{ "type": "bundle", "id": "bundle--54f9a0ef-0ebc-414d-88ab-f094950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54f9a0ef-0ebc-414d-88ab-f094950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "name": "OSINT Who's Really Spreading through the Bright Star? by Securelist / Kaspersky", "published": "2016-02-22T15:15:00Z", "object_refs": [ "observed-data--54f9a0fd-56c8-411a-8cc7-489b950d210b", "url--54f9a0fd-56c8-411a-8cc7-489b950d210b", "x-misp-attribute--54f9a10f-34e4-4fd7-a9d3-484e950d210b", "indicator--54f9a13b-6bdc-40e8-a010-f094950d210b", "indicator--54f9a13b-3c84-4c16-a132-f094950d210b", "indicator--54f9a13c-7868-4fb4-be39-f094950d210b", "indicator--54f9a172-5cac-4b31-ad16-453f950d210b", "indicator--54f9a172-0e68-4f06-b8c1-4e32950d210b", "indicator--54f9a17e-ad50-4166-a1a0-4860950d210b", "indicator--54f9a17e-97e4-4943-81de-4463950d210b", "x-misp-attribute--54f9a1ab-b520-4b9a-8339-4188950d210b", "indicator--54f9a217-da1c-4f1b-b37d-4132950d210b", "indicator--54f9a217-df00-4d26-9ac7-4f77950d210b", "indicator--54f9a217-b858-49e2-bba3-4321950d210b", "indicator--54f9a217-9d88-4a75-a466-4236950d210b", "indicator--54f9a218-bfe4-4b5c-b5c8-461c950d210b", "indicator--54f9a218-c784-446d-bf77-4ab7950d210b", "indicator--54f9a218-e61c-492d-92cc-4777950d210b", "indicator--54f9a218-f9e0-45b9-9f98-4797950d210b", "indicator--54f9a218-79d8-4182-84db-4c98950d210b", "x-misp-attribute--54f9a24b-fca4-4e03-b504-4098950d210b", "x-misp-attribute--54f9a24b-9908-439e-8df7-44d7950d210b", "x-misp-attribute--54f9a24b-b538-4cee-8162-4e69950d210b", "x-misp-attribute--54f9a24b-ebfc-40f6-a24f-4500950d210b", "indicator--54f9a282-ca7c-4ece-8598-40fc950d210b", "indicator--54f9a282-108c-4f7a-8982-40c4950d210b", "indicator--54f9a282-8d30-43e2-a150-4f43950d210b", "indicator--54f9a282-87c0-4133-8257-4962950d210b", "indicator--54f9a282-1724-483e-a397-4a70950d210b", "indicator--54f9a282-ba10-46fc-91a5-4567950d210b", "indicator--54f9a282-d54c-41ec-89b4-455d950d210b", "indicator--54f9a282-f7f4-42c8-b545-4a79950d210b", "indicator--54f9a282-3cc8-4d0c-ba11-4581950d210b", "indicator--54f9a282-fe84-4b60-81b3-4cff950d210b", "indicator--54f9a282-002c-440a-a52b-4f25950d210b", "indicator--54f9a2c3-56b0-4339-9b32-46cd950d210b", "indicator--54f9a2c3-8c04-4bba-89b1-40be950d210b", "indicator--54f9a2c3-d0f0-43d8-b6a6-4ad1950d210b", "indicator--54f9a2c3-7094-4fea-964c-432b950d210b", "indicator--54f9a2c3-7c88-4ac1-a201-413f950d210b", "indicator--54f9a2c3-0690-42fd-8aac-454b950d210b", "indicator--54f9a2c3-43c4-4a83-b866-4122950d210b", "indicator--56c6575e-3d24-4ed7-b7c5-599f950d210f", "indicator--56c65760-d398-47c4-9b5a-59a3950d210f", "indicator--56c65762-f0a8-4514-a3e7-40a3950d210f", "indicator--56c65764-c1c0-4f62-87cd-599c950d210f", "indicator--56c65766-7358-4804-84d2-c650950d210f", "indicator--56c6575f-94f0-44dd-901d-599d950d210f", "indicator--56c65761-4130-4d4a-9614-4766950d210f", "indicator--56c65763-f668-4c0e-ace8-59a1950d210f", "indicator--56c65764-a468-44de-8d2d-c651950d210f", "indicator--56c65766-16b4-4f4f-ae47-599f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54f9a0fd-56c8-411a-8cc7-489b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "first_observed": "2015-03-06T12:48:36Z", "last_observed": "2015-03-06T12:48:36Z", "number_observed": 1, "object_refs": [ "url--54f9a0fd-56c8-411a-8cc7-489b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54f9a0fd-56c8-411a-8cc7-489b950d210b", "value": "https://securelist.com/blog/68978/whos-really-spreading-through-the-bright-star/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54f9a10f-34e4-4fd7-a9d3-484e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Dark Hotel" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a13b-6bdc-40e8-a010-f094950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[domain-name:value = 'a.gwas.perl.sh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a13b-3c84-4c16-a132-f094950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[domain-name:value = 'a-gwas-01.dyndns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a13c-7868-4fb4-be39-f094950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[domain-name:value = 'a-gwas-01.slyip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a172-5cac-4b31-ad16-453f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = '78d3c8705f8baf7d34e6a6737d1cfa18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a172-0e68-4f06-b8c1-4e32950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = '978888892a1ed13e94d2fcb832a2a6b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a17e-ad50-4166-a1a0-4860950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\mscaps.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a17e-97e4-4943-81de-4463950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\wtime32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54f9a1ab-b520-4b9a-8339-4188950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Bright Star" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a217-da1c-4f1b-b37d-4132950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = '2d9df706d1857434fcaa014df70d1c66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a217-df00-4d26-9ac7-4f77950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = 'fffa05401511ad2a89283c52d0c86472']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a217-b858-49e2-bba3-4321950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = '1fcc5b3ed6bc76d70cfa49d051e0dff6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a217-9d88-4a75-a466-4236950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = 'd0c9ada173da923efabb53d5a9b28d54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a218-bfe4-4b5c-b5c8-461c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = 'daac1781c9d22f5743ade0cb41feaebf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a218-c784-446d-bf77-4ab7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = '6a9461f260ebb2556b8ae1d0ba93858a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a218-e61c-492d-92cc-4777950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = 'f1c9f4a1f92588aeb82be5d2d4c2c730']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a218-f9e0-45b9-9f98-4797950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = '59ee2ff6dbac2b6cd3e98cb0ff581bdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a218-79d8-4182-84db-4c98950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:48:36.000Z", "modified": "2015-03-06T12:48:36.000Z", "pattern": "[file:hashes.MD5 = 'f415ea8f2435d6c9656cc6525c65bd3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54f9a24b-fca4-4e03-b504-4098950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:49:15.000Z", "modified": "2015-03-06T12:49:15.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_comment": "Kaspersky", "x_misp_type": "text", "x_misp_value": "Trojan.Win32.Agent.hwgw" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54f9a24b-9908-439e-8df7-44d7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:49:15.000Z", "modified": "2015-03-06T12:49:15.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_comment": "Kaspersky", "x_misp_type": "text", "x_misp_value": "UDS:DangerousObject.Multi.Generic" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54f9a24b-b538-4cee-8162-4e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:49:15.000Z", "modified": "2015-03-06T12:49:15.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_comment": "Kaspersky", "x_misp_type": "text", "x_misp_value": "HEUR:Trojan.Win32.Generic" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54f9a24b-ebfc-40f6-a24f-4500950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:49:15.000Z", "modified": "2015-03-06T12:49:15.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_comment": "Kaspersky", "x_misp_type": "text", "x_misp_value": "Trojan-Dropper.Win32.Daws.awfy" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-ca7c-4ece-8598-40fc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '78d3c8705f8baf7d34e6a6737d1cfa18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-108c-4f7a-8982-40c4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '2d9df706d1857434fcaa014df70d1c66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-8d30-43e2-a150-4f43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '1e7c6907b63c4a485e7616aa04351da7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-87c0-4133-8257-4962950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '1fcc5b3ed6bc76d70cfa49d051e0dff6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-1724-483e-a397-4a70950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '523b4b169dde3bcab81311cfdee68e92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-ba10-46fc-91a5-4567950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '541989816355fd606838260f5b49d931']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-d54c-41ec-89b4-455d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '5e34f85278bf3504fc1b9a59d2e7479b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-f7f4-42c8-b545-4a79950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '6a9461f260ebb2556b8ae1d0ba93858a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-3cc8-4d0c-ba11-4581950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '78ba5b642df336009812a0b52827e1de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-fe84-4b60-81b3-4cff950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '7f15d9149736966f1df03fc60e87b8ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a282-002c-440a-a52b-4f25950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:50:10.000Z", "modified": "2015-03-06T12:50:10.000Z", "pattern": "[file:hashes.MD5 = '7f3a38093bd60da04d0fa5f50867d24f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:50:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-56b0-4339-9b32-46cd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = 'mscaps.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-8c04-4bba-89b1-40be950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = 'arc.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-d0f0-43d8-b6a6-4ad1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = '@aedf66.tmp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-7094-4fea-964c-432b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = 'dis.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-7c88-4ac1-a201-413f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = 'wdext.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-0690-42fd-8aac-454b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = 'sha.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f9a2c3-43c4-4a83-b866-4122950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-06T12:51:15.000Z", "modified": "2015-03-06T12:51:15.000Z", "pattern": "[file:name = 'wdexe.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-06T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6575e-3d24-4ed7-b7c5-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:30.000Z", "modified": "2016-02-18T23:44:30.000Z", "description": "Automatically added (via 6a9461f260ebb2556b8ae1d0ba93858a)", "pattern": "[file:hashes.SHA1 = '01e14b87b69dce8272d84669f44f81d685dcf7c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65760-d398-47c4-9b5a-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:32.000Z", "modified": "2016-02-18T23:44:32.000Z", "description": "Automatically added (via 978888892a1ed13e94d2fcb832a2a6b5)", "pattern": "[file:hashes.SHA1 = '4528a769de6407f01d01d03095d5d8fa38c4b4ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65762-f0a8-4514-a3e7-40a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:34.000Z", "modified": "2016-02-18T23:44:34.000Z", "description": "Automatically added (via fffa05401511ad2a89283c52d0c86472)", "pattern": "[file:hashes.SHA1 = '99a9fbcac39b9522d1d628620b69c4cd7cc110f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65764-c1c0-4f62-87cd-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:36.000Z", "modified": "2016-02-18T23:44:36.000Z", "description": "Automatically added (via d0c9ada173da923efabb53d5a9b28d54)", "pattern": "[file:hashes.SHA1 = '0cefe568d2a06bd44fe9dfab65b1e27bd34def11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65766-7358-4804-84d2-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:38.000Z", "modified": "2016-02-18T23:44:38.000Z", "description": "Automatically added (via f1c9f4a1f92588aeb82be5d2d4c2c730)", "pattern": "[file:hashes.SHA1 = '3dc5a017b15ba74fae2342937380905bf7e8fbd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6575f-94f0-44dd-901d-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:31.000Z", "modified": "2016-02-18T23:44:31.000Z", "description": "Automatically added (via 6a9461f260ebb2556b8ae1d0ba93858a)", "pattern": "[file:hashes.SHA256 = '0b059565160c180df60470349770a6dd225981a8051639385bb49d33d2a73632']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65761-4130-4d4a-9614-4766950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:33.000Z", "modified": "2016-02-18T23:44:33.000Z", "description": "Automatically added (via 978888892a1ed13e94d2fcb832a2a6b5)", "pattern": "[file:hashes.SHA256 = 'c7dc3ac34cfcadba2aedf1727ce95c7e54a8e4b3ada1373916adb25dcf05e369']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65763-f668-4c0e-ace8-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:35.000Z", "modified": "2016-02-18T23:44:35.000Z", "description": "Automatically added (via fffa05401511ad2a89283c52d0c86472)", "pattern": "[file:hashes.SHA256 = '41a712fd2111c5ddec6fe58a29c80f19923cc72e88b4508d5a3daeb236ddf1b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65764-a468-44de-8d2d-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:36.000Z", "modified": "2016-02-18T23:44:36.000Z", "description": "Automatically added (via d0c9ada173da923efabb53d5a9b28d54)", "pattern": "[file:hashes.SHA256 = 'ad01ab517cf1c9f5d30b3ea749c91c5c8fc613e771d25287483023d2066e1523']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65766-16b4-4f4f-ae47-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T23:44:38.000Z", "modified": "2016-02-18T23:44:38.000Z", "description": "Automatically added (via f1c9f4a1f92588aeb82be5d2d4c2c730)", "pattern": "[file:hashes.SHA256 = 'd3a46f71aa7467920b16b64c9d17eaf6c4e147f41cd1390dccff01e4a81f8dfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T23:44:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }