{ "type": "bundle", "id": "bundle--54b62236-69d4-4154-854a-4862950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:07:26.000Z", "modified": "2015-01-14T08:07:26.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54b62236-69d4-4154-854a-4862950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:07:26.000Z", "modified": "2015-01-14T08:07:26.000Z", "name": "OSINT Cridex, Feodo, Geodo, Dridex, whats next? by abuse.ch", "published": "2016-02-22T15:16:06Z", "object_refs": [ "observed-data--54b62282-9be0-4a87-ae0f-acbf950d210b", "url--54b62282-9be0-4a87-ae0f-acbf950d210b", "x-misp-attribute--54b6228a-01e8-4c71-852d-d563950d210b", "indicator--54b622c7-5828-428f-9a06-0d21950d210b", "indicator--54b622dc-aae0-4660-a75e-5d3c950d210b", "indicator--54b62326-9260-4552-b9ae-4856950d210b", "indicator--54b62326-c8a4-43f9-af29-4e1a950d210b", "indicator--54b62326-4b78-4984-a5f1-4aae950d210b", "indicator--54b62326-78c0-451a-b5ba-4416950d210b", "indicator--54b62326-03ac-49ba-b4d6-4db9950d210b", "indicator--54b62326-bacc-49ff-9b51-4922950d210b", "indicator--54b62326-9210-4889-ab0a-4522950d210b", "indicator--54b62336-65f0-4e17-ab96-6099950d210b", "indicator--54b62336-da60-4905-86f6-6099950d210b", "indicator--54b62336-e04c-43d3-956b-6099950d210b", "indicator--54b62336-5334-4353-b414-6099950d210b", "indicator--54b62336-6dd4-45cf-8651-6099950d210b", "indicator--54b623be-2ac4-41ec-be31-5d3c950d210b", "indicator--54b623be-e808-4f42-b450-5d3c950d210b", "indicator--54b623be-9ff4-4e01-802b-5d3c950d210b", "indicator--54b623be-7534-4356-a730-5d3c950d210b", "indicator--56c64b6f-bc64-44f1-a5ba-4fd5950d210f", "indicator--56c64b71-3f28-4405-be9e-c651950d210f", "indicator--56c64b73-32ec-4ea5-9653-4f63950d210f", "indicator--56c64b75-5360-49ac-a393-5ca1950d210f", "indicator--56c64b70-fce4-47da-8cbf-c652950d210f", "indicator--56c64b72-e594-4851-86d5-48a0950d210f", "indicator--56c64b74-caf8-4c9b-8abe-599d950d210f", "indicator--56c64b75-459c-4f0c-8daa-599e950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54b62282-9be0-4a87-ae0f-acbf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:02:10.000Z", "modified": "2015-01-14T08:02:10.000Z", "first_observed": "2015-01-14T08:02:10Z", "last_observed": "2015-01-14T08:02:10Z", "number_observed": 1, "object_refs": [ "url--54b62282-9be0-4a87-ae0f-acbf950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54b62282-9be0-4a87-ae0f-acbf950d210b", "value": "https://www.abuse.ch/?p=8332" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54b6228a-01e8-4c71-852d-d563950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:02:18.000Z", "modified": "2015-01-14T08:02:18.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Dridex" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b622c7-5828-428f-9a06-0d21950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:03:19.000Z", "modified": "2015-01-14T08:03:19.000Z", "description": "port 443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.28.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b622dc-aae0-4660-a75e-5d3c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:03:40.000Z", "modified": "2015-01-14T08:03:40.000Z", "description": "port 9955", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.28.109']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:03:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-9260-4552-b9ae-4856950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.76.44.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-c8a4-43f9-af29-4e1a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.56.34.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-4b78-4984-a5f1-4aae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.139.47.177']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-78c0-451a-b5ba-4416950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.166.70.44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-03ac-49ba-b4d6-4db9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.124.205.84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-bacc-49ff-9b51-4922950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.214.26.248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62326-9210-4889-ab0a-4522950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:04:54.000Z", "modified": "2015-01-14T08:04:54.000Z", "description": "port 8080", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.208.81.