{ "type": "bundle", "id": "bundle--55244f19-fc08-42e2-8cd9-42c7950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:51.000Z", "modified": "2015-04-07T21:43:51.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55244f19-fc08-42e2-8cd9-42c7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:51.000Z", "modified": "2015-04-07T21:43:51.000Z", "name": "OSINT Threat Spotlight: Spam Served With a Side of Dridex from Cisco Talos", "published": "2015-04-08T07:08:52Z", "object_refs": [ "observed-data--55244f2b-5448-4f83-8fae-4e86950d210b", "url--55244f2b-5448-4f83-8fae-4e86950d210b", "x-misp-attribute--55244f3c-f1e4-4d7b-9c47-44c9950d210b", "indicator--55244f56-30f8-4b89-8771-4738950d210b", "indicator--55244f56-6ea8-4ba2-96e3-4b29950d210b", "indicator--55244f56-ed2c-43b2-9aa4-425e950d210b", "indicator--55244f56-4cb8-4884-b222-4b5d950d210b", "indicator--55244f56-bff4-4913-979b-4a7c950d210b", "indicator--55244f56-6648-4e08-93e4-480a950d210b", "indicator--55244f57-c334-4721-a86d-45ee950d210b", "indicator--55244f57-e5ac-42d1-978f-4c53950d210b", "indicator--55244f57-6140-458e-9047-44ba950d210b", "indicator--55244f57-c208-49a2-8f24-494b950d210b", "indicator--55244f57-6138-4ef0-8d4e-4926950d210b", "indicator--55244f57-8158-4817-81ce-4591950d210b", "indicator--55244f57-d058-4fe8-8a46-4422950d210b", "indicator--55244f57-185c-44ec-bfb6-4139950d210b", "indicator--55244f57-2bf4-4147-b24e-4122950d210b", "indicator--55244f58-520c-4907-8ba4-4461950d210b", "indicator--55244f58-0770-4236-afe7-4357950d210b", "indicator--55244f58-2728-461e-ab3a-47b9950d210b", "indicator--55244f58-2668-4ef1-befb-40fc950d210b", "indicator--55244f58-3104-4ba3-beb4-4f88950d210b", "indicator--55244f58-9a60-46fc-bcee-4de4950d210b", "indicator--55244f58-5fcc-4deb-868f-42a5950d210b", "indicator--55244f58-e8b8-4f98-be4f-4708950d210b", "indicator--55244f58-14ec-48ea-88fd-4644950d210b", "indicator--55244f59-5418-47a1-a8df-4809950d210b", "indicator--55244f59-3de4-4c55-86db-43ae950d210b", "indicator--55244f59-cdfc-45fd-8378-4d48950d210b", "indicator--55244f59-3490-40f4-83bc-4bff950d210b", "indicator--55244f59-6388-41b8-834a-4d00950d210b", "indicator--55244f59-b294-41dd-aa20-4cfa950d210b", "indicator--55244f59-efb8-41a2-bd0c-43b8950d210b", "indicator--55244f59-a07c-495f-a893-44ab950d210b", "indicator--55244f59-3f38-4940-acdc-4e80950d210b", "indicator--55244f5a-77ac-4907-a7b7-49e7950d210b", "indicator--55244f5a-a334-431f-a57a-4dfc950d210b", "indicator--55244f5a-4ed8-453f-9bb9-4619950d210b", "indicator--55244f5a-8ff0-4430-a221-432a950d210b", "indicator--55244f5a-b904-4dde-8acd-4ea6950d210b", "indicator--55244f5a-56a4-4bd3-b17e-4cd7950d210b", "indicator--55244f5a-f434-4c15-b327-480b950d210b", "indicator--55244f5a-54a4-4169-8cb9-4283950d210b", "indicator--55244f5a-6dd8-40ba-a5c8-45cc950d210b", "indicator--55244f5b-5434-4bca-a8c4-4877950d210b", "indicator--55244f5b-4994-49df-bd31-4422950d210b", "indicator--55244f5b-0034-4f4b-8a98-4eb3950d210b", "indicator--55244f5b-4da4-400a-a450-4dd3950d210b", "indicator--55244f5b-6ef0-4609-9288-401b950d210b", "indicator--55244f5b-dba0-46a6-956b-4dfa950d210b", "indicator--55244f5b-4b38-464d-ad47-4735950d210b", "indicator--55244f5b-3c78-4071-a294-4500950d210b", "indicator--55244f5b-7c5c-4d27-9a3f-4c34950d210b", "indicator--55244f5c-0870-497b-beb5-40b4950d210b", "indicator--55244f5c-8330-4d01-a8ed-4afa950d210b", "indicator--55244f5c-1058-4d23-aea7-4727950d210b", "indicator--55244f5c-fea8-4770-93a6-46a0950d210b", "indicator--55244f5c-4a48-4486-b654-45d9950d210b", "indicator--55244f5c-d004-4959-ad14-400a950d210b", "indicator--55244f5c-76a0-4c0f-9304-45d4950d210b", "indicator--55244f5c-48fc-4152-9ad5-43a4950d210b", "indicator--55244f5c-7664-4345-8d1a-4c16950d210b", "indicator--55244f5d-7cc8-4957-abd9-44b0950d210b", "indicator--55244f5d-03c0-4ed5-8430-406a950d210b", "indicator--55244f5d-6694-4e81-bba5-405f950d210b", "indicator--55244f5d-97d4-4b5b-9ea6-4aae950d210b", "indicator--55244f5d-5a90-428e-9025-4e75950d210b", "indicator--55244f5d-de58-4aa3-86d2-4033950d210b", "indicator--55244f5d-1c60-4736-b44f-42db950d210b", "indicator--55244f5d-9b14-4cfe-8b8c-4832950d210b", "observed-data--55244f65-fa1c-4d8c-b9ae-4c3f950d210b", "url--55244f65-fa1c-4d8c-b9ae-4c3f950d210b", "indicator--55244f82-cd20-4c30-bd38-4650950d210b", "indicator--55244f97-7d98-4091-9575-9065950d210b", "indicator--55244f98-ba48-4a3d-8fe9-9065950d210b", "indicator--55244f98-6768-4e34-96ea-9065950d210b", "indicator--55244f98-0f20-41dd-8fdb-9065950d210b", "indicator--55244f98-feb8-494e-a14a-9065950d210b", "indicator--55244f98-7624-4f9d-8e96-9065950d210b", "indicator--55244f98-73f0-49bb-9361-9065950d210b", "indicator--55244f98-4d68-4804-b39d-9065950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55244f2b-5448-4f83-8fae-4e86950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:03.000Z", "modified": "2015-04-07T21:42:03.000Z", "first_observed": "2015-04-07T21:42:03Z", "last_observed": "2015-04-07T21:42:03Z", "number_observed": 1, "object_refs": [ "url--55244f2b-5448-4f83-8fae-4e86950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55244f2b-5448-4f83-8fae-4e86950d210b", "value": "http://blogs.cisco.com/security/talos/spam-dridex" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55244f3c-f1e4-4d7b-9c47-44c9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:20.000Z", "modified": "2015-04-07T21:42:20.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Dridex" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f56-30f8-4b89-8771-4738950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:46.000Z", "modified": "2015-04-07T21:42:46.000Z", "pattern": "[file:hashes.SHA256 = 'f7692b39145af1e8d0184b953c1595390105589619e01847ddb70d9b7454f2c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f56-6ea8-4ba2-96e3-4b29950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:46.000Z", "modified": "2015-04-07T21:42:46.000Z", "pattern": "[file:hashes.SHA256 = '1b00a8206dde4818c3afa2240a74f757a3589ae596ebed7b78a07cb547096731']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f56-ed2c-43b2-9aa4-425e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:46.000Z", "modified": "2015-04-07T21:42:46.000Z", "pattern": "[file:hashes.SHA256 = '079418b9d05ba7ba1cabdb0e5e54c721e468d2630d2092aa233c73c6d8b584fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f56-4cb8-4884-b222-4b5d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:46.000Z", "modified": "2015-04-07T21:42:46.000Z", "pattern": "[file:hashes.SHA256 = '7f2ad96dd55263e7e810e51f3d2a6b658dbbd33f4e70333ab5a3c608430c7195']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f56-bff4-4913-979b-4a7c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:46.000Z", "modified": "2015-04-07T21:42:46.000Z", "pattern": "[file:hashes.SHA256 = '12452620622d78405d5cb3914085efed3d07355c949677e339f139777b0f8c50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f56-6648-4e08-93e4-480a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:46.000Z", "modified": "2015-04-07T21:42:46.000Z", "pattern": "[file:hashes.SHA256 = 'cda256163613aeaa8f4e2fad66ef4a847392d359996ff63f30e338824ad8fb2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-c334-4721-a86d-45ee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = 'a3f46b16fd25a9d8bfd8c7e8d041903f6769114a9c46d6c13b80814691bf424e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-e5ac-42d1-978f-4c53950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = '10e59ee0208122891913f84785b93662c5ea1a2749cf6320fbe8fe9071a5f91c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-6140-458e-9047-44ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = 'c5cc2f88fef95f658c90f8a1e3518d75b15b504d8a184fd100d458e8891f6dd1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-c208-49a2-8f24-494b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = 'd5bca64e83d8bb5dd7c2ebbf1ec548235e8bc81df4fd6bc4ef2b9e9bb5cddf58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-6138-4ef0-8d4e-4926950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = '83345eb7f529712fca63a0456810107d1b25f279bc2e36d6142a95d60eb57690']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-8158-4817-81ce-4591950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = '24a00991acf2448cb428e9a8a57e54365e1cb51673b416c6ce70fc5f57d5aefb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-d058-4fe8-8a46-4422950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = 'e1fa9f7c95cd97a07fe024f73367896fde0a27905c5464d4ad74a0563cdb788f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-185c-44ec-bfb6-4139950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = 'c7016f7a317df006a6e10acbb017894dc1ae955b3a66a7d5c80e556c1331f03b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f57-2bf4-4147-b24e-4122950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:47.000Z", "modified": "2015-04-07T21:42:47.000Z", "pattern": "[file:hashes.SHA256 = '531cd466540ce4475849532444f60e8d4dace097a73dc0d27855aced4b5c55d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-520c-4907-8ba4-4461950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = 'c2754ff1fc18dd1a9fe027383ff0d210e1e28c15d281c0a457fdfe0a4b35417c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-0770-4236-afe7-4357950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = '25fa9ff422dab272eb55a0b5891971070e4139d280b58ccc910fa2dd73bfbb13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-2728-461e-ab3a-47b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = '56196ecba3fbc6314a383eba8bcbf8879f5251f4343ffe2d3748b1ee9de93b93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-2668-4ef1-befb-40fc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = '24c427b22f7c124344b1d1ad8faeb70be50360d167d5e11fd8cc8ac82f2c5796']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-3104-4ba3-beb4-4f88950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = '7acb74f37f0844a56cd0fd3af1ce6e1db35d4954d9fb9e722107080b9e4e6c01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-9a60-46fc-bcee-4de4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = '5f5d81209f98a925f68fa71d847e109d63ba0af4bd49ec0e86b3d86110c0a8c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-5fcc-4deb-868f-42a5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = 'bafbeb98f2878d88a6d37b64a47eb789d3459c5d6f787e671a01e156bbfb0044']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-e8b8-4f98-be4f-4708950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = '57d7684839101600400a87b87b693d3194911d53a611a301e60a212d48ad3265']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f58-14ec-48ea-88fd-4644950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:48.000Z", "modified": "2015-04-07T21:42:48.000Z", "pattern": "[file:hashes.SHA256 = 'bacb4de5ae01f2fcc3a080633feb856597d2b388205217756b8c5e3a50c041db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-5418-47a1-a8df-4809950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '3ef213c1e2b44b7bf474af4c6ce9665a28ee4a6f097b7ff7d3bdecf28771a38a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-3de4-4c55-86db-43ae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '715852e4d27665050e48ec7bc1b5838aa27f986918c215b3c906d0f07d6dd3ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-cdfc-45fd-8378-4d48950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '84a53e29c4a1016ed25b38b62742e23839e8285ff9a10fe2190468e48088759c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-3490-40f4-83bc-4bff950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '4521696635ed15f8636d6c4c4620cd631f29bf605056cc52ef271d9d7bf864f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-6388-41b8-834a-4d00950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '39f5bc5ea6f6f44e4467b9ecf85733f7d756d6fa9bd44ff4a3ff61b8052290b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-b294-41dd-aa20-4cfa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '021215c109abbde900a1ca0ba2a240effbb6306e04af5937b44a71baff458051']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-efb8-41a2-bd0c-43b8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '15d3b57e2482cc4343381c02a4670b5aa7ef31bb590b07a5a556b38c2b846c32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-a07c-495f-a893-44ab950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '5c0d632b0decf0b856fa37eb828878cc39adfbda591829c4056b80cbde218cad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f59-3f38-4940-acdc-4e80950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:49.000Z", "modified": "2015-04-07T21:42:49.000Z", "pattern": "[file:hashes.SHA256 = '56221852f2126ebcd1ecb5ae6a6a0222f2ce67ee3be055a6b6bd1a64e747e902']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-77ac-4907-a7b7-49e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = 'ecedd609095925829e3861f99623a08f87a63076d212136b12f55a7463ff3a4e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-a334-431f-a57a-4dfc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = 'ceb512a26706e9055c5c7c6829a93da2593d8290e2f96c0d88a361bf5465de4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-4ed8-453f-9bb9-4619950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = '153b24796e4ecf20246aaa19f9650aa3b93994bcd5d736e1193d435ce98d607e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-8ff0-4430-a221-432a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = '0c3636f6d9502abeb8e714cfca9381cb941f1265d2aef06921cabd88569958d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-b904-4dde-8acd-4ea6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = 'e0e199c4bf9e0faffd0921ddfa870aecdebd5ad96d36c73513d0492824b797a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-56a4-4bd3-b17e-4cd7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = '5cc88cf62c8ab69d3dcc1b5993eafa5c2b75ccf7c7a230a120b952bb4779e940']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-f434-4c15-b327-480b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = '2d2a951cec26e271c2e6f24514e0b35450cb85932a3d45965bdd5eb7d19b7a01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-54a4-4169-8cb9-4283950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = '00ebff78f236992c87d1851ed39c51edb8dafc361fee1e495d438f39f2960b46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5a-6dd8-40ba-a5c8-45cc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:50.000Z", "modified": "2015-04-07T21:42:50.000Z", "pattern": "[file:hashes.SHA256 = 'b1dfc7aa345d01ede2531ae8cb93b20bece6678d8ff7efd3fe98eac7c262acb8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-5434-4bca-a8c4-4877950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = 'a0c28bd757fac1a27ef69b0b1240b48e7b76d569d7c812f697e6e799b9950740']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-4994-49df-bd31-4422950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = 'c5a0a04251d54015e90089d8720d3a47495472c4a8e432af9e64aa116148f9e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-0034-4f4b-8a98-4eb3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = 'f42dd791495a93802851cfc98975b0ced502d66f0cd11c2d1d3d0b145be91e94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-4da4-400a-a450-4dd3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = '6b3810c0d8f5aa7e9f6390c9a7a93581a6766b87d2fb6c2a84f345ceec4b0c19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-6ef0-4609-9288-401b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = '1aca9debe5b9e5bf93334c1a16c4340ab00922b9580537c4e5f472ba543649ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-dba0-46a6-956b-4dfa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = 'a15ae9d91e57269efb15c768e7f7b0f0c7acf2e7cc452df1e2a93aad84cf5676']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-4b38-464d-ad47-4735950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = '0c6ce8e5aebb40a22a771a9f9be2aab686260e5e00aa8a482b4306bf6b443603']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-3c78-4071-a294-4500950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = '65d47473fb824b198bf89198153621a1c5f80545ef6641334f00f49f2f6e1e48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5b-7c5c-4d27-9a3f-4c34950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:51.000Z", "modified": "2015-04-07T21:42:51.000Z", "pattern": "[file:hashes.SHA256 = '651b3fb4c1807b1b725280cbc59532953dd855c5bf6f7ef41a37dc5653e10fee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-0870-497b-beb5-40b4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = '33e5818e9f534ba38028cc64f5147e5bb07b6ccf7c76bc00571381d3d0e4917f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-8330-4d01-a8ed-4afa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = '9e428cf974084bf1bc24a05b109f061e0c4c3eb6f8b034d15b728062d605afcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-1058-4d23-aea7-4727950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = 'b8c12120fc8298f3cf9e637ddd73eca9e0f88f516cae7f00d9ce13360d625988']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-fea8-4770-93a6-46a0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = '67cf302dff151c5bab481630a8938034a0597203be43c6ac14c9b872dcd80a04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-4a48-4486-b654-45d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = '6fb690d29190406d31461ed0d07370b329c0f4976ac936d3acb4a806a169f635']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-d004-4959-ad14-400a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = '4f493a113ba258994da6600a4750c9a86aaa31282047c826a0cca7474c09f5fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-76a0-4c0f-9304-45d4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = 'd97f8a613d13b87a5eb3feb773501ddbdb3a5ce645532b0ea6d61def96c5c9c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-48fc-4152-9ad5-43a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = 'bbb7f0005790c73fa82802f7153e2c55794ad651471cf5dd192836783f2a1955']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5c-7664-4345-8d1a-4c16950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:52.000Z", "modified": "2015-04-07T21:42:52.000Z", "pattern": "[file:hashes.SHA256 = '01c7383d3dc15cdd36e0d68eee489683715abc58cb3d8c41430e3cbc06ae831f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-7cc8-4957-abd9-44b0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = '43309a810f2d7fadcd09d1c044b472c0edef0a84a9763f895812904f1903db41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-03c0-4ed5-8430-406a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = '2fd26eff17fc9d17b8c26e187441eb3163441aca7a025dc4e3f8762360e54503']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-6694-4e81-bba5-405f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = '7694ef6610056f002bc8dd8a7f249b7f3027bc42fa1c9a10c09621f7e7e0aab5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-97d4-4b5b-9ea6-4aae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = 'fa2b2a61bf9dedca86fe05b68f4c5015c1ee79ff0a5d620d0517c13684e464c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-5a90-428e-9025-4e75950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = '5bc7cf7be1f391a1f47fe1e1daff7dccb05477eee2c213e9ced2930da0d54c75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-de58-4aa3-86d2-4033950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = '01f30887a828344f6cf574bb05bd0bf571fc35979a3032377b95fb0d692b8061']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-1c60-4736-b44f-42db950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = '06d2255b06fa8eff6eb90633c11b03717197bba807aee8168395a93002353a65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f5d-9b14-4cfe-8b8c-4832950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:42:53.000Z", "modified": "2015-04-07T21:42:53.000Z", "pattern": "[file:hashes.SHA256 = 'ad6ab25bfa24c59b6345455170b4ae88a86d96e49ec04a07bf4aedaf1836ea42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55244f65-fa1c-4d8c-b9ae-4c3f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:01.000Z", "modified": "2015-04-07T21:43:01.000Z", "first_observed": "2015-04-07T21:43:01Z", "last_observed": "2015-04-07T21:43:01Z", "number_observed": 1, "object_refs": [ "url--55244f65-fa1c-4d8c-b9ae-4c3f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55244f65-fa1c-4d8c-b9ae-4c3f950d210b", "value": "http://blogs.cisco.com/wp-content/uploads/dridex_word_hashes.txt" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f82-cd20-4c30-bd38-4650950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:30.000Z", "modified": "2015-04-07T21:43:30.000Z", "pattern": "[file:hashes.SHA256 = '7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f97-7d98-4091-9575-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:51.000Z", "modified": "2015-04-07T21:43:51.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.39.149.21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-ba48-4a3d-8fe9-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.41.45.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-6768-4e34-96ea-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.91.175.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-0f20-41dd-8fdb-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.26.217.203']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-feb8-494e-a14a-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.26.217.203']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-7624-4f9d-8e96-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.74.103.150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-73f0-49bb-9361-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.201.121.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55244f98-4d68-4804-b39d-9065950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-07T21:43:52.000Z", "modified": "2015-04-07T21:43:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.55.154.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-07T21:43:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }