6171 lines
266 KiB
JSON
6171 lines
266 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5914d3ff-4afc-46e0-88cf-bd5202de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5914d3ff-4afc-46e0-88cf-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"name": "OSINT - Practice Makes Perfect: Nemucod Evolves Delivery and Obfuscation Techniques to Harvest Credentials",
|
||
|
"published": "2017-05-11T21:28:30Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5914d415-329c-4958-9962-4dc802de0b81",
|
||
|
"url--5914d415-329c-4958-9962-4dc802de0b81",
|
||
|
"x-misp-attribute--5914d424-5778-49b4-9330-bd4b02de0b81",
|
||
|
"indicator--5914d455-8f08-4b21-b4e9-4dc802de0b81",
|
||
|
"indicator--5914d4a9-bbd4-4517-8e68-72d202de0b81",
|
||
|
"indicator--5914d4aa-dbfc-40cc-ac99-72d202de0b81",
|
||
|
"indicator--5914d4aa-efec-40f0-b40a-72d202de0b81",
|
||
|
"indicator--5914d526-864c-4513-99fd-bd5202de0b81",
|
||
|
"indicator--5914d526-1994-452e-b427-bd5202de0b81",
|
||
|
"indicator--5914d526-f61c-4243-8ce4-bd5202de0b81",
|
||
|
"indicator--5914d527-7e6c-4f06-ab37-bd5202de0b81",
|
||
|
"indicator--5914d527-a68c-4d95-9412-bd5202de0b81",
|
||
|
"indicator--5914d57d-2774-4bbf-9a9f-42db02de0b81",
|
||
|
"indicator--5914d57e-3c5c-4788-93fc-426102de0b81",
|
||
|
"indicator--5914d57e-3b7c-40db-a0b0-4fd202de0b81",
|
||
|
"indicator--5914d57e-6480-4725-86fc-499a02de0b81",
|
||
|
"indicator--5914d57f-d788-4a76-b8e6-456e02de0b81",
|
||
|
"indicator--5914d57f-c238-4d14-8d6a-42b802de0b81",
|
||
|
"indicator--5914d580-c40c-4d8e-9760-40ad02de0b81",
|
||
|
"indicator--5914d580-8204-4faf-ba34-4f1602de0b81",
|
||
|
"indicator--5914d581-9200-432b-a820-4ce502de0b81",
|
||
|
"indicator--5914d581-a2a0-4f54-8392-41ce02de0b81",
|
||
|
"indicator--5914d581-4820-4169-a8f4-437b02de0b81",
|
||
|
"indicator--5914d582-2594-4238-8bdb-448902de0b81",
|
||
|
"indicator--5914d582-bfa0-4849-8bf7-497c02de0b81",
|
||
|
"indicator--5914d583-d0b4-4626-9e72-414702de0b81",
|
||
|
"indicator--5914d583-3254-4d2b-bf0e-4b9d02de0b81",
|
||
|
"indicator--5914d584-11d4-40c1-aad9-406a02de0b81",
|
||
|
"indicator--5914d584-c42c-47dd-8c95-4f3f02de0b81",
|
||
|
"indicator--5914d584-261c-43dd-9abe-48c402de0b81",
|
||
|
"indicator--5914d585-8390-4ca3-8191-41bd02de0b81",
|
||
|
"indicator--5914d585-80b0-40ea-b72e-4de202de0b81",
|
||
|
"indicator--5914d586-9c6c-404b-afe0-483102de0b81",
|
||
|
"indicator--5914d586-a3f4-4928-9038-4f8702de0b81",
|
||
|
"indicator--5914d587-1464-4c29-b93a-4e6602de0b81",
|
||
|
"indicator--5914d587-f118-4be8-99cb-494102de0b81",
|
||
|
"indicator--5914d587-9014-413b-931a-487702de0b81",
|
||
|
"indicator--5914d588-89b0-4928-a78a-427c02de0b81",
|
||
|
"indicator--5914d588-3b68-4a26-ae07-4ff502de0b81",
|
||
|
"indicator--5914d589-60bc-41e5-af33-4fab02de0b81",
|
||
|
"indicator--5914d589-0400-40c5-92d1-4f7f02de0b81",
|
||
|
"indicator--5914d589-8384-45d7-a9eb-410202de0b81",
|
||
|
"indicator--5914d58a-d060-434d-a301-4f8102de0b81",
|
||
|
"indicator--5914d58a-b490-4cf6-8df6-4dff02de0b81",
|
||
|
"indicator--5914d58b-dc10-45db-976b-407802de0b81",
|
||
|
"indicator--5914d58b-574c-437b-8344-4cd502de0b81",
|
||
|
"indicator--5914d58c-f090-4ecd-8593-4b1902de0b81",
|
||
|
"indicator--5914d58c-fdf0-4381-b0b7-4eb302de0b81",
|
||
|
"indicator--5914d58c-fd6c-4391-8552-419d02de0b81",
|
||
|
"indicator--5914d58d-adec-4f78-82c7-479702de0b81",
|
||
|
"indicator--5914d58d-4d08-4b71-b2bc-4d5c02de0b81",
|
||
|
"indicator--5914d58e-db80-4f91-aeab-4b0602de0b81",
|
||
|
"indicator--5914d58e-4210-4202-93fb-45fb02de0b81",
|
||
|
"indicator--5914d58e-b32c-468a-99f4-410702de0b81",
|
||
|
"indicator--5914d58f-779c-4344-ad97-418902de0b81",
|
||
|
"indicator--5914d58f-6318-4747-a418-427e02de0b81",
|
||
|
"indicator--5914d590-104c-4ab4-8da7-427302de0b81",
|
||
|
"indicator--5914d590-de60-4d48-b3fd-445d02de0b81",
|
||
|
"indicator--5914d591-8b94-4357-83ab-485e02de0b81",
|
||
|
"indicator--5914d591-9058-4a45-93f7-46d502de0b81",
|
||
|
"indicator--5914d591-c330-45b1-93a6-46d002de0b81",
|
||
|
"indicator--5914d592-e8c8-4690-9d30-45d602de0b81",
|
||
|
"indicator--5914d592-2230-4218-aa79-490202de0b81",
|
||
|
"indicator--5914d593-686c-4c4a-92b9-4cc102de0b81",
|
||
|
"indicator--5914d593-9c64-4909-a1d3-4ada02de0b81",
|
||
|
"indicator--5914d593-4c1c-4454-839c-4ff902de0b81",
|
||
|
"indicator--5914d594-52a8-46af-81b9-4d1c02de0b81",
|
||
|
"indicator--5914d594-73d0-48a4-8f50-456d02de0b81",
|
||
|
"indicator--5914d595-9984-4a66-b30e-4fe302de0b81",
|
||
|
"indicator--5914d621-1370-41f7-967f-72cf02de0b81",
|
||
|
"indicator--5914d63d-1eec-4494-9417-4dcd02de0b81",
|
||
|
"indicator--5914d66b-ae6c-4a6f-9eca-bd4d02de0b81",
|
||
|
"indicator--5914d67d-df8c-45d9-a5c0-036002de0b81",
|
||
|
"indicator--5914d6f4-8b50-415c-b27f-bd5202de0b81",
|
||
|
"indicator--5914d6f4-8920-47ad-bf86-bd5202de0b81",
|
||
|
"observed-data--5914d6f5-a588-4e95-8b90-bd5202de0b81",
|
||
|
"url--5914d6f5-a588-4e95-8b90-bd5202de0b81",
|
||
|
"indicator--5914d6f5-d7d4-49b6-b8a9-bd5202de0b81",
|
||
|
"indicator--5914d6f6-2a24-45f2-894d-bd5202de0b81",
|
||
|
"observed-data--5914d6f6-c878-40f5-a8c3-bd5202de0b81",
|
||
|
"url--5914d6f6-c878-40f5-a8c3-bd5202de0b81",
|
||
|
"indicator--5914d6f7-7f44-4ed8-bff5-bd5202de0b81",
|
||
|
"indicator--5914d6f7-b808-4379-b681-bd5202de0b81",
|
||
|
"observed-data--5914d6f7-0e70-4c6d-98b7-bd5202de0b81",
|
||
|
"url--5914d6f7-0e70-4c6d-98b7-bd5202de0b81",
|
||
|
"indicator--5914d6f8-671c-4448-9d4a-bd5202de0b81",
|
||
|
"indicator--5914d6f8-1608-45da-8ca6-bd5202de0b81",
|
||
|
"observed-data--5914d6f9-eeb8-409d-8da3-bd5202de0b81",
|
||
|
"url--5914d6f9-eeb8-409d-8da3-bd5202de0b81",
|
||
|
"indicator--5914d6f9-e478-450e-a89d-bd5202de0b81",
|
||
|
"indicator--5914d6fa-6ae0-4c82-be1d-bd5202de0b81",
|
||
|
"observed-data--5914d6fa-7a2c-4dfd-bfdd-bd5202de0b81",
|
||
|
"url--5914d6fa-7a2c-4dfd-bfdd-bd5202de0b81",
|
||
|
"indicator--5914d6fa-9f80-485b-892a-bd5202de0b81",
|
||
|
"indicator--5914d6fb-c920-44b7-ab23-bd5202de0b81",
|
||
|
"observed-data--5914d6fb-cf74-4308-92ac-bd5202de0b81",
|
||
|
"url--5914d6fb-cf74-4308-92ac-bd5202de0b81",
|
||
|
"indicator--5914d6fc-3470-4ec7-abd1-bd5202de0b81",
|
||
|
"indicator--5914d6fc-06d0-4eec-b1e4-bd5202de0b81",
|
||
|
"observed-data--5914d6fd-55e0-44a0-a353-bd5202de0b81",
|
||
|
"url--5914d6fd-55e0-44a0-a353-bd5202de0b81",
|
||
|
"indicator--5914d6fd-6060-470a-970a-bd5202de0b81",
|
||
|
"indicator--5914d6fd-c358-492e-92b5-bd5202de0b81",
|
||
|
"observed-data--5914d6fe-c7c4-4a8a-8822-bd5202de0b81",
|
||
|
"url--5914d6fe-c7c4-4a8a-8822-bd5202de0b81",
|
||
|
"indicator--5914d6fe-50d4-409c-9869-bd5202de0b81",
|
||
|
"indicator--5914d6ff-1d0c-4d6c-8c49-bd5202de0b81",
|
||
|
"observed-data--5914d6ff-6624-488e-a754-bd5202de0b81",
|
||
|
"url--5914d6ff-6624-488e-a754-bd5202de0b81",
|
||
|
"indicator--5914d6ff-775c-459c-bd07-bd5202de0b81",
|
||
|
"indicator--5914d700-39a0-488e-aac5-bd5202de0b81",
|
||
|
"observed-data--5914d700-1bac-431e-8e13-bd5202de0b81",
|
||
|
"url--5914d700-1bac-431e-8e13-bd5202de0b81",
|
||
|
"indicator--5914d701-394c-43c1-bbdf-bd5202de0b81",
|
||
|
"indicator--5914d701-17ec-43a8-879d-bd5202de0b81",
|
||
|
"observed-data--5914d702-27c4-4197-8c8d-bd5202de0b81",
|
||
|
"url--5914d702-27c4-4197-8c8d-bd5202de0b81",
|
||
|
"indicator--5914d702-bde4-4e65-9530-bd5202de0b81",
|
||
|
"indicator--5914d702-7694-4eeb-bea3-bd5202de0b81",
|
||
|
"observed-data--5914d703-a440-4c80-b0bd-bd5202de0b81",
|
||
|
"url--5914d703-a440-4c80-b0bd-bd5202de0b81",
|
||
|
"indicator--5914d703-ea54-486e-a310-bd5202de0b81",
|
||
|
"indicator--5914d704-0428-49b9-b1fa-bd5202de0b81",
|
||
|
"observed-data--5914d704-e410-4a5f-9948-bd5202de0b81",
|
||
|
"url--5914d704-e410-4a5f-9948-bd5202de0b81",
|
||
|
"indicator--5914d705-6390-44c8-87d4-bd5202de0b81",
|
||
|
"indicator--5914d705-2c98-47bd-825d-bd5202de0b81",
|
||
|
"observed-data--5914d705-ee9c-4f5b-bb47-bd5202de0b81",
|
||
|
"url--5914d705-ee9c-4f5b-bb47-bd5202de0b81",
|
||
|
"indicator--5914d706-2288-4dcf-875c-bd5202de0b81",
|
||
|
"indicator--5914d706-e360-43eb-bf77-bd5202de0b81",
|
||
|
"observed-data--5914d707-8ec8-4457-b2e0-bd5202de0b81",
|
||
|
"url--5914d707-8ec8-4457-b2e0-bd5202de0b81",
|
||
|
"indicator--5914d707-897c-4c13-a91b-bd5202de0b81",
|
||
|
"indicator--5914d708-8ce4-4d8e-ae61-bd5202de0b81",
|
||
|
"observed-data--5914d708-3050-4d5c-b61a-bd5202de0b81",
|
||
|
"url--5914d708-3050-4d5c-b61a-bd5202de0b81",
|
||
|
"indicator--5914d709-04ac-455b-9231-bd5202de0b81",
|
||
|
"indicator--5914d709-1ae4-45a8-88ad-bd5202de0b81",
|
||
|
"observed-data--5914d70a-0350-4e7f-a9a2-bd5202de0b81",
|
||
|
"url--5914d70a-0350-4e7f-a9a2-bd5202de0b81",
|
||
|
"indicator--5914d70a-2510-4831-a5da-bd5202de0b81",
|
||
|
"indicator--5914d70a-9d38-47f9-9d5e-bd5202de0b81",
|
||
|
"observed-data--5914d70b-4118-4ab1-aba2-bd5202de0b81",
|
||
|
"url--5914d70b-4118-4ab1-aba2-bd5202de0b81",
|
||
|
"indicator--5914d70b-235c-4e24-8860-bd5202de0b81",
|
||
|
"indicator--5914d70c-3648-412e-bd3f-bd5202de0b81",
|
||
|
"observed-data--5914d70c-56d8-42ad-9f95-bd5202de0b81",
|
||
|
"url--5914d70c-56d8-42ad-9f95-bd5202de0b81",
|
||
|
"indicator--5914d70d-8608-47eb-a0b2-bd5202de0b81",
|
||
|
"indicator--5914d70d-232c-4da9-b7f5-bd5202de0b81",
|
||
|
"observed-data--5914d70d-a518-4a90-9567-bd5202de0b81",
|
||
|
"url--5914d70d-a518-4a90-9567-bd5202de0b81",
|
||
|
"indicator--5914d70e-8644-4247-b786-bd5202de0b81",
|
||
|
"indicator--5914d70e-3600-447a-8be8-bd5202de0b81",
|
||
|
"observed-data--5914d70f-a4cc-4b55-993f-bd5202de0b81",
|
||
|
"url--5914d70f-a4cc-4b55-993f-bd5202de0b81",
|
||
|
"indicator--5914d70f-60f8-4009-bb93-bd5202de0b81",
|
||
|
"indicator--5914d710-6ccc-4856-b704-bd5202de0b81",
|
||
|
"observed-data--5914d710-7d74-4339-9d71-bd5202de0b81",
|
||
|
"url--5914d710-7d74-4339-9d71-bd5202de0b81",
|
||
|
"indicator--5914d711-71c0-49f6-8684-bd5202de0b81",
|
||
|
"indicator--5914d711-319c-4e11-9889-bd5202de0b81",
|
||
|
"observed-data--5914d711-d858-40dc-b3e7-bd5202de0b81",
|
||
|
"url--5914d711-d858-40dc-b3e7-bd5202de0b81",
|
||
|
"indicator--5914d712-2bf4-4380-a86e-bd5202de0b81",
|
||
|
"indicator--5914d712-259c-4529-b6b3-bd5202de0b81",
|
||
|
"observed-data--5914d713-d434-4618-8a0a-bd5202de0b81",
|
||
|
"url--5914d713-d434-4618-8a0a-bd5202de0b81",
|
||
|
"indicator--5914d713-9aec-4fff-b7b7-bd5202de0b81",
|
||
|
"indicator--5914d714-2308-467e-a4fb-bd5202de0b81",
|
||
|
"observed-data--5914d714-7fb0-4326-b374-bd5202de0b81",
|
||
|
"url--5914d714-7fb0-4326-b374-bd5202de0b81",
|
||
|
"indicator--5914d714-c9e0-43df-b0da-bd5202de0b81",
|
||
|
"indicator--5914d715-8238-40e6-ba71-bd5202de0b81",
|
||
|
"observed-data--5914d715-5514-4718-9a46-bd5202de0b81",
|
||
|
"url--5914d715-5514-4718-9a46-bd5202de0b81",
|
||
|
"indicator--5914d716-be24-4b37-8ee6-bd5202de0b81",
|
||
|
"indicator--5914d716-15a8-45e6-ba4b-bd5202de0b81",
|
||
|
"observed-data--5914d717-1740-406b-bc67-bd5202de0b81",
|
||
|
"url--5914d717-1740-406b-bc67-bd5202de0b81",
|
||
|
"indicator--5914d717-e820-4486-a237-bd5202de0b81",
|
||
|
"indicator--5914d717-1274-4805-ab55-bd5202de0b81",
|
||
|
"observed-data--5914d718-bde8-4499-a25e-bd5202de0b81",
|
||
|
"url--5914d718-bde8-4499-a25e-bd5202de0b81",
|
||
|
"indicator--5914d718-4ac4-4f0d-8e43-bd5202de0b81",
|
||
|
"indicator--5914d719-0790-4566-a7fb-bd5202de0b81",
|
||
|
"observed-data--5914d719-1ce0-4496-bdae-bd5202de0b81",
|
||
|
"url--5914d719-1ce0-4496-bdae-bd5202de0b81",
|
||
|
"indicator--5914d719-597c-41aa-ad6c-bd5202de0b81",
|
||
|
"indicator--5914d71a-31ac-4411-a773-bd5202de0b81",
|
||
|
"observed-data--5914d71a-79dc-4e3e-9c28-bd5202de0b81",
|
||
|
"url--5914d71a-79dc-4e3e-9c28-bd5202de0b81",
|
||
|
"indicator--5914d71b-1af0-4d3f-8b7d-bd5202de0b81",
|
||
|
"indicator--5914d71b-2afc-48ec-807d-bd5202de0b81",
|
||
|
"observed-data--5914d71b-849c-4153-b251-bd5202de0b81",
|
||
|
"url--5914d71b-849c-4153-b251-bd5202de0b81",
|
||
|
"indicator--5914d71c-de4c-4b43-b884-bd5202de0b81",
|
||
|
"indicator--5914d71c-8838-42f5-b070-bd5202de0b81",
|
||
|
"observed-data--5914d71d-03f8-4260-a77e-bd5202de0b81",
|
||
|
"url--5914d71d-03f8-4260-a77e-bd5202de0b81",
|
||
|
"indicator--5914d71d-1eb4-488e-9132-bd5202de0b81",
|
||
|
"indicator--5914d71d-3460-43e0-afba-bd5202de0b81",
|
||
|
"observed-data--5914d71e-6524-458e-a25e-bd5202de0b81",
|
||
|
"url--5914d71e-6524-458e-a25e-bd5202de0b81",
|
||
|
"indicator--5914d71e-12fc-4141-af5a-bd5202de0b81",
|
||
|
"indicator--5914d71f-be38-4b47-ba1b-bd5202de0b81",
|
||
|
"observed-data--5914d71f-2478-41ee-8455-bd5202de0b81",
|
||
|
"url--5914d71f-2478-41ee-8455-bd5202de0b81",
|
||
|
"indicator--5914d720-3d1c-47fb-88e1-bd5202de0b81",
|
||
|
"indicator--5914d720-a290-491c-a2e2-bd5202de0b81",
|
||
|
"observed-data--5914d720-d2f4-41bc-81aa-bd5202de0b81",
|
||
|
"url--5914d720-d2f4-41bc-81aa-bd5202de0b81",
|
||
|
"indicator--5914d721-1930-4653-930c-bd5202de0b81",
|
||
|
"indicator--5914d721-4f18-4c5d-88ae-bd5202de0b81",
|
||
|
"observed-data--5914d722-cb90-4dca-b321-bd5202de0b81",
|
||
|
"url--5914d722-cb90-4dca-b321-bd5202de0b81",
|
||
|
"indicator--5914d722-2aa0-4c90-a7b8-bd5202de0b81",
|
||
|
"indicator--5914d722-1100-45eb-b6e8-bd5202de0b81",
|
||
|
"observed-data--5914d723-ea94-41bc-ab8e-bd5202de0b81",
|
||
|
"url--5914d723-ea94-41bc-ab8e-bd5202de0b81",
|
||
|
"indicator--5914d723-4c20-4a8f-9c95-bd5202de0b81",
|
||
|
"indicator--5914d724-aebc-4e10-b56c-bd5202de0b81",
|
||
|
"observed-data--5914d724-99dc-43a6-8907-bd5202de0b81",
|
||
|
"url--5914d724-99dc-43a6-8907-bd5202de0b81",
|
||
|
"indicator--5914d725-b974-4527-9fc8-bd5202de0b81",
|
||
|
"indicator--5914d725-d760-4149-9268-bd5202de0b81",
|
||
|
"observed-data--5914d725-f864-4b01-abb9-bd5202de0b81",
|
||
|
"url--5914d725-f864-4b01-abb9-bd5202de0b81",
|
||
|
"indicator--5914d726-cf9c-4cf0-a83a-bd5202de0b81",
|
||
|
"indicator--5914d726-a808-4488-bca6-bd5202de0b81",
|
||
|
"observed-data--5914d727-3b38-47e8-9804-bd5202de0b81",
|
||
|
"url--5914d727-3b38-47e8-9804-bd5202de0b81",
|
||
|
"indicator--5914d727-49ac-479d-8967-bd5202de0b81",
|
||
|
"indicator--5914d728-82dc-49d7-8660-bd5202de0b81",
|
||
|
"observed-data--5914d728-4d8c-49f8-bf7b-bd5202de0b81",
|
||
|
"url--5914d728-4d8c-49f8-bf7b-bd5202de0b81",
|
||
|
"indicator--5914d729-962c-4b58-aabd-bd5202de0b81",
|
||
|
"indicator--5914d729-f348-4170-9f2b-bd5202de0b81",
|
||
|
"observed-data--5914d729-ad44-49e0-a4cc-bd5202de0b81",
|
||
|
"url--5914d729-ad44-49e0-a4cc-bd5202de0b81",
|
||
|
"indicator--5914d72a-435c-4828-b040-bd5202de0b81",
|
||
|
"indicator--5914d72a-f9c4-4932-b586-bd5202de0b81",
|
||
|
"observed-data--5914d72b-beec-4e8d-9f3e-bd5202de0b81",
|
||
|
"url--5914d72b-beec-4e8d-9f3e-bd5202de0b81",
|
||
|
"indicator--5914d72b-4a68-437c-a08c-bd5202de0b81",
|
||
|
"indicator--5914d72b-5cd8-44e1-86c3-bd5202de0b81",
|
||
|
"observed-data--5914d72c-52c8-4338-974f-bd5202de0b81",
|
||
|
"url--5914d72c-52c8-4338-974f-bd5202de0b81",
|
||
|
"indicator--5914d72c-71ac-4eb0-8a16-bd5202de0b81",
|
||
|
"indicator--5914d72d-2438-4214-9e39-bd5202de0b81",
|
||
|
"observed-data--5914d72d-b098-49e8-a1a9-bd5202de0b81",
|
||
|
"url--5914d72d-b098-49e8-a1a9-bd5202de0b81",
|
||
|
"indicator--5914d72e-e314-4f3e-9e65-bd5202de0b81",
|
||
|
"indicator--5914d72e-f51c-4a94-9fdc-bd5202de0b81",
|
||
|
"observed-data--5914d72e-4e04-4b26-a25f-bd5202de0b81",
|
||
|
"url--5914d72e-4e04-4b26-a25f-bd5202de0b81",
|
||
|
"indicator--5914d72f-cd24-4f80-9ed8-bd5202de0b81",
|
||
|
"indicator--5914d72f-7d44-46b3-87b6-bd5202de0b81",
|
||
|
"observed-data--5914d730-376c-4c98-8ae4-bd5202de0b81",
|
||
|
"url--5914d730-376c-4c98-8ae4-bd5202de0b81",
|
||
|
"indicator--5914d730-d0c4-42bc-9823-bd5202de0b81",
|
||
|
"indicator--5914d731-e188-4a2f-855d-bd5202de0b81",
|
||
|
"observed-data--5914d731-adb0-4639-8ccf-bd5202de0b81",
|
||
|
"url--5914d731-adb0-4639-8ccf-bd5202de0b81",
|
||
|
"indicator--5914d731-4a6c-4194-b69f-bd5202de0b81",
|
||
|
"indicator--5914d732-17d8-4e57-86a1-bd5202de0b81",
|
||
|
"observed-data--5914d732-3fd0-4c49-8d0e-bd5202de0b81",
|
||
|
"url--5914d732-3fd0-4c49-8d0e-bd5202de0b81",
|
||
|
"indicator--5914d733-5310-4060-84ac-bd5202de0b81",
|
||
|
"indicator--5914d733-2b6c-442a-8528-bd5202de0b81",
|
||
|
"observed-data--5914d734-af84-411c-b7f4-bd5202de0b81",
|
||
|
"url--5914d734-af84-411c-b7f4-bd5202de0b81",
|
||
|
"indicator--5914d734-8188-4c62-860c-bd5202de0b81",
|
||
|
"indicator--5914d734-77c4-4858-8c1e-bd5202de0b81",
|
||
|
"observed-data--5914d735-82e8-44c9-a524-bd5202de0b81",
|
||
|
"url--5914d735-82e8-44c9-a524-bd5202de0b81",
|
||
|
"indicator--5914d735-79f4-4841-b88e-bd5202de0b81",
|
||
|
"indicator--5914d736-57e4-4328-b0b1-bd5202de0b81",
|
||
|
"observed-data--5914d736-fa10-40a3-b43b-bd5202de0b81",
|
||
|
"url--5914d736-fa10-40a3-b43b-bd5202de0b81",
|
||
|
"indicator--5914d737-5c50-4c1b-abba-bd5202de0b81",
|
||
|
"indicator--5914d737-c2c4-48c4-95ba-bd5202de0b81",
|
||
|
"observed-data--5914d737-2328-4c13-b6d2-bd5202de0b81",
|
||
|
"url--5914d737-2328-4c13-b6d2-bd5202de0b81",
|
||
|
"indicator--5914d738-e334-45ac-97e6-bd5202de0b81",
|
||
|
"indicator--5914d738-443c-4f94-b270-bd5202de0b81",
|
||
|
"observed-data--5914d739-04fc-4966-a81e-bd5202de0b81",
|
||
|
"url--5914d739-04fc-4966-a81e-bd5202de0b81",
|
||
|
"indicator--5914d739-5d9c-464f-8e6d-bd5202de0b81",
|
||
|
"indicator--5914d739-ed2c-44dd-a08f-bd5202de0b81",
|
||
|
"observed-data--5914d73a-bc30-4837-b899-bd5202de0b81",
|
||
|
"url--5914d73a-bc30-4837-b899-bd5202de0b81",
|
||
|
"indicator--5914d73a-1a1c-4611-b2ff-bd5202de0b81",
|
||
|
"indicator--5914d73b-0d28-49f0-b70f-bd5202de0b81",
|
||
|
"observed-data--5914d73b-f258-44a7-982e-bd5202de0b81",
|
||
|
"url--5914d73b-f258-44a7-982e-bd5202de0b81",
|
||
|
"indicator--5914d73b-3188-4472-a5f2-bd5202de0b81",
|
||
|
"indicator--5914d73c-ac38-4749-952f-bd5202de0b81",
|
||
|
"observed-data--5914d73c-6dc4-4b59-8b00-bd5202de0b81",
|
||
|
"url--5914d73c-6dc4-4b59-8b00-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:ransomware=\"Nemucod\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d415-329c-4958-9962-4dc802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"first_observed": "2017-05-11T21:25:41Z",
|
||
|
"last_observed": "2017-05-11T21:25:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d415-329c-4958-9962-4dc802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"admiralty-scale:source-reliability=\"b\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d415-329c-4958-9962-4dc802de0b81",
|
||
|
"value": "http://researchcenter.paloaltonetworks.com/2017/05/unit42-practice-makes-perfect-nemucod-evolves-delivery-obfuscation-techniques-harvest-credentials/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5914d424-5778-49b4-9330-bd4b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"admiralty-scale:source-reliability=\"b\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Recently the Unit 42 research team have been investigating a wave of Nemucod downloader malware that uses weaponized documents to deploy encoded, and heavily obfuscated JavaScript, ultimately leading to further payloads being delivered to the victim. From a single instance of the encoded JavaScript discovered in one version of this malware, we pivoted on the Command and Control (C2) IPv4 address discovered during static analysis and deobfuscation, using our Threat Intelligence Service AutoFocus, unearthed many more versions of the malware and found that the versions seen to date were delivering a credential-stealing Trojan as the final payload.\r\n\r\nIn our recently published Unit 42 white paper Credential-Based Attacks we describe the importance of credentials to attackers, how they are stolen using techniques including malspam phishing as per this Nemucod campaign that delivers a credential stealing Trojan, as well as how the stolen credentials are used by the attackers to masquerade as legitimate users.\r\n\r\nOver the past five months we have tracked this campaign of Nemucod malware in various industry sectors across multiple countries with Europe amassing the highest number of attacks, followed by the United States of America and then Japan"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d455-8f08-4b21-b4e9-4dc802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Password Stealer Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '53edea186162d84803f8ff72fb83c85f427b3813c32bd9d9d899e74ae283368e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d4a9-bbd4-4517-8e68-72d202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Password Stealer Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '53edea186162d84803f8ff72fb83c85f427b3813c32bd9d9d899e74ae283368e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d4aa-dbfc-40cc-ac99-72d202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Password Stealer Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '76b703c9430abf4e0ba09e6d4e4d6cf94a251bb0e7f3fadbd169fcef954a8b39']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d4aa-efec-40f0-b40a-72d202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Password Stealer Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '99c50b658c632214f0b133f8742a5e6d2d34e47497d7a08ed2d80e4299be3502']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d526-864c-4513-99fd-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '1b64d1c93e53fa74d89c3362c30899644e9fef7f11292f40740b216bcbe03285']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d526-1994-452e-b427-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '1db89009b678ba4517fc7490b9a7f597b838939499365374eba32347393fdd4e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d526-f61c-4243-8ce4-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '85d56628f7ec277a5f49a801ef4793072edd56d9c26b0bdb9b3dc348366c734a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d527-7e6c-4f06-ab37-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d527-a68c-4d95-9412-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "PE Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ffc5e46200f16549f17d2d6e4d6e5e61239b711cd07fbf7932c31e2ea18a7865']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d57d-2774-4bbf-9a9f-42db02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '0a59bc35fe7bd84c955402aba2ad3883a5cdb08deb353c8f6310a163109f0c60']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d57e-3c5c-4788-93fc-426102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fee6b19ff8a39e83756345af421d3d85d20e67df62ac58bc05f514c368efc329']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d57e-3b7c-40db-a0b0-4fd202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '8e9af7d90193bddc89d1c3782477bde76f90707eb1900537c020fc02970bbd74']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d57e-6480-4725-86fc-499a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c173085b954ff1055fb859e6584a9e0bb3919740752351ad50706c0b7be37b51']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d57f-d788-4a76-b8e6-456e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '1faa27f82bcbad0acc444727e7be35147e5a2ee92757781e5f26db614d3cee7f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d57f-c238-4d14-8d6a-42b802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '6ebd2955fb137b5c983bbfb7601ea49ceb1f66119d13ce850c12d89e8c6a3742']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d580-c40c-4d8e-9760-40ad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '777560483cb903ba803bfdbbd1f37353706da3a265e32da44fffb3ec7fcf07a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d580-8204-4faf-ba34-4f1602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '7df6bd0af983f87dc34a71d009a3bd3bd272e094c6c55bf765148d836129e10c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d581-9200-432b-a820-4ce502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd58cfd2d851b9c98f9de79d38944d72eddec1e2243f1065de7d8b1ed1bf1cddd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d581-a2a0-4f54-8392-41ce02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '4916bc8dc91941a444d3aa41616eaebe8c3d4b095a0c566945b85c143ae532c1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d581-4820-4169-a8f4-437b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'de5ac4aedaca5649758bf34c87fd59967c2adeaaa0be65a58b9c8e9f6a8660f1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d582-2594-4238-8bdb-448902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '368304125ffd86a234aeb8c05a90b7ee40b37dae1dea7178deeda522eac9dcbc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d582-bfa0-4849-8bf7-497c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '1384934c09f6551d19150bfcf8ae954f4969d0b9ff841c93f81ebb57eecc9a71']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d583-d0b4-4626-9e72-414702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f89edff923d1d2daf6b2ab36595e873ed7d1cd52c2f6b66b590fa636c17dced2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d583-3254-4d2b-bf0e-4b9d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b1d5bfb124a15ab9068cf413de430a1c2cbd7b2bf67a766cf971269c67c3eace']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d584-11d4-40c1-aad9-406a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '256078f83cf9535c72debffa3d34818789849131e9138589728b4085e2ae2169']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d584-c42c-47dd-8c95-4f3f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd3683a4fe910d5815541beb2c42b98827a1f6362073b9901a74c36e15072c1a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d584-261c-43dd-9abe-48c402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'cfe56d178ff873a5d984220c96570144a6674ce1b675036566a93ff6d680a981']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d585-8390-4ca3-8191-41bd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '069a4abb186efb6c3b6733cb2f35151d03eefe40cfb626d3c42aaa5f7ef342c6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d585-80b0-40ea-b72e-4de202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '97ea044a5820f9271c21bd8f1bb381099fb188a7d9f54ac72a88bf41411cf1b3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d586-9c6c-404b-afe0-483102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '5b331693bc7ad009db3905fd37edfa94c528b6c4eee024f7a35dcc9b6b8a9c26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d586-a3f4-4928-9038-4f8702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '7e62823f8a775674b6333ff535e93a9fc0bdcfd943c903fe85e614b34d692549']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d587-1464-4c29-b93a-4e6602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a85b040e923e45a3e139576c2086a8f1671b1c60053274d850218ffa422f80e6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d587-f118-4be8-99cb-494102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '1c95a2a32b639008245a205f51aa7fbafc0b61ecc6879f9978be174feee516f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d587-9014-413b-931a-487702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '9e9e7ade1def82a56898415c079bd3f861c143f9db6770a28592bbbe04d5f234']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d588-89b0-4928-a78a-427c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '40fd876c5d7f859484a8d3a021ce3c5eeba23deb8574f4b598aeaa6a0ded7815']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d588-3b68-4a26-ae07-4ff502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '92c82d7ea7b89f02c5b8e7d93d2a4ad17fbc0688ff9ad881cc185c18ea466232']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d589-60bc-41e5-af33-4fab02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ae3bb85b87d40a12e82b2545fd4c9087b3e847a744a27c1ac215dd38821ced87']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d589-0400-40c5-92d1-4f7f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c600c7638474fb31664ab32fb9aad5c216096b2c68d93c9eb37cf0476868cf05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d589-8384-45d7-a9eb-410202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '8451cf3f5e5e2576f2ad36a4f19998e5824c2ab185f40ddec460a81ab1a8525a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58a-d060-434d-a301-4f8102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '34e5104bea2728cf9107b4ede124daee8ac68ad0979c66c356ddf3a0e6d0f4c6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58a-b490-4cf6-8df6-4dff02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '7b48b21b10990cd53bb8969930b9f0b39cc495e95a33c38f80024a21a72b0176']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58b-dc10-45db-976b-407802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'dcf3c00a20af527869771a7834565fb938739e3abf84038e2376b23a14926a38']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58b-574c-437b-8344-4cd502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd8e62ce3039921c11872319a09acc61038f2452a6a2fdb8c0d3a0848b56b26ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58c-f090-4ecd-8593-4b1902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '50ab7834e98c2f40d7441006a0221c07bff5f9f694999b595daa29b37c9a5e12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58c-fdf0-4381-b0b7-4eb302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b4d3c369449ead7ced48f84b9ea29cb4dbc6f485958e813b102c1d32ce62d3e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58c-fd6c-4391-8552-419d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a02ed37812ac37d44979d5131aa10927fb9b9bd09aae2b470e65532bc694b27c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58d-adec-4f78-82c7-479702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '61bcd9b0c11989d6049fd181786f1748116c128bd4768d1b6849805186190320']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58d-4d08-4b71-b2bc-4d5c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '6edbbc7f02179211c5b8da74a770492e25b31be683468629a073f313f25ec8b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58e-db80-4f91-aeab-4b0602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '985d44dfeaf83c2c39c331e4b07b19e8726fb0ec168223455476132fe8c32fc8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58e-4210-4202-93fb-45fb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '1a60afa5c3dcff0fc41179e6a3b71ea0a92e4b50192eaa4c8e2b16ea0c50a229']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58e-b32c-468a-99f4-410702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '76edebe74e015e709abb662c4fa8a2db2f24c12d5b6c51822eef403bf3c3a304']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58f-779c-4344-ad97-418902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '3fdcaf24d5c45d7a8dcf1b2932c026915a982de19b52a8f346ca312c58d36f05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d58f-6318-4747-a418-427e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '561343438f0c26fa7628a91584628a5bd62c3abe1c0cf890b9fdb0528adbde62']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d590-104c-4ab4-8da7-427302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '7f53abc951258d5663119f3ac383b8f84da5acbf0bb9063e5e113ca87b1843ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d590-de60-4d48-b3fd-445d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '7c552166089ebf45081a5d14bef331e3153a5de50c53b66211b044a08f46153c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d591-8b94-4357-83ab-485e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '432a220ca1e6c64546f21807e17521c243cce2a63d956d0c0cf21a1101835829']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d591-9058-4a45-93f7-46d502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '297665276699830549c83ae79cd2c48e23733e9569be8040ee38d08a4d99192e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d591-c330-45b1-93a6-46d002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '5e54c865afbd42f5a7b4007840e3099d8e1882c58542d08263ffc23fe994ef9b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d592-e8c8-4690-9d30-45d602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '8aa5a12bb237f93fc0c3f150a41fcc60e86007b1000c2b133457b2be27dfad4e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d592-2230-4218-aa79-490202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '8e7f77a61a1e710e368257a37fe6785f9b608bb068e5c40824623d299997dbf0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d593-686c-4c4a-92b9-4cc102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '379615acf199bb0beaee736824067b83dcbb2ae60eb648576c81d4971330dd16']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d593-9c64-4909-a1d3-4ada02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ad94f396f739d4df07f188b9babee829d07da01c986f4795a098d66137c7149c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d593-4c1c-4454-839c-4ff902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ff7fa949a99d745143d41eeb6b450dca3d95a38031e304b1e829c5bda2ce5213']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d594-52a8-46af-81b9-4d1c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '034421d601d43883528d68741c87e765d76ff4123161d364f6eddfae1f3c7493']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d594-73d0-48a4-8f50-456d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e86c5f4fbcd626e1ec4c211ae1ed0d541fc453e6753e84a724f534c0b9700029']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d595-9984-4a66-b30e-4fe302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "Document Dropper Hashes",
|
||
|
"pattern": "[file:hashes.SHA256 = '8b96d5316accd7d2ee0af01a4ae2766b7173d7705b3eef14d9dcb10cd34238ed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d621-1370-41f7-967f-72cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"pattern": "[url:value = 'https://185.159.82.11:3333/P/tipster.php?']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d63d-1eec-4494-9417-4dcd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"description": "The malware makes calls to the InternetOpenA, InternetConnectA and HttpOpenRequest functions from the Wininet.dll library to prepare the HTTP POST request to the following URL where the contents of goga.txt will be sent.",
|
||
|
"pattern": "[url:value = 'http://185.159.82.11/re/b.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d66b-ae6c-4a6f-9eca-bd4d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.104.156']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d67d-df8c-45d9-a5c0-036002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:25:41.000Z",
|
||
|
"modified": "2017-05-11T21:25:41.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.104.178']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:25:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f4-8b50-415c-b27f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:12.000Z",
|
||
|
"modified": "2017-05-11T21:26:12.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: e86c5f4fbcd626e1ec4c211ae1ed0d541fc453e6753e84a724f534c0b9700029",
|
||
|
"pattern": "[file:hashes.SHA1 = '768c400bbae202897ab30a7b719221d2b050dfd0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f4-8920-47ad-bf86-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:12.000Z",
|
||
|
"modified": "2017-05-11T21:26:12.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: e86c5f4fbcd626e1ec4c211ae1ed0d541fc453e6753e84a724f534c0b9700029",
|
||
|
"pattern": "[file:hashes.MD5 = '9a248adafdc4bc2da6d54e5915c3bdba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6f5-a588-4e95-8b90-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:13.000Z",
|
||
|
"modified": "2017-05-11T21:26:13.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:13Z",
|
||
|
"last_observed": "2017-05-11T21:26:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6f5-a588-4e95-8b90-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6f5-a588-4e95-8b90-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e86c5f4fbcd626e1ec4c211ae1ed0d541fc453e6753e84a724f534c0b9700029/analysis/1491959994/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f5-d7d4-49b6-b8a9-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:13.000Z",
|
||
|
"modified": "2017-05-11T21:26:13.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: ff7fa949a99d745143d41eeb6b450dca3d95a38031e304b1e829c5bda2ce5213",
|
||
|
"pattern": "[file:hashes.SHA1 = '0d568578ccf18fbd5b142947f314b0e065519ff2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f6-2a24-45f2-894d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:14.000Z",
|
||
|
"modified": "2017-05-11T21:26:14.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: ff7fa949a99d745143d41eeb6b450dca3d95a38031e304b1e829c5bda2ce5213",
|
||
|
"pattern": "[file:hashes.MD5 = '360a3148ca32947b416c3413ebd03bf1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6f6-c878-40f5-a8c3-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:14.000Z",
|
||
|
"modified": "2017-05-11T21:26:14.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:14Z",
|
||
|
"last_observed": "2017-05-11T21:26:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6f6-c878-40f5-a8c3-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6f6-c878-40f5-a8c3-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ff7fa949a99d745143d41eeb6b450dca3d95a38031e304b1e829c5bda2ce5213/analysis/1494535669/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f7-7f44-4ed8-bff5-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:15.000Z",
|
||
|
"modified": "2017-05-11T21:26:15.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 379615acf199bb0beaee736824067b83dcbb2ae60eb648576c81d4971330dd16",
|
||
|
"pattern": "[file:hashes.SHA1 = '57560d1633e190c4dfd88e54ab66a477c9029345']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f7-b808-4379-b681-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:15.000Z",
|
||
|
"modified": "2017-05-11T21:26:15.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 379615acf199bb0beaee736824067b83dcbb2ae60eb648576c81d4971330dd16",
|
||
|
"pattern": "[file:hashes.MD5 = '5062cbae0617f186c8bcc67117f9e02b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6f7-0e70-4c6d-98b7-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:15.000Z",
|
||
|
"modified": "2017-05-11T21:26:15.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:15Z",
|
||
|
"last_observed": "2017-05-11T21:26:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6f7-0e70-4c6d-98b7-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6f7-0e70-4c6d-98b7-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/379615acf199bb0beaee736824067b83dcbb2ae60eb648576c81d4971330dd16/analysis/1494535668/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f8-671c-4448-9d4a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:16.000Z",
|
||
|
"modified": "2017-05-11T21:26:16.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8e7f77a61a1e710e368257a37fe6785f9b608bb068e5c40824623d299997dbf0",
|
||
|
"pattern": "[file:hashes.SHA1 = '54df4ac1be3be2c18c17837469801abed9761640']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f8-1608-45da-8ca6-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:16.000Z",
|
||
|
"modified": "2017-05-11T21:26:16.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8e7f77a61a1e710e368257a37fe6785f9b608bb068e5c40824623d299997dbf0",
|
||
|
"pattern": "[file:hashes.MD5 = '4477a2fb9eb73dd51a7cbfe5244246ed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6f9-eeb8-409d-8da3-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:17.000Z",
|
||
|
"modified": "2017-05-11T21:26:17.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:17Z",
|
||
|
"last_observed": "2017-05-11T21:26:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6f9-eeb8-409d-8da3-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6f9-eeb8-409d-8da3-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8e7f77a61a1e710e368257a37fe6785f9b608bb068e5c40824623d299997dbf0/analysis/1494535668/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6f9-e478-450e-a89d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:17.000Z",
|
||
|
"modified": "2017-05-11T21:26:17.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8aa5a12bb237f93fc0c3f150a41fcc60e86007b1000c2b133457b2be27dfad4e",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c1a36776a38c0f61cb4b79850edc9d4fb07c8d13']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fa-6ae0-4c82-be1d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:18.000Z",
|
||
|
"modified": "2017-05-11T21:26:18.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8aa5a12bb237f93fc0c3f150a41fcc60e86007b1000c2b133457b2be27dfad4e",
|
||
|
"pattern": "[file:hashes.MD5 = 'ae6da22f910967764c5f6a17061ee335']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6fa-7a2c-4dfd-bfdd-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:18.000Z",
|
||
|
"modified": "2017-05-11T21:26:18.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:18Z",
|
||
|
"last_observed": "2017-05-11T21:26:18Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6fa-7a2c-4dfd-bfdd-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6fa-7a2c-4dfd-bfdd-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8aa5a12bb237f93fc0c3f150a41fcc60e86007b1000c2b133457b2be27dfad4e/analysis/1494535668/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fa-9f80-485b-892a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:18.000Z",
|
||
|
"modified": "2017-05-11T21:26:18.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 5e54c865afbd42f5a7b4007840e3099d8e1882c58542d08263ffc23fe994ef9b",
|
||
|
"pattern": "[file:hashes.SHA1 = '825f52b35f1ecb200770bc6300ade88cbc1cd11c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fb-c920-44b7-ab23-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:19.000Z",
|
||
|
"modified": "2017-05-11T21:26:19.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 5e54c865afbd42f5a7b4007840e3099d8e1882c58542d08263ffc23fe994ef9b",
|
||
|
"pattern": "[file:hashes.MD5 = '9af507f9ff13cb0ce82f50d9d9723683']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6fb-cf74-4308-92ac-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:19.000Z",
|
||
|
"modified": "2017-05-11T21:26:19.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:19Z",
|
||
|
"last_observed": "2017-05-11T21:26:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6fb-cf74-4308-92ac-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6fb-cf74-4308-92ac-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5e54c865afbd42f5a7b4007840e3099d8e1882c58542d08263ffc23fe994ef9b/analysis/1494535668/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fc-3470-4ec7-abd1-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:20.000Z",
|
||
|
"modified": "2017-05-11T21:26:20.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 297665276699830549c83ae79cd2c48e23733e9569be8040ee38d08a4d99192e",
|
||
|
"pattern": "[file:hashes.SHA1 = '64e8a824b6e34b2146ecf0b95aebce8ef46a3aed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fc-06d0-4eec-b1e4-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:20.000Z",
|
||
|
"modified": "2017-05-11T21:26:20.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 297665276699830549c83ae79cd2c48e23733e9569be8040ee38d08a4d99192e",
|
||
|
"pattern": "[file:hashes.MD5 = 'c6713c98e69c29460ad686bb81a805d9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6fd-55e0-44a0-a353-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:21.000Z",
|
||
|
"modified": "2017-05-11T21:26:21.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:21Z",
|
||
|
"last_observed": "2017-05-11T21:26:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6fd-55e0-44a0-a353-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6fd-55e0-44a0-a353-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/297665276699830549c83ae79cd2c48e23733e9569be8040ee38d08a4d99192e/analysis/1494535668/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fd-6060-470a-970a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:21.000Z",
|
||
|
"modified": "2017-05-11T21:26:21.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7f53abc951258d5663119f3ac383b8f84da5acbf0bb9063e5e113ca87b1843ae",
|
||
|
"pattern": "[file:hashes.SHA1 = '6947f3e5ab4d4d2a3d4d11b6b63923c4ece81a1d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fd-c358-492e-92b5-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:21.000Z",
|
||
|
"modified": "2017-05-11T21:26:21.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7f53abc951258d5663119f3ac383b8f84da5acbf0bb9063e5e113ca87b1843ae",
|
||
|
"pattern": "[file:hashes.MD5 = 'e627a6c83b46e79f5c10dee15bfc4e9d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6fe-c7c4-4a8a-8822-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:22.000Z",
|
||
|
"modified": "2017-05-11T21:26:22.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:22Z",
|
||
|
"last_observed": "2017-05-11T21:26:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6fe-c7c4-4a8a-8822-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6fe-c7c4-4a8a-8822-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7f53abc951258d5663119f3ac383b8f84da5acbf0bb9063e5e113ca87b1843ae/analysis/1494535667/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6fe-50d4-409c-9869-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:22.000Z",
|
||
|
"modified": "2017-05-11T21:26:22.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 561343438f0c26fa7628a91584628a5bd62c3abe1c0cf890b9fdb0528adbde62",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a2b438dbe642ae8cf489098224b981ec1f12ea3c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6ff-1d0c-4d6c-8c49-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:23.000Z",
|
||
|
"modified": "2017-05-11T21:26:23.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 561343438f0c26fa7628a91584628a5bd62c3abe1c0cf890b9fdb0528adbde62",
|
||
|
"pattern": "[file:hashes.MD5 = 'e4242a0b9ae10943dc0ce9638dbaa5ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d6ff-6624-488e-a754-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:23.000Z",
|
||
|
"modified": "2017-05-11T21:26:23.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:23Z",
|
||
|
"last_observed": "2017-05-11T21:26:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d6ff-6624-488e-a754-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d6ff-6624-488e-a754-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/561343438f0c26fa7628a91584628a5bd62c3abe1c0cf890b9fdb0528adbde62/analysis/1494535667/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d6ff-775c-459c-bd07-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:23.000Z",
|
||
|
"modified": "2017-05-11T21:26:23.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 3fdcaf24d5c45d7a8dcf1b2932c026915a982de19b52a8f346ca312c58d36f05",
|
||
|
"pattern": "[file:hashes.SHA1 = '0573274f4a719171e1925f6d5bc106949fbc1673']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d700-39a0-488e-aac5-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:24.000Z",
|
||
|
"modified": "2017-05-11T21:26:24.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 3fdcaf24d5c45d7a8dcf1b2932c026915a982de19b52a8f346ca312c58d36f05",
|
||
|
"pattern": "[file:hashes.MD5 = '4cdd4ed57f51d63c4a248fd0cb5fbfb7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d700-1bac-431e-8e13-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:24.000Z",
|
||
|
"modified": "2017-05-11T21:26:24.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:24Z",
|
||
|
"last_observed": "2017-05-11T21:26:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d700-1bac-431e-8e13-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d700-1bac-431e-8e13-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3fdcaf24d5c45d7a8dcf1b2932c026915a982de19b52a8f346ca312c58d36f05/analysis/1494535667/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d701-394c-43c1-bbdf-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:25.000Z",
|
||
|
"modified": "2017-05-11T21:26:25.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 76edebe74e015e709abb662c4fa8a2db2f24c12d5b6c51822eef403bf3c3a304",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e425b4cd6622c0e04468ad51341dd773ca412009']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d701-17ec-43a8-879d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:25.000Z",
|
||
|
"modified": "2017-05-11T21:26:25.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 76edebe74e015e709abb662c4fa8a2db2f24c12d5b6c51822eef403bf3c3a304",
|
||
|
"pattern": "[file:hashes.MD5 = '0745a4ee754b291ffdaaa1696e3e3420']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d702-27c4-4197-8c8d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:26.000Z",
|
||
|
"modified": "2017-05-11T21:26:26.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:26Z",
|
||
|
"last_observed": "2017-05-11T21:26:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d702-27c4-4197-8c8d-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d702-27c4-4197-8c8d-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/76edebe74e015e709abb662c4fa8a2db2f24c12d5b6c51822eef403bf3c3a304/analysis/1494507201/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d702-bde4-4e65-9530-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:26.000Z",
|
||
|
"modified": "2017-05-11T21:26:26.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1a60afa5c3dcff0fc41179e6a3b71ea0a92e4b50192eaa4c8e2b16ea0c50a229",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a53d66339e5604e9510f79020af55591f1fb8931']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d702-7694-4eeb-bea3-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:26.000Z",
|
||
|
"modified": "2017-05-11T21:26:26.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1a60afa5c3dcff0fc41179e6a3b71ea0a92e4b50192eaa4c8e2b16ea0c50a229",
|
||
|
"pattern": "[file:hashes.MD5 = 'c27b104e863fb80e7faa647fd85068f2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d703-a440-4c80-b0bd-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:27.000Z",
|
||
|
"modified": "2017-05-11T21:26:27.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:27Z",
|
||
|
"last_observed": "2017-05-11T21:26:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d703-a440-4c80-b0bd-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d703-a440-4c80-b0bd-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1a60afa5c3dcff0fc41179e6a3b71ea0a92e4b50192eaa4c8e2b16ea0c50a229/analysis/1494506994/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d703-ea54-486e-a310-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:27.000Z",
|
||
|
"modified": "2017-05-11T21:26:27.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 985d44dfeaf83c2c39c331e4b07b19e8726fb0ec168223455476132fe8c32fc8",
|
||
|
"pattern": "[file:hashes.SHA1 = '6d062165da76ed4800695f02e0413620f80bb5d4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d704-0428-49b9-b1fa-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:28.000Z",
|
||
|
"modified": "2017-05-11T21:26:28.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 985d44dfeaf83c2c39c331e4b07b19e8726fb0ec168223455476132fe8c32fc8",
|
||
|
"pattern": "[file:hashes.MD5 = '1828963ed3b571bc6fa5f74900a88a88']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d704-e410-4a5f-9948-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:28.000Z",
|
||
|
"modified": "2017-05-11T21:26:28.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:28Z",
|
||
|
"last_observed": "2017-05-11T21:26:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d704-e410-4a5f-9948-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d704-e410-4a5f-9948-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/985d44dfeaf83c2c39c331e4b07b19e8726fb0ec168223455476132fe8c32fc8/analysis/1494535666/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d705-6390-44c8-87d4-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:29.000Z",
|
||
|
"modified": "2017-05-11T21:26:29.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 6edbbc7f02179211c5b8da74a770492e25b31be683468629a073f313f25ec8b6",
|
||
|
"pattern": "[file:hashes.SHA1 = '81043253dcfb659e7692eff2ca283a7cc55d3d40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d705-2c98-47bd-825d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:29.000Z",
|
||
|
"modified": "2017-05-11T21:26:29.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 6edbbc7f02179211c5b8da74a770492e25b31be683468629a073f313f25ec8b6",
|
||
|
"pattern": "[file:hashes.MD5 = '7eb373f60779ffe72edb35249736de41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d705-ee9c-4f5b-bb47-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:29.000Z",
|
||
|
"modified": "2017-05-11T21:26:29.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:29Z",
|
||
|
"last_observed": "2017-05-11T21:26:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d705-ee9c-4f5b-bb47-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d705-ee9c-4f5b-bb47-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6edbbc7f02179211c5b8da74a770492e25b31be683468629a073f313f25ec8b6/analysis/1494535666/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d706-2288-4dcf-875c-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:30.000Z",
|
||
|
"modified": "2017-05-11T21:26:30.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 61bcd9b0c11989d6049fd181786f1748116c128bd4768d1b6849805186190320",
|
||
|
"pattern": "[file:hashes.SHA1 = '8988ad47ed53f439747d5022f96f80ca8d7b4299']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d706-e360-43eb-bf77-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:30.000Z",
|
||
|
"modified": "2017-05-11T21:26:30.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 61bcd9b0c11989d6049fd181786f1748116c128bd4768d1b6849805186190320",
|
||
|
"pattern": "[file:hashes.MD5 = '4584e56bdc8e096a05a986c454d46333']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d707-8ec8-4457-b2e0-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:31.000Z",
|
||
|
"modified": "2017-05-11T21:26:31.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:31Z",
|
||
|
"last_observed": "2017-05-11T21:26:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d707-8ec8-4457-b2e0-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d707-8ec8-4457-b2e0-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/61bcd9b0c11989d6049fd181786f1748116c128bd4768d1b6849805186190320/analysis/1494535666/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d707-897c-4c13-a91b-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:31.000Z",
|
||
|
"modified": "2017-05-11T21:26:31.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: a02ed37812ac37d44979d5131aa10927fb9b9bd09aae2b470e65532bc694b27c",
|
||
|
"pattern": "[file:hashes.SHA1 = '02e51ee358407bb7e3b6bc0b818ad0e0a2c20c0b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d708-8ce4-4d8e-ae61-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:32.000Z",
|
||
|
"modified": "2017-05-11T21:26:32.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: a02ed37812ac37d44979d5131aa10927fb9b9bd09aae2b470e65532bc694b27c",
|
||
|
"pattern": "[file:hashes.MD5 = '1a3741669abaa116abc66c1db0236890']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d708-3050-4d5c-b61a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:32.000Z",
|
||
|
"modified": "2017-05-11T21:26:32.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:32Z",
|
||
|
"last_observed": "2017-05-11T21:26:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d708-3050-4d5c-b61a-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d708-3050-4d5c-b61a-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a02ed37812ac37d44979d5131aa10927fb9b9bd09aae2b470e65532bc694b27c/analysis/1494535665/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d709-04ac-455b-9231-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:33.000Z",
|
||
|
"modified": "2017-05-11T21:26:33.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: b4d3c369449ead7ced48f84b9ea29cb4dbc6f485958e813b102c1d32ce62d3e8",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ccc0fb9afbb964d8feaa731b8c12b2d5d709beb0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d709-1ae4-45a8-88ad-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:33.000Z",
|
||
|
"modified": "2017-05-11T21:26:33.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: b4d3c369449ead7ced48f84b9ea29cb4dbc6f485958e813b102c1d32ce62d3e8",
|
||
|
"pattern": "[file:hashes.MD5 = 'f92dfc8a2f7d865cfc365211dec38abe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d70a-0350-4e7f-a9a2-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:34.000Z",
|
||
|
"modified": "2017-05-11T21:26:34.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:34Z",
|
||
|
"last_observed": "2017-05-11T21:26:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d70a-0350-4e7f-a9a2-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d70a-0350-4e7f-a9a2-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b4d3c369449ead7ced48f84b9ea29cb4dbc6f485958e813b102c1d32ce62d3e8/analysis/1494535665/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70a-2510-4831-a5da-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:34.000Z",
|
||
|
"modified": "2017-05-11T21:26:34.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 50ab7834e98c2f40d7441006a0221c07bff5f9f694999b595daa29b37c9a5e12",
|
||
|
"pattern": "[file:hashes.SHA1 = '3458013c174277fdca1282dfea5aab7fc8e2c74f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70a-9d38-47f9-9d5e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:34.000Z",
|
||
|
"modified": "2017-05-11T21:26:34.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 50ab7834e98c2f40d7441006a0221c07bff5f9f694999b595daa29b37c9a5e12",
|
||
|
"pattern": "[file:hashes.MD5 = '874450f20106f9511beb916721f1fe1b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d70b-4118-4ab1-aba2-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:35.000Z",
|
||
|
"modified": "2017-05-11T21:26:35.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:35Z",
|
||
|
"last_observed": "2017-05-11T21:26:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d70b-4118-4ab1-aba2-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d70b-4118-4ab1-aba2-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/50ab7834e98c2f40d7441006a0221c07bff5f9f694999b595daa29b37c9a5e12/analysis/1494535665/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70b-235c-4e24-8860-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:35.000Z",
|
||
|
"modified": "2017-05-11T21:26:35.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: d8e62ce3039921c11872319a09acc61038f2452a6a2fdb8c0d3a0848b56b26ff",
|
||
|
"pattern": "[file:hashes.SHA1 = '04661681860828b34906f6ef2283e63525b7ac31']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70c-3648-412e-bd3f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:36.000Z",
|
||
|
"modified": "2017-05-11T21:26:36.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: d8e62ce3039921c11872319a09acc61038f2452a6a2fdb8c0d3a0848b56b26ff",
|
||
|
"pattern": "[file:hashes.MD5 = '9989d733ea79ba392919c386a3db51b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d70c-56d8-42ad-9f95-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:36.000Z",
|
||
|
"modified": "2017-05-11T21:26:36.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:36Z",
|
||
|
"last_observed": "2017-05-11T21:26:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d70c-56d8-42ad-9f95-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d70c-56d8-42ad-9f95-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d8e62ce3039921c11872319a09acc61038f2452a6a2fdb8c0d3a0848b56b26ff/analysis/1494535665/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70d-8608-47eb-a0b2-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:37.000Z",
|
||
|
"modified": "2017-05-11T21:26:37.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7b48b21b10990cd53bb8969930b9f0b39cc495e95a33c38f80024a21a72b0176",
|
||
|
"pattern": "[file:hashes.SHA1 = '67b7a4b74ae752999bee525d3dc2b91c8c5a37a8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70d-232c-4da9-b7f5-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:37.000Z",
|
||
|
"modified": "2017-05-11T21:26:37.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7b48b21b10990cd53bb8969930b9f0b39cc495e95a33c38f80024a21a72b0176",
|
||
|
"pattern": "[file:hashes.MD5 = '73b29fafd07dbc0341b9cb190c6f615e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d70d-a518-4a90-9567-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:37.000Z",
|
||
|
"modified": "2017-05-11T21:26:37.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:37Z",
|
||
|
"last_observed": "2017-05-11T21:26:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d70d-a518-4a90-9567-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d70d-a518-4a90-9567-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7b48b21b10990cd53bb8969930b9f0b39cc495e95a33c38f80024a21a72b0176/analysis/1489460924/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70e-8644-4247-b786-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:38.000Z",
|
||
|
"modified": "2017-05-11T21:26:38.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8451cf3f5e5e2576f2ad36a4f19998e5824c2ab185f40ddec460a81ab1a8525a",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd47d1c2cf4ec98e8b7bb7d0b555ef97a5b573c11']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70e-3600-447a-8be8-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:38.000Z",
|
||
|
"modified": "2017-05-11T21:26:38.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8451cf3f5e5e2576f2ad36a4f19998e5824c2ab185f40ddec460a81ab1a8525a",
|
||
|
"pattern": "[file:hashes.MD5 = '586337cbc23f51fe97ae2d1420f43071']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d70f-a4cc-4b55-993f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:39.000Z",
|
||
|
"modified": "2017-05-11T21:26:39.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:39Z",
|
||
|
"last_observed": "2017-05-11T21:26:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d70f-a4cc-4b55-993f-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d70f-a4cc-4b55-993f-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8451cf3f5e5e2576f2ad36a4f19998e5824c2ab185f40ddec460a81ab1a8525a/analysis/1494535664/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d70f-60f8-4009-bb93-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:39.000Z",
|
||
|
"modified": "2017-05-11T21:26:39.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: c600c7638474fb31664ab32fb9aad5c216096b2c68d93c9eb37cf0476868cf05",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b659ef884f6d7210c1e8cc5c96a4e923099e6bff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d710-6ccc-4856-b704-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:40.000Z",
|
||
|
"modified": "2017-05-11T21:26:40.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: c600c7638474fb31664ab32fb9aad5c216096b2c68d93c9eb37cf0476868cf05",
|
||
|
"pattern": "[file:hashes.MD5 = '0bc5449f24f70a97eb5a63b60c5eafee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d710-7d74-4339-9d71-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:40.000Z",
|
||
|
"modified": "2017-05-11T21:26:40.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:40Z",
|
||
|
"last_observed": "2017-05-11T21:26:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d710-7d74-4339-9d71-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d710-7d74-4339-9d71-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c600c7638474fb31664ab32fb9aad5c216096b2c68d93c9eb37cf0476868cf05/analysis/1494535664/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d711-71c0-49f6-8684-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:41.000Z",
|
||
|
"modified": "2017-05-11T21:26:41.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: ae3bb85b87d40a12e82b2545fd4c9087b3e847a744a27c1ac215dd38821ced87",
|
||
|
"pattern": "[file:hashes.SHA1 = '823289568653beb7d18dda3a059514c2a6029925']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d711-319c-4e11-9889-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:41.000Z",
|
||
|
"modified": "2017-05-11T21:26:41.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: ae3bb85b87d40a12e82b2545fd4c9087b3e847a744a27c1ac215dd38821ced87",
|
||
|
"pattern": "[file:hashes.MD5 = 'f209fe46636ec146643618d79881ad63']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d711-d858-40dc-b3e7-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:41.000Z",
|
||
|
"modified": "2017-05-11T21:26:41.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:41Z",
|
||
|
"last_observed": "2017-05-11T21:26:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d711-d858-40dc-b3e7-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d711-d858-40dc-b3e7-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ae3bb85b87d40a12e82b2545fd4c9087b3e847a744a27c1ac215dd38821ced87/analysis/1494380308/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d712-2bf4-4380-a86e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:42.000Z",
|
||
|
"modified": "2017-05-11T21:26:42.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 92c82d7ea7b89f02c5b8e7d93d2a4ad17fbc0688ff9ad881cc185c18ea466232",
|
||
|
"pattern": "[file:hashes.SHA1 = 'dcd678e99ffd594f00704dc3867b19efe85c9884']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d712-259c-4529-b6b3-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:42.000Z",
|
||
|
"modified": "2017-05-11T21:26:42.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 92c82d7ea7b89f02c5b8e7d93d2a4ad17fbc0688ff9ad881cc185c18ea466232",
|
||
|
"pattern": "[file:hashes.MD5 = '281c88a584c6ff0fb449624bf97298a4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d713-d434-4618-8a0a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:43.000Z",
|
||
|
"modified": "2017-05-11T21:26:43.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:43Z",
|
||
|
"last_observed": "2017-05-11T21:26:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d713-d434-4618-8a0a-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d713-d434-4618-8a0a-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/92c82d7ea7b89f02c5b8e7d93d2a4ad17fbc0688ff9ad881cc185c18ea466232/analysis/1494535663/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d713-9aec-4fff-b7b7-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:43.000Z",
|
||
|
"modified": "2017-05-11T21:26:43.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 40fd876c5d7f859484a8d3a021ce3c5eeba23deb8574f4b598aeaa6a0ded7815",
|
||
|
"pattern": "[file:hashes.SHA1 = '8b5b6f5ece8c596c60ad4d6a2b90022d7635999a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d714-2308-467e-a4fb-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:44.000Z",
|
||
|
"modified": "2017-05-11T21:26:44.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 40fd876c5d7f859484a8d3a021ce3c5eeba23deb8574f4b598aeaa6a0ded7815",
|
||
|
"pattern": "[file:hashes.MD5 = 'fabdab3aa4d863f446149cbc41ba3463']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d714-7fb0-4326-b374-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:44.000Z",
|
||
|
"modified": "2017-05-11T21:26:44.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:44Z",
|
||
|
"last_observed": "2017-05-11T21:26:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d714-7fb0-4326-b374-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d714-7fb0-4326-b374-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/40fd876c5d7f859484a8d3a021ce3c5eeba23deb8574f4b598aeaa6a0ded7815/analysis/1489038928/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d714-c9e0-43df-b0da-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:44.000Z",
|
||
|
"modified": "2017-05-11T21:26:44.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 9e9e7ade1def82a56898415c079bd3f861c143f9db6770a28592bbbe04d5f234",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ab6bd4c0d5ec83f34e882eba915253056d6b49cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d715-8238-40e6-ba71-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:45.000Z",
|
||
|
"modified": "2017-05-11T21:26:45.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 9e9e7ade1def82a56898415c079bd3f861c143f9db6770a28592bbbe04d5f234",
|
||
|
"pattern": "[file:hashes.MD5 = '6418268fae0ebc429fd446cf6b1c0316']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d715-5514-4718-9a46-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:45.000Z",
|
||
|
"modified": "2017-05-11T21:26:45.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:45Z",
|
||
|
"last_observed": "2017-05-11T21:26:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d715-5514-4718-9a46-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d715-5514-4718-9a46-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9e9e7ade1def82a56898415c079bd3f861c143f9db6770a28592bbbe04d5f234/analysis/1494535663/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d716-be24-4b37-8ee6-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:46.000Z",
|
||
|
"modified": "2017-05-11T21:26:46.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1c95a2a32b639008245a205f51aa7fbafc0b61ecc6879f9978be174feee516f4",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e179f266d87e85538f9d890fa0f031c5581986dd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d716-15a8-45e6-ba4b-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:46.000Z",
|
||
|
"modified": "2017-05-11T21:26:46.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1c95a2a32b639008245a205f51aa7fbafc0b61ecc6879f9978be174feee516f4",
|
||
|
"pattern": "[file:hashes.MD5 = '60ea5ec5ccc9c2f34a8f7874000097a9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d717-1740-406b-bc67-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:47.000Z",
|
||
|
"modified": "2017-05-11T21:26:47.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:47Z",
|
||
|
"last_observed": "2017-05-11T21:26:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d717-1740-406b-bc67-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d717-1740-406b-bc67-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1c95a2a32b639008245a205f51aa7fbafc0b61ecc6879f9978be174feee516f4/analysis/1494508546/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d717-e820-4486-a237-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:47.000Z",
|
||
|
"modified": "2017-05-11T21:26:47.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: a85b040e923e45a3e139576c2086a8f1671b1c60053274d850218ffa422f80e6",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cf8c7cc742bf68410bb82208becaa4688d09c937']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d717-1274-4805-ab55-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:47.000Z",
|
||
|
"modified": "2017-05-11T21:26:47.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: a85b040e923e45a3e139576c2086a8f1671b1c60053274d850218ffa422f80e6",
|
||
|
"pattern": "[file:hashes.MD5 = '6b67ed3878f109e4e9a867880a269705']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d718-bde8-4499-a25e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:48.000Z",
|
||
|
"modified": "2017-05-11T21:26:48.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:48Z",
|
||
|
"last_observed": "2017-05-11T21:26:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d718-bde8-4499-a25e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d718-bde8-4499-a25e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a85b040e923e45a3e139576c2086a8f1671b1c60053274d850218ffa422f80e6/analysis/1489038330/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d718-4ac4-4f0d-8e43-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:48.000Z",
|
||
|
"modified": "2017-05-11T21:26:48.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7e62823f8a775674b6333ff535e93a9fc0bdcfd943c903fe85e614b34d692549",
|
||
|
"pattern": "[file:hashes.SHA1 = '969430da71847aadfdb699576bd1fa5b05cc0578']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d719-0790-4566-a7fb-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:49.000Z",
|
||
|
"modified": "2017-05-11T21:26:49.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7e62823f8a775674b6333ff535e93a9fc0bdcfd943c903fe85e614b34d692549",
|
||
|
"pattern": "[file:hashes.MD5 = '6b627f64d75543875ae17405c6c663e5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d719-1ce0-4496-bdae-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:49.000Z",
|
||
|
"modified": "2017-05-11T21:26:49.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:49Z",
|
||
|
"last_observed": "2017-05-11T21:26:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d719-1ce0-4496-bdae-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d719-1ce0-4496-bdae-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7e62823f8a775674b6333ff535e93a9fc0bdcfd943c903fe85e614b34d692549/analysis/1489040584/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d719-597c-41aa-ad6c-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:49.000Z",
|
||
|
"modified": "2017-05-11T21:26:49.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 5b331693bc7ad009db3905fd37edfa94c528b6c4eee024f7a35dcc9b6b8a9c26",
|
||
|
"pattern": "[file:hashes.SHA1 = 'aecad2194587c25a090770fdf6bb79b963ac0f99']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71a-31ac-4411-a773-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:50.000Z",
|
||
|
"modified": "2017-05-11T21:26:50.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 5b331693bc7ad009db3905fd37edfa94c528b6c4eee024f7a35dcc9b6b8a9c26",
|
||
|
"pattern": "[file:hashes.MD5 = '3e60efd63cc510148c783d4d5b16ea05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d71a-79dc-4e3e-9c28-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:50.000Z",
|
||
|
"modified": "2017-05-11T21:26:50.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:50Z",
|
||
|
"last_observed": "2017-05-11T21:26:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d71a-79dc-4e3e-9c28-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d71a-79dc-4e3e-9c28-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5b331693bc7ad009db3905fd37edfa94c528b6c4eee024f7a35dcc9b6b8a9c26/analysis/1489867223/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71b-1af0-4d3f-8b7d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:51.000Z",
|
||
|
"modified": "2017-05-11T21:26:51.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 97ea044a5820f9271c21bd8f1bb381099fb188a7d9f54ac72a88bf41411cf1b3",
|
||
|
"pattern": "[file:hashes.SHA1 = '2e23271b02d0e82fba529d04def9127d4ad2b574']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71b-2afc-48ec-807d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:51.000Z",
|
||
|
"modified": "2017-05-11T21:26:51.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 97ea044a5820f9271c21bd8f1bb381099fb188a7d9f54ac72a88bf41411cf1b3",
|
||
|
"pattern": "[file:hashes.MD5 = 'b22efe94ed4ac8eee1618adfff92403a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d71b-849c-4153-b251-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:51.000Z",
|
||
|
"modified": "2017-05-11T21:26:51.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:51Z",
|
||
|
"last_observed": "2017-05-11T21:26:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d71b-849c-4153-b251-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d71b-849c-4153-b251-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/97ea044a5820f9271c21bd8f1bb381099fb188a7d9f54ac72a88bf41411cf1b3/analysis/1494535663/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71c-de4c-4b43-b884-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:52.000Z",
|
||
|
"modified": "2017-05-11T21:26:52.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 069a4abb186efb6c3b6733cb2f35151d03eefe40cfb626d3c42aaa5f7ef342c6",
|
||
|
"pattern": "[file:hashes.SHA1 = '1fccdf389f4adb8ff67097b140dddc89a85b7073']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71c-8838-42f5-b070-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:52.000Z",
|
||
|
"modified": "2017-05-11T21:26:52.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 069a4abb186efb6c3b6733cb2f35151d03eefe40cfb626d3c42aaa5f7ef342c6",
|
||
|
"pattern": "[file:hashes.MD5 = '5b020b9e7a8033ca4444f7cc210eb1d7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d71d-03f8-4260-a77e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:53.000Z",
|
||
|
"modified": "2017-05-11T21:26:53.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:53Z",
|
||
|
"last_observed": "2017-05-11T21:26:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d71d-03f8-4260-a77e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d71d-03f8-4260-a77e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/069a4abb186efb6c3b6733cb2f35151d03eefe40cfb626d3c42aaa5f7ef342c6/analysis/1493947778/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71d-1eb4-488e-9132-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:53.000Z",
|
||
|
"modified": "2017-05-11T21:26:53.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: cfe56d178ff873a5d984220c96570144a6674ce1b675036566a93ff6d680a981",
|
||
|
"pattern": "[file:hashes.SHA1 = '486a5ece9c217c9e651045236f6158d339ea0a33']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71d-3460-43e0-afba-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:53.000Z",
|
||
|
"modified": "2017-05-11T21:26:53.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: cfe56d178ff873a5d984220c96570144a6674ce1b675036566a93ff6d680a981",
|
||
|
"pattern": "[file:hashes.MD5 = '17661f80532cef37f114a923d076cc79']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d71e-6524-458e-a25e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:54.000Z",
|
||
|
"modified": "2017-05-11T21:26:54.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:54Z",
|
||
|
"last_observed": "2017-05-11T21:26:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d71e-6524-458e-a25e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d71e-6524-458e-a25e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cfe56d178ff873a5d984220c96570144a6674ce1b675036566a93ff6d680a981/analysis/1490601720/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71e-12fc-4141-af5a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:54.000Z",
|
||
|
"modified": "2017-05-11T21:26:54.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: d3683a4fe910d5815541beb2c42b98827a1f6362073b9901a74c36e15072c1a2",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f1e9696e5b925cf3291cf66a769e4b32a4193c1d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d71f-be38-4b47-ba1b-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:55.000Z",
|
||
|
"modified": "2017-05-11T21:26:55.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: d3683a4fe910d5815541beb2c42b98827a1f6362073b9901a74c36e15072c1a2",
|
||
|
"pattern": "[file:hashes.MD5 = 'f07cb060cde4a2010a827372b6780a85']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d71f-2478-41ee-8455-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:55.000Z",
|
||
|
"modified": "2017-05-11T21:26:55.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:55Z",
|
||
|
"last_observed": "2017-05-11T21:26:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d71f-2478-41ee-8455-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d71f-2478-41ee-8455-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d3683a4fe910d5815541beb2c42b98827a1f6362073b9901a74c36e15072c1a2/analysis/1481021920/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d720-3d1c-47fb-88e1-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:56.000Z",
|
||
|
"modified": "2017-05-11T21:26:56.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 256078f83cf9535c72debffa3d34818789849131e9138589728b4085e2ae2169",
|
||
|
"pattern": "[file:hashes.SHA1 = '0b0bd3105b3d9538b8211e4b9b6f95ac16a28950']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d720-a290-491c-a2e2-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:56.000Z",
|
||
|
"modified": "2017-05-11T21:26:56.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 256078f83cf9535c72debffa3d34818789849131e9138589728b4085e2ae2169",
|
||
|
"pattern": "[file:hashes.MD5 = '8f4c507a6094225d70c066ae52974381']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d720-d2f4-41bc-81aa-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:56.000Z",
|
||
|
"modified": "2017-05-11T21:26:56.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:56Z",
|
||
|
"last_observed": "2017-05-11T21:26:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d720-d2f4-41bc-81aa-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d720-d2f4-41bc-81aa-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/256078f83cf9535c72debffa3d34818789849131e9138589728b4085e2ae2169/analysis/1494508496/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d721-1930-4653-930c-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:57.000Z",
|
||
|
"modified": "2017-05-11T21:26:57.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: b1d5bfb124a15ab9068cf413de430a1c2cbd7b2bf67a766cf971269c67c3eace",
|
||
|
"pattern": "[file:hashes.SHA1 = '24c1a3b12f62df58a0931523c0a6c56d7079bdce']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d721-4f18-4c5d-88ae-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:57.000Z",
|
||
|
"modified": "2017-05-11T21:26:57.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: b1d5bfb124a15ab9068cf413de430a1c2cbd7b2bf67a766cf971269c67c3eace",
|
||
|
"pattern": "[file:hashes.MD5 = '4a2cc8973ec2692ca00f620cbf536e9b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d722-cb90-4dca-b321-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:58.000Z",
|
||
|
"modified": "2017-05-11T21:26:58.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:58Z",
|
||
|
"last_observed": "2017-05-11T21:26:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d722-cb90-4dca-b321-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d722-cb90-4dca-b321-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b1d5bfb124a15ab9068cf413de430a1c2cbd7b2bf67a766cf971269c67c3eace/analysis/1481046323/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d722-2aa0-4c90-a7b8-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:58.000Z",
|
||
|
"modified": "2017-05-11T21:26:58.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: f89edff923d1d2daf6b2ab36595e873ed7d1cd52c2f6b66b590fa636c17dced2",
|
||
|
"pattern": "[file:hashes.SHA1 = '4be209d6c9d9b2de5175127f9ff5cb4f7c1d8d77']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d722-1100-45eb-b6e8-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:58.000Z",
|
||
|
"modified": "2017-05-11T21:26:58.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: f89edff923d1d2daf6b2ab36595e873ed7d1cd52c2f6b66b590fa636c17dced2",
|
||
|
"pattern": "[file:hashes.MD5 = '60d6bf2b1471ba0b2e63ddad240a16e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d723-ea94-41bc-ab8e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:59.000Z",
|
||
|
"modified": "2017-05-11T21:26:59.000Z",
|
||
|
"first_observed": "2017-05-11T21:26:59Z",
|
||
|
"last_observed": "2017-05-11T21:26:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d723-ea94-41bc-ab8e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d723-ea94-41bc-ab8e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f89edff923d1d2daf6b2ab36595e873ed7d1cd52c2f6b66b590fa636c17dced2/analysis/1482148364/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d723-4c20-4a8f-9c95-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:26:59.000Z",
|
||
|
"modified": "2017-05-11T21:26:59.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1384934c09f6551d19150bfcf8ae954f4969d0b9ff841c93f81ebb57eecc9a71",
|
||
|
"pattern": "[file:hashes.SHA1 = '489a55e02bb63ec11832869828049c62fc7c52fe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:26:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d724-aebc-4e10-b56c-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:00.000Z",
|
||
|
"modified": "2017-05-11T21:27:00.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1384934c09f6551d19150bfcf8ae954f4969d0b9ff841c93f81ebb57eecc9a71",
|
||
|
"pattern": "[file:hashes.MD5 = '6049aa7df91af05a3475699c8d5f0166']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d724-99dc-43a6-8907-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:00.000Z",
|
||
|
"modified": "2017-05-11T21:27:00.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:00Z",
|
||
|
"last_observed": "2017-05-11T21:27:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d724-99dc-43a6-8907-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d724-99dc-43a6-8907-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1384934c09f6551d19150bfcf8ae954f4969d0b9ff841c93f81ebb57eecc9a71/analysis/1489054613/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d725-b974-4527-9fc8-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:01.000Z",
|
||
|
"modified": "2017-05-11T21:27:01.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 368304125ffd86a234aeb8c05a90b7ee40b37dae1dea7178deeda522eac9dcbc",
|
||
|
"pattern": "[file:hashes.SHA1 = '6399935fdae58066b21165ac606eaec43cf78408']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d725-d760-4149-9268-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:01.000Z",
|
||
|
"modified": "2017-05-11T21:27:01.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 368304125ffd86a234aeb8c05a90b7ee40b37dae1dea7178deeda522eac9dcbc",
|
||
|
"pattern": "[file:hashes.MD5 = 'da4eabfa45676ce4aa96f9b3f5265dfe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d725-f864-4b01-abb9-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:01.000Z",
|
||
|
"modified": "2017-05-11T21:27:01.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:01Z",
|
||
|
"last_observed": "2017-05-11T21:27:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d725-f864-4b01-abb9-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d725-f864-4b01-abb9-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/368304125ffd86a234aeb8c05a90b7ee40b37dae1dea7178deeda522eac9dcbc/analysis/1481278162/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d726-cf9c-4cf0-a83a-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:02.000Z",
|
||
|
"modified": "2017-05-11T21:27:02.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: de5ac4aedaca5649758bf34c87fd59967c2adeaaa0be65a58b9c8e9f6a8660f1",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f68e6301f5674f6ee44724b30207f4308abe18b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d726-a808-4488-bca6-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:02.000Z",
|
||
|
"modified": "2017-05-11T21:27:02.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: de5ac4aedaca5649758bf34c87fd59967c2adeaaa0be65a58b9c8e9f6a8660f1",
|
||
|
"pattern": "[file:hashes.MD5 = '02225b290fdbbea5b061164b55eb60dc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d727-3b38-47e8-9804-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:03.000Z",
|
||
|
"modified": "2017-05-11T21:27:03.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:03Z",
|
||
|
"last_observed": "2017-05-11T21:27:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d727-3b38-47e8-9804-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d727-3b38-47e8-9804-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/de5ac4aedaca5649758bf34c87fd59967c2adeaaa0be65a58b9c8e9f6a8660f1/analysis/1482219248/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d727-49ac-479d-8967-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:03.000Z",
|
||
|
"modified": "2017-05-11T21:27:03.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 4916bc8dc91941a444d3aa41616eaebe8c3d4b095a0c566945b85c143ae532c1",
|
||
|
"pattern": "[file:hashes.SHA1 = '263be7a0bbbfaf36845216a592f61b3273259535']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d728-82dc-49d7-8660-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:04.000Z",
|
||
|
"modified": "2017-05-11T21:27:04.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 4916bc8dc91941a444d3aa41616eaebe8c3d4b095a0c566945b85c143ae532c1",
|
||
|
"pattern": "[file:hashes.MD5 = 'd0a1e490e206adf0e7dbf174aa96f229']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d728-4d8c-49f8-bf7b-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:04.000Z",
|
||
|
"modified": "2017-05-11T21:27:04.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:04Z",
|
||
|
"last_observed": "2017-05-11T21:27:04Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d728-4d8c-49f8-bf7b-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d728-4d8c-49f8-bf7b-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4916bc8dc91941a444d3aa41616eaebe8c3d4b095a0c566945b85c143ae532c1/analysis/1483580953/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d729-962c-4b58-aabd-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:05.000Z",
|
||
|
"modified": "2017-05-11T21:27:05.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: d58cfd2d851b9c98f9de79d38944d72eddec1e2243f1065de7d8b1ed1bf1cddd",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ad94cbdf25403efd0b8b4fc2dae776b34840b08c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d729-f348-4170-9f2b-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:05.000Z",
|
||
|
"modified": "2017-05-11T21:27:05.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: d58cfd2d851b9c98f9de79d38944d72eddec1e2243f1065de7d8b1ed1bf1cddd",
|
||
|
"pattern": "[file:hashes.MD5 = '9c5b642972f6cb5bd68d869b139f0bd6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d729-ad44-49e0-a4cc-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:05.000Z",
|
||
|
"modified": "2017-05-11T21:27:05.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:05Z",
|
||
|
"last_observed": "2017-05-11T21:27:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d729-ad44-49e0-a4cc-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d729-ad44-49e0-a4cc-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d58cfd2d851b9c98f9de79d38944d72eddec1e2243f1065de7d8b1ed1bf1cddd/analysis/1489107062/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72a-435c-4828-b040-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:06.000Z",
|
||
|
"modified": "2017-05-11T21:27:06.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7df6bd0af983f87dc34a71d009a3bd3bd272e094c6c55bf765148d836129e10c",
|
||
|
"pattern": "[file:hashes.SHA1 = '89e74722017038bf7f8fa3b28851d44a2d0534c9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72a-f9c4-4932-b586-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:06.000Z",
|
||
|
"modified": "2017-05-11T21:27:06.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 7df6bd0af983f87dc34a71d009a3bd3bd272e094c6c55bf765148d836129e10c",
|
||
|
"pattern": "[file:hashes.MD5 = '4cd702e3c6a5992bdd12e119c37b91bc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d72b-beec-4e8d-9f3e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:07.000Z",
|
||
|
"modified": "2017-05-11T21:27:07.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:07Z",
|
||
|
"last_observed": "2017-05-11T21:27:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d72b-beec-4e8d-9f3e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d72b-beec-4e8d-9f3e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7df6bd0af983f87dc34a71d009a3bd3bd272e094c6c55bf765148d836129e10c/analysis/1489109886/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72b-4a68-437c-a08c-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:07.000Z",
|
||
|
"modified": "2017-05-11T21:27:07.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 777560483cb903ba803bfdbbd1f37353706da3a265e32da44fffb3ec7fcf07a2",
|
||
|
"pattern": "[file:hashes.SHA1 = '8fd0494e425d0b8b37dea0ad3e2752a23a5dec75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72b-5cd8-44e1-86c3-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:07.000Z",
|
||
|
"modified": "2017-05-11T21:27:07.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 777560483cb903ba803bfdbbd1f37353706da3a265e32da44fffb3ec7fcf07a2",
|
||
|
"pattern": "[file:hashes.MD5 = 'd1b913b5644ee3e9636f0ec7875ca3f6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d72c-52c8-4338-974f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:08.000Z",
|
||
|
"modified": "2017-05-11T21:27:08.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:08Z",
|
||
|
"last_observed": "2017-05-11T21:27:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d72c-52c8-4338-974f-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d72c-52c8-4338-974f-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/777560483cb903ba803bfdbbd1f37353706da3a265e32da44fffb3ec7fcf07a2/analysis/1494508355/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72c-71ac-4eb0-8a16-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:08.000Z",
|
||
|
"modified": "2017-05-11T21:27:08.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 6ebd2955fb137b5c983bbfb7601ea49ceb1f66119d13ce850c12d89e8c6a3742",
|
||
|
"pattern": "[file:hashes.SHA1 = 'de1612116378c4e25fb79cf7279517a746aaf259']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72d-2438-4214-9e39-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:09.000Z",
|
||
|
"modified": "2017-05-11T21:27:09.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 6ebd2955fb137b5c983bbfb7601ea49ceb1f66119d13ce850c12d89e8c6a3742",
|
||
|
"pattern": "[file:hashes.MD5 = '0da4f5785a682a1a66fc1fd5eca3d14e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d72d-b098-49e8-a1a9-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:09.000Z",
|
||
|
"modified": "2017-05-11T21:27:09.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:09Z",
|
||
|
"last_observed": "2017-05-11T21:27:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d72d-b098-49e8-a1a9-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d72d-b098-49e8-a1a9-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6ebd2955fb137b5c983bbfb7601ea49ceb1f66119d13ce850c12d89e8c6a3742/analysis/1482993999/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72e-e314-4f3e-9e65-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:10.000Z",
|
||
|
"modified": "2017-05-11T21:27:10.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1faa27f82bcbad0acc444727e7be35147e5a2ee92757781e5f26db614d3cee7f",
|
||
|
"pattern": "[file:hashes.SHA1 = '72b18f5e5163559bd7d1b00bbf5185c7c577052b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72e-f51c-4a94-9fdc-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:10.000Z",
|
||
|
"modified": "2017-05-11T21:27:10.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 1faa27f82bcbad0acc444727e7be35147e5a2ee92757781e5f26db614d3cee7f",
|
||
|
"pattern": "[file:hashes.MD5 = '56860734beb580fc431d6c8d8e7cae2c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d72e-4e04-4b26-a25f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:10.000Z",
|
||
|
"modified": "2017-05-11T21:27:10.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:10Z",
|
||
|
"last_observed": "2017-05-11T21:27:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d72e-4e04-4b26-a25f-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d72e-4e04-4b26-a25f-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1faa27f82bcbad0acc444727e7be35147e5a2ee92757781e5f26db614d3cee7f/analysis/1480580090/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72f-cd24-4f80-9ed8-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:11.000Z",
|
||
|
"modified": "2017-05-11T21:27:11.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: c173085b954ff1055fb859e6584a9e0bb3919740752351ad50706c0b7be37b51",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a857e704259229f535abda7de2b3c00eeb197650']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d72f-7d44-46b3-87b6-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:11.000Z",
|
||
|
"modified": "2017-05-11T21:27:11.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: c173085b954ff1055fb859e6584a9e0bb3919740752351ad50706c0b7be37b51",
|
||
|
"pattern": "[file:hashes.MD5 = '569748d6942ea9bbcfb72defc7ac37a0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d730-376c-4c98-8ae4-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:12.000Z",
|
||
|
"modified": "2017-05-11T21:27:12.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:12Z",
|
||
|
"last_observed": "2017-05-11T21:27:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d730-376c-4c98-8ae4-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d730-376c-4c98-8ae4-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c173085b954ff1055fb859e6584a9e0bb3919740752351ad50706c0b7be37b51/analysis/1489585497/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d730-d0c4-42bc-9823-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:12.000Z",
|
||
|
"modified": "2017-05-11T21:27:12.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8e9af7d90193bddc89d1c3782477bde76f90707eb1900537c020fc02970bbd74",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fc5250922a17f2c2a06cec360ebf12004436d245']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d731-e188-4a2f-855d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:13.000Z",
|
||
|
"modified": "2017-05-11T21:27:13.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 8e9af7d90193bddc89d1c3782477bde76f90707eb1900537c020fc02970bbd74",
|
||
|
"pattern": "[file:hashes.MD5 = '30bd3e14b4aedf1ebd424d4070a352e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d731-adb0-4639-8ccf-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:13.000Z",
|
||
|
"modified": "2017-05-11T21:27:13.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:13Z",
|
||
|
"last_observed": "2017-05-11T21:27:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d731-adb0-4639-8ccf-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d731-adb0-4639-8ccf-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8e9af7d90193bddc89d1c3782477bde76f90707eb1900537c020fc02970bbd74/analysis/1489278967/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d731-4a6c-4194-b69f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:13.000Z",
|
||
|
"modified": "2017-05-11T21:27:13.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: fee6b19ff8a39e83756345af421d3d85d20e67df62ac58bc05f514c368efc329",
|
||
|
"pattern": "[file:hashes.SHA1 = '71d4374cb95fa688f318131905394ff6e0b4c709']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d732-17d8-4e57-86a1-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:14.000Z",
|
||
|
"modified": "2017-05-11T21:27:14.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: fee6b19ff8a39e83756345af421d3d85d20e67df62ac58bc05f514c368efc329",
|
||
|
"pattern": "[file:hashes.MD5 = 'bb04f8381fb159fcf541070773f7de4d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d732-3fd0-4c49-8d0e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:14.000Z",
|
||
|
"modified": "2017-05-11T21:27:14.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:14Z",
|
||
|
"last_observed": "2017-05-11T21:27:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d732-3fd0-4c49-8d0e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d732-3fd0-4c49-8d0e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fee6b19ff8a39e83756345af421d3d85d20e67df62ac58bc05f514c368efc329/analysis/1494535661/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d733-5310-4060-84ac-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:15.000Z",
|
||
|
"modified": "2017-05-11T21:27:15.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 0a59bc35fe7bd84c955402aba2ad3883a5cdb08deb353c8f6310a163109f0c60",
|
||
|
"pattern": "[file:hashes.SHA1 = '1b25fbc28a176f98e1ba53d6591ef3488aa763b4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d733-2b6c-442a-8528-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:15.000Z",
|
||
|
"modified": "2017-05-11T21:27:15.000Z",
|
||
|
"description": "Document Dropper Hashes - Xchecked via VT: 0a59bc35fe7bd84c955402aba2ad3883a5cdb08deb353c8f6310a163109f0c60",
|
||
|
"pattern": "[file:hashes.MD5 = 'a99e5c66ae548aa86328b00b8ccaf561']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d734-af84-411c-b7f4-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:16.000Z",
|
||
|
"modified": "2017-05-11T21:27:16.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:16Z",
|
||
|
"last_observed": "2017-05-11T21:27:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d734-af84-411c-b7f4-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d734-af84-411c-b7f4-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0a59bc35fe7bd84c955402aba2ad3883a5cdb08deb353c8f6310a163109f0c60/analysis/1487653017/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d734-8188-4c62-860c-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:16.000Z",
|
||
|
"modified": "2017-05-11T21:27:16.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: ffc5e46200f16549f17d2d6e4d6e5e61239b711cd07fbf7932c31e2ea18a7865",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fe61098c0e444ac0e20bc70de3d1014ff3b49029']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d734-77c4-4858-8c1e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:16.000Z",
|
||
|
"modified": "2017-05-11T21:27:16.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: ffc5e46200f16549f17d2d6e4d6e5e61239b711cd07fbf7932c31e2ea18a7865",
|
||
|
"pattern": "[file:hashes.MD5 = 'b3a17f4ec0e5ea0f406884c69afdd676']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d735-82e8-44c9-a524-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:17.000Z",
|
||
|
"modified": "2017-05-11T21:27:17.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:17Z",
|
||
|
"last_observed": "2017-05-11T21:27:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d735-82e8-44c9-a524-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d735-82e8-44c9-a524-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ffc5e46200f16549f17d2d6e4d6e5e61239b711cd07fbf7932c31e2ea18a7865/analysis/1485752780/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d735-79f4-4841-b88e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:17.000Z",
|
||
|
"modified": "2017-05-11T21:27:17.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552",
|
||
|
"pattern": "[file:hashes.SHA1 = '5b24af2e9802b503c7f41c17b561b0b6b38914d7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d736-57e4-4328-b0b1-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:18.000Z",
|
||
|
"modified": "2017-05-11T21:27:18.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552",
|
||
|
"pattern": "[file:hashes.MD5 = 'c2ed5b0eea4e4bf833e1a5549bde2024']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d736-fa10-40a3-b43b-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:18.000Z",
|
||
|
"modified": "2017-05-11T21:27:18.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:18Z",
|
||
|
"last_observed": "2017-05-11T21:27:18Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d736-fa10-40a3-b43b-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d736-fa10-40a3-b43b-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552/analysis/1494508308/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d737-5c50-4c1b-abba-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:19.000Z",
|
||
|
"modified": "2017-05-11T21:27:19.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: 85d56628f7ec277a5f49a801ef4793072edd56d9c26b0bdb9b3dc348366c734a",
|
||
|
"pattern": "[file:hashes.SHA1 = '961cd65ba039b3e6ff640d7afb2b328bf4e0b528']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d737-c2c4-48c4-95ba-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:19.000Z",
|
||
|
"modified": "2017-05-11T21:27:19.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: 85d56628f7ec277a5f49a801ef4793072edd56d9c26b0bdb9b3dc348366c734a",
|
||
|
"pattern": "[file:hashes.MD5 = '0dda5e2ba7e57c05842c2f16d3b8d53f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d737-2328-4c13-b6d2-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:19.000Z",
|
||
|
"modified": "2017-05-11T21:27:19.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:19Z",
|
||
|
"last_observed": "2017-05-11T21:27:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d737-2328-4c13-b6d2-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d737-2328-4c13-b6d2-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/85d56628f7ec277a5f49a801ef4793072edd56d9c26b0bdb9b3dc348366c734a/analysis/1494508225/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d738-e334-45ac-97e6-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:20.000Z",
|
||
|
"modified": "2017-05-11T21:27:20.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: 1db89009b678ba4517fc7490b9a7f597b838939499365374eba32347393fdd4e",
|
||
|
"pattern": "[file:hashes.SHA1 = '0825e2a307f2471071a86bc43fdd3b4d5d502db8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d738-443c-4f94-b270-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:20.000Z",
|
||
|
"modified": "2017-05-11T21:27:20.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: 1db89009b678ba4517fc7490b9a7f597b838939499365374eba32347393fdd4e",
|
||
|
"pattern": "[file:hashes.MD5 = '7420b8e04e655ce932a27f26bcd8f7eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d739-04fc-4966-a81e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:21.000Z",
|
||
|
"modified": "2017-05-11T21:27:21.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:21Z",
|
||
|
"last_observed": "2017-05-11T21:27:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d739-04fc-4966-a81e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d739-04fc-4966-a81e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1db89009b678ba4517fc7490b9a7f597b838939499365374eba32347393fdd4e/analysis/1494506735/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d739-5d9c-464f-8e6d-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:21.000Z",
|
||
|
"modified": "2017-05-11T21:27:21.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: 1b64d1c93e53fa74d89c3362c30899644e9fef7f11292f40740b216bcbe03285",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bec06edfeb83066b3d1a661380d4e381ed79a3c2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d739-ed2c-44dd-a08f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:21.000Z",
|
||
|
"modified": "2017-05-11T21:27:21.000Z",
|
||
|
"description": "PE Dropper Hashes - Xchecked via VT: 1b64d1c93e53fa74d89c3362c30899644e9fef7f11292f40740b216bcbe03285",
|
||
|
"pattern": "[file:hashes.MD5 = 'f4c9f50d1ca9708641ff81272d821743']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d73a-bc30-4837-b899-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:22.000Z",
|
||
|
"modified": "2017-05-11T21:27:22.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:22Z",
|
||
|
"last_observed": "2017-05-11T21:27:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d73a-bc30-4837-b899-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d73a-bc30-4837-b899-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1b64d1c93e53fa74d89c3362c30899644e9fef7f11292f40740b216bcbe03285/analysis/1494535660/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d73a-1a1c-4611-b2ff-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:22.000Z",
|
||
|
"modified": "2017-05-11T21:27:22.000Z",
|
||
|
"description": "PE Password Stealer Hashes - Xchecked via VT: 99c50b658c632214f0b133f8742a5e6d2d34e47497d7a08ed2d80e4299be3502",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e77d057a3093a9c1c04f2d12531bc4f3318e4374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d73b-0d28-49f0-b70f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:23.000Z",
|
||
|
"modified": "2017-05-11T21:27:23.000Z",
|
||
|
"description": "PE Password Stealer Hashes - Xchecked via VT: 99c50b658c632214f0b133f8742a5e6d2d34e47497d7a08ed2d80e4299be3502",
|
||
|
"pattern": "[file:hashes.MD5 = '0d6f3df24aec13d0e0d5d0eabeb379b0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d73b-f258-44a7-982e-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:23.000Z",
|
||
|
"modified": "2017-05-11T21:27:23.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:23Z",
|
||
|
"last_observed": "2017-05-11T21:27:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d73b-f258-44a7-982e-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d73b-f258-44a7-982e-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/99c50b658c632214f0b133f8742a5e6d2d34e47497d7a08ed2d80e4299be3502/analysis/1494535660/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d73b-3188-4472-a5f2-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:23.000Z",
|
||
|
"modified": "2017-05-11T21:27:23.000Z",
|
||
|
"description": "PE Password Stealer Hashes - Xchecked via VT: 76b703c9430abf4e0ba09e6d4e4d6cf94a251bb0e7f3fadbd169fcef954a8b39",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f684597911f043dbd239fcb6539366ca77454c6d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5914d73c-ac38-4749-952f-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:24.000Z",
|
||
|
"modified": "2017-05-11T21:27:24.000Z",
|
||
|
"description": "PE Password Stealer Hashes - Xchecked via VT: 76b703c9430abf4e0ba09e6d4e4d6cf94a251bb0e7f3fadbd169fcef954a8b39",
|
||
|
"pattern": "[file:hashes.MD5 = '92a7a7b298e6b89ec44138c5be3573c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-05-11T21:27:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5914d73c-6dc4-4b59-8b00-bd5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-05-11T21:27:24.000Z",
|
||
|
"modified": "2017-05-11T21:27:24.000Z",
|
||
|
"first_observed": "2017-05-11T21:27:24Z",
|
||
|
"last_observed": "2017-05-11T21:27:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5914d73c-6dc4-4b59-8b00-bd5202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5914d73c-6dc4-4b59-8b00-bd5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/76b703c9430abf4e0ba09e6d4e4d6cf94a251bb0e7f3fadbd169fcef954a8b39/analysis/1488380532/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|