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62336-65f0-4e17-ab96-6099950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:05:10.000Z", "modified": "2015-01-14T08:05:10.000Z", "pattern": "[file:hashes.MD5 = '532e7924f759aab014dedca651398ce6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:05:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62336-da60-4905-86f6-6099950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:05:10.000Z", "modified": "2015-01-14T08:05:10.000Z", "pattern": "[file:hashes.MD5 = '818bb82d1845eacedabdd5d0a5de310c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:05:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62336-e04c-43d3-956b-6099950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:05:10.000Z", "modified": "2015-01-14T08:05:10.000Z", "pattern": "[file:hashes.MD5 = 'fab100a415254de5c8af70eb1c7eb2d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:05:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62336-5334-4353-b414-6099950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:05:10.000Z", "modified": "2015-01-14T08:05:10.000Z", "pattern": "[file:hashes.MD5 = '95d4a587ac1a128db890035793483885']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:05:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b62336-6dd4-45cf-8651-6099950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:05:10.000Z", "modified": "2015-01-14T08:05:10.000Z", "pattern": "[file:hashes.MD5 = 'f8edaacbfc88a8f045bf2bbbd75c435b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:05:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b623be-2ac4-41ec-be31-5d3c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:07:26.000Z", "modified": "2015-01-14T08:07:26.000Z", "pattern": "[url:value = '/logs/ukvbvg/js.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b623be-e808-4f42-b450-5d3c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:07:26.000Z", "modified": "2015-01-14T08:07:26.000Z", "pattern": "[url:value = '/logs/ukvbvg/in.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b623be-9ff4-4e01-802b-5d3c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:07:26.000Z", "modified": "2015-01-14T08:07:26.000Z", "pattern": "[url:value = '/injectgate']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b623be-7534-4356-a730-5d3c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-14T08:07:26.000Z", "modified": "2015-01-14T08:07:26.000Z", "pattern": "[url:value = '/tokengate']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-14T08:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b6f-bc64-44f1-a5ba-4fd5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:35.000Z", "modified": "2016-02-18T22:53:35.000Z", "description": "Automatically added (via f8edaacbfc88a8f045bf2bbbd75c435b)", "pattern": "[file:hashes.SHA1 = '444a3133c619eae0c899422684787372ec2291ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b71-3f28-4405-be9e-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:37.000Z", "modified": "2016-02-18T22:53:37.000Z", "description": "Automatically added (via 95d4a587ac1a128db890035793483885)", "pattern": "[file:hashes.SHA1 = '233de4235c7ca7534f19d97bf482b72776e2deb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b73-32ec-4ea5-9653-4f63950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:39.000Z", "modified": "2016-02-18T22:53:39.000Z", "description": "Automatically added (via fab100a415254de5c8af70eb1c7eb2d0)", "pattern": "[file:hashes.SHA1 = '70a2151dbdf1deff221e3c712054320a35751b7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b75-5360-49ac-a393-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:41.000Z", "modified": "2016-02-18T22:53:41.000Z", "description": "Automatically added (via 532e7924f759aab014dedca651398ce6)", "pattern": "[file:hashes.SHA1 = '8f1dd9903815fad8ecfdb55fe277f425e8aa7cfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b70-fce4-47da-8cbf-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:36.000Z", "modified": "2016-02-18T22:53:36.000Z", "description": "Automatically added (via f8edaacbfc88a8f045bf2bbbd75c435b)", "pattern": "[file:hashes.SHA256 = 'ebb5c47f46954c5a6786cc040e5cc1a16d3765584f3f58cf1a3bf3fe7c9eceae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b72-e594-4851-86d5-48a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:38.000Z", "modified": "2016-02-18T22:53:38.000Z", "description": "Automatically added (via 95d4a587ac1a128db890035793483885)", "pattern": "[file:hashes.SHA256 = '76d759ff75723d76f3aa8cfe1785d220359c5b298a13db9d853cbca32d4752be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b74-caf8-4c9b-8abe-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:40.000Z", "modified": "2016-02-18T22:53:40.000Z", "description": "Automatically added (via fab100a415254de5c8af70eb1c7eb2d0)", "pattern": "[file:hashes.SHA256 = '62ba5cff1f48a529a6eb5f43fb790bc49433a9f0ed219f1ca0d890563eaea218']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64b75-459c-4f0c-8daa-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:53:41.000Z", "modified": "2016-02-18T22:53:41.000Z", "description": "Automatically added (via 532e7924f759aab014dedca651398ce6)", "pattern": "[file:hashes.SHA256 = '960ed795dca89e50745251adf6712719a1af1aa5fd1a66c9424c777574180548']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:53:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }