{ "type": "bundle", "id": "bundle--558401d3-130c-44db-a49a-42fa950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:58.000Z", "modified": "2015-06-19T11:54:58.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--558401d3-130c-44db-a49a-42fa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:58.000Z", "modified": "2015-06-19T11:54:58.000Z", "name": "OSINT Poseidon And Backoff Pos \u00e2\u20ac\u201c The Links And Similarities by Team Cymru", "published": "2016-03-01T22:03:55Z", "object_refs": [ "observed-data--558401ed-4b28-4d86-86ff-777a950d210b", "url--558401ed-4b28-4d86-86ff-777a950d210b", "x-misp-attribute--558401f8-2f10-4f02-b885-3c43950d210b", "x-misp-attribute--558401f8-59f0-41e3-a865-3c43950d210b", "indicator--55840233-f934-48c2-b1bc-418f950d210b", "indicator--55840233-e038-46fd-8df4-404b950d210b", "indicator--55840234-7bc0-4b67-b901-4a45950d210b", "indicator--55840234-1358-4c99-a842-4f9b950d210b", "indicator--55840234-f108-43ea-9e28-4d61950d210b", "indicator--55840234-3488-41b1-9207-47d1950d210b", "indicator--55840234-f124-4476-b097-4dd9950d210b", "indicator--55840234-e688-4c41-8f8a-45ea950d210b", "indicator--55840234-6350-474b-a5e6-4399950d210b", "indicator--55840234-9ca8-471d-8a60-4470950d210b", "indicator--55840235-b9fc-42d6-968f-4bf1950d210b", "indicator--55840235-aeb8-459c-9104-4d3a950d210b", "indicator--55840235-43a0-4f52-be8f-45b9950d210b", "indicator--55840235-d998-4fcc-81c5-49de950d210b", "indicator--55840235-ac40-4f29-8cbe-4c91950d210b", "indicator--55840235-d234-42d3-ac82-4344950d210b", "indicator--55840235-61bc-42fd-8468-4a3b950d210b", "indicator--55840236-ff84-4bd9-a899-45a3950d210b", "indicator--55840236-2874-4cd4-99ed-42c3950d210b", "indicator--55840236-7ea8-4805-995e-408e950d210b", "indicator--55840236-6c4c-4c83-b91d-474a950d210b", "indicator--55840236-f280-4ffc-9658-44df950d210b", "indicator--55840236-53cc-42fb-9de6-4fa5950d210b", "indicator--55840236-7dfc-4387-8151-4cdf950d210b", "indicator--55840236-1c9c-48e9-990b-4d99950d210b", "indicator--55840237-3634-40de-b3b1-4dbf950d210b", "indicator--55840237-707c-4fa2-abbc-4e50950d210b", "indicator--55840237-93dc-4fae-8365-47a4950d210b", "indicator--5584024e-1a98-491e-97ab-44e7950d210b", "indicator--5584024e-3334-48a1-a34d-40b0950d210b", "indicator--5584024e-8f88-4b9f-b3eb-42be950d210b", "indicator--5584024f-0b64-4c18-8939-491a950d210b", "indicator--5584024f-6b54-4a87-9a68-464b950d210b", "indicator--5584024f-7224-4143-bcb6-4601950d210b", "indicator--5584024f-c364-4d74-9e3d-4371950d210b", "indicator--5584024f-fa88-4095-bac0-47fa950d210b", "indicator--5584024f-80b0-495a-a48f-41b7950d210b", "indicator--5584024f-de54-42d4-8047-4da7950d210b", "indicator--5584024f-024c-4d70-ade5-4df3950d210b", "indicator--5584027b-fb88-48cd-8089-4d30950d210b", "indicator--5584027b-5e68-4ea8-8e64-4285950d210b", "indicator--5584027b-8b00-4fc9-a7c8-4d58950d210b", "indicator--5584027b-dfb0-4708-803d-4ee1950d210b", "indicator--5584027b-d49c-4a3d-a853-432f950d210b", "indicator--5584027b-a2d8-44d6-abbc-4d7d950d210b", "indicator--5584027c-01d4-48a6-aa02-4d65950d210b", "indicator--5584027c-83e8-42f7-bb2d-4197950d210b", "indicator--5584027c-8150-4c6d-89a1-4495950d210b", "indicator--5584027c-8c38-4201-9162-4ef5950d210b", "indicator--5584027c-9164-4af3-8ae7-40b6950d210b", "indicator--5584027c-83a8-45f8-a635-498e950d210b", "indicator--5584027c-63d8-4bda-8638-424f950d210b", "indicator--5584027d-ab24-410f-a38c-4559950d210b", "indicator--5584027d-ee40-4d99-baf1-4803950d210b", "indicator--5584027d-aa6c-4ee8-9dbc-4b40950d210b", "indicator--5584027d-364c-4099-acb3-4b68950d210b", "indicator--5584027d-47f0-441e-845d-4e2e950d210b", "indicator--5584027d-14e8-4706-ba4b-49d6950d210b", "indicator--5584027d-f864-402c-94d2-43e9950d210b", "indicator--5584027d-a188-4a70-b151-4239950d210b", "indicator--5584027e-86b4-4ca7-8159-4e07950d210b", "indicator--5584027e-aad0-453f-a08b-4f0d950d210b", "indicator--5584027e-3edc-4f37-b415-46cd950d210b", "indicator--558402bd-5260-4854-be21-3c43950d210b", "indicator--558402bd-f788-458f-b534-3c43950d210b", "indicator--558402bd-caa4-4a7b-8967-3c43950d210b", "indicator--558402bd-3034-4b0a-98f6-3c43950d210b", "indicator--558402be-1650-40a4-b2f3-3c43950d210b", "indicator--558402be-ef7c-4275-af7f-3c43950d210b", "indicator--558402be-b3c0-429a-a0fa-3c43950d210b", "indicator--558402be-6ca8-4ef2-b9bd-3c43950d210b", "indicator--558402be-ba80-4838-bb51-3c43950d210b", "indicator--558402be-5dc8-4fdf-8ea9-3c43950d210b", "indicator--558402be-6b98-4a9d-9c18-3c43950d210b", "indicator--558402be-c43c-4e18-8fb1-3c43950d210b", "indicator--558402bf-5710-406f-8961-3c43950d210b", "indicator--558402bf-cbe4-420a-9a81-3c43950d210b", "indicator--558402bf-c034-4e5f-bdbf-3c43950d210b", "indicator--558402bf-5b6c-42ef-bb00-3c43950d210b", "indicator--558402bf-af80-4867-85f7-3c43950d210b", "indicator--558402bf-e4e8-478d-9a78-3c43950d210b", "indicator--558402bf-c878-4e46-b3a5-3c43950d210b", "indicator--558402bf-eb84-409a-a91f-3c43950d210b", "indicator--558402c0-f4ac-4853-b9f2-3c43950d210b", "indicator--558402c0-c8c8-4146-8d67-3c43950d210b", "indicator--558402d1-1168-4081-9764-40cb950d210b", "indicator--558402d1-8728-4c63-b666-4bb0950d210b", "indicator--558402d1-5db0-450a-8238-4531950d210b", "indicator--558402d2-7fa4-45b2-9092-40c4950d210b", "indicator--558402e6-46b8-4b66-bd40-48ae950d210b", "indicator--558402e6-fdc8-488e-bada-4215950d210b", "indicator--558402e6-352c-4410-a787-44ee950d210b", "indicator--558402e6-bc9c-4373-8e9a-4407950d210b", "indicator--558402e6-2ef8-4a02-a503-4467950d210b", "indicator--558402e6-6e9c-4dc1-8ef3-4471950d210b", "indicator--558402e6-9574-4658-b57d-4262950d210b", "indicator--558402e7-c3b0-4ced-817d-4d96950d210b", "indicator--558402e7-87f8-4af2-b84d-4c0e950d210b", "indicator--558402e7-0cd0-4cd3-ac41-473c950d210b", "indicator--558402e7-1678-44f1-88ea-40ac950d210b", "indicator--558402e7-04fc-4d68-9e38-4d62950d210b", "indicator--558402e7-9d04-4d47-9b85-403c950d210b", "indicator--558402e7-827c-4c6d-9806-46d6950d210b", "indicator--558402e7-d76c-4921-920f-4ab9950d210b", "indicator--558402e8-5a50-4277-a1a2-4059950d210b", "indicator--558402e8-b1a8-4cfd-8d44-4f66950d210b", "indicator--558402e8-3efc-49c1-a9da-4a3b950d210b", "indicator--558402e8-70e0-43c3-af50-43bf950d210b", "indicator--558402e8-2c18-488a-abbb-49b4950d210b", "indicator--558402e8-996c-4d8b-b376-4e3f950d210b", "indicator--558402e8-1eb4-4376-90de-48bc950d210b", "indicator--558402e8-1780-4e73-bb89-44c4950d210b", "indicator--558402e9-fe50-472d-a268-4e02950d210b", "indicator--558402e9-2420-473f-822f-424d950d210b", "indicator--558402e9-ac18-4393-9718-4612950d210b", "indicator--558402e9-c654-4d94-af7e-4635950d210b", "indicator--558402e9-a140-4462-bf4c-4991950d210b", "indicator--558402e9-8e94-483b-8749-4228950d210b", "indicator--558402e9-39d8-4577-a33b-48a7950d210b", "indicator--558402ea-9524-4d8e-b5fc-41a8950d210b", "indicator--558402ea-6e68-432a-8130-4e27950d210b", "indicator--558402ea-fb74-4582-9e2f-4509950d210b", "indicator--558402ea-04b8-4e3d-a598-4092950d210b", "indicator--558402ea-95ac-4808-ad14-4b71950d210b", "indicator--558402ea-e4f8-4d3d-952d-48e2950d210b", "indicator--558402ea-a16c-445e-aa00-4c90950d210b", "indicator--558402ea-dc28-4a1c-a58d-47f4950d210b", "indicator--558402eb-fe08-43bf-8c64-4e9b950d210b", "indicator--558402eb-36dc-46c3-9955-4c7c950d210b", "observed-data--55840312-18e0-404b-a13e-40bf950d210b", "url--55840312-18e0-404b-a13e-40bf950d210b", "observed-data--55840312-5738-459a-b098-4c47950d210b", "url--55840312-5738-459a-b098-4c47950d210b", "observed-data--55840312-c6b0-4b62-a413-43c5950d210b", "url--55840312-c6b0-4b62-a413-43c5950d210b", "indicator--56c65f4d-5d64-4d16-86ac-59a0950d210f", "indicator--56c65f52-0110-4e54-ade3-42d6950d210f", "indicator--56c65f55-2930-47fa-9f20-59a4950d210f", "indicator--56c65f4e-e92c-431e-a309-40f2950d210f", "indicator--56c65f52-bfa4-4fee-a945-4083950d210f", "indicator--56c65f56-c348-471c-a9b9-475b950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--558401ed-4b28-4d86-86ff-777a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:41.000Z", "modified": "2015-06-19T11:54:41.000Z", "first_observed": "2015-06-19T11:54:41Z", "last_observed": "2015-06-19T11:54:41Z", "number_observed": 1, "object_refs": [ "url--558401ed-4b28-4d86-86ff-777a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--558401ed-4b28-4d86-86ff-777a950d210b", "value": "https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--558401f8-2f10-4f02-b885-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:50:16.000Z", "modified": "2015-06-19T11:50:16.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Poseidon" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--558401f8-59f0-41e3-a865-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:50:16.000Z", "modified": "2015-06-19T11:50:16.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Backoff" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840233-f934-48c2-b1bc-418f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:15.000Z", "modified": "2015-06-19T11:51:15.000Z", "description": "Loader", "pattern": "[url:value = 'https://Askyourspace.com/ldl01aef/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840233-e038-46fd-8df4-404b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:15.000Z", "modified": "2015-06-19T11:51:15.000Z", "description": "Loader", "pattern": "[url:value = 'https://firstcupworlds.com/ldl01zeg/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-7bc0-4b67-b901-4a45950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://followhell.ru/ldl01z/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-1358-4c99-a842-4f9b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://gorestforus.ru/ldl01987/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-f108-43ea-9e28-4d61950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://lacdileftre.ru/pes2/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-3488-41b1-9207-47d1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://linturefa.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-f124-4476-b097-4dd9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://linturefa.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-e688-4c41-8f8a-45ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://mehanistran.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-6350-474b-a5e6-4399950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://mifastubiv.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840234-9ca8-471d-8a60-4470950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:16.000Z", "modified": "2015-06-19T11:51:16.000Z", "description": "Loader", "pattern": "[url:value = 'https://petronasconn.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-b9fc-42d6-968f-4bf1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://queryforworld.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-aeb8-459c-9104-4d3a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://restavratormira.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-43a0-4f52-be8f-45b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://serfilefnom.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-d998-4fcc-81c5-49de950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://serppoglandam.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-ac40-4f29-8cbe-4c91950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://servelatmiru.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-d234-42d3-ac82-4344950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://spartanwore.com/ldl01srf/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840235-61bc-42fd-8468-4a3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:17.000Z", "modified": "2015-06-19T11:51:17.000Z", "description": "Loader", "pattern": "[url:value = 'https://srachechno.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-ff84-4bd9-a899-45a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://switlawert.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-2874-4cd4-99ed-42c3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://tabidzuwek.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-7ea8-4805-995e-408e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://tabidzuwek.ru/ldl01/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-6c4c-4c83-b91d-474a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://tabidzuwek.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-f280-4ffc-9658-44df950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://vesnarusural.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-53cc-42fb-9de6-4fa5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://weksrubaz.ru/ldl01/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-7dfc-4387-8151-4cdf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://weksrubaz.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840236-1c9c-48e9-990b-4d99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:18.000Z", "modified": "2015-06-19T11:51:18.000Z", "description": "Loader", "pattern": "[url:value = 'https://wertstumbahn.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840237-3634-40de-b3b1-4dbf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:19.000Z", "modified": "2015-06-19T11:51:19.000Z", "description": "Loader", "pattern": "[url:value = 'https://xablopefgr.com/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840237-707c-4fa2-abbc-4e50950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:19.000Z", "modified": "2015-06-19T11:51:19.000Z", "description": "Loader", "pattern": "[url:value = 'https://xablopefgr.ru/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55840237-93dc-4fae-8365-47a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:19.000Z", "modified": "2015-06-19T11:51:19.000Z", "description": "Loader", "pattern": "[url:value = '/ldl01/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024e-1a98-491e-97ab-44e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:42.000Z", "modified": "2015-06-19T11:51:42.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.41.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024e-3334-48a1-a34d-40b0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:42.000Z", "modified": "2015-06-19T11:51:42.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.166.168.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024e-8f88-4b9f-b3eb-42be950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:42.000Z", "modified": "2015-06-19T11:51:42.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-0b64-4c18-8939-491a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-6b54-4a87-9a68-464b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-7224-4143-bcb6-4601950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.171.202.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-c364-4d74-9e3d-4371950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.120.110.104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-fa88-4095-bac0-47fa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.244.32.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-80b0-495a-a48f-41b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.62.208.238']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-de54-42d4-8047-4da7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.230.220.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584024f-024c-4d70-ade5-4df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:51:43.000Z", "modified": "2015-06-19T11:51:43.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.246.98.85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:51:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027b-fb88-48cd-8089-4d30950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:27.000Z", "modified": "2015-06-19T11:52:27.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '164af045a08d718372dd6ecd34b746e7032127b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027b-5e68-4ea8-8e64-4285950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:27.000Z", "modified": "2015-06-19T11:52:27.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = 'd5ac494c02f47d79742b55bb9826363f1c5a656c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027b-8b00-4fc9-a7c8-4d58950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:27.000Z", "modified": "2015-06-19T11:52:27.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '05b124b5f33a65ebb7489cdbcb55eee1692049f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027b-dfb0-4708-803d-4ee1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:27.000Z", "modified": "2015-06-19T11:52:27.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '5e70840747264adee10bb298262207c8c25cff40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027b-d49c-4a3d-a853-432f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:27.000Z", "modified": "2015-06-19T11:52:27.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '3de607115b6f0372ad9d4d68c27a118eca463a11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027b-a2d8-44d6-abbc-4d7d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:27.000Z", "modified": "2015-06-19T11:52:27.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '4959d2bdb93f2a75fd92ebbb1de391e3ed72ac55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-01d4-48a6-aa02-4d65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = 'b542f06b600e4caf2c3089a1ebb3a68d9d0a8003']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-83e8-42f7-bb2d-4197950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '8cfbfa37d31bcdeba00f0cab1509f93feec43e37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-8150-4c6d-89a1-4495950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '0d9a8b1c179e705f589f84a4ee3d635fe4ecf4f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-8c38-4201-9162-4ef5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '1be1781de69d6d6e8e749538c28dd0a5bff9a2bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-9164-4af3-8ae7-40b6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '2b53394dad68bfc2a22d710259cb922d44799282']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-83a8-45f8-a635-498e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '8b83112e29b4c51ad5e63c4e7c4dc3cd6065e6d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027c-63d8-4bda-8638-424f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:28.000Z", "modified": "2015-06-19T11:52:28.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '1a7f93af47c4ddd9e9c52e39d6b388ce6bc86a7f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-ab24-410f-a38c-4559950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '6e45ba4be815ee0f2f8954a05b3f79ffa52bbce2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-ee40-4d99-baf1-4803950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '8b2455854fdd9907c601a4b00703f9aa6ec62408']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-aa6c-4ee8-9dbc-4b40950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '47430cf79c6d01abe6630e4c08d3fc821040069e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-364c-4099-acb3-4b68950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '7dd0e3ae8bd7a69789d6117fb3e64926e4baad53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-47f0-441e-845d-4e2e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '82189618784f98846bac2139ebe3d3839fe855e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-14e8-4706-ba4b-49d6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '11b3a6866c153c0ed266b5d6e151217299fba3ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-f864-402c-94d2-43e9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '837ac1eaea0ae07fda97e659d55996d09d8485da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027d-a188-4a70-b151-4239950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:29.000Z", "modified": "2015-06-19T11:52:29.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '1770d90d828b01a46ab4e39257db28f0a00f2cd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027e-86b4-4ca7-8159-4e07950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:30.000Z", "modified": "2015-06-19T11:52:30.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '02a39351450616c624a7d06ae2e91fbad2515bfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027e-aad0-453f-a08b-4f0d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:30.000Z", "modified": "2015-06-19T11:52:30.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = '415132ffccbb95856db3acb3c3648244864a0586']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5584027e-3edc-4f37-b415-46cd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:52:30.000Z", "modified": "2015-06-19T11:52:30.000Z", "description": "Loader", "pattern": "[file:hashes.SHA1 = 'bc244f41938cbdc419590b34f74b8f4a88a73104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:52:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bd-5260-4854-be21-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:33.000Z", "modified": "2015-06-19T11:53:33.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://apporistale.com/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bd-f788-458f-b534-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:33.000Z", "modified": "2015-06-19T11:53:33.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://dingdownmahedt.ru/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bd-caa4-4a7b-8967-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:33.000Z", "modified": "2015-06-19T11:53:33.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://dinghareun.ru/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bd-3034-4b0a-98f6-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:33.000Z", "modified": "2015-06-19T11:53:33.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://dreplicag.ru/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-1650-40a4-b2f3-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://ferepritdi.ru/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-ef7c-4275-af7f-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://fimzusoln.ru/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-b3c0-429a-a0fa-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://horticartf.com/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-6ca8-4ef2-b9bd-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://howthatficy.ru/pes19/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-ba80-4838-bb51-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://kilaxuntf.ru/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-5dc8-4fdf-8ea9-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://lasttrainforest.com/pes19/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-6b98-4a9d-9c18-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://newdomainreservenow.ru/pes9/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402be-c43c-4e18-8fb1-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:34.000Z", "modified": "2015-06-19T11:53:34.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://p9yhenm.ru/pes9/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-5710-406f-8961-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://quartlet.com/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-cbe4-420a-9a81-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://rabbutdownlitt.ru/pes19/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-c034-4e5f-bdbf-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://refherssuce.ru/pes19/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-5b6c-42ef-bb00-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://reswahatce.ru/pes19/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-af80-4867-85f7-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://terethaundv.ru/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-e4e8-478d-9a78-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://wetguqan.ru/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-c878-4e46-b3a5-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://xoftunhbyirf.tk/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402bf-eb84-409a-a91f-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:35.000Z", "modified": "2015-06-19T11:53:35.000Z", "description": "Exfiltration", "pattern": "[url:value = '/pes18/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402c0-f4ac-4853-b9f2-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:36.000Z", "modified": "2015-06-19T11:53:36.000Z", "description": "Exfiltration", "pattern": "[url:value = '/pes13/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402c0-c8c8-4146-8d67-3c43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:36.000Z", "modified": "2015-06-19T11:53:36.000Z", "description": "Exfiltration", "pattern": "[url:value = '/pes19/viewtopic.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402d1-1168-4081-9764-40cb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:53.000Z", "modified": "2015-06-19T11:53:53.000Z", "description": "Exfiltration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.40.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402d1-8728-4c63-b666-4bb0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:53.000Z", "modified": "2015-06-19T11:53:53.000Z", "description": "Exfiltration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402d1-5db0-450a-8238-4531950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:53.000Z", "modified": "2015-06-19T11:53:53.000Z", "description": "Exfiltration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.220.131.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402d2-7fa4-45b2-9092-40c4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:53:54.000Z", "modified": "2015-06-19T11:53:54.000Z", "description": "Exfiltration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.199.73.152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:53:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-46b8-4b66-bd40-48ae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '16cc234cdd9b180801e79d0b4beb0d88462911c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-fdc8-488e-bada-4215950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '0417922ec0503730297c167abcefcb4bdadcf8d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-352c-4410-a787-44ee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '5531d79887f9fd8491596c4ac39a46e2df3e3b19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-bc9c-4373-8e9a-4407950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'f3420cb99c4689bd613f8195571f5dcb417e6d22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-2ef8-4a02-a503-4467950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '0e8827796ea18b18891a2015bc000776664ebff4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-6e9c-4dc1-8ef3-4471950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '17a2c61bf5c49d465a527625cd3e73c60afc07a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e6-9574-4658-b57d-4262950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:14.000Z", "modified": "2015-06-19T11:54:14.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '1c22a10c198257316a41e3f7d6f8ad4c40f05e5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-c3b0-4ced-817d-4d96950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '21ef25799050ca8360cb6f8679fc90bd9af8a9de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-87f8-4af2-b84d-4c0e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '24ddc01f6446f3970fb1b895cb7fced9d9ab6328']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-0cd0-4cd3-ac41-473c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '26495828c9a7bb33328b54f772fb1bbd06f6106e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-1678-44f1-88ea-40ac950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '29c29b4d3b81d054dc1d4adea63d606e04663c95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-04fc-4d68-9e38-4d62950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '2d29baaebaf719d284a9ee4eb0192934ae0f91ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-9d04-4d47-9b85-403c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '303ced5245f0efe080a945d269ec94b2972cbee6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-827c-4c6d-9806-46d6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '31a7ae4d92cf742f447396a197a5ba722e672f05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e7-d76c-4921-920f-4ab9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:15.000Z", "modified": "2015-06-19T11:54:15.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '3a800f25408c679f337b6899dca137db66fead66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-5a50-4277-a1a2-4059950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '3c97379ea625a584b91c63b8d9286d6182d61ea2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-b1a8-4cfd-8d44-4f66950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '40eb76aa1c1cd58db621cf21d27b26b33cce5f8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-3efc-49c1-a9da-4a3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '41a1c644af30dc4caae59a22dc94bed18e8736de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-70e0-43c3-af50-43bf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '47eda908dd3757d66409e6f3a6225ca1cd03fa2c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-2c18-488a-abbb-49b4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '66244a0d24231839333e8ce970b6ab1b3ad469b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-996c-4d8b-b376-4e3f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '6f6dc9f09c593a57cf9ef658d2447da9c56fbbb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-1eb4-4376-90de-48bc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '723af5e6d126021aa0d8032a4cc45da5bedbe946']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e8-1780-4e73-bb89-44c4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:16.000Z", "modified": "2015-06-19T11:54:16.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '7915d8736770d4ead4c10304bd54ad72a1120afe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-fe50-472d-a268-4e02950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '884f02ea7e0da210a3d62a347a43c0079cb5218a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-2420-473f-822f-424d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '8ab3bd0c323ef967245bd7756070733f3386eb45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-ac18-4393-9718-4612950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '8f57a662898f5eec84b9fd06da21354184c67f5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-c654-4d94-af7e-4635950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = '9391c66dd409a2908c54f573c975d1a2053f5b8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-a140-4462-bf4c-4991950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'aa90a93833cb1171e9e213ba73928d32c546c1fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-8e94-483b-8749-4228950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'aded4e686227c932c77fe158ec18251aad4d7097']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402e9-39d8-4577-a33b-48a7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:17.000Z", "modified": "2015-06-19T11:54:17.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'ba983efd45dc4a21c34a9be4273fd82d27768267']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-9524-4d8e-b5fc-41a8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'bad699af3fc8fda8e8cd271aac8a018c5faa3748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-6e68-432a-8130-4e27950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'c0c6fd8b23e627188814cd36ea7a6a5d9f1391e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-fb74-4582-9e2f-4509950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'c3120212263c7d272b5664fbd33291d46f5357ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-04b8-4e3d-a598-4092950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'c78130f95c4c4db31585521ce4668f962b7385df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-95ac-4808-ad14-4b71950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'd28c053075b2636e8b217f439f15565abe26f569']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-e4f8-4d3d-952d-48e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'e0158ac0ced198dad89220c2063bbfed515f60fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-a16c-445e-aa00-4c90950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'e51ac9b4180ed0045e690dd09bfe3a69af3b8a0c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402ea-dc28-4a1c-a58d-47f4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:18.000Z", "modified": "2015-06-19T11:54:18.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'edb3a9ab30702d1750a3ec5cfd37893af329e788']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402eb-fe08-43bf-8c64-4e9b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:19.000Z", "modified": "2015-06-19T11:54:19.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'f1dca78808b7f32ef817bd36e2b250e9c7d736b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558402eb-36dc-46c3-9955-4c7c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:19.000Z", "modified": "2015-06-19T11:54:19.000Z", "description": "Exfiltration", "pattern": "[file:hashes.SHA1 = 'f562eaed7ddbfb1eee7e95417b54556cabd55c36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-19T11:54:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55840312-18e0-404b-a13e-40bf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:58.000Z", "modified": "2015-06-19T11:54:58.000Z", "first_observed": "2015-06-19T11:54:58Z", "last_observed": "2015-06-19T11:54:58Z", "number_observed": 1, "object_refs": [ "url--55840312-18e0-404b-a13e-40bf950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55840312-18e0-404b-a13e-40bf950d210b", "value": "http://blogs.cisco.com/security/talos/poseidon" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55840312-5738-459a-b098-4c47950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:58.000Z", "modified": "2015-06-19T11:54:58.000Z", "first_observed": "2015-06-19T11:54:58Z", "last_observed": "2015-06-19T11:54:58Z", "number_observed": 1, "object_refs": [ "url--55840312-5738-459a-b098-4c47950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55840312-5738-459a-b098-4c47950d210b", "value": "https://blogs.rsa.com/attacking-a-pos-supply-chain-part-1/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55840312-c6b0-4b62-a413-43c5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-19T11:54:58.000Z", "modified": "2015-06-19T11:54:58.000Z", "first_observed": "2015-06-19T11:54:58Z", "last_observed": "2015-06-19T11:54:58Z", "number_observed": 1, "object_refs": [ "url--55840312-c6b0-4b62-a413-43c5950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55840312-c6b0-4b62-a413-43c5950d210b", "value": "https://live.paloaltonetworks.com/community/kb/blog/2015/03/25/findpos-new-pos-malware-family-discovered" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f4d-5d64-4d16-86ac-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:18:21.000Z", "modified": "2016-02-19T00:18:21.000Z", "description": "Automatically added (via 8cfbfa37d31bcdeba00f0cab1509f93feec43e37)", "pattern": "[file:hashes.MD5 = 'f4a4e8d2c64e0b739c9c0d2ad8c974fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f52-0110-4e54-ade3-42d6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:18:26.000Z", "modified": "2016-02-19T00:18:26.000Z", "description": "Automatically added (via 16cc234cdd9b180801e79d0b4beb0d88462911c0)", "pattern": "[file:hashes.MD5 = '84f001ad1d9d54b4c4a841ea325fb709']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f55-2930-47fa-9f20-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:18:29.000Z", "modified": "2016-02-19T00:18:29.000Z", "description": "Automatically added (via 723af5e6d126021aa0d8032a4cc45da5bedbe946)", "pattern": "[file:hashes.MD5 = '657151a09c4c7de7df5b646f82458359']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:18:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f4e-e92c-431e-a309-40f2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:18:22.000Z", "modified": "2016-02-19T00:18:22.000Z", "description": "Automatically added (via 8cfbfa37d31bcdeba00f0cab1509f93feec43e37)", "pattern": "[file:hashes.SHA256 = 'fd248aea67c258190bfd1a7b7c2921a41ecb54658ec61c36b74225bb45718dae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f52-bfa4-4fee-a945-4083950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:18:26.000Z", "modified": "2016-02-19T00:18:26.000Z", "description": "Automatically added (via 16cc234cdd9b180801e79d0b4beb0d88462911c0)", "pattern": "[file:hashes.SHA256 = '28ca8bd8a86a3f7f3e501c4dcdf5476f9bda4bbfb91143958d5b168fc15eb391']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f56-c348-471c-a9b9-475b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:18:30.000Z", "modified": "2016-02-19T00:18:30.000Z", "description": "Automatically added (via 723af5e6d126021aa0d8032a4cc45da5bedbe946)", "pattern": "[file:hashes.SHA256 = '7fc34118034db941a4aaeaecc3bf0bbdb415a070b2fcedd225adc11f970c7037']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:18:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }