{ "type": "bundle", "id": "bundle--55a8d7b5-9ab8-476f-982f-1e08950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:23:29.000Z", "modified": "2017-06-22T20:23:29.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55a8d7b5-9ab8-476f-982f-1e08950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:23:29.000Z", "modified": "2017-06-22T20:23:29.000Z", "name": "OSINT Tracking MiniDionis: CozyCar\u00e2\u20ac\u2122s New Ride Is Related to Seaduke by Unit 42 Palo Alto Networks", "published": "2017-06-22T20:23:40Z", "object_refs": [ "observed-data--55a8d7c6-d244-4227-b722-0a95950d210b", "url--55a8d7c6-d244-4227-b722-0a95950d210b", "x-misp-attribute--55a8d832-0574-4fca-b203-1e12950d210b", "x-misp-attribute--55a8d832-74ec-4410-931a-1e12950d210b", "x-misp-attribute--55a8d833-47ac-4cdd-80c3-1e12950d210b", "x-misp-attribute--55a8d833-e4e0-452f-85fb-1e12950d210b", "x-misp-attribute--55a8d833-eb14-47be-9ec2-1e12950d210b", "indicator--55a8d87d-d740-4af4-9c4f-1e09950d210b", "indicator--55a8d87d-603c-4816-b9c6-1e09950d210b", "indicator--55a8d87d-9660-4f64-8346-1e09950d210b", "indicator--55a8d87d-0ce4-4c7f-8336-1e09950d210b", "indicator--55a8d87d-ccbc-4df1-9291-1e09950d210b", "indicator--55a8d87e-6ecc-456d-a0b3-1e09950d210b", "indicator--55a8d87e-dcc8-4977-b1a7-1e09950d210b", "indicator--55a8d87e-24e8-45ca-8571-1e09950d210b", "indicator--55a8d87e-70bc-4f1e-95c6-1e09950d210b", "indicator--55a8d87e-2ea8-49b5-a63b-1e09950d210b", "indicator--55a8d87e-86fc-45ce-ad84-1e09950d210b", "indicator--55a8d87f-7f78-4cad-8b76-1e09950d210b", "indicator--55a8d87f-dfac-48e8-b766-1e09950d210b", "indicator--55a8d87f-d488-4f87-bebd-1e09950d210b", "indicator--55a8d87f-eae4-4101-ab07-1e09950d210b", "indicator--55a8d87f-c3fc-45a3-9f6d-1e09950d210b", "indicator--55a8d87f-ad60-40f8-a44f-1e09950d210b", "indicator--55a8d880-220c-4416-9802-1e09950d210b", "indicator--55a8d880-1360-4bd0-8009-1e09950d210b", "indicator--55a8d880-16a8-4a6e-9146-1e09950d210b", "indicator--55a8d880-2520-4091-8ed7-1e09950d210b", "indicator--55a8d880-a864-4c08-8561-1e09950d210b", "indicator--55a8d880-31cc-4873-abb6-1e09950d210b", "indicator--55a8d881-34fc-4888-8f09-1e09950d210b", "indicator--55a8d881-e6b4-4bb7-8954-1e09950d210b", "indicator--55a8d881-ed1c-4ea2-87c6-1e09950d210b", "indicator--55a8d881-6f18-4bda-b8c8-1e09950d210b", "indicator--55a8d881-afa0-4770-ba27-1e09950d210b", "indicator--55a8d882-c3e4-44cf-a492-1e09950d210b", "indicator--55a8d882-59cc-4c5e-ae3c-1e09950d210b", "indicator--55a8d882-ee38-44af-a76b-1e09950d210b", "indicator--55a8d882-aba8-45bf-b05f-1e09950d210b", "indicator--55a8d882-c450-48f3-a2e2-1e09950d210b", "indicator--55a8d882-90a8-4a2c-803b-1e09950d210b", "indicator--55a8d883-95ec-4b82-81ce-1e09950d210b", "indicator--55a8d883-4e34-4bc9-a3a6-1e09950d210b", "indicator--55a8d883-4340-4526-9fba-1e09950d210b", "indicator--55a8d883-fbec-4b6e-98da-1e09950d210b", "indicator--56c66199-f660-442d-a56f-4018950d210f", "indicator--56c6619b-364c-483a-a98c-5f51950d210f", "indicator--56c6619d-dd70-4f78-a6df-c654950d210f", "indicator--56c6619f-0140-465a-b935-46c4950d210f", "indicator--56c661a1-c460-4e63-a598-c654950d210f", "indicator--56c661a3-ad2c-4aa9-8031-449f950d210f", "indicator--56c661a5-2f24-4f16-b1f8-59a0950d210f", "indicator--56c661a7-1cd8-42a2-96bf-c650950d210f", "indicator--56c661a8-987c-466c-bb08-4061950d210f", "indicator--56c661aa-4af8-44cd-89fc-44f9950d210f", "indicator--56c661ac-0bc8-47b1-b16e-5f51950d210f", "indicator--56c661ad-50e4-40bc-86ff-4c1e950d210f", "indicator--56c661af-bedc-4409-b7aa-59a3950d210f", "indicator--56c661b1-73dc-43df-8956-599c950d210f", "indicator--56c661b3-c16c-46ec-aa81-413e950d210f", "indicator--56c661b4-cec0-4654-8680-c650950d210f", "indicator--56c661b6-a010-4c3b-a8e1-5f51950d210f", "indicator--56c6619b-541c-4004-b18c-59a1950d210f", "indicator--56c6619c-dd34-4525-9a1f-599f950d210f", "indicator--56c6619e-e154-4934-9b79-59a0950d210f", "indicator--56c661a0-a904-4b8f-bea4-599d950d210f", "indicator--56c661a2-f110-4175-982b-59a1950d210f", "indicator--56c661a4-7468-4e15-b617-599c950d210f", "indicator--56c661a6-9430-40a4-bf62-c654950d210f", "indicator--56c661a8-5908-4640-9e06-59a2950d210f", "indicator--56c661a9-ccd0-498e-8683-59a0950d210f", "indicator--56c661ab-a3c4-4e42-aa11-599c950d210f", "indicator--56c661ac-cb0c-4467-8401-599f950d210f", "indicator--56c661ae-d8c4-4040-a829-59a1950d210f", "indicator--56c661b0-91ec-4b98-a0d3-47f2950d210f", "indicator--56c661b2-b4b8-45a2-9a03-59a0950d210f", "indicator--56c661b4-b8e0-4a13-a360-599e950d210f", "indicator--56c661b5-f4cc-4409-91a3-59a2950d210f", "indicator--56c661b7-ceb0-46b5-9f45-5ca1950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "misp-galaxy:threat-actor=\"APT 29\"", "misp-galaxy:tool=\"Trojan.Seaduke\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55a8d7c6-d244-4227-b722-0a95950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:24:06.000Z", "modified": "2015-07-17T10:24:06.000Z", "first_observed": "2015-07-17T10:24:06Z", "last_observed": "2015-07-17T10:24:06Z", "number_observed": 1, "object_refs": [ "url--55a8d7c6-d244-4227-b722-0a95950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55a8d7c6-d244-4227-b722-0a95950d210b", "value": "http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55a8d832-0574-4fca-b203-1e12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:25:54.000Z", "modified": "2015-07-17T10:25:54.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "CozyCar" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55a8d832-74ec-4410-931a-1e12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:25:54.000Z", "modified": "2015-07-17T10:25:54.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Cozy Car" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55a8d833-47ac-4cdd-80c3-1e12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:25:55.000Z", "modified": "2015-07-17T10:25:55.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Seaduke" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55a8d833-e4e0-452f-85fb-1e12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:25:55.000Z", "modified": "2015-07-17T10:25:55.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Mini Dionis" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55a8d833-eb14-47be-9ec2-1e12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:25:55.000Z", "modified": "2015-07-17T10:25:55.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Minidionis" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87d-d740-4af4-9c4f-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:09.000Z", "modified": "2015-07-17T10:27:09.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ff.whitebirchpaper.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87d-603c-4816-b9c6-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:09.000Z", "modified": "2015-07-17T10:27:09.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'visionresearch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87d-9660-4f64-8346-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:09.000Z", "modified": "2015-07-17T10:27:09.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'betawebservices.ntnonline.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87d-0ce4-4c7f-8336-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:09.000Z", "modified": "2015-07-17T10:27:09.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'staff.shasta.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87d-ccbc-4df1-9291-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:09.000Z", "modified": "2015-07-17T10:27:09.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'extranet.qualityplanning.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87e-6ecc-456d-a0b3-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:10.000Z", "modified": "2015-07-17T10:27:10.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'secure.hgl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87e-dcc8-4977-b1a7-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:10.000Z", "modified": "2015-07-17T10:27:10.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'illuminatistudios.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87e-24e8-45ca-8571-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:10.000Z", "modified": "2015-07-17T10:27:10.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.254.16.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87e-70bc-4f1e-95c6-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:10.000Z", "modified": "2015-07-17T10:27:10.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.226.132.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87e-2ea8-49b5-a63b-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:10.000Z", "modified": "2015-07-17T10:27:10.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.228.193.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87e-86fc-45ce-ad84-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:10.000Z", "modified": "2015-07-17T10:27:10.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '01039a95e0a14767784acc8f07035935']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87f-7f78-4cad-8b76-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:11.000Z", "modified": "2015-07-17T10:27:11.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '0f9534b63cb7af1e3aa34839d7d6e632']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87f-dfac-48e8-b766-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:11.000Z", "modified": "2015-07-17T10:27:11.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '2e64131c0426a18c1c363ec69ae6b5f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87f-d488-4f87-bebd-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:11.000Z", "modified": "2015-07-17T10:27:11.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '70f5574e4e7ad360f4f5c2117a7a1ca7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87f-eae4-4101-ab07-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:11.000Z", "modified": "2015-07-17T10:27:11.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '1dd593ad084e1526c8facce834b0e124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87f-c3fc-45a3-9f6d-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:11.000Z", "modified": "2015-07-17T10:27:11.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '42ffc84c6381a18b1f6d000b94c74b09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d87f-ad60-40f8-a44f-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:11.000Z", "modified": "2015-07-17T10:27:11.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '719cf63a3922953ceaca6fb4dbed6584']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d880-220c-4416-9802-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:12.000Z", "modified": "2015-07-17T10:27:12.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'f415470b9f0edc1298b1f6ae75dfaf31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d880-1360-4bd0-8009-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:12.000Z", "modified": "2015-07-17T10:27:12.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'ca770a4c9881afcd610aad30aa53f651']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d880-16a8-4a6e-9146-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:12.000Z", "modified": "2015-07-17T10:27:12.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '24083e6186bc773cd9c2e70a49309763']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d880-2520-4091-8ed7-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:12.000Z", "modified": "2015-07-17T10:27:12.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'b0a9a175e2407352214b2d005253bc0c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d880-a864-4c08-8561-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:12.000Z", "modified": "2015-07-17T10:27:12.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'b55628a605a5dfb5005c44220ae03b8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d880-31cc-4873-abb6-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:12.000Z", "modified": "2015-07-17T10:27:12.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '26bd36cc57e30656363ca89910579f63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d881-34fc-4888-8f09-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:13.000Z", "modified": "2015-07-17T10:27:13.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'a9c045c401afb9766e2ca838dc6f47a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d881-e6b4-4bb7-8954-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:13.000Z", "modified": "2015-07-17T10:27:13.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'f8cb10b2ee8af6c5555e9cf3701b845f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d881-ed1c-4ea2-87c6-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:13.000Z", "modified": "2015-07-17T10:27:13.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'c8b49b42e6ebb6b977ce7001b6bd96c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d881-6f18-4bda-b8c8-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:13.000Z", "modified": "2015-07-17T10:27:13.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '030da7510113c28ee68df8a19c643bb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d881-afa0-4770-ba27-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:13.000Z", "modified": "2015-07-17T10:27:13.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'e07ef8ffe965ec8b72041ddf9527cac4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d882-c3e4-44cf-a492-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:14.000Z", "modified": "2015-07-17T10:27:14.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '4cbd9a0832dcf23867b092de37c10d9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d882-59cc-4c5e-ae3c-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:14.000Z", "modified": "2015-07-17T10:27:14.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '3a04a5d7ed785daa16f4ebfd3acf0867']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d882-ee38-44af-a76b-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:14.000Z", "modified": "2015-07-17T10:27:14.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '9018fa0826f237342471895f315dbf39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d882-aba8-45bf-b05f-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:14.000Z", "modified": "2015-07-17T10:27:14.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '98613ecb3afde5fc48ca4204f8363f1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d882-c450-48f3-a2e2-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:14.000Z", "modified": "2015-07-17T10:27:14.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'e00bf9b8261410744c10ae3fe2ce9049']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d882-90a8-4a2c-803b-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:14.000Z", "modified": "2015-07-17T10:27:14.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '51ea28f4f3fa794d5b207475897b1eef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d883-95ec-4b82-81ce-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:15.000Z", "modified": "2015-07-17T10:27:15.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '3195110045f64a3c83fc3e043c46d253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d883-4e34-4bc9-a3a6-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:15.000Z", "modified": "2015-07-17T10:27:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'connectads.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d883-4340-4526-9fba-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:15.000Z", "modified": "2015-07-17T10:27:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'kane-consulting.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55a8d883-fbec-4b6e-98da-1e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-17T10:27:15.000Z", "modified": "2015-07-17T10:27:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'edadmin.kearsney.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-17T10:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66199-f660-442d-a56f-4018950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:09.000Z", "modified": "2016-02-19T00:28:09.000Z", "description": "Automatically added (via 0f9534b63cb7af1e3aa34839d7d6e632)", "pattern": "[file:hashes.SHA1 = '890b943ba5c43b74ad2965874a21c7ef4ba896ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6619b-364c-483a-a98c-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:11.000Z", "modified": "2016-02-19T00:28:11.000Z", "description": "Automatically added (via 2e64131c0426a18c1c363ec69ae6b5f2)", "pattern": "[file:hashes.SHA1 = '6c95cdbe7d3c65104abd0912aa7dc99099887030']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6619d-dd70-4f78-a6df-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:13.000Z", "modified": "2016-02-19T00:28:13.000Z", "description": "Automatically added (via 70f5574e4e7ad360f4f5c2117a7a1ca7)", "pattern": "[file:hashes.SHA1 = '84ba6b6a0a3999c0932f35298948f149ee05bc02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6619f-0140-465a-b935-46c4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:15.000Z", "modified": "2016-02-19T00:28:15.000Z", "description": "Automatically added (via 42ffc84c6381a18b1f6d000b94c74b09)", "pattern": "[file:hashes.SHA1 = '47f26990d063c947debbde0e10bd267fb0f32719']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a1-c460-4e63-a598-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:17.000Z", "modified": "2016-02-19T00:28:17.000Z", "description": "Automatically added (via 719cf63a3922953ceaca6fb4dbed6584)", "pattern": "[file:hashes.SHA1 = 'f19873b6d0db1d2dde9134d69f5e2d5f6b939aa7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a3-ad2c-4aa9-8031-449f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:19.000Z", "modified": "2016-02-19T00:28:19.000Z", "description": "Automatically added (via b0a9a175e2407352214b2d005253bc0c)", "pattern": "[file:hashes.SHA1 = 'cc15924d37e36060faa405e5fa8f6ca15a3cace2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a5-2f24-4f16-b1f8-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:21.000Z", "modified": "2016-02-19T00:28:21.000Z", "description": "Automatically added (via a9c045c401afb9766e2ca838dc6f47a4)", "pattern": "[file:hashes.SHA1 = '7b8851f98f765038f275489c69a485e1bed4f82d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a7-1cd8-42a2-96bf-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:23.000Z", "modified": "2016-02-19T00:28:23.000Z", "description": "Automatically added (via c8b49b42e6ebb6b977ce7001b6bd96c8)", "pattern": "[file:hashes.SHA1 = '9eae02e8d4bc405afd78dd364e96650f3608bf3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a8-987c-466c-bb08-4061950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:24.000Z", "modified": "2016-02-19T00:28:24.000Z", "description": "Automatically added (via 030da7510113c28ee68df8a19c643bb0)", "pattern": "[file:hashes.SHA1 = '4f977debaa25925e82f254080e8f7c42b70cb669']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661aa-4af8-44cd-89fc-44f9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:26.000Z", "modified": "2016-02-19T00:28:26.000Z", "description": "Automatically added (via e07ef8ffe965ec8b72041ddf9527cac4)", "pattern": "[file:hashes.SHA1 = '71031ebb535923722c8fcfdcba127e4fdef24f49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661ac-0bc8-47b1-b16e-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:28.000Z", "modified": "2016-02-19T00:28:28.000Z", "description": "Automatically added (via 4cbd9a0832dcf23867b092de37c10d9d)", "pattern": "[file:hashes.SHA1 = '38dd05b9cc892491347f4347870a6b77d9aea856']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661ad-50e4-40bc-86ff-4c1e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:29.000Z", "modified": "2016-02-19T00:28:29.000Z", "description": "Automatically added (via 3a04a5d7ed785daa16f4ebfd3acf0867)", "pattern": "[file:hashes.SHA1 = '10b31a17449705be20890ddd8ad97a2feb093674']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661af-bedc-4409-b7aa-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:31.000Z", "modified": "2016-02-19T00:28:31.000Z", "description": "Automatically added (via 9018fa0826f237342471895f315dbf39)", "pattern": "[file:hashes.SHA1 = '910dfe45905b63c12c6f93193f5dc08f5b012bc3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b1-73dc-43df-8956-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:33.000Z", "modified": "2016-02-19T00:28:33.000Z", "description": "Automatically added (via 98613ecb3afde5fc48ca4204f8363f1d)", "pattern": "[file:hashes.SHA1 = '5875e9e27607aab5d39e312cd141d8941b077462']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b3-c16c-46ec-aa81-413e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:35.000Z", "modified": "2016-02-19T00:28:35.000Z", "description": "Automatically added (via e00bf9b8261410744c10ae3fe2ce9049)", "pattern": "[file:hashes.SHA1 = '44403a3e51e337c1372b0becdab74313125452c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b4-cec0-4654-8680-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:36.000Z", "modified": "2016-02-19T00:28:36.000Z", "description": "Automatically added (via 51ea28f4f3fa794d5b207475897b1eef)", "pattern": "[file:hashes.SHA1 = '9eef49fc724b9f40be795a80bc6363eb0c6b6dd6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b6-a010-4c3b-a8e1-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:38.000Z", "modified": "2016-02-19T00:28:38.000Z", "description": "Automatically added (via 3195110045f64a3c83fc3e043c46d253)", "pattern": "[file:hashes.SHA1 = 'd7f7aef824265136ad077ae4f874d265ae45a6b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6619b-541c-4004-b18c-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:11.000Z", "modified": "2016-02-19T00:28:11.000Z", "description": "Automatically added (via 0f9534b63cb7af1e3aa34839d7d6e632)", "pattern": "[file:hashes.SHA256 = '08b410d359ec2d6cab73bd6c0be138d9bdc475e3f63fec65794a74e5d5958b3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6619c-dd34-4525-9a1f-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:12.000Z", "modified": "2016-02-19T00:28:12.000Z", "description": "Automatically added (via 2e64131c0426a18c1c363ec69ae6b5f2)", "pattern": "[file:hashes.SHA256 = '26fdc7682cf367d4d1e635a40beab0762cee43978a0f86867be03aab81244107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6619e-e154-4934-9b79-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:14.000Z", "modified": "2016-02-19T00:28:14.000Z", "description": "Automatically added (via 70f5574e4e7ad360f4f5c2117a7a1ca7)", "pattern": "[file:hashes.SHA256 = 'a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a0-a904-4b8f-bea4-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:16.000Z", "modified": "2016-02-19T00:28:16.000Z", "description": "Automatically added (via 42ffc84c6381a18b1f6d000b94c74b09)", "pattern": "[file:hashes.SHA256 = 'c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a2-f110-4175-982b-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:18.000Z", "modified": "2016-02-19T00:28:18.000Z", "description": "Automatically added (via 719cf63a3922953ceaca6fb4dbed6584)", "pattern": "[file:hashes.SHA256 = 'a544aa392c1f519aebdb2a7b6dc23290082b7f7103c7e3022af35dfd6bc10dde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a4-7468-4e15-b617-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:20.000Z", "modified": "2016-02-19T00:28:20.000Z", "description": "Automatically added (via b0a9a175e2407352214b2d005253bc0c)", "pattern": "[file:hashes.SHA256 = '6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a6-9430-40a4-bf62-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:22.000Z", "modified": "2016-02-19T00:28:22.000Z", "description": "Automatically added (via a9c045c401afb9766e2ca838dc6f47a4)", "pattern": "[file:hashes.SHA256 = 'd3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a8-5908-4640-9e06-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:24.000Z", "modified": "2016-02-19T00:28:24.000Z", "description": "Automatically added (via c8b49b42e6ebb6b977ce7001b6bd96c8)", "pattern": "[file:hashes.SHA256 = '93ecd67c6102802e2e058eac512a2c75434912c28dc2eae6c108451272008bc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661a9-ccd0-498e-8683-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:25.000Z", "modified": "2016-02-19T00:28:25.000Z", "description": "Automatically added (via 030da7510113c28ee68df8a19c643bb0)", "pattern": "[file:hashes.SHA256 = '7b3e344ea44a9b5fdcee89818435d377b4413e704f8c2ef5522a0255bd4eca74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661ab-a3c4-4e42-aa11-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:27.000Z", "modified": "2016-02-19T00:28:27.000Z", "description": "Automatically added (via e07ef8ffe965ec8b72041ddf9527cac4)", "pattern": "[file:hashes.SHA256 = '502e42dc99873c52c3ca11dd3df25aad40d2b083069e8c22dd45da887f81d14d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661ac-cb0c-4467-8401-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:28.000Z", "modified": "2016-02-19T00:28:28.000Z", "description": "Automatically added (via 4cbd9a0832dcf23867b092de37c10d9d)", "pattern": "[file:hashes.SHA256 = '2a36823323b857921d056c0161fc15d47f29b7513443346a0aeb537cbf437f0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661ae-d8c4-4040-a829-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:30.000Z", "modified": "2016-02-19T00:28:30.000Z", "description": "Automatically added (via 3a04a5d7ed785daa16f4ebfd3acf0867)", "pattern": "[file:hashes.SHA256 = 'ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b0-91ec-4b98-a0d3-47f2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:32.000Z", "modified": "2016-02-19T00:28:32.000Z", "description": "Automatically added (via 9018fa0826f237342471895f315dbf39)", "pattern": "[file:hashes.SHA256 = 'ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b2-b4b8-45a2-9a03-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:34.000Z", "modified": "2016-02-19T00:28:34.000Z", "description": "Automatically added (via 98613ecb3afde5fc48ca4204f8363f1d)", "pattern": "[file:hashes.SHA256 = '7f8d8992dda6a48c54234e76cf0a0f445842aea1cd91d3252185c7b436e51cde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b4-b8e0-4a13-a360-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:36.000Z", "modified": "2016-02-19T00:28:36.000Z", "description": "Automatically added (via e00bf9b8261410744c10ae3fe2ce9049)", "pattern": "[file:hashes.SHA256 = '56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b5-f4cc-4409-91a3-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:37.000Z", "modified": "2016-02-19T00:28:37.000Z", "description": "Automatically added (via 51ea28f4f3fa794d5b207475897b1eef)", "pattern": "[file:hashes.SHA256 = 'ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c661b7-ceb0-46b5-9f45-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:28:39.000Z", "modified": "2016-02-19T00:28:39.000Z", "description": "Automatically added (via 3195110045f64a3c83fc3e043c46d253)", "pattern": "[file:hashes.SHA256 = '88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:28:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }