{ "type": "bundle", "id": "bundle--545b456e-b8a4-45e0-a895-41c7950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:21:48.000Z", "modified": "2014-11-06T10:21:48.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--545b456e-b8a4-45e0-a895-41c7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:21:48.000Z", "modified": "2014-11-06T10:21:48.000Z", "name": "OSINT Banking Trojan DRIDEX Uses Macros for Infection blog post from Trend Micro", "published": "2016-02-22T15:14:10Z", "object_refs": [ "observed-data--545b457c-0d98-4574-8c52-469c950d210b", "url--545b457c-0d98-4574-8c52-469c950d210b", "x-misp-attribute--545b4588-c140-469c-b13f-4eff950d210b", "x-misp-attribute--545b4594-0a98-4b30-8e30-42d3950d210b", "x-misp-attribute--545b45c0-df7c-4297-8f2c-4b39950d210b", "indicator--545b45f0-9f58-499e-a51d-413b950d210b", "indicator--545b45f0-da20-4cbc-b8e1-4aaa950d210b", "indicator--545b45f0-7da4-412d-a291-4812950d210b", "indicator--545b45f0-d2ec-4309-9f47-409d950d210b", "indicator--545b45f0-54fc-45bf-a0fb-46ca950d210b", "indicator--545b45f0-de0c-4e6f-93af-4351950d210b", "indicator--545b45f0-7314-417e-8a40-49a8950d210b", "indicator--545b45f0-ad84-43be-9999-4160950d210b", "indicator--545b45f0-87c0-4550-9fab-4d3e950d210b", "indicator--545b45f0-2624-488d-a557-461d950d210b", "indicator--545b45f0-8360-441e-8c22-4db1950d210b", "indicator--545b45f0-60f4-43a8-a152-4e10950d210b", "indicator--545b45f0-3ffc-4fd1-82c1-45bc950d210b", "indicator--545b45f0-f514-481f-adc2-46f1950d210b", "indicator--545b45f1-faa4-4768-abe8-43ec950d210b", "indicator--545b45f1-1dc0-42d3-8a58-41a2950d210b", "observed-data--545b463c-96e4-4244-905f-472f950d210b", "url--545b463c-96e4-4244-905f-472f950d210b", "observed-data--545b4773-2f60-4675-ac08-44fa950d210b", "url--545b4773-2f60-4675-ac08-44fa950d210b", "indicator--545b4789-ccec-4dc6-b6f7-4b84950d210b", "indicator--545b4789-8524-46b7-ba8c-4849950d210b", "observed-data--545b4bbc-4b2c-4a24-af11-065a950d210b", "url--545b4bbc-4b2c-4a24-af11-065a950d210b", "indicator--545b4bdf-4524-4339-ae0d-0ec3950d210b", "indicator--545b4bdf-ce20-4271-b157-0ec3950d210b", "indicator--545b4bdf-0178-4414-98a7-0ec3950d210b", "indicator--56c64081-b468-4aca-9607-499a950d210f", "indicator--56c64084-84a8-441e-a019-5f51950d210f", "indicator--56c64086-c808-4ab2-8ae8-599c950d210f", "indicator--56c64083-070c-4f29-9b4b-4d83950d210f", "indicator--56c64085-9854-412c-9de4-59a4950d210f", "indicator--56c64087-1b5c-4e66-a1f9-c651950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--545b457c-0d98-4574-8c52-469c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:55:08.000Z", "modified": "2014-11-06T09:55:08.000Z", "first_observed": "2014-11-06T09:55:08Z", "last_observed": "2014-11-06T09:55:08Z", "number_observed": 1, "object_refs": [ "url--545b457c-0d98-4574-8c52-469c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--545b457c-0d98-4574-8c52-469c950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--545b4588-c140-469c-b13f-4eff950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:55:20.000Z", "modified": "2014-11-06T09:55:20.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--545b4594-0a98-4b30-8e30-42d3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:55:50.000Z", "modified": "2014-11-06T09:55:50.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Dridex" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--545b45c0-df7c-4297-8f2c-4b39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:56:16.000Z", "modified": "2014-11-06T09:56:16.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_comment": "Trend Micro", "x_misp_type": "text", "x_misp_value": "TSPY_DRIDEX.WQJ" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-9f58-499e-a51d-413b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'c2c980297d985c0e62e461b76fa584e79a6b3822']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-da20-4cbc-b8e1-4aaa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = '4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-7da4-412d-a291-4812950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'cbd005db36efbdf3aeed5d26fad54554cd734da4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-d2ec-4309-9f47-409d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'bdc7c47001852a8e915f29eaebcf99ffa857c3b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-54fc-45bf-a0fb-46ca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'b4f4b426457124ecfeec4d5b59b9c2a6c25baaf7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-de0c-4e6f-93af-4351950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'b54b06e01c6f735e98d17b156ee8c7a2437b2d68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-7314-417e-8a40-49a8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-ad84-43be-9999-4160950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'bf1fca6f81b3d5a9054ceab9a56c58f248560b34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-87c0-4550-9fab-4d3e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'a7b1a30386928e6320c31279b3473610e0e96192']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-2624-488d-a557-461d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = '01eeb1debb21dc8933e7b6c1280f7e3f87a88dd0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-8360-441e-8c22-4db1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = '0f9c49e08683b811a6c713afc1a37b3a33f58fd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-60f4-43a8-a152-4e10950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'f3a65b6828bee8da06daeb1619b9f1265c4c38c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-3ffc-4fd1-82c1-45bc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = 'ae6fe7d7e80d7271b902a482d1ece2a73f082eba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f0-f514-481f-adc2-46f1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = '46ff15b415407babb60becc19d259752c2be77cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f1-faa4-4768-abe8-43ec950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:04.000Z", "modified": "2014-11-06T09:57:04.000Z", "pattern": "[file:hashes.SHA1 = '911a77e67ababc355a2aa169149de88480ab1768']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b45f1-1dc0-42d3-8a58-41a2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:57:05.000Z", "modified": "2014-11-06T09:57:05.000Z", "pattern": "[file:hashes.SHA1 = '7714f4d42c7b1608be281cb288c07baf8ff35501']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T09:57:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--545b463c-96e4-4244-905f-472f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T09:58:20.000Z", "modified": "2014-11-06T09:58:20.000Z", "first_observed": "2014-11-06T09:58:20Z", "last_observed": "2014-11-06T09:58:20Z", "number_observed": 1, "object_refs": [ "url--545b463c-96e4-4244-905f-472f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--545b463c-96e4-4244-905f-472f950d210b", "value": "http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TSPY_DRIDEX.WQJ" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--545b4773-2f60-4675-ac08-44fa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:03:31.000Z", "modified": "2014-11-06T10:03:31.000Z", "first_observed": "2014-11-06T10:03:31Z", "last_observed": "2014-11-06T10:03:31Z", "number_observed": 1, "object_refs": [ "url--545b4773-2f60-4675-ac08-44fa950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--545b4773-2f60-4675-ac08-44fa950d210b", "value": "https://www.virustotal.com/en/file/bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d/analysis/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b4789-ccec-4dc6-b6f7-4b84950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:03:53.000Z", "modified": "2014-11-06T10:03:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.184.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T10:03:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b4789-8524-46b7-ba8c-4849950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:03:53.000Z", "modified": "2014-11-06T10:03:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.48.157.176']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T10:03:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--545b4bbc-4b2c-4a24-af11-065a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:21:48.000Z", "modified": "2014-11-06T10:21:48.000Z", "first_observed": "2014-11-06T10:21:48Z", "last_observed": "2014-11-06T10:21:48Z", "number_observed": 1, "object_refs": [ "url--545b4bbc-4b2c-4a24-af11-065a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--545b4bbc-4b2c-4a24-af11-065a950d210b", "value": "https://malwr.com/analysis/OGY0MmQ4MmNhNDllNGFlOWExZTg5YjI3MzI3ZTcyNDk/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b4bdf-4524-4339-ae0d-0ec3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:22:23.000Z", "modified": "2014-11-06T10:22:23.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '5fce64eb222aa41e4fb967e9d8fb6a22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T10:22:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b4bdf-ce20-4271-b157-0ec3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:22:23.000Z", "modified": "2014-11-06T10:22:23.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA1 = 'c2c980297d985c0e62e461b76fa584e79a6b3822']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T10:22:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545b4bdf-0178-4414-98a7-0ec3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-06T10:22:23.000Z", "modified": "2014-11-06T10:22:23.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = 'bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-06T10:22:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64081-b468-4aca-9607-499a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:06:57.000Z", "modified": "2016-02-18T22:06:57.000Z", "description": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)", "pattern": "[file:hashes.MD5 = '37e3ec6c9569bd7035b440c24af108fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64084-84a8-441e-a019-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:07:00.000Z", "modified": "2016-02-18T22:07:00.000Z", "description": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)", "pattern": "[file:hashes.MD5 = 'bb0b440cbac54114d04648be6f2fe26d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64086-c808-4ab2-8ae8-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:07:02.000Z", "modified": "2016-02-18T22:07:02.000Z", "description": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)", "pattern": "[file:hashes.MD5 = '071b380d6b422dd83f14fa0a3bceb347']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:07:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64083-070c-4f29-9b4b-4d83950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:06:59.000Z", "modified": "2016-02-18T22:06:59.000Z", "description": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)", "pattern": "[file:hashes.SHA256 = '59e49cd21ff679582fbd65dd904ac9197c0b3d9d38de64184f67aecdd2b24f84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64085-9854-412c-9de4-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:07:01.000Z", "modified": "2016-02-18T22:07:01.000Z", "description": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)", "pattern": "[file:hashes.SHA256 = 'd6d846ae3751495ef398ce5af5facfb460ec76b0cb02992905576542d6e548d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64087-1b5c-4e66-a1f9-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:07:03.000Z", "modified": "2016-02-18T22:07:03.000Z", "description": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)", "pattern": "[file:hashes.SHA256 = 'f1e40b2c8e6669a1886f33644e99e43f862c7225e8704a959a325fb333c13741']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:07:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }