{ "type": "bundle", "id": "bundle--54cb3580-cde4-4b39-bf8c-443f950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:44:01.000Z", "modified": "2015-01-30T07:44:01.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54cb3580-cde4-4b39-bf8c-443f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:44:01.000Z", "modified": "2015-01-30T07:44:01.000Z", "name": "OSINT New 'f0xy' malware is intelligent - employs cunning stealth & trickery from Websense", "published": "2016-02-22T14:40:25Z", "object_refs": [ "x-misp-attribute--54cb358c-2360-4acd-ab3c-de9b950d210b", "observed-data--54cb3594-3d30-40d0-a49f-cf08950d210b", "url--54cb3594-3d30-40d0-a49f-cf08950d210b", "indicator--54cb35c2-dc18-4a6f-88c0-05f5950d210b", "indicator--54cb35c2-5204-42c6-b115-05f5950d210b", "indicator--54cb35c3-c3e4-44be-b112-05f5950d210b", "indicator--54cb35c3-b894-4128-8f54-05f5950d210b", "indicator--54cb35c3-7d8c-484c-af92-05f5950d210b", "indicator--54cb35c3-b0bc-4486-9a2b-05f5950d210b", "indicator--54cb35c3-7f58-4d2c-9f87-05f5950d210b", "indicator--54cb35c3-db14-4dcc-805a-05f5950d210b", "indicator--54cb35c3-10dc-4465-a0cd-05f5950d210b", "indicator--54cb35c3-ad38-4403-9de4-05f5950d210b", "indicator--54cb35c3-8268-473b-b22a-05f5950d210b", "indicator--54cb35c3-2828-425d-a232-05f5950d210b", "indicator--54cb35d5-6090-4c3e-8660-c32e950d210b", "indicator--54cb35eb-a9f0-4877-8ad1-4b9d950d210b", "indicator--54cb35eb-bcb8-4b6a-8d62-49d9950d210b", "indicator--54cb360e-7f00-4311-aed4-4505950d210b", "indicator--54cb361c-7c88-4d35-b0e0-cf08950d210b", "x-misp-attribute--54cb3641-6244-4691-98b0-8154950d210b", "indicator--56c64ee5-9114-4be4-b1e4-4ebc950d210f", "indicator--56c64ee7-05e8-4d4d-814e-59a0950d210f", "indicator--56c64ee9-1378-4314-852a-c654950d210f", "indicator--56c64eeb-a314-4f12-b561-4c62950d210f", "indicator--56c64eec-6798-4b97-a239-5f51950d210f", "indicator--56c64ef0-65e4-42d1-bcd9-599c950d210f", "indicator--56c64ee6-e9f0-4c93-81f4-599e950d210f", "indicator--56c64ee7-9ad4-4c88-a202-4028950d210f", "indicator--56c64ee9-fd34-418d-979b-5ca1950d210f", "indicator--56c64eeb-e2fc-420e-afe8-59a0950d210f", "indicator--56c64eee-d864-4b3c-8999-59a4950d210f", "indicator--56c64ef1-a8d8-4d2a-a63f-47c0950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54cb358c-2360-4acd-ab3c-de9b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:00.000Z", "modified": "2015-01-30T07:41:00.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "f0xy" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54cb3594-3d30-40d0-a49f-cf08950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:08.000Z", "modified": "2015-01-30T07:41:08.000Z", "first_observed": "2015-01-30T07:41:08Z", "last_observed": "2015-01-30T07:41:08Z", "number_observed": 1, "object_refs": [ "url--54cb3594-3d30-40d0-a49f-cf08950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54cb3594-3d30-40d0-a49f-cf08950d210b", "value": "http://community.websense.com/blogs/securitylabs/archive/2015/01/29/new-f0xy-malware-employs-cunning-stealth-amp-trickery.aspx" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c2-dc18-4a6f-88c0-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:54.000Z", "modified": "2015-01-30T07:41:54.000Z", "pattern": "[file:hashes.SHA1 = '080c61c9172cd49f6e4e7ef27285ccaaf6d5f0ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c2-5204-42c6-b115-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:54.000Z", "modified": "2015-01-30T07:41:54.000Z", "pattern": "[file:hashes.SHA1 = 'c25da337ec5ac041312b062e7fb697e4f01ca8d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-c3e4-44be-b112-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = 'cd4e297928502dece4545acbe0b94dd1270f955c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-b894-4128-8f54-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = 'adbf0e4d37e381fe7599695561262d1a65205317']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-7d8c-484c-af92-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = '54d2810aaae67da9fa24f4e11f4c2d5fe4d2b6d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-b0bc-4486-9a2b-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = '7de3ed8f751a528fde1688d35c6eb5533b09ae11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-7f58-4d2c-9f87-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = '812e453c22e1a9f70b605cd27d3f642c3778d96d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-db14-4dcc-805a-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = '55c9d015b1f8d68e6b5ce150f2dbab2b621dac1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-10dc-4465-a0cd-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = 'e80d7f27405ece2697a05d6c2612c63335851490']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-ad38-4403-9de4-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = 'f4f1d8bceb62c72f2fe6713c5395555917fc40ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-8268-473b-b22a-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = '2a4837fdb331f823ca474f521248b2cdb766528f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35c3-2828-425d-a232-05f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:41:55.000Z", "modified": "2015-01-30T07:41:55.000Z", "pattern": "[file:hashes.SHA1 = 'f522e0893ec97438c6184e13adc48219f08b67d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35d5-6090-4c3e-8660-c32e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:42:13.000Z", "modified": "2015-01-30T07:42:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.53.169.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:42:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35eb-a9f0-4877-8ad1-4b9d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:42:35.000Z", "modified": "2015-01-30T07:42:35.000Z", "pattern": "[file:name = '\\\\%appdata\\\\%\\\\Microsoft\\\\svchost.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb35eb-bcb8-4b6a-8d62-49d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:42:35.000Z", "modified": "2015-01-30T07:42:35.000Z", "pattern": "[file:name = '\\\\%appdata\\\\%\\\\Microsoft\\\\f0xyupdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb360e-7f00-4311-aed4-4505950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:43:10.000Z", "modified": "2015-01-30T07:43:10.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\RunOnce\\\\f0xy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-01-30T07:43:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cb361c-7c88-4d35-b0e0-cf08950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:43:24.000Z", "modified": "2015-01-30T07:43:24.000Z", "pattern": "[rule ws_f0xy_downloader {\r\n\r\n meta:\r\n\r\n description = \"f0xy malware downloader\"\r\n author = \"Nick Griffin (Websense)\"\r\n\r\n strings:\r\n\r\n $mz=\"MZ\"\r\n $string1=\"bitsadmin /transfer\"\r\n $string2=\"del rm.bat\"\r\n $string3=\"av_list=\"\r\n\r\n condition:\r\n\r\n ($mz at 0) and (all of ($string*))\r\n}]", "pattern_type": "yara", "pattern_version": "2.1", "valid_from": "2015-01-30T07:43:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54cb3641-6244-4691-98b0-8154950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-30T07:44:01.000Z", "modified": "2015-01-30T07:44:01.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ee5-9114-4be4-b1e4-4ebc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:21.000Z", "modified": "2016-02-18T23:08:21.000Z", "description": "Automatically added (via 080c61c9172cd49f6e4e7ef27285ccaaf6d5f0ac)", "pattern": "[file:hashes.MD5 = 'f2eccbc5d545221c0d0906a5808f90c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ee7-05e8-4d4d-814e-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:23.000Z", "modified": "2016-02-18T23:08:23.000Z", "description": "Automatically added (via c25da337ec5ac041312b062e7fb697e4f01ca8d9)", "pattern": "[file:hashes.MD5 = 'd46d7edd10bbb3c2d2158606e329ea6d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ee9-1378-4314-852a-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:25.000Z", "modified": "2016-02-18T23:08:25.000Z", "description": "Automatically added (via 7de3ed8f751a528fde1688d35c6eb5533b09ae11)", "pattern": "[file:hashes.MD5 = 'f6ae08aba0a188963e8c299db6a14c0e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64eeb-a314-4f12-b561-4c62950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:27.000Z", "modified": "2016-02-18T23:08:27.000Z", "description": "Automatically added (via 812e453c22e1a9f70b605cd27d3f642c3778d96d)", "pattern": "[file:hashes.MD5 = 'dc645cf749611aca49a4e3e6a7c0eb49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64eec-6798-4b97-a239-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:28.000Z", "modified": "2016-02-18T23:08:28.000Z", "description": "Automatically added (via 55c9d015b1f8d68e6b5ce150f2dbab2b621dac1c)", "pattern": "[file:hashes.MD5 = 'dc4345fe0a312b8b035daa9711b099a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ef0-65e4-42d1-bcd9-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:32.000Z", "modified": "2016-02-18T23:08:32.000Z", "description": "Automatically added (via f522e0893ec97438c6184e13adc48219f08b67d8)", "pattern": "[file:hashes.MD5 = '160634d784c256d29563117554685c31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ee6-e9f0-4c93-81f4-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:22.000Z", "modified": "2016-02-18T23:08:22.000Z", "description": "Automatically added (via 080c61c9172cd49f6e4e7ef27285ccaaf6d5f0ac)", "pattern": "[file:hashes.SHA256 = '0c4196bd5f2dea9ded5da5b23f081a713f6452e9a64f9e3898854a6c9d81e412']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ee7-9ad4-4c88-a202-4028950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:23.000Z", "modified": "2016-02-18T23:08:23.000Z", "description": "Automatically added (via c25da337ec5ac041312b062e7fb697e4f01ca8d9)", "pattern": "[file:hashes.SHA256 = '21ed2d1ed704979292ccab5512244423b522fda486ef52fd73b6f851321affb9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ee9-fd34-418d-979b-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:25.000Z", "modified": "2016-02-18T23:08:25.000Z", "description": "Automatically added (via 7de3ed8f751a528fde1688d35c6eb5533b09ae11)", "pattern": "[file:hashes.SHA256 = '2e832777a77f5cc7cfa05183253440484c614733547a4ea0f2f75cfafc165e39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64eeb-e2fc-420e-afe8-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:27.000Z", "modified": "2016-02-18T23:08:27.000Z", "description": "Automatically added (via 812e453c22e1a9f70b605cd27d3f642c3778d96d)", "pattern": "[file:hashes.SHA256 = '4d235e31ee278255918157b999fb5987a0cac95cf3ca231950a7adfe49ffc4d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64eee-d864-4b3c-8999-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:30.000Z", "modified": "2016-02-18T23:08:30.000Z", "description": "Automatically added (via 55c9d015b1f8d68e6b5ce150f2dbab2b621dac1c)", "pattern": "[file:hashes.SHA256 = '8b62000e09a00755eb9e08523e07b9aef292c96a423d28c863bd018ebba3636d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64ef1-a8d8-4d2a-a63f-47c0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:08:33.000Z", "modified": "2016-02-18T23:08:33.000Z", "description": "Automatically added (via f522e0893ec97438c6184e13adc48219f08b67d8)", "pattern": "[file:hashes.SHA256 = 'c85940369a8028803460baf600203c435179611769a9850a2aef7fb45d2c86d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }