{ "type": "bundle", "id": "bundle--54d39595-f1e4-4823-8ad4-4ef2950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:38.000Z", "modified": "2015-02-05T16:12:38.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54d39595-f1e4-4823-8ad4-4ef2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:38.000Z", "modified": "2015-02-05T16:12:38.000Z", "name": "OSINT In-Depth Look: APT Attack Tools of the Trade blog post by Trend Micro", "published": "2016-02-22T14:41:28Z", "object_refs": [ "observed-data--54d395a4-dd6c-4a75-bbe5-f543950d210b", "url--54d395a4-dd6c-4a75-bbe5-f543950d210b", "indicator--54d39676-30e0-4236-80d8-49a3950d210b", "indicator--54d39677-1c74-434d-94d2-49fb950d210b", "indicator--54d39677-f1dc-4d9b-92d8-4fea950d210b", "indicator--54d39677-644c-4396-8ddc-40c4950d210b", "indicator--54d39677-49f0-48b7-a6d0-4352950d210b", "indicator--54d39677-85e0-44b5-91ac-4757950d210b", "indicator--54d39677-fec8-4f9c-874c-43d3950d210b", "indicator--54d39677-4a68-4415-92ab-4487950d210b", "indicator--54d39677-c128-425d-a16b-4a1f950d210b", "indicator--54d39677-4720-4662-9d9a-406b950d210b", "indicator--54d39677-18b4-4d85-81c2-44af950d210b", "indicator--54d39677-4910-45eb-ac0d-48e6950d210b", "indicator--54d39678-e114-4769-9063-459f950d210b", "indicator--54d39678-66f0-4f58-b0ec-4172950d210b", "indicator--54d39678-aa5c-442c-9c26-4ec8950d210b", "indicator--54d39678-b698-4788-96f3-40e2950d210b", "indicator--54d39678-10ac-4c17-a095-49e1950d210b", "indicator--54d39678-0cdc-4c2f-b40b-424e950d210b", "indicator--54d39678-7d20-4535-aa63-4e00950d210b", "indicator--54d39678-53b8-4d51-b3a6-4df2950d210b", "indicator--54d39678-cca8-40e4-9710-4ce4950d210b", "indicator--54d39678-4ec8-48f3-9f77-47e5950d210b", "indicator--54d39678-fc50-491f-b9a7-4834950d210b", "indicator--56c64f66-936c-44c7-8549-59a1950d210f", "indicator--56c64f68-913c-47cb-a358-4854950d210f", "indicator--56c64f6b-2690-4460-ac2c-599e950d210f", "indicator--56c64f6e-cbc8-4088-b87a-4080950d210f", "indicator--56c64f70-d63c-445d-bab7-4e13950d210f", "indicator--56c64f72-8648-4365-94b0-5f51950d210f", "indicator--56c64f74-5634-484e-aa19-c650950d210f", "indicator--56c64f75-3fb8-4726-9563-59a2950d210f", "indicator--56c64f78-22dc-4fbc-9d25-599d950d210f", "indicator--56c64f7a-e0f4-4dfb-bfcd-c652950d210f", "indicator--56c64f67-5840-4767-b90e-c653950d210f", "indicator--56c64f69-a410-4395-8f11-599c950d210f", "indicator--56c64f6d-54b4-4d86-9c51-5f51950d210f", "indicator--56c64f6e-c81c-463e-8d51-c651950d210f", "indicator--56c64f71-26cc-4fd6-996a-59a3950d210f", "indicator--56c64f73-0400-4fa9-9e71-c652950d210f", "indicator--56c64f74-43cc-466c-87b9-4abd950d210f", "indicator--56c64f77-19bc-449f-8464-464c950d210f", "indicator--56c64f79-8d98-4c26-a22f-59a1950d210f", "indicator--56c64f7a-f244-4b73-b0d4-c654950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54d395a4-dd6c-4a75-bbe5-f543950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:09:08.000Z", "modified": "2015-02-05T16:09:08.000Z", "first_observed": "2015-02-05T16:09:08Z", "last_observed": "2015-02-05T16:09:08Z", "number_observed": 1, "object_refs": [ "url--54d395a4-dd6c-4a75-bbe5-f543950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54d395a4-dd6c-4a75-bbe5-f543950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39676-30e0-4236-80d8-49a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:38.000Z", "modified": "2015-02-05T16:12:38.000Z", "pattern": "[file:hashes.MD5 = '1281478d409de246777472db99f58751']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-1c74-434d-94d2-49fb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '1725e68e574e4b077f7d16f7fa30d984']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-f1dc-4d9b-92d8-4fea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '2238453fd8225baff0d52bf64361b4fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-644c-4396-8ddc-40c4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '286760651edfe6a8b34988004156b894']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-49f0-48b7-a6d0-4352950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '2edfe2b5238c8f49130f2a2f85e33c18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-85e0-44b5-91ac-4757950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '2fdbb3ee0edc5e589ea727bbc2cd6d50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-fec8-4f9c-874c-43d3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '3548ea689e06a2599bdd1bdb909abb75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-4a68-4415-92ab-4487950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '5065266fbad9362d5a329c5388627ea5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-c128-425d-a16b-4a1f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '57f222d8fbe0e290b4bf8eaa994ac641']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-4720-4662-9d9a-406b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '69f5a988b4f3a3e5d300d489c9707cd6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-18b4-4d85-81c2-44af950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '7e3bb01afb4c50da526d142fdf444688']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39677-4910-45eb-ac0d-48e6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:39.000Z", "modified": "2015-02-05T16:12:39.000Z", "pattern": "[file:hashes.MD5 = '875f3fc948c6534804a26176dcfb6af0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-e114-4769-9063-459f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = '8ee24ad5b849877907304de566fb6dc6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-66f0-4f58-b0ec-4172950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = '9a7b9caae7b8b3a2b5d68e6880b6d0a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-aa5c-442c-9c26-4ec8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'bd73c74819d8db09c645c738bbd3f5b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-b698-4788-96f3-40e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'c188ef350f1ee0e5fa6f6ef2e70231bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-10ac-4c17-a095-49e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'cea66497fa93db4b0dd33438a2a5d6bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-0cdc-4c2f-b40b-424e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'dd2ef0d6487385839bbf7863fe450cc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-7d20-4535-aa63-4e00950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'df840ac27051d26555a109cc47d03fe4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-53b8-4d51-b3a6-4df2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'e0c14f98c4d4b995f00d49616bf9ba57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-cca8-40e4-9710-4ce4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'e189b5ce11618bb7880e9b09d53a588f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-4ec8-48f3-9f77-47e5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'eb36a5ef6a807fb7b2e2912e08b4882d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54d39678-fc50-491f-b9a7-4834950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-05T16:12:40.000Z", "modified": "2015-02-05T16:12:40.000Z", "pattern": "[file:hashes.MD5 = 'ede305561db6f7ca1783e0fc75d0db14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-05T16:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f66-936c-44c7-8549-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:30.000Z", "modified": "2016-02-18T23:10:30.000Z", "description": "Automatically added (via 286760651edfe6a8b34988004156b894)", "pattern": "[file:hashes.SHA1 = '5cb1867737815d206a5351294ca7e2857c4b70e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f68-913c-47cb-a358-4854950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:32.000Z", "modified": "2016-02-18T23:10:32.000Z", "description": "Automatically added (via 3548ea689e06a2599bdd1bdb909abb75)", "pattern": "[file:hashes.SHA1 = 'd08704b086136e9baaa771495dbaad29da0b8740']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f6b-2690-4460-ac2c-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:35.000Z", "modified": "2016-02-18T23:10:35.000Z", "description": "Automatically added (via 57f222d8fbe0e290b4bf8eaa994ac641)", "pattern": "[file:hashes.SHA1 = '4dd91591facc744f1f9f56d613cd3f395f97f1a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f6e-cbc8-4088-b87a-4080950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:38.000Z", "modified": "2016-02-18T23:10:38.000Z", "description": "Automatically added (via 875f3fc948c6534804a26176dcfb6af0)", "pattern": "[file:hashes.SHA1 = '6334a139db1b1e8fa6f0ba6c39af8d18e0920c1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f70-d63c-445d-bab7-4e13950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:40.000Z", "modified": "2016-02-18T23:10:40.000Z", "description": "Automatically added (via bd73c74819d8db09c645c738bbd3f5b9)", "pattern": "[file:hashes.SHA1 = '84c76f122d3b983d8b853671df2f3a1b0744aa86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f72-8648-4365-94b0-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:42.000Z", "modified": "2016-02-18T23:10:42.000Z", "description": "Automatically added (via cea66497fa93db4b0dd33438a2a5d6bd)", "pattern": "[file:hashes.SHA1 = 'cf0de8ae9069f6ec956cbc3e3c75989f6f766b70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f74-5634-484e-aa19-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:44.000Z", "modified": "2016-02-18T23:10:44.000Z", "description": "Automatically added (via df840ac27051d26555a109cc47d03fe4)", "pattern": "[file:hashes.SHA1 = 'bbe417463e04008bea15a5fe6d1dd5445a7d093c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f75-3fb8-4726-9563-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:45.000Z", "modified": "2016-02-18T23:10:45.000Z", "description": "Automatically added (via e0c14f98c4d4b995f00d49616bf9ba57)", "pattern": "[file:hashes.SHA1 = '7e65e14529090c71c912e2848713345b4046b0b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f78-22dc-4fbc-9d25-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:48.000Z", "modified": "2016-02-18T23:10:48.000Z", "description": "Automatically added (via e189b5ce11618bb7880e9b09d53a588f)", "pattern": "[file:hashes.SHA1 = '964f7144780aff59d48da184daa56b1704a86968']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f7a-e0f4-4dfb-bfcd-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:50.000Z", "modified": "2016-02-18T23:10:50.000Z", "description": "Automatically added (via ede305561db6f7ca1783e0fc75d0db14)", "pattern": "[file:hashes.SHA1 = 'ec181f0c537ae8547bd4b6b119c8e81ea0a63dd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f67-5840-4767-b90e-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:31.000Z", "modified": "2016-02-18T23:10:31.000Z", "description": "Automatically added (via 286760651edfe6a8b34988004156b894)", "pattern": "[file:hashes.SHA256 = 'dd707a21deb4620bad38bffe26d61d3612c066fc6a20921acf9405c32ff43f0c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f69-a410-4395-8f11-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:33.000Z", "modified": "2016-02-18T23:10:33.000Z", "description": "Automatically added (via 3548ea689e06a2599bdd1bdb909abb75)", "pattern": "[file:hashes.SHA256 = '8b8bdac5503b7778236294786fe2dc8be315267cfe2d88fd8f7004f22c6485f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f6d-54b4-4d86-9c51-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:37.000Z", "modified": "2016-02-18T23:10:37.000Z", "description": "Automatically added (via 57f222d8fbe0e290b4bf8eaa994ac641)", "pattern": "[file:hashes.SHA256 = '94cae63dcbabb71c5dd43f55fd09caeffdcd7628a02a112fb3cba36698ef72bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f6e-c81c-463e-8d51-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:38.000Z", "modified": "2016-02-18T23:10:38.000Z", "description": "Automatically added (via 875f3fc948c6534804a26176dcfb6af0)", "pattern": "[file:hashes.SHA256 = 'fb9e181d3ea6faa9d0e7431bfc8301fd66bcc8c3d66b26cef7036d117ee5fbb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f71-26cc-4fd6-996a-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:41.000Z", "modified": "2016-02-18T23:10:41.000Z", "description": "Automatically added (via bd73c74819d8db09c645c738bbd3f5b9)", "pattern": "[file:hashes.SHA256 = '3c0e383a6bb86d566e9af6325f4ebcf8b61f3e750c7f5ef899d49c274063073e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f73-0400-4fa9-9e71-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:43.000Z", "modified": "2016-02-18T23:10:43.000Z", "description": "Automatically added (via cea66497fa93db4b0dd33438a2a5d6bd)", "pattern": "[file:hashes.SHA256 = '8d236f04444f68b5ab136697da8fd79df8e6d50a5f379d63c41eaaeec19e52d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f74-43cc-466c-87b9-4abd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:44.000Z", "modified": "2016-02-18T23:10:44.000Z", "description": "Automatically added (via df840ac27051d26555a109cc47d03fe4)", "pattern": "[file:hashes.SHA256 = '0164dc11b05124166f83da841b2cefbf91a8a1ee105820b416d9493263ebd222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f77-19bc-449f-8464-464c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:47.000Z", "modified": "2016-02-18T23:10:47.000Z", "description": "Automatically added (via e0c14f98c4d4b995f00d49616bf9ba57)", "pattern": "[file:hashes.SHA256 = 'ed6ccf5ddf8d444a06206a8d2c8ba0a1dba8beb7e12cee63973ec21f618ae052']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f79-8d98-4c26-a22f-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:49.000Z", "modified": "2016-02-18T23:10:49.000Z", "description": "Automatically added (via e189b5ce11618bb7880e9b09d53a588f)", "pattern": "[file:hashes.SHA256 = '97d27e1225b472a63c88ac9cfb813019b72598b9dd2d70fe93f324f7d034fb95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64f7a-f244-4b73-b0d4-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:10:50.000Z", "modified": "2016-02-18T23:10:50.000Z", "description": "Automatically added (via ede305561db6f7ca1783e0fc75d0db14)", "pattern": "[file:hashes.SHA256 = '0e379344a76a26bd3b12b3e7287a62746c62b380755a21fa3e09017b0bb2ba82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:10:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }