes.MD5 = '19417f7551bc54db6783823325557773']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d25-0220-42fa-b9cf-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:49.000Z",
"modified": "2017-02-16T20:35:49.000Z",
"first_observed": "2017-02-16T20:35:49Z",
"last_observed": "2017-02-16T20:35:49Z",
"number_observed": 1,
"object_refs": [
"url--58a60d25-0220-42fa-b9cf-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d25-0220-42fa-b9cf-75a002de0b81",
"value": "https://www.virustotal.com/file/76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03/analysis/1460958664/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d26-af04-402f-ab33-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:50.000Z",
"modified": "2017-02-16T20:35:50.000Z",
"description": "PlugX - Xchecked via VT: dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b",
"pattern": "[file:hashes.SHA1 = 'b1043250c499ccf0ad56a688ccce662f42386869']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d27-bcd0-4b12-9565-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:51.000Z",
"modified": "2017-02-16T20:35:51.000Z",
"description": "PlugX - Xchecked via VT: dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b",
"pattern": "[file:hashes.MD5 = 'e975d5b29d988929e5ad3a8fa19083d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d28-8d04-434e-81b6-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:52.000Z",
"modified": "2017-02-16T20:35:52.000Z",
"first_observed": "2017-02-16T20:35:52Z",
"last_observed": "2017-02-16T20:35:52Z",
"number_observed": 1,
"object_refs": [
"url--58a60d28-8d04-434e-81b6-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d28-8d04-434e-81b6-75a002de0b81",
"value": "https://www.virustotal.com/file/dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b/analysis/1465117459/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d29-6948-40eb-a0b3-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:53.000Z",
"modified": "2017-02-16T20:35:53.000Z",
"description": "PlugX - Xchecked via VT: 7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04",
"pattern": "[file:hashes.SHA1 = 'aee17dbab01ed334bb94506fcbc2ed259242159e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d2a-10fc-45ca-b246-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:54.000Z",
"modified": "2017-02-16T20:35:54.000Z",
"description": "PlugX - Xchecked via VT: 7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04",
"pattern": "[file:hashes.MD5 = '667989ffa5e77943f3384e78adf93510']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d2b-e538-44d9-9622-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:55.000Z",
"modified": "2017-02-16T20:35:55.000Z",
"first_observed": "2017-02-16T20:35:55Z",
"last_observed": "2017-02-16T20:35:55Z",
"number_observed": 1,
"object_refs": [
"url--58a60d2b-e538-44d9-9622-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d2b-e538-44d9-9622-75a002de0b81",
"value": "https://www.virustotal.com/file/7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04/analysis/1441633219/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d2d-d024-4f18-a8f8-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:57.000Z",
"modified": "2017-02-16T20:35:57.000Z",
"description": "PlugX - Xchecked via VT: a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24",
"pattern": "[file:hashes.SHA1 = '68e3f80012a78518ddbde055b5e42dd4d82e58e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d2e-f6bc-4e31-b921-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:58.000Z",
"modified": "2017-02-16T20:35:58.000Z",
"description": "PlugX - Xchecked via VT: a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24",
"pattern": "[file:hashes.MD5 = '5a78974df88ab6a67bb72a5c7a437fb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:35:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d2f-1084-4ae4-b98d-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:35:59.000Z",
"modified": "2017-02-16T20:35:59.000Z",
"first_observed": "2017-02-16T20:35:59Z",
"last_observed": "2017-02-16T20:35:59Z",
"number_observed": 1,
"object_refs": [
"url--58a60d2f-1084-4ae4-b98d-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d2f-1084-4ae4-b98d-75a002de0b81",
"value": "https://www.virustotal.com/file/a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24/analysis/1483693020/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d30-eb38-49dc-ae41-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:00.000Z",
"modified": "2017-02-16T20:36:00.000Z",
"description": "PlugX - Xchecked via VT: 5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda",
"pattern": "[file:hashes.SHA1 = '83d419bc812d08c9d09baa49a4313a81eda54702']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d31-3ab0-4cd4-b7d4-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:01.000Z",
"modified": "2017-02-16T20:36:01.000Z",
"description": "PlugX - Xchecked via VT: 5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda",
"pattern": "[file:hashes.MD5 = '8ece7de82e1bdd4659a122c06ea9533e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d33-9618-49a1-86ad-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:03.000Z",
"modified": "2017-02-16T20:36:03.000Z",
"first_observed": "2017-02-16T20:36:03Z",
"last_observed": "2017-02-16T20:36:03Z",
"number_observed": 1,
"object_refs": [
"url--58a60d33-9618-49a1-86ad-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d33-9618-49a1-86ad-75a002de0b81",
"value": "https://www.virustotal.com/file/5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda/analysis/1477722818/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d35-88e8-4daa-8650-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:05.000Z",
"modified": "2017-02-16T20:36:05.000Z",
"description": "PlugX - Xchecked via VT: 92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb",
"pattern": "[file:hashes.SHA1 = 'aaee7385b2c836e9d3e14812807f911c2144a894']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d36-58f8-47a1-a800-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:06.000Z",
"modified": "2017-02-16T20:36:06.000Z",
"description": "PlugX - Xchecked via VT: 92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb",
"pattern": "[file:hashes.MD5 = '850a7e877d8e68188714ff5344f6fc15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d38-3304-47da-8361-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:08.000Z",
"modified": "2017-02-16T20:36:08.000Z",
"first_observed": "2017-02-16T20:36:08Z",
"last_observed": "2017-02-16T20:36:08Z",
"number_observed": 1,
"object_refs": [
"url--58a60d38-3304-47da-8361-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d38-3304-47da-8361-75a002de0b81",
"value": "https://www.virustotal.com/file/92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb/analysis/1451267195/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d39-8d4c-4c55-b09b-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:09.000Z",
"modified": "2017-02-16T20:36:09.000Z",
"description": "ChChes - Xchecked via VT: 5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1",
"pattern": "[file:hashes.SHA1 = 'df8f49a3fdf8a9d550b22d65d21a8006ff593ac4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d3a-c24c-40b6-a595-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:10.000Z",
"modified": "2017-02-16T20:36:10.000Z",
"description": "ChChes - Xchecked via VT: 5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1",
"pattern": "[file:hashes.MD5 = '3afa9243b3aeb534e02426569d85e517']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d3c-b360-4f28-9a10-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:12.000Z",
"modified": "2017-02-16T20:36:12.000Z",
"first_observed": "2017-02-16T20:36:12Z",
"last_observed": "2017-02-16T20:36:12Z",
"number_observed": 1,
"object_refs": [
"url--58a60d3c-b360-4f28-9a10-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d3c-b360-4f28-9a10-75a002de0b81",
"value": "https://www.virustotal.com/file/5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1/analysis/1486114856/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d3e-9a60-4364-9d9a-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:14.000Z",
"modified": "2017-02-16T20:36:14.000Z",
"description": "ChChes - Xchecked via VT: e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b",
"pattern": "[file:hashes.SHA1 = '16a046d2557cc6377d713e21f14f1ebea7128419']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d3f-76a0-4e92-910b-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:15.000Z",
"modified": "2017-02-16T20:36:15.000Z",
"description": "ChChes - Xchecked via VT: e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b",
"pattern": "[file:hashes.MD5 = '37c89f291dbe880b1f3ac036e6b9c558']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d41-3328-4089-aba1-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:17.000Z",
"modified": "2017-02-16T20:36:17.000Z",
"first_observed": "2017-02-16T20:36:17Z",
"last_observed": "2017-02-16T20:36:17Z",
"number_observed": 1,
"object_refs": [
"url--58a60d41-3328-4089-aba1-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d41-3328-4089-aba1-75a002de0b81",
"value": "https://www.virustotal.com/file/e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b/analysis/1487246125/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d42-4a84-4383-b87f-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:18.000Z",
"modified": "2017-02-16T20:36:18.000Z",
"description": "ChChes - Xchecked via VT: ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145",
"pattern": "[file:hashes.SHA1 = '56d6c3ffa4f3d5ae742f937fae85f0995814cf90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d44-1c14-4d05-81eb-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:20.000Z",
"modified": "2017-02-16T20:36:20.000Z",
"description": "ChChes - Xchecked via VT: ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145",
"pattern": "[file:hashes.MD5 = '8a93859e5f7079d6746832a3a22ff65c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d46-49f0-4fdb-8003-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:22.000Z",
"modified": "2017-02-16T20:36:22.000Z",
"first_observed": "2017-02-16T20:36:22Z",
"last_observed": "2017-02-16T20:36:22Z",
"number_observed": 1,
"object_refs": [
"url--58a60d46-49f0-4fdb-8003-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d46-49f0-4fdb-8003-75a002de0b81",
"value": "https://www.virustotal.com/file/ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145/analysis/1485234133/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d47-0304-41d1-b510-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:23.000Z",
"modified": "2017-02-16T20:36:23.000Z",
"description": "ChChes - Xchecked via VT: fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b",
"pattern": "[file:hashes.SHA1 = '56126b1c19c1121c0f5065204ef5cc4633079b98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d49-aea8-484b-b84b-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:25.000Z",
"modified": "2017-02-16T20:36:25.000Z",
"description": "ChChes - Xchecked via VT: fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b",
"pattern": "[file:hashes.MD5 = 'b0649c1f7fb15796805ca983fd8f95a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d4b-bb24-4769-b725-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:27.000Z",
"modified": "2017-02-16T20:36:27.000Z",
"first_observed": "2017-02-16T20:36:27Z",
"last_observed": "2017-02-16T20:36:27Z",
"number_observed": 1,
"object_refs": [
"url--58a60d4b-bb24-4769-b725-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d4b-bb24-4769-b725-75a002de0b81",
"value": "https://www.virustotal.com/file/fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b/analysis/1483755420/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d4c-28f4-4433-86b7-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:28.000Z",
"modified": "2017-02-16T20:36:28.000Z",
"description": "ChChes - Xchecked via VT: 2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910",
"pattern": "[file:hashes.SHA1 = '741e955a9e458a70b5c085b3bfba800fdfb4ccde']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d4e-c6e4-42eb-bacb-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:30.000Z",
"modified": "2017-02-16T20:36:30.000Z",
"description": "ChChes - Xchecked via VT: 2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910",
"pattern": "[file:hashes.MD5 = 'c1cb28327d3364768d1c1e4ce0d9bc07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d4f-999c-473a-9278-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:31.000Z",
"modified": "2017-02-16T20:36:31.000Z",
"first_observed": "2017-02-16T20:36:31Z",
"last_observed": "2017-02-16T20:36:31Z",
"number_observed": 1,
"object_refs": [
"url--58a60d4f-999c-473a-9278-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d4f-999c-473a-9278-75a002de0b81",
"value": "https://www.virustotal.com/file/2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910/analysis/1487151486/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d51-7670-41e1-b452-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:33.000Z",
"modified": "2017-02-16T20:36:33.000Z",
"description": "ChChes - Xchecked via VT: 316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d",
"pattern": "[file:hashes.SHA1 = 'de5af856804974ba3df03928fff03447e8f4c9c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d52-0204-433c-88ac-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:34.000Z",
"modified": "2017-02-16T20:36:34.000Z",
"description": "ChChes - Xchecked via VT: 316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d",
"pattern": "[file:hashes.MD5 = '0c0a39e1cab4fc9896bdf5ef3c96a716']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d54-6724-4332-956f-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:36.000Z",
"modified": "2017-02-16T20:36:36.000Z",
"first_observed": "2017-02-16T20:36:36Z",
"last_observed": "2017-02-16T20:36:36Z",
"number_observed": 1,
"object_refs": [
"url--58a60d54-6724-4332-956f-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d54-6724-4332-956f-75a002de0b81",
"value": "https://www.virustotal.com/file/316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d/analysis/1485412372/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d55-ab7c-4514-a66d-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:37.000Z",
"modified": "2017-02-16T20:36:37.000Z",
"description": "ChChes - Xchecked via VT: efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057",
"pattern": "[file:hashes.SHA1 = '16d0795e4864f67acbb1ae2ce76eb16445dae4b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d57-ed48-45a4-919f-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:39.000Z",
"modified": "2017-02-16T20:36:39.000Z",
"description": "ChChes - Xchecked via VT: efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057",
"pattern": "[file:hashes.MD5 = '07abd6583295061eac2435ae470eff78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d58-48ec-4c3e-a67c-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:40.000Z",
"modified": "2017-02-16T20:36:40.000Z",
"first_observed": "2017-02-16T20:36:40Z",
"last_observed": "2017-02-16T20:36:40Z",
"number_observed": 1,
"object_refs": [
"url--58a60d58-48ec-4c3e-a67c-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d58-48ec-4c3e-a67c-75a002de0b81",
"value": "https://www.virustotal.com/file/efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057/analysis/1485412333/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d5a-2a10-4d39-b056-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:42.000Z",
"modified": "2017-02-16T20:36:42.000Z",
"description": "ChChes - Xchecked via VT: 2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699",
"pattern": "[file:hashes.SHA1 = '2d0ee3b718ec4e391753616853286c22be7bf521']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d5c-a2a0-4c7d-ba48-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:44.000Z",
"modified": "2017-02-16T20:36:44.000Z",
"description": "ChChes - Xchecked via VT: 2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699",
"pattern": "[file:hashes.MD5 = '684888079aaf7ed25e725b55a3695062']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d5d-f85c-48a3-98c3-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:45.000Z",
"modified": "2017-02-16T20:36:45.000Z",
"first_observed": "2017-02-16T20:36:45Z",
"last_observed": "2017-02-16T20:36:45Z",
"number_observed": 1,
"object_refs": [
"url--58a60d5d-f85c-48a3-98c3-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d5d-f85c-48a3-98c3-75a002de0b81",
"value": "https://www.virustotal.com/file/2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699/analysis/1479810190/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d5f-821c-48a0-9e7b-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:47.000Z",
"modified": "2017-02-16T20:36:47.000Z",
"description": "ChChes - Xchecked via VT: e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0",
"pattern": "[file:hashes.SHA1 = '7cace2e51e8ecc5ddb9720a8dc9e1f3596fe343b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d60-e2e0-4908-b956-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:48.000Z",
"modified": "2017-02-16T20:36:48.000Z",
"description": "ChChes - Xchecked via VT: e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0",
"pattern": "[file:hashes.MD5 = '23d03ee4bf57de7087055b230dae7c5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d61-a27c-476f-8e91-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:49.000Z",
"modified": "2017-02-16T20:36:49.000Z",
"first_observed": "2017-02-16T20:36:49Z",
"last_observed": "2017-02-16T20:36:49Z",
"number_observed": 1,
"object_refs": [
"url--58a60d61-a27c-476f-8e91-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d61-a27c-476f-8e91-75a002de0b81",
"value": "https://www.virustotal.com/file/e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0/analysis/1480464808/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d63-6068-4b06-bcf2-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:51.000Z",
"modified": "2017-02-16T20:36:51.000Z",
"description": "ChChes - Xchecked via VT: d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed",
"pattern": "[file:hashes.SHA1 = '69620adf44795ee5293ce301cd3d70045e332bbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d65-49a0-499f-a43e-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:53.000Z",
"modified": "2017-02-16T20:36:53.000Z",
"description": "ChChes - Xchecked via VT: d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed",
"pattern": "[file:hashes.MD5 = '1d0105cf8e076b33ed499f1dfef9a46b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d66-4704-48cc-b694-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:54.000Z",
"modified": "2017-02-16T20:36:54.000Z",
"first_observed": "2017-02-16T20:36:54Z",
"last_observed": "2017-02-16T20:36:54Z",
"number_observed": 1,
"object_refs": [
"url--58a60d66-4704-48cc-b694-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d66-4704-48cc-b694-75a002de0b81",
"value": "https://www.virustotal.com/file/d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed/analysis/1483521651/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d68-43fc-40aa-8ae0-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:56.000Z",
"modified": "2017-02-16T20:36:56.000Z",
"description": "ChChes - Xchecked via VT: e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e",
"pattern": "[file:hashes.SHA1 = '2c1b42e8c8acea5082275b6ea5f5c64ebaf4fa30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d69-9614-4545-a2ec-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:57.000Z",
"modified": "2017-02-16T20:36:57.000Z",
"description": "ChChes - Xchecked via VT: e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e",
"pattern": "[file:hashes.MD5 = '472b1710794d5c420b9d921c484ca9e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d69-8248-4ab6-8431-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:57.000Z",
"modified": "2017-02-16T20:36:57.000Z",
"first_observed": "2017-02-16T20:36:57Z",
"last_observed": "2017-02-16T20:36:57Z",
"number_observed": 1,
"object_refs": [
"url--58a60d69-8248-4ab6-8431-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d69-8248-4ab6-8431-75a002de0b81",
"value": "https://www.virustotal.com/file/e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e/analysis/1479266364/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d6a-1264-453d-b5f3-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:58.000Z",
"modified": "2017-02-16T20:36:58.000Z",
"description": "ChChes - Xchecked via VT: 4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691",
"pattern": "[file:hashes.SHA1 = '42d5c9c4c02e6d5c88ec0acce72327389a92f0d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d6b-d2b8-4954-8bf2-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:36:59.000Z",
"modified": "2017-02-16T20:36:59.000Z",
"description": "ChChes - Xchecked via VT: 4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691",
"pattern": "[file:hashes.MD5 = '19610f0d343657f6842d2045e8818f09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:36:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d6c-9158-47b9-a85d-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:00.000Z",
"modified": "2017-02-16T20:37:00.000Z",
"first_observed": "2017-02-16T20:37:00Z",
"last_observed": "2017-02-16T20:37:00Z",
"number_observed": 1,
"object_refs": [
"url--58a60d6c-9158-47b9-a85d-066a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d6c-9158-47b9-a85d-066a02de0b81",
"value": "https://www.virustotal.com/file/4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691/analysis/1479704197/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d6d-0598-487f-9bf5-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:01.000Z",
"modified": "2017-02-16T20:37:01.000Z",
"description": "ChChes - Xchecked via VT: bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91",
"pattern": "[file:hashes.SHA1 = 'a91669bb4dcb713e997ddf98417730de78cb990a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d6e-d544-4d29-a266-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:02.000Z",
"modified": "2017-02-16T20:37:02.000Z",
"description": "ChChes - Xchecked via VT: bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91",
"pattern": "[file:hashes.MD5 = 'ca9644ef0f7ed355a842f6e2d4511546']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d6e-ffa8-48c3-9904-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:02.000Z",
"modified": "2017-02-16T20:37:02.000Z",
"first_observed": "2017-02-16T20:37:02Z",
"last_observed": "2017-02-16T20:37:02Z",
"number_observed": 1,
"object_refs": [
"url--58a60d6e-ffa8-48c3-9904-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d6e-ffa8-48c3-9904-75a002de0b81",
"value": "https://www.virustotal.com/file/bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91/analysis/1479103984/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d70-0624-4968-aba4-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:04.000Z",
"modified": "2017-02-16T20:37:04.000Z",
"description": "ChChes - Xchecked via VT: c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d",
"pattern": "[file:hashes.SHA1 = 'b966657d35bba9416775d320bb87086001995bbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d70-7fa4-4958-815e-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:04.000Z",
"modified": "2017-02-16T20:37:04.000Z",
"description": "ChChes - Xchecked via VT: c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d",
"pattern": "[file:hashes.MD5 = 'f586edd88023f49bc4f9d84f9fb6bd7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d70-fb90-47b0-aa39-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:04.000Z",
"modified": "2017-02-16T20:37:04.000Z",
"first_observed": "2017-02-16T20:37:04Z",
"last_observed": "2017-02-16T20:37:04Z",
"number_observed": 1,
"object_refs": [
"url--58a60d70-fb90-47b0-aa39-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d70-fb90-47b0-aa39-75a002de0b81",
"value": "https://www.virustotal.com/file/c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d/analysis/1478655952/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d71-91e0-4cdb-a4ed-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:05.000Z",
"modified": "2017-02-16T20:37:05.000Z",
"description": "ChChes - Xchecked via VT: f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773",
"pattern": "[file:hashes.SHA1 = 'a954a3f20ef8065d98d9e3a3c5ae254e27c63bf6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d72-ef8c-4819-a8b3-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:06.000Z",
"modified": "2017-02-16T20:37:06.000Z",
"description": "ChChes - Xchecked via VT: f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773",
"pattern": "[file:hashes.MD5 = 'f5744d72c6919f994ff452b0e758ffee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d73-67d0-423a-955b-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:07.000Z",
"modified": "2017-02-16T20:37:07.000Z",
"first_observed": "2017-02-16T20:37:07Z",
"last_observed": "2017-02-16T20:37:07Z",
"number_observed": 1,
"object_refs": [
"url--58a60d73-67d0-423a-955b-066a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d73-67d0-423a-955b-066a02de0b81",
"value": "https://www.virustotal.com/file/f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773/analysis/1478249897/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d73-9b54-4ff7-8ce8-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:07.000Z",
"modified": "2017-02-16T20:37:07.000Z",
"description": "ChChes - Xchecked via VT: b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df",
"pattern": "[file:hashes.SHA1 = '7cb04a4b86d998604341bc2b610a0a556830993d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d74-23b8-46cd-8c62-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:08.000Z",
"modified": "2017-02-16T20:37:08.000Z",
"description": "ChChes - Xchecked via VT: b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df",
"pattern": "[file:hashes.MD5 = '7891f00dcab0e4a2f928422062e94213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d75-acec-4b2d-9b66-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:09.000Z",
"modified": "2017-02-16T20:37:09.000Z",
"first_observed": "2017-02-16T20:37:09Z",
"last_observed": "2017-02-16T20:37:09Z",
"number_observed": 1,
"object_refs": [
"url--58a60d75-acec-4b2d-9b66-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d75-acec-4b2d-9b66-75a002de0b81",
"value": "https://www.virustotal.com/file/b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df/analysis/1481689655/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d76-5f10-43a1-b660-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:10.000Z",
"modified": "2017-02-16T20:37:10.000Z",
"description": "ChChes - Xchecked via VT: 66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40",
"pattern": "[file:hashes.SHA1 = '2723fa5a414a503262d634fcc781d7d57c6f76ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d76-fc74-4912-8ce8-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:10.000Z",
"modified": "2017-02-16T20:37:10.000Z",
"description": "ChChes - Xchecked via VT: 66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40",
"pattern": "[file:hashes.MD5 = 'e61c043005c16028dd55c04b14041f5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d77-87f0-492a-8088-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:11.000Z",
"modified": "2017-02-16T20:37:11.000Z",
"first_observed": "2017-02-16T20:37:11Z",
"last_observed": "2017-02-16T20:37:11Z",
"number_observed": 1,
"object_refs": [
"url--58a60d77-87f0-492a-8088-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d77-87f0-492a-8088-75a002de0b81",
"value": "https://www.virustotal.com/file/66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40/analysis/1477805655/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d77-a6a0-45b7-b656-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:11.000Z",
"modified": "2017-02-16T20:37:11.000Z",
"description": "ChChes - Xchecked via VT: 9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c",
"pattern": "[file:hashes.SHA1 = '95ab56ab1f0d4f010569ead7915fbc833a36cd73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d78-731c-4476-8f33-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:12.000Z",
"modified": "2017-02-16T20:37:12.000Z",
"description": "ChChes - Xchecked via VT: 9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c",
"pattern": "[file:hashes.MD5 = '1b891bc2e5038615efafabe48920f200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d79-a0a8-4b03-b7e0-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:13.000Z",
"modified": "2017-02-16T20:37:13.000Z",
"first_observed": "2017-02-16T20:37:13Z",
"last_observed": "2017-02-16T20:37:13Z",
"number_observed": 1,
"object_refs": [
"url--58a60d79-a0a8-4b03-b7e0-066a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d79-a0a8-4b03-b7e0-066a02de0b81",
"value": "https://www.virustotal.com/file/9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c/analysis/1487156229/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d79-ccd0-4449-b4be-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:13.000Z",
"modified": "2017-02-16T20:37:13.000Z",
"description": "ChChes - Xchecked via VT: cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628",
"pattern": "[file:hashes.SHA1 = '1df29c63c917b089fe0fc099e2783c0c679892e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d7a-91cc-4d95-abae-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:14.000Z",
"modified": "2017-02-16T20:37:14.000Z",
"description": "ChChes - Xchecked via VT: cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628",
"pattern": "[file:hashes.MD5 = 'dbb867c2250b5be4e67d1977fcf721fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d7b-28f4-4f38-9b32-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:15.000Z",
"modified": "2017-02-16T20:37:15.000Z",
"first_observed": "2017-02-16T20:37:15Z",
"last_observed": "2017-02-16T20:37:15Z",
"number_observed": 1,
"object_refs": [
"url--58a60d7b-28f4-4f38-9b32-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d7b-28f4-4f38-9b32-75a002de0b81",
"value": "https://www.virustotal.com/file/cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628/analysis/1477642866/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d7c-27e4-40cd-8f66-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:16.000Z",
"modified": "2017-02-16T20:37:16.000Z",
"description": "ChChes - Xchecked via VT: 312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3",
"pattern": "[file:hashes.SHA1 = '5b045d98606f000a236b1bd4ac4c9e482b3f5475']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d7d-1bb0-44ff-8e1e-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:17.000Z",
"modified": "2017-02-16T20:37:17.000Z",
"description": "ChChes - Xchecked via VT: 312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3",
"pattern": "[file:hashes.MD5 = 'd1bab4a30f2889ad392d17573302f097']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d7d-91f4-4147-aba1-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:17.000Z",
"modified": "2017-02-16T20:37:17.000Z",
"first_observed": "2017-02-16T20:37:17Z",
"last_observed": "2017-02-16T20:37:17Z",
"number_observed": 1,
"object_refs": [
"url--58a60d7d-91f4-4147-aba1-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d7d-91f4-4147-aba1-75a002de0b81",
"value": "https://www.virustotal.com/file/312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3/analysis/1481621204/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d7d-4760-482b-9c6f-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:17.000Z",
"modified": "2017-02-16T20:37:17.000Z",
"description": "ChChes - Xchecked via VT: 45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2",
"pattern": "[file:hashes.SHA1 = '01edb82de7b9666eaa5d2791a14092f2e73d2795']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d7e-0458-47f2-8c50-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:18.000Z",
"modified": "2017-02-16T20:37:18.000Z",
"description": "ChChes - Xchecked via VT: 45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2",
"pattern": "[file:hashes.MD5 = 'f03f70d331c6564aec8931f481949188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d7f-881c-4f0f-8c0e-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:19.000Z",
"modified": "2017-02-16T20:37:19.000Z",
"first_observed": "2017-02-16T20:37:19Z",
"last_observed": "2017-02-16T20:37:19Z",
"number_observed": 1,
"object_refs": [
"url--58a60d7f-881c-4f0f-8c0e-066a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d7f-881c-4f0f-8c0e-066a02de0b81",
"value": "https://www.virustotal.com/file/45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2/analysis/1486606258/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d80-4974-4732-8a24-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:20.000Z",
"modified": "2017-02-16T20:37:20.000Z",
"description": "ChChes - Xchecked via VT: 19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b",
"pattern": "[file:hashes.SHA1 = 'a7d0b38bda630c927820380d311ddc70a9606407']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58a60d80-4c9c-4e5b-9617-066a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:20.000Z",
"modified": "2017-02-16T20:37:20.000Z",
"description": "ChChes - Xchecked via VT: 19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b",
"pattern": "[file:hashes.MD5 = '75500bb4143a052795ec7d2e61ac3261']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-16T20:37:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58a60d81-8ac8-47e4-ae62-75a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-16T20:37:21.000Z",
"modified": "2017-02-16T20:37:21.000Z",
"first_observed": "2017-02-16T20:37:21Z",
"last_observed": "2017-02-16T20:37:21Z",
"number_observed": 1,
"object_refs": [
"url--58a60d81-8ac8-47e4-ae62-75a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58a60d81-8ac8-47e4-ae62-75a002de0b81",
"value": "https://www.virustotal.com/file/19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b/analysis/1485403040/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink