{ "type": "bundle", "id": "bundle--55014970-d82c-4b60-ba8e-0958950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T09:10:31.000Z", "modified": "2015-03-12T09:10:31.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55014970-d82c-4b60-ba8e-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T09:10:31.000Z", "modified": "2015-03-12T09:10:31.000Z", "name": "OSINT Hacking Team Reloaded? US-Based Ethiopian Journalists Again Targeted with Spyware by Citizen Lab", "published": "2015-03-12T10:27:51Z", "object_refs": [ "observed-data--5501497e-f5b4-4d6b-92bf-0ff5950d210b", "url--5501497e-f5b4-4d6b-92bf-0ff5950d210b", "x-misp-attribute--55014987-3a78-406d-aa41-9778950d210b", "observed-data--55014abc-9460-4b8b-a820-42d2950d210b", "email-message--55014abc-9460-4b8b-a820-42d2950d210b", "file--55014abc-9460-4b8b-a820-42d2950d210b", "indicator--55014ad9-d5b8-4fe7-bf8a-1c3d950d210b", "indicator--55014ad9-e458-4f10-b3ac-1c3d950d210b", "indicator--55014ad9-a528-4287-a16c-1c3d950d210b", "indicator--55014af5-d320-4de2-b480-0958950d210b", "indicator--55014af5-5ea8-43de-8acb-0958950d210b", "indicator--55014af5-d6f4-4664-96ed-0958950d210b", "x-misp-attribute--55014b5b-1f84-4f2c-be35-4822950d210b", "x-misp-attribute--55014b8b-151c-42a3-a79f-0ff5950d210b", "x-misp-attribute--55014b8b-d5dc-499f-9195-0ff5950d210b", "indicator--55014bbd-ba10-4461-adaf-094a950d210b", "indicator--55014bbd-ead8-48e6-bc6b-094a950d210b", "indicator--55014c70-ccec-4df0-aef8-1c3d950d210b", "indicator--55014c70-a0ec-449f-a810-1c3d950d210b", "indicator--55014c8e-3628-4ee7-88df-0959950d210b", "indicator--55014cb9-e1b0-4579-8dac-9778950d210b", "indicator--55014cd5-a430-42d2-a64a-0958950d210b", "indicator--55014ce9-1a58-4546-8f32-0ff5950d210b", "indicator--55014d39-e548-4875-8c18-9778950d210b", "indicator--55014d39-d250-462a-ac15-9778950d210b", "indicator--55014d61-8b34-4970-879e-0958950d210b", "indicator--55014d61-80e0-4a38-96f4-0958950d210b", "indicator--55014d61-edf4-4c05-99e9-0958950d210b", "indicator--55014d7e-02e4-48a2-9e51-9778950d210b", "indicator--55014d7e-1624-4baf-8040-9778950d210b", "indicator--55014d7e-7a88-4f1e-af39-9778950d210b", "indicator--55014da1-60c4-4a27-8eba-2983950d210b", "indicator--55014da1-c904-4a5f-8b8d-2983950d210b", "indicator--55014da2-1340-4185-a32c-2983950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5501497e-f5b4-4d6b-92bf-0ff5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:08:30.000Z", "modified": "2015-03-12T08:08:30.000Z", "first_observed": "2015-03-12T08:08:30Z", "last_observed": "2015-03-12T08:08:30Z", "number_observed": 1, "object_refs": [ "url--5501497e-f5b4-4d6b-92bf-0ff5950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5501497e-f5b4-4d6b-92bf-0ff5950d210b", "value": "https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55014987-3a78-406d-aa41-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:08:39.000Z", "modified": "2015-03-12T08:08:39.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Hacking Team" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55014abc-9460-4b8b-a820-42d2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:13:48.000Z", "modified": "2015-03-12T08:13:48.000Z", "first_observed": "2015-03-12T08:13:48Z", "last_observed": "2015-03-12T08:13:48Z", "number_observed": 1, "object_refs": [ "email-message--55014abc-9460-4b8b-a820-42d2950d210b", "file--55014abc-9460-4b8b-a820-42d2950d210b" ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--55014abc-9460-4b8b-a820-42d2950d210b", "is_multipart": true, "body_multipart": [ { "body_raw_ref": "file--55014abc-9460-4b8b-a820-42d2950d210b", "content_disposition": "attachment; filename='u121Du122Du132B 2007.doc'" } ] }, { "type": "file", "spec_version": "2.1", "id": "file--55014abc-9460-4b8b-a820-42d2950d210b", "name": "u121Du122Du132B 2007.doc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014ad9-d5b8-4fe7-bf8a-1c3d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:14:17.000Z", "modified": "2015-03-12T08:14:17.000Z", "pattern": "[file:hashes.SHA256 = 'b2683b3a214cda3f741fe5ff0850e69420d94174852a194ce9fc5f0db05c1633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014ad9-e458-4f10-b3ac-1c3d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:14:17.000Z", "modified": "2015-03-12T08:14:17.000Z", "pattern": "[file:hashes.SHA1 = '03ae6619c2e6dc93d1d3cd218db337aa797b480a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014ad9-a528-4287-a16c-1c3d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:14:17.000Z", "modified": "2015-03-12T08:14:17.000Z", "pattern": "[file:hashes.MD5 = '91961aad912dc790943a1cb23b6e8297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014af5-d320-4de2-b480-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:14:45.000Z", "modified": "2015-03-12T08:14:45.000Z", "pattern": "[file:hashes.SHA256 = '5509462906e832350ea48f37e2e399669214c90b18023c94949036b254f7a681']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014af5-5ea8-43de-8acb-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:14:45.000Z", "modified": "2015-03-12T08:14:45.000Z", "pattern": "[file:hashes.SHA1 = 'f9bebcc72bf7bb51e3e3cbd002bf7f8eea398f2c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014af5-d6f4-4664-96ed-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:14:45.000Z", "modified": "2015-03-12T08:14:45.000Z", "pattern": "[file:hashes.MD5 = 'f6a793a177447e3cab4108a707db65cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55014b5b-1f84-4f2c-be35-4822950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:16:27.000Z", "modified": "2015-03-12T08:16:27.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "The payload is signed by the following code signing certificate:\r\n\r\nSerial Number: 4fc13d6220c629043a26f81b1cad72d8\r\n\r\nIssuer\r\nCN = Certum Level III CA\r\nOU = Certum Certification Authority\r\nO = Unizeto Technologies S.A.\r\nC = PL\r\n\r\nSubject\r\nE = meicunge@gmail.com\r\nCN = Open Source Developer, meicun ge\r\nO = Meicun Ge\r\nC = CN" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55014b8b-151c-42a3-a79f-0ff5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:17:15.000Z", "modified": "2015-03-12T08:17:15.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Code signing certificate subject email", "x_misp_type": "text", "x_misp_value": "meicunge@gmail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55014b8b-d5dc-499f-9195-0ff5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:17:33.000Z", "modified": "2015-03-12T08:17:33.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Code signing certificate serial number", "x_misp_type": "text", "x_misp_value": "4fc13d6220c629043a26f81b1cad72d8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014bbd-ba10-4461-adaf-094a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:18:05.000Z", "modified": "2015-03-12T08:18:05.000Z", "description": "Samples on VT signed with same certificate", "pattern": "[file:hashes.SHA256 = 'e5cc130dbea95c78cf88807852fad7dcca3a1d6bd7ec86488b6157ba3451a0c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:18:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014bbd-ead8-48e6-bc6b-094a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:18:05.000Z", "modified": "2015-03-12T08:18:05.000Z", "description": "Samples on VT signed with same certificate", "pattern": "[file:hashes.SHA256 = '299f1f25c268d814a85b37fb36e83b891b094baee95c8b739c04b5c134db84c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:18:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014c70-ccec-4df0-aef8-1c3d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:21:04.000Z", "modified": "2015-03-12T08:21:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.74.178.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:21:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014c70-a0ec-449f-a810-1c3d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:21:04.000Z", "modified": "2015-03-12T08:21:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.74.178.203']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:21:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014c8e-3628-4ee7-88df-0959950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:21:34.000Z", "modified": "2015-03-12T08:21:34.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.4.69.25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:21:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014cb9-e1b0-4579-8dac-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:22:17.000Z", "modified": "2015-03-12T08:22:17.000Z", "pattern": "[email-message:from_ref.value = 'fretar19@yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:22:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014cd5-a430-42d2-a64a-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:22:45.000Z", "modified": "2015-03-12T08:22:45.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.156.68.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014ce9-1a58-4546-8f32-0ff5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:23:05.000Z", "modified": "2015-03-12T08:23:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.118.233.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:23:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d39-e548-4875-8c18-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:24:25.000Z", "modified": "2015-03-12T08:24:25.000Z", "pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'Seminar Anti G7 Movement.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:24:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d39-d250-462a-ac15-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:24:25.000Z", "modified": "2015-03-12T08:24:25.000Z", "pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'Please save our dad from execution.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:24:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d61-8b34-4970-879e-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:25:05.000Z", "modified": "2015-03-12T08:25:05.000Z", "pattern": "[file:hashes.SHA256 = '47f9a2daa161eeb0f7c88af92d3b346ee140ffbb0c310d0e6fbc7c91d42faace']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:25:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d61-80e0-4a38-96f4-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:25:05.000Z", "modified": "2015-03-12T08:25:05.000Z", "pattern": "[file:hashes.SHA1 = 'b39dcf93c88d202a582ab4a589cacae3e5d6650c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:25:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d61-edf4-4c05-99e9-0958950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:25:05.000Z", "modified": "2015-03-12T08:25:05.000Z", "pattern": "[file:hashes.MD5 = '4faeaed1065815e40bc7c4d9b943f439']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:25:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d7e-02e4-48a2-9e51-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:25:34.000Z", "modified": "2015-03-12T08:25:34.000Z", "pattern": "[file:hashes.SHA256 = 'af6137a1fe785cc865ea5ba2310cb81b4c6996f224dda2425d0c5b6995983e3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:25:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d7e-1624-4baf-8040-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:25:34.000Z", "modified": "2015-03-12T08:25:34.000Z", "pattern": "[file:hashes.SHA1 = '519bb2b2c3d0c7e67be735c4d384d832fcc89d67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:25:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014d7e-7a88-4f1e-af39-9778950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:25:34.000Z", "modified": "2015-03-12T08:25:34.000Z", "pattern": "[file:hashes.MD5 = '3a7ef9a8c216bcdbbfecef934196d9c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:25:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014da1-60c4-4a27-8eba-2983950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:26:09.000Z", "modified": "2015-03-12T08:26:09.000Z", "pattern": "[file:hashes.SHA256 = '84f87c6d85211fe7c7f7fb1321e7f4db917bc6a7f2e51b7a8357fb4351b5a58d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:26:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014da1-c904-4a5f-8b8d-2983950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:26:09.000Z", "modified": "2015-03-12T08:26:09.000Z", "pattern": "[file:hashes.SHA1 = '669246636ec6e3422a81ee2cb77c78c8420f9006']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:26:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55014da2-1340-4185-a32c-2983950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-03-12T08:26:10.000Z", "modified": "2015-03-12T08:26:10.000Z", "pattern": "[file:hashes.MD5 = 'b7f54924450ae0675ce67c5edad1f243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-03-12T08:26:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }