{ "type": "bundle", "id": "bundle--55c279fc-e814-4915-96dd-4f19950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-15T19:32:15.000Z", "modified": "2016-04-15T19:32:15.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55c279fc-e814-4915-96dd-4f19950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-15T19:32:15.000Z", "modified": "2016-04-15T19:32:15.000Z", "name": "OSINT Revealing the Cyber-Kraken (Threat Group 3390 / Emissary Panda) by SecureWorks", "published": "2016-04-15T19:32:53Z", "object_refs": [ "observed-data--55c27a1d-ed04-4102-b03e-432a950d210b", "url--55c27a1d-ed04-4102-b03e-432a950d210b", "observed-data--55c27a1d-b958-43a6-9363-4f1d950d210b", "url--55c27a1d-b958-43a6-9363-4f1d950d210b", "x-misp-attribute--55c27a48-cb58-4718-807b-4195950d210b", "x-misp-attribute--55c27a48-6fdc-45fe-a0d0-49bc950d210b", "indicator--55c36726-a770-4f30-be2f-4cb2950d210b", "indicator--55c36726-f870-44d0-b7a3-4694950d210b", "indicator--55c36726-d51c-4a1f-8813-4e98950d210b", "indicator--55c36727-8f1c-4c52-9144-41b7950d210b", "indicator--55c36727-2554-4dc2-a021-456c950d210b", "indicator--55c36727-7300-4435-9162-439a950d210b", "indicator--55c36727-a320-4e63-b01b-4622950d210b", "indicator--55c36727-e4d4-438e-8619-4368950d210b", "indicator--55c36728-9c9c-4db3-b6a4-417f950d210b", "indicator--55c36728-cac8-4d4c-b98e-4de3950d210b", "indicator--55c36728-aa44-4b06-9c23-4bb4950d210b", "indicator--55c36728-f8f8-4262-8b9a-4d2b950d210b", "indicator--55c36728-0ac0-4948-a1a9-4da1950d210b", "indicator--55c36728-f42c-4713-8550-47a3950d210b", "indicator--55c36729-7d48-4073-941c-4532950d210b", "indicator--55c36729-6318-421f-9fa0-4c9a950d210b", "indicator--55c36729-a47c-4892-9792-4616950d210b", "indicator--55c36729-a414-423c-b154-4799950d210b", "indicator--55c36729-f36c-42b4-bb29-4685950d210b", "indicator--55c3672a-ab48-44bc-a110-4f63950d210b", "indicator--55c3672a-6584-401e-935c-4ede950d210b", "indicator--55c3672a-5334-4f20-97ca-41ad950d210b", "indicator--55c3672a-fa44-445a-85d4-4a41950d210b", "indicator--55c3672a-87b8-4b30-b71e-4531950d210b", "indicator--55c3672b-2290-43bf-889e-48ee950d210b", "indicator--55c3672b-43d8-46b3-9223-4e0f950d210b", "indicator--55c3672b-007c-4b9d-9ae8-4ce8950d210b", "indicator--55c3672b-3fc8-4280-9fd0-4cca950d210b", "indicator--55c3672b-9f50-461e-bfd2-420f950d210b", "indicator--55c3672b-e970-4763-b344-4617950d210b", "indicator--55c3672c-0844-447c-812f-4d59950d210b", "indicator--55c3672c-f924-4570-bbbe-4523950d210b", "indicator--55c3672c-31d4-489f-83d9-4dd2950d210b", "indicator--55c3672c-032c-485a-a1bd-4cc2950d210b", "indicator--55c3672c-3eec-431e-a950-46d4950d210b", "indicator--55c3672d-e654-4d1e-8938-43fb950d210b", "indicator--55c3672d-df40-4ff4-9d1f-43f9950d210b", "indicator--55c3672d-d9b0-4c1f-a3d6-4e27950d210b", "indicator--55c3672d-5b7c-413b-8b08-4adf950d210b", "indicator--55c3672d-172c-40c4-862c-4f48950d210b", "indicator--55c3672e-2e20-4496-80cd-4cd8950d210b", "indicator--55c3672e-bfa8-4216-8c72-4f5a950d210b", "indicator--55c3672e-fc08-472f-9112-4767950d210b", "indicator--55c3672e-61b4-4c16-96e3-4049950d210b", "indicator--55c3672e-78bc-4799-83fb-4fdd950d210b", "indicator--55c3672e-dc80-4db7-b646-4f06950d210b", "indicator--55c3672f-ad0c-4af6-b59e-4f63950d210b", "indicator--55c3672f-eecc-4735-b2c2-4031950d210b", "indicator--55c3672f-acd4-429e-9f85-4eb3950d210b", "indicator--55c3672f-43d4-487f-a37a-488a950d210b", "indicator--55c3672f-cae0-4b2d-adfc-4db0950d210b", "indicator--55c36730-468c-487b-b8bc-4e2f950d210b", "indicator--55c36730-367c-4700-842c-432c950d210b", "indicator--55c36730-9a78-4c43-970b-4692950d210b", "indicator--55c36730-2a24-40bc-9eb8-4c52950d210b", "indicator--55c36730-c2bc-456f-9abe-49d4950d210b", "indicator--55c36731-4a00-4fb1-aba4-4610950d210b", "indicator--55c36731-a808-4507-bef8-4a48950d210b", "indicator--55c36731-7384-4e3d-934d-4b7a950d210b", "indicator--55c36731-d150-4c90-bce2-400e950d210b", "indicator--55c36731-f5e8-4313-8ecc-41b9950d210b", "indicator--55c36731-1d28-49a9-b748-433b950d210b", "indicator--55c36732-04c8-4eea-b353-4be5950d210b", "indicator--55c36732-2fcc-4c80-8893-4c90950d210b", "indicator--55c36732-a0fc-4e98-9b87-4046950d210b", "indicator--55c36732-80a4-4797-bcec-4140950d210b", "indicator--55c36732-a62c-41d9-8720-4e4c950d210b", "indicator--55c36733-d57c-4dc3-b6fa-4e2c950d210b", "indicator--55c36733-d494-46fc-94d2-4877950d210b", "indicator--55c36733-e6b4-4eb5-9960-41a2950d210b", "indicator--55c36733-2008-4b9c-a3d8-4980950d210b", "indicator--55c36733-31e8-4961-8b1e-4b7c950d210b", "indicator--55c36733-8a90-4253-93c1-4341950d210b", "indicator--55c36734-fda8-4db6-8d80-4356950d210b", "indicator--55c36734-4b14-4451-8e7a-4d82950d210b", "indicator--55c36734-5cbc-43eb-89cd-47bd950d210b", "indicator--55c36734-eecc-456e-8c9f-4ab1950d210b", "indicator--55c36774-4644-4c88-88ce-6f83950d210b", "indicator--55c36774-1648-49af-b303-6f83950d210b", "indicator--55c36774-1188-4532-adea-6f83950d210b", "indicator--55c36775-765c-413b-a743-6f83950d210b", "indicator--55c36775-7374-459c-b68a-6f83950d210b", "indicator--55c36775-bc0c-4d54-9017-6f83950d210b", "indicator--55c36775-ba48-4d0d-b3a8-6f83950d210b", "indicator--55c36775-b410-4f54-b3ff-6f83950d210b", "indicator--55c36776-2c68-440e-b900-6f83950d210b", "indicator--55c36776-d728-4bf7-a22e-6f83950d210b", "indicator--55c36776-0f50-4fcc-bfa1-6f83950d210b", "indicator--55c36776-bbf4-4abe-b7c9-6f83950d210b", "indicator--55c36776-6cec-4832-a0f3-6f83950d210b", "indicator--55c36777-bbe0-42b0-93cb-6f83950d210b", "indicator--55c36777-2d2c-4d3c-a79d-6f83950d210b", "indicator--55c36777-03d8-4711-813f-6f83950d210b", "indicator--55c36777-8300-4b46-bc20-6f83950d210b", "indicator--55c36777-df34-481e-a9a1-6f83950d210b", "indicator--55c36777-6db8-4a0e-bcff-6f83950d210b", "indicator--55c36778-2c08-487e-8ea2-6f83950d210b", "indicator--55c36778-a270-4eb2-a502-6f83950d210b", "indicator--55c36778-f190-4c79-8b9f-6f83950d210b", "indicator--55c36778-fb44-4307-89bf-6f83950d210b", "indicator--55c36778-efb8-4a38-95d0-6f83950d210b", "indicator--55c36779-06fc-4c4a-934e-6f83950d210b", "x-misp-attribute--55c36834-2db8-4280-8986-4ac8950d210b", "x-misp-attribute--55c36834-d84c-49c6-a286-4640950d210b", "x-misp-attribute--55c36834-2fec-4e93-8d57-4bd9950d210b", "indicator--55c36857-2dfc-4318-97aa-4d97950d210b", "indicator--55c36857-2bf4-4737-a01f-4ca1950d210b", "indicator--55c36857-2510-4c4f-8ad1-4a26950d210b", "indicator--55c36858-00c0-4aca-9640-4baf950d210b", "indicator--55c36858-1b8c-42a8-9745-4042950d210b", "indicator--55c36858-403c-40f7-bed5-4a74950d210b", "indicator--55c36858-b6b8-416e-930f-4aeb950d210b", "indicator--55c36858-756c-47b7-8d49-4b91950d210b", "indicator--55c36859-1ca0-45a9-b3c0-449d950d210b", "indicator--55c36859-6ef4-4acf-92c3-49b8950d210b", "indicator--55c36859-91fc-43b5-a5c7-4be7950d210b", "indicator--55c3686f-1af8-4d84-ad7c-4497950d210b", "indicator--55c3686f-0d54-420d-a144-497d950d210b", "indicator--55c3686f-3130-45be-840b-4d75950d210b", "indicator--55c3686f-b7e4-44a3-85ba-42c1950d210b", "indicator--55c3686f-6bf8-4c65-984d-4ef7950d210b", "indicator--55c3686f-4928-4e09-a4a7-4a5f950d210b", "indicator--55c36870-7a98-4832-a94c-4658950d210b", "indicator--55c36870-e604-4d4f-937d-4ce9950d210b", "indicator--55c36870-6e9c-45da-a17b-4e6f950d210b", "indicator--55c36870-e4d8-473a-b60a-433d950d210b", "indicator--55c36870-6af0-4b84-9986-4d32950d210b", "indicator--55c36870-c754-449f-883a-4537950d210b", "indicator--55c36871-b914-4d21-aceb-4d1d950d210b", "indicator--55c36871-9d94-407a-8205-44f8950d210b", "indicator--55c36871-bd78-4bc9-8626-4ade950d210b", "indicator--55c36871-cd70-496d-839c-4efb950d210b", "indicator--55c36871-5fc0-440e-b10f-4e29950d210b", "indicator--55c36871-3878-4803-958e-4e32950d210b", "indicator--55c36872-8694-421e-aa40-4652950d210b", "indicator--55c36872-dcdc-4dfb-b31c-4322950d210b", "indicator--55c36872-bfb4-4b4b-9776-447e950d210b", "indicator--55c36872-c8b0-43ce-815e-471e950d210b", "indicator--55c36872-1904-42b8-b2ca-446b950d210b", "indicator--55c36872-1b84-4fe1-970e-4631950d210b", "indicator--55c36873-e4b0-45ff-9261-4374950d210b", "indicator--55c36873-9690-4841-a508-4f7e950d210b", "indicator--55c36873-8544-48ab-bb83-4735950d210b", "indicator--55c36873-4338-4048-9d54-4929950d210b", "indicator--55c36873-4c60-4dd6-81d8-4f58950d210b", "indicator--55c36873-bb24-49cc-971e-4c41950d210b", "indicator--55c36873-4740-4383-ac1c-44eb950d210b", "indicator--55c36874-80e4-4c97-8692-463b950d210b", "indicator--55c36874-363c-433c-927f-4833950d210b", "indicator--55c36874-710c-4b1e-8f72-42ea950d210b", "indicator--55c36874-3304-47cd-a673-48a9950d210b", "indicator--55c36874-f46c-43b5-85da-4210950d210b", "indicator--55c36874-960c-4238-a068-48a1950d210b", "indicator--55c36875-02cc-4140-81cc-4042950d210b", "indicator--55c36875-debc-44de-90f5-4a4a950d210b", "indicator--55c36875-9ea8-4121-a2a6-49a1950d210b", "indicator--55c36875-4664-4cf7-88e5-4684950d210b", "indicator--55c36875-384c-4a2b-8a94-4411950d210b", "indicator--55c36875-3d84-4e00-a40e-4fb1950d210b", "indicator--55c36875-11c0-405a-a96d-4ce0950d210b", "indicator--55c36876-e770-482d-90b0-4c7a950d210b", "indicator--55c36876-8944-4b59-884b-4175950d210b", "indicator--55c36876-4b18-489d-8a7d-45c5950d210b", "indicator--55c36876-8b18-4545-a7ba-4f5b950d210b", "indicator--55c36876-2d08-40cc-87d0-4d09950d210b", "indicator--55c36876-ca64-42cc-b5a3-4b0b950d210b", "indicator--55c36877-ce08-4ebb-b1f1-4336950d210b", "indicator--55c36877-f704-4b00-958d-4cb2950d210b", "indicator--55c36877-e380-4c60-b246-4669950d210b", "indicator--55c36877-f5a8-48c9-9382-45a6950d210b", "indicator--55c36877-6460-4329-a5f9-4912950d210b", "indicator--55c36877-ee7c-4c1e-8f1b-48e9950d210b", "indicator--55c36877-aa7c-4358-b8a5-46c5950d210b", "indicator--55c36878-1920-4cf0-b04a-49b4950d210b", "indicator--55c36878-50d0-462c-894a-44fd950d210b", "indicator--55c36878-3170-43c4-8380-46a3950d210b", "indicator--55c36878-6a38-4453-b818-40d5950d210b", "indicator--55c36878-523c-43b0-9130-4e11950d210b", "indicator--55c36878-d258-4837-9db2-4e26950d210b", "indicator--55c36879-2e00-49d1-b8e3-47ca950d210b", "indicator--55c36879-6ccc-4bde-95f3-4888950d210b", "indicator--55c36879-d0fc-4d15-875b-4b2b950d210b", "indicator--55c36879-adb4-489b-a437-4e9b950d210b", "indicator--55c36879-73bc-448e-a0e0-4599950d210b", "indicator--55c36879-a16c-45a7-94fb-48f3950d210b", "indicator--55c36879-0284-4809-a976-43b5950d210b", "indicator--55c3687a-34bc-4564-818c-430e950d210b", "indicator--55c3687a-ea54-4d23-ba16-4a1f950d210b", "indicator--55c3687a-2980-477c-9b94-4d5b950d210b", "indicator--55c3687a-59d8-4cad-a94a-4e7a950d210b", "indicator--55c3687a-d218-4fe2-997e-48dd950d210b", "indicator--55c3687a-77f0-4936-b314-4c68950d210b", "indicator--55c3687b-4e3c-4b59-a142-4a2c950d210b", "indicator--55c3687b-06f4-4fec-8d17-4068950d210b", "indicator--55c3687b-bc60-4382-b196-4a4d950d210b", "indicator--55c3687b-1fb8-4593-8432-43d4950d210b", "indicator--55c3687b-5470-45bd-bb14-4e16950d210b", "indicator--55c3687b-5144-4824-9c70-4769950d210b", "indicator--55c3687c-e1d4-45b4-8735-40fe950d210b", "indicator--55c3687c-a674-445a-81a9-4ef7950d210b", "indicator--55c3687c-be94-4b1c-9c8e-472d950d210b", "indicator--55c3687c-6030-4ea7-bbdd-48b1950d210b", "indicator--55c3688a-0244-4c3a-8d9c-44f2950d210b", "indicator--55c3688a-88f0-46ad-8598-4347950d210b", "indicator--55c3688b-9598-463c-aa27-4178950d210b", "indicator--55c3688b-0e7c-4b60-b601-428d950d210b", "indicator--55c3688b-4acc-46d1-bd6f-4da9950d210b", "vulnerability--55c368e0-9228-44ef-b4c0-4541950d210b", "vulnerability--55c368e0-8118-4882-84a0-41fa950d210b", "indicator--56c66fc9-00bc-4521-ac22-599c950d210f", "indicator--56c66fcc-9ef8-4710-9677-c651950d210f", "indicator--56c66fce-2f0c-406b-a770-c654950d210f", "indicator--56c66fd0-45bc-461e-afe0-59a1950d210f", "indicator--56c66fd2-7628-4831-8a8c-599d950d210f", "indicator--56c66fd7-c844-4cf5-9d45-c653950d210f", "indicator--56c66fdb-a3dc-4d99-81de-599c950d210f", "indicator--56c66fde-6268-48f4-b377-48e1950d210f", "indicator--56c66fdf-90f0-4af6-86cd-c650950d210f", "indicator--56c66fe0-563c-4210-92f3-599f950d210f", "indicator--56c66fe2-29fc-4dea-b6f7-5ca1950d210f", "indicator--56c66fe3-48e8-4749-868a-c651950d210f", "indicator--56c66fe5-13fc-4f66-924c-4c4b950d210f", "indicator--56c66fe6-094c-4448-b710-463c950d210f", "indicator--56c66fca-3e74-4580-9285-c651950d210f", "indicator--56c66fcc-fcc4-4cae-8c13-59a0950d210f", "indicator--56c66fce-df60-4f03-991a-59a4950d210f", "indicator--56c66fd0-5650-4895-8c3e-40f3950d210f", "indicator--56c66fd3-1828-4a72-9171-599f950d210f", "indicator--56c66fd8-4cac-45f7-ae6d-c654950d210f", "indicator--56c66fdb-24d4-43b8-88b8-599f950d210f", "indicator--56c66fde-7534-49d5-a04d-5ca1950d210f", "indicator--56c66fe0-8dc0-4106-9f64-c652950d210f", "indicator--56c66fe1-dd60-4b20-8ab8-c653950d210f", "indicator--56c66fe2-f974-411c-8fbe-c650950d210f", "indicator--56c66fe4-7a7c-4d3b-bf29-43c0950d210f", "indicator--56c66fe5-019c-484b-93af-c654950d210f", "indicator--56c66fe7-3414-4ffb-a392-4ec6950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55c27a1d-ed04-4102-b03e-432a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-05T21:03:25.000Z", "modified": "2015-08-05T21:03:25.000Z", "first_observed": "2015-08-05T21:03:25Z", "last_observed": "2015-08-05T21:03:25Z", "number_observed": 1, "object_refs": [ "url--55c27a1d-ed04-4102-b03e-432a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55c27a1d-ed04-4102-b03e-432a950d210b", "value": "http://www.secureworks.com/resources/blog/revealing-the-cyber-kraken/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55c27a1d-b958-43a6-9363-4f1d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-05T21:03:25.000Z", "modified": "2015-08-05T21:03:25.000Z", "first_observed": "2015-08-05T21:03:25Z", "last_observed": "2015-08-05T21:03:25Z", "number_observed": 1, "object_refs": [ "url--55c27a1d-b958-43a6-9363-4f1d950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55c27a1d-b958-43a6-9363-4f1d950d210b", "value": "http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55c27a48-cb58-4718-807b-4195950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-05T21:04:08.000Z", "modified": "2015-08-05T21:04:08.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "TG-3390" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55c27a48-6fdc-45fe-a0d0-49bc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-05T21:04:08.000Z", "modified": "2015-08-05T21:04:08.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Emissary Panda" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36726-a770-4f30-be2f-4cb2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:46.000Z", "modified": "2015-08-06T13:54:46.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'american.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36726-f870-44d0-b7a3-4694950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:46.000Z", "modified": "2015-08-06T13:54:46.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'api.apigmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36726-d51c-4a1f-8813-4e98950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:46.000Z", "modified": "2015-08-06T13:54:46.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'apigmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36727-8f1c-4c52-9144-41b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:47.000Z", "modified": "2015-08-06T13:54:47.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'backup.darkhero.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36727-2554-4dc2-a021-456c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:47.000Z", "modified": "2015-08-06T13:54:47.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'bel.updatawindows.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36727-7300-4435-9162-439a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:47.000Z", "modified": "2015-08-06T13:54:47.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'binary.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36727-a320-4e63-b01b-4622950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:47.000Z", "modified": "2015-08-06T13:54:47.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36727-e4d4-438e-8619-4368950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:47.000Z", "modified": "2015-08-06T13:54:47.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'castle.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36728-9c9c-4db3-b6a4-417f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:48.000Z", "modified": "2015-08-06T13:54:48.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ctcb.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36728-cac8-4d4c-b98e-4de3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:48.000Z", "modified": "2015-08-06T13:54:48.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'darkhero.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36728-aa44-4b06-9c23-4bb4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:48.000Z", "modified": "2015-08-06T13:54:48.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'dav.local-test.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36728-f8f8-4262-8b9a-4d2b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:48.000Z", "modified": "2015-08-06T13:54:48.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'test.local-test.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36728-0ac0-4948-a1a9-4da1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:48.000Z", "modified": "2015-08-06T13:54:48.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'dev.local-test.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36728-f42c-4713-8550-47a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:48.000Z", "modified": "2015-08-06T13:54:48.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ocean.local-test.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36729-7d48-4073-941c-4532950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:49.000Z", "modified": "2015-08-06T13:54:49.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ga.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36729-6318-421f-9fa0-4c9a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:49.000Z", "modified": "2015-08-06T13:54:49.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'helpdesk.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36729-a47c-4892-9792-4616950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:49.000Z", "modified": "2015-08-06T13:54:49.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'helpdesk.csc-na.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36729-a414-423c-b154-4799950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:49.000Z", "modified": "2015-08-06T13:54:49.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'helpdesk.hotmail-onlines.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36729-f36c-42b4-bb29-4685950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:49.000Z", "modified": "2015-08-06T13:54:49.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'helpdesk.lnip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672a-ab48-44bc-a110-4f63950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:50.000Z", "modified": "2015-08-06T13:54:50.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'hotmail-onlines.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672a-6584-401e-935c-4ede950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:50.000Z", "modified": "2015-08-06T13:54:50.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'jobs.hotmail-onlines.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672a-5334-4f20-97ca-41ad950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:50.000Z", "modified": "2015-08-06T13:54:50.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'justufogame.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672a-fa44-445a-85d4-4a41950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:50.000Z", "modified": "2015-08-06T13:54:50.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'lnip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672a-87b8-4b30-b71e-4531950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:50.000Z", "modified": "2015-08-06T13:54:50.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'local-test.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672b-2290-43bf-889e-48ee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:51.000Z", "modified": "2015-08-06T13:54:51.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'login.hansoftupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672b-43d8-46b3-9223-4e0f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:51.000Z", "modified": "2015-08-06T13:54:51.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'long.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672b-007c-4b9d-9ae8-4ce8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:51.000Z", "modified": "2015-08-06T13:54:51.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'longlong.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672b-3fc8-4280-9fd0-4cca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:51.000Z", "modified": "2015-08-06T13:54:51.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'longshadow.dyndns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672b-9f50-461e-bfd2-420f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:51.000Z", "modified": "2015-08-06T13:54:51.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'longshadow.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672b-e970-4763-b344-4617950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:51.000Z", "modified": "2015-08-06T13:54:51.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'longykcai.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672c-0844-447c-812f-4d59950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:52.000Z", "modified": "2015-08-06T13:54:52.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'lostself.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672c-f924-4570-bbbe-4523950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:52.000Z", "modified": "2015-08-06T13:54:52.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'mac.navydocument.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672c-31d4-489f-83d9-4dd2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:52.000Z", "modified": "2015-08-06T13:54:52.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'mail.csc-na.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672c-032c-485a-a1bd-4cc2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:52.000Z", "modified": "2015-08-06T13:54:52.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'mantech.updatawindows.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672c-3eec-431e-a950-46d4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:52.000Z", "modified": "2015-08-06T13:54:52.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'micr0soft.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672d-e654-4d1e-8938-43fb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:53.000Z", "modified": "2015-08-06T13:54:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'microsoft-outlook.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672d-df40-4ff4-9d1f-43f9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:53.000Z", "modified": "2015-08-06T13:54:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'mtc.navydocument.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672d-d9b0-4c1f-a3d6-4e27950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:53.000Z", "modified": "2015-08-06T13:54:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'navydocument.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672d-5b7c-413b-8b08-4adf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:53.000Z", "modified": "2015-08-06T13:54:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'mtc.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672d-172c-40c4-862c-4f48950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:53.000Z", "modified": "2015-08-06T13:54:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'news.hotmail-onlines.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672e-2e20-4496-80cd-4cd8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:54.000Z", "modified": "2015-08-06T13:54:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'oac.3322.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672e-bfa8-4216-8c72-4f5a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:54.000Z", "modified": "2015-08-06T13:54:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ocean.apigmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672e-fc08-472f-9112-4767950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:54.000Z", "modified": "2015-08-06T13:54:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'pchomeserver.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672e-61b4-4c16-96e3-4049950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:54.000Z", "modified": "2015-08-06T13:54:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'registre.organiccrap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672e-78bc-4799-83fb-4fdd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:54.000Z", "modified": "2015-08-06T13:54:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'security.pomsys.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672e-dc80-4db7-b646-4f06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:54.000Z", "modified": "2015-08-06T13:54:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'services.darkhero.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672f-ad0c-4af6-b59e-4f63950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:55.000Z", "modified": "2015-08-06T13:54:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'sgl.updatawindows.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672f-eecc-4735-b2c2-4031950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:55.000Z", "modified": "2015-08-06T13:54:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'shadow.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672f-acd4-429e-9f85-4eb3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:55.000Z", "modified": "2015-08-06T13:54:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'sonoco.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672f-43d4-487f-a37a-488a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:55.000Z", "modified": "2015-08-06T13:54:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'test.logmastre.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3672f-cae0-4b2d-adfc-4db0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:55.000Z", "modified": "2015-08-06T13:54:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'up.gtalklite.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36730-468c-487b-b8bc-4e2f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:56.000Z", "modified": "2015-08-06T13:54:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'updatawindows.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36730-367c-4700-842c-432c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:56.000Z", "modified": "2015-08-06T13:54:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36730-9a78-4c43-970b-4692950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:56.000Z", "modified": "2015-08-06T13:54:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'update.deepsoftupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36730-2a24-40bc-9eb8-4c52950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:56.000Z", "modified": "2015-08-06T13:54:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'update.hancominc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36730-c2bc-456f-9abe-49d4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:56.000Z", "modified": "2015-08-06T13:54:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'update.micr0soft.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36731-4a00-4fb1-aba4-4610950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:57.000Z", "modified": "2015-08-06T13:54:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'update.pchomeserver.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36731-a808-4507-bef8-4a48950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:57.000Z", "modified": "2015-08-06T13:54:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'urs.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36731-7384-4e3d-934d-4b7a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:57.000Z", "modified": "2015-08-06T13:54:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'wang.darkhero.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36731-d150-4c90-bce2-400e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:57.000Z", "modified": "2015-08-06T13:54:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'webs.local-test.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36731-f5e8-4313-8ecc-41b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:57.000Z", "modified": "2015-08-06T13:54:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'word.apigmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36731-1d28-49a9-b748-433b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:57.000Z", "modified": "2015-08-06T13:54:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'wordpress.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36732-04c8-4eea-b353-4be5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:58.000Z", "modified": "2015-08-06T13:54:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'working.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36732-2fcc-4c80-8893-4c90950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:58.000Z", "modified": "2015-08-06T13:54:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'working.darkhero.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36732-a0fc-4e98-9b87-4046950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:58.000Z", "modified": "2015-08-06T13:54:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'working.hotmail-onlines.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36732-80a4-4797-bcec-4140950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:58.000Z", "modified": "2015-08-06T13:54:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.trendmicro-update.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36732-a62c-41d9-8720-4e4c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:58.000Z", "modified": "2015-08-06T13:54:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36733-d57c-4dc3-b6fa-4e2c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:59.000Z", "modified": "2015-08-06T13:54:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'x.apigmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36733-d494-46fc-94d2-4877950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:59.000Z", "modified": "2015-08-06T13:54:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ykcai.update-onlines.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36733-e6b4-4eb5-9960-41a2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:59.000Z", "modified": "2015-08-06T13:54:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ykcailostself.dyndns-free.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36733-2008-4b9c-a3d8-4980950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:59.000Z", "modified": "2015-08-06T13:54:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ykcainobody.dyndns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36733-31e8-4961-8b1e-4b7c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:59.000Z", "modified": "2015-08-06T13:54:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'zj.blackcmd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36733-8a90-4253-93c1-4341950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:54:59.000Z", "modified": "2015-08-06T13:54:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'laxness-lab.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:54:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36734-fda8-4db6-8d80-4356950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:55:00.000Z", "modified": "2015-08-06T13:55:00.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'google-ana1ytics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:55:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36734-4b14-4451-8e7a-4d82950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:55:00.000Z", "modified": "2015-08-06T13:55:00.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.google-ana1ytics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:55:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36734-5cbc-43eb-89cd-47bd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:55:00.000Z", "modified": "2015-08-06T13:55:00.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ftp.google-ana1ytics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:55:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36734-eecc-456e-8c9f-4ab1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:55:00.000Z", "modified": "2015-08-06T13:55:00.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'hotmailcontact.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:55:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36774-4644-4c88-88ce-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:04.000Z", "modified": "2015-08-06T13:56:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.115.242.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36774-1648-49af-b303-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:04.000Z", "modified": "2015-08-06T13:56:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.115.242.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36774-1188-4532-adea-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:04.000Z", "modified": "2015-08-06T13:56:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.115.242.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36775-765c-413b-a743-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:05.000Z", "modified": "2015-08-06T13:56:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.63.178.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36775-7374-459c-b68a-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:05.000Z", "modified": "2015-08-06T13:56:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.148.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36775-bc0c-4d54-9017-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:05.000Z", "modified": "2015-08-06T13:56:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.141.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36775-ba48-4d0d-b3a8-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:05.000Z", "modified": "2015-08-06T13:56:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.195.236']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36775-b410-4f54-b3ff-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:05.000Z", "modified": "2015-08-06T13:56:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.195.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36776-2c68-440e-b900-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:06.000Z", "modified": "2015-08-06T13:56:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.195.238']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36776-d728-4bf7-a22e-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:06.000Z", "modified": "2015-08-06T13:56:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.24.0.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36776-0f50-4fcc-bfa1-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:06.000Z", "modified": "2015-08-06T13:56:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.24.1.54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36776-bbf4-4abe-b7c9-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:06.000Z", "modified": "2015-08-06T13:56:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.187.45.162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36776-6cec-4832-a0f3-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:06.000Z", "modified": "2015-08-06T13:56:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.151.236.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36777-bbe0-42b0-93cb-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:07.000Z", "modified": "2015-08-06T13:56:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.61.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36777-2d2c-4d3c-a79d-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:07.000Z", "modified": "2015-08-06T13:56:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.61.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36777-03d8-4711-813f-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:07.000Z", "modified": "2015-08-06T13:56:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.61.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36777-8300-4b46-bc20-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:07.000Z", "modified": "2015-08-06T13:56:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.215.232.179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36777-df34-481e-a9a1-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:07.000Z", "modified": "2015-08-06T13:56:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.177.195']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36777-6db8-4a0e-bcff-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:07.000Z", "modified": "2015-08-06T13:56:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.143.192.221']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36778-2c08-487e-8ea2-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:08.000Z", "modified": "2015-08-06T13:56:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.215.232.181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36778-a270-4eb2-a502-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:08.000Z", "modified": "2015-08-06T13:56:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.215.232.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36778-f190-4c79-8b9f-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:08.000Z", "modified": "2015-08-06T13:56:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.182.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36778-fb44-4307-89bf-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:08.000Z", "modified": "2015-08-06T13:56:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.182.245']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36778-efb8-4a38-95d0-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:08.000Z", "modified": "2015-08-06T13:56:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.182.246']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36779-06fc-4c4a-934e-6f83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:56:09.000Z", "modified": "2015-08-06T13:56:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.143.205.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:56:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55c36834-2db8-4280-8986-4ac8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-15T19:32:15.000Z", "modified": "2016-04-15T19:32:15.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant emails", "x_misp_type": "whois-registrant-email", "x_misp_value": "working_success@163.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55c36834-d84c-49c6-a286-4640950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-15T19:31:32.000Z", "modified": "2016-04-15T19:31:32.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant emails", "x_misp_type": "whois-registrant-email", "x_misp_value": "ykcaihyl@163.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55c36834-2fec-4e93-8d57-4bd9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-15T19:31:21.000Z", "modified": "2016-04-15T19:31:21.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant emails", "x_misp_type": "whois-registrant-email", "x_misp_value": "yuming@yinsibaohu.aliyun.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36857-2dfc-4318-97aa-4d97950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:51.000Z", "modified": "2015-08-06T13:59:51.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '1cb4b74e9d030afbb18accf6ee2bfca1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36857-2bf4-4737-a01f-4ca1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:51.000Z", "modified": "2015-08-06T13:59:51.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = 'b333b5d541a0488f4e710ae97c46d9c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36857-2510-4c4f-8ad1-4a26950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:51.000Z", "modified": "2015-08-06T13:59:51.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '86a05dcffe87caf7099dda44d9ec6b48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36858-00c0-4aca-9640-4baf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:52.000Z", "modified": "2015-08-06T13:59:52.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '93e40da0bd78bebe5e1b98c6324e9b5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36858-1b8c-42a8-9745-4042950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:52.000Z", "modified": "2015-08-06T13:59:52.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = 'f43d9c3e17e8480a36a62ef869212419']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36858-403c-40f7-bed5-4a74950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:52.000Z", "modified": "2015-08-06T13:59:52.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '57e85fc30502a925ffed16082718ec6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36858-b6b8-416e-930f-4aeb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:52.000Z", "modified": "2015-08-06T13:59:52.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '4251aaf38a485b08d5562c6066370f09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36858-756c-47b7-8d49-4b91950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:52.000Z", "modified": "2015-08-06T13:59:52.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = 'bbfd1e703f55ce779b536b5646a0cdc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36859-1ca0-45a9-b3c0-449d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:53.000Z", "modified": "2015-08-06T13:59:53.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '12a522cb96700c82dc964197adb57ddf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36859-6ef4-4acf-92c3-49b8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:53.000Z", "modified": "2015-08-06T13:59:53.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '728e5700a401498d91fb83159beec834']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36859-91fc-43b5-a5c7-4be7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T13:59:53.000Z", "modified": "2015-08-06T13:59:53.000Z", "description": "HttpBrowser RAT dropper", "pattern": "[file:hashes.MD5 = '2bec1860499aae1dbcc92f48b276f998']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T13:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3686f-1af8-4d84-ad7c-4497950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:15.000Z", "modified": "2015-08-06T14:00:15.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '014122d7851fa8bf4070a8fc2acd5dc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3686f-0d54-420d-a144-497d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:15.000Z", "modified": "2015-08-06T14:00:15.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '0ae996b31a2c3ed3f0bc14c7a96bea38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3686f-3130-45be-840b-4d75950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:15.000Z", "modified": "2015-08-06T14:00:15.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '1a76681986f99b216d5c0f17ccff2a12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3686f-b7e4-44a3-85ba-42c1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:15.000Z", "modified": "2015-08-06T14:00:15.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '380c02b1fd93eb22028862117a2f19e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3686f-6bf8-4c65-984d-4ef7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:15.000Z", "modified": "2015-08-06T14:00:15.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '40a9a22da928cbb70df48d5a3106d887']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3686f-4928-4e09-a4a7-4a5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:15.000Z", "modified": "2015-08-06T14:00:15.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '46cf2f9b4a4c35b62a32f28ac847c575']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36870-7a98-4832-a94c-4658950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:16.000Z", "modified": "2015-08-06T14:00:16.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '5436c3469cb1d87ea404e8989b28758d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36870-e604-4d4f-937d-4ce9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:16.000Z", "modified": "2015-08-06T14:00:16.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '692cecc94ac440ec673dc69f37bc0409']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36870-6e9c-45da-a17b-4e6f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:16.000Z", "modified": "2015-08-06T14:00:16.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '6a39a4e9933407aef31fdc3dfa2a2a95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36870-e4d8-473a-b60a-433d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:16.000Z", "modified": "2015-08-06T14:00:16.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '8b4ed3b392ee5da139c16b8bca38ea5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36870-6af0-4b84-9986-4d32950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:16.000Z", "modified": "2015-08-06T14:00:16.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '8ea5d8bb6b28191e4436456c35477e39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36870-c754-449f-883a-4537950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:16.000Z", "modified": "2015-08-06T14:00:16.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '9271bcfbba056c8f80c7f04d72efd62d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36871-b914-4d21-aceb-4d1d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:17.000Z", "modified": "2015-08-06T14:00:17.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '996843b55a7c5c7a36e8c6956e599610']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36871-9d94-407a-8205-44f8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:17.000Z", "modified": "2015-08-06T14:00:17.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'a554efc889714c70e9362bdc81fadd6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36871-bd78-4bc9-8626-4ade950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:17.000Z", "modified": "2015-08-06T14:00:17.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'c9c93c2d62a084031872aab96202ee3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36871-cd70-496d-839c-4efb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:17.000Z", "modified": "2015-08-06T14:00:17.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ddbdf0efdf26e0c267ef6155edb0e6b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36871-5fc0-440e-b10f-4e29950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:17.000Z", "modified": "2015-08-06T14:00:17.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e7df18a17d8e7c2ed541a57020444068']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36871-3878-4803-958e-4e32950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:17.000Z", "modified": "2015-08-06T14:00:17.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ea4dcafc224f604c096032dde33a1d6d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36872-8694-421e-aa40-4652950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:18.000Z", "modified": "2015-08-06T14:00:18.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'f658bb17d69912404f34532901edad0e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36872-dcdc-4dfb-b31c-4322950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:18.000Z", "modified": "2015-08-06T14:00:18.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'f869a1b40f6438dfdd89e73480103211']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36872-bfb4-4b4b-9776-447e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:18.000Z", "modified": "2015-08-06T14:00:18.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '81ed752590752016cb1c12f3e9ab3454']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36872-c8b0-43ce-815e-471e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:18.000Z", "modified": "2015-08-06T14:00:18.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '5ef719f8aeb9bf97beb24a5c2ed19173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36872-1904-42b8-b2ca-446b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:18.000Z", "modified": "2015-08-06T14:00:18.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '7ec91768376324be2bad4fd30b1c2051']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36872-1b84-4fe1-970e-4631950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:18.000Z", "modified": "2015-08-06T14:00:18.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '20c446ad2d7d1586138b493ecddfbbc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-e4b0-45ff-9261-4374950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '44cf0793e05ba843dd53bbc7020e0f1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-9690-4841-a508-4f7e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '02826bb6636337963cc5162e6f87745e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-8544-48ab-bb83-4735950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '1606ab7a54735af654ee6deb7427f652']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-4338-4048-9d54-4929950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '1539b3a5921203f0e2b6c05d692ffa27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-4c60-4dd6-81d8-4f58950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'c66e09429ad6669321e5c69b1d78c082']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-bb24-49cc-971e-4c41950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '225e10e362eeee15ec64246ac021f4d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36873-4740-4383-ac1c-44eb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:19.000Z", "modified": "2015-08-06T14:00:19.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'a631fc7c45cbdf80992b9d730df0ff51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36874-80e4-4c97-8692-463b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:20.000Z", "modified": "2015-08-06T14:00:20.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'af785b4df71da0786bcae233e55cf6c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36874-363c-433c-927f-4833950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:20.000Z", "modified": "2015-08-06T14:00:20.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e3e0f3ad4ff3b981b513cc66b37583e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36874-710c-4b1e-8f72-42ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:20.000Z", "modified": "2015-08-06T14:00:20.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '5cd0e97a1f09001af5213462aa3f7eb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36874-3304-47cd-a673-48a9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:20.000Z", "modified": "2015-08-06T14:00:20.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '15fd9c04d6099273a9acf8feab81acfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36874-f46c-43b5-85da-4210950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:20.000Z", "modified": "2015-08-06T14:00:20.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ea8b9e0bf95fc0c71694310cb685cd3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36874-960c-4238-a068-48a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:20.000Z", "modified": "2015-08-06T14:00:20.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '5c3ab475be110ec59257617ee1388e01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-02cc-4140-81cc-4042950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '6aac7417ea1eb60a869597af9049b8fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-debc-44de-90f5-4a4a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '372f5370085a63f5b660fab635ce6cd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-9ea8-4121-a2a6-49a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'fac4885324cb67bd421d6250fdc9533c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-4664-4cf7-88e5-4684950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e7e555615a07040bb5dbe9ce59ac5d11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-384c-4a2b-8a94-4411950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ff34cb1d90d76a656546293e879afe22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-3d84-4e00-a40e-4fb1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '2abf7421c34c60d48e09325a206e720e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36875-11c0-405a-a96d-4ce0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:21.000Z", "modified": "2015-08-06T14:00:21.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '396b4317db07cc8a2480786160b33044']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36876-e770-482d-90b0-4c7a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:22.000Z", "modified": "2015-08-06T14:00:22.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e404873d3fcd0268db10657b53bdab64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36876-8944-4b59-884b-4175950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:22.000Z", "modified": "2015-08-06T14:00:22.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '6e4189b20adb253b3c1ad7f8fdc95009']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36876-4b18-489d-8a7d-45c5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:22.000Z", "modified": "2015-08-06T14:00:22.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'bff424289c38d389a8cafb16b47dfe39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36876-8b18-4545-a7ba-4f5b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:22.000Z", "modified": "2015-08-06T14:00:22.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '7294c7f3860315d51f74152e8ad353df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36876-2d08-40cc-87d0-4d09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:22.000Z", "modified": "2015-08-06T14:00:22.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '40092f76fea082b05e9631d91975a401']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36876-ca64-42cc-b5a3-4b0b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:22.000Z", "modified": "2015-08-06T14:00:22.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e42fce74bbd637c35320cf4e95f5e055']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-ce08-4ebb-b1f1-4336950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'd0dafc3716a0d0ce393cde30b2b14a07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-f704-4b00-958d-4cb2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ae66bad0c7de88ab0ab1050c4bec9095']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-e380-4c60-b246-4669950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'c7c2be1cd3780b2ba4638cef9a5422c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-f5a8-48c9-9382-45a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '405949955b1cb65673c16bf7c8da2f4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-6460-4329-a5f9-4912950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ff4f052dbe73a81403df5e98313000fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-ee7c-4c1e-8f1b-48e9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'b30fcd362c7b8ac75b7dddfe6cb448c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36877-aa7c-4358-b8a5-46c5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:23.000Z", "modified": "2015-08-06T14:00:23.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '1d24f4d20b80562de46a8ac95d0ff8c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36878-1920-4cf0-b04a-49b4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:24.000Z", "modified": "2015-08-06T14:00:24.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '9538bbdb3a73201b40296e9d4dc80ade']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36878-50d0-462c-894a-44fd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:24.000Z", "modified": "2015-08-06T14:00:24.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '46bb2caeda30c09a6337fd46ec98c32c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36878-3170-43c4-8380-46a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:24.000Z", "modified": "2015-08-06T14:00:24.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '0c8842e48e80643d91dd290d0f786147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36878-6a38-4453-b818-40d5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:24.000Z", "modified": "2015-08-06T14:00:24.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '0fc975c3c4e6c546b4f2b5aaed50dd78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36878-523c-43b0-9130-4e11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:24.000Z", "modified": "2015-08-06T14:00:24.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '41be449f687828466ed7d87f0f30a278']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36878-d258-4837-9db2-4e26950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:24.000Z", "modified": "2015-08-06T14:00:24.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '2b95caf3307ebd36cf405b1133b30aa8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-2e00-49d1-b8e3-47ca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'ccc715a4d9d0157b9776deacdb26bf78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-6ccc-4bde-95f3-4888950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '37933acfa8d8e78c54413d88ca705e17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-d0fc-4d15-875b-4b2b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '2813c5a1c87f7e3d33174fed8b0988a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-adb4-489b-a437-4e9b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '8f22834efe52ccefb17e768569eb36b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-73bc-448e-a0e0-4599950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '6f01628a0b5de757a8dbe99020499d10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-a16c-45a7-94fb-48f3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '7f8d9f12f41156512b60ab17f8d85fe9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c36879-0284-4809-a976-43b5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:25.000Z", "modified": "2015-08-06T14:00:25.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'debe5ef2868b212f4251c58be1687660']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687a-34bc-4564-818c-430e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:26.000Z", "modified": "2015-08-06T14:00:26.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e136d4ebab357fd19df8afe221460571']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687a-ea54-4d23-ba16-4a1f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:26.000Z", "modified": "2015-08-06T14:00:26.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'a86a906cfafaf1d7e3725bb0161b0cfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687a-2980-477c-9b94-4d5b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:26.000Z", "modified": "2015-08-06T14:00:26.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '03e1eac3512a726da30fff41dbc26039']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687a-59d8-4cad-a94a-4e7a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:26.000Z", "modified": "2015-08-06T14:00:26.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'baac5e5dd3ce7dae56cab6d3dac14e15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687a-d218-4fe2-997e-48dd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:26.000Z", "modified": "2015-08-06T14:00:26.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '0f7dde31fbeb5ddbb6230c401ed41561']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687a-77f0-4936-b314-4c68950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:26.000Z", "modified": "2015-08-06T14:00:26.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '36d957f6058f954541450f5a85b28d4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687b-4e3c-4b59-a142-4a2c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:27.000Z", "modified": "2015-08-06T14:00:27.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '42d874f91145bd2ddf818735346022d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687b-06f4-4fec-8d17-4068950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:27.000Z", "modified": "2015-08-06T14:00:27.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '3468034fc3ac65c60a1f1231e3c45107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687b-bc60-4382-b196-4a4d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:27.000Z", "modified": "2015-08-06T14:00:27.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '4e3b51a6a18bdb770fc38650a70b1883']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687b-1fb8-4593-8432-43d4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:27.000Z", "modified": "2015-08-06T14:00:27.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '3647068230839f9cadf0fd4bd82ade84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687b-5470-45bd-bb14-4e16950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:27.000Z", "modified": "2015-08-06T14:00:27.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = '550922107d18aa4caad0267997709ee5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687b-5144-4824-9c70-4769950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:27.000Z", "modified": "2015-08-06T14:00:27.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'd8f0a6450f9df637daade521dc90d29d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687c-e1d4-45b4-8735-40fe950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:28.000Z", "modified": "2015-08-06T14:00:28.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'bf2e2283b19b0febc4bd1f47aa82a94c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687c-a674-445a-81a9-4ef7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:28.000Z", "modified": "2015-08-06T14:00:28.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'd0eec2294a70ceff84ca8d0ed7939fb5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687c-be94-4b1c-9c8e-472d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:28.000Z", "modified": "2015-08-06T14:00:28.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'e91d2464c8767552036dd0294fc7e6fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3687c-6030-4ea7-bbdd-48b1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:28.000Z", "modified": "2015-08-06T14:00:28.000Z", "description": "HttpBrowser RAT", "pattern": "[file:hashes.MD5 = 'f627bc2db3cab34d97c8949931cb432d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3688a-0244-4c3a-8d9c-44f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:42.000Z", "modified": "2015-08-06T14:00:42.000Z", "description": "PlugX RAT dropper", "pattern": "[file:hashes.MD5 = 'b313bbe17bd5ee9c00acff3bfccdb48a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3688a-88f0-46ad-8598-4347950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:42.000Z", "modified": "2015-08-06T14:00:42.000Z", "description": "PlugX RAT dropper", "pattern": "[file:hashes.MD5 = 'f7a842eb1364d1269b40a344510068e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3688b-9598-463c-aa27-4178950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:43.000Z", "modified": "2015-08-06T14:00:43.000Z", "description": "PlugX RAT dropper", "pattern": "[file:hashes.MD5 = '8dacca7dd24844935fcd34e6c9609416']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3688b-0e7c-4b60-b601-428d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:43.000Z", "modified": "2015-08-06T14:00:43.000Z", "description": "PlugX RAT dropper", "pattern": "[file:hashes.MD5 = '7cffd679599fb8579abae8f32ce49026']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c3688b-4acc-46d1-bd6f-4da9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:00:43.000Z", "modified": "2015-08-06T14:00:43.000Z", "description": "PlugX RAT dropper", "pattern": "[file:hashes.MD5 = '462fd01302bc40624a44b7960d2894cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-06T14:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55c368e0-9228-44ef-b4c0-4541950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:02:08.000Z", "modified": "2015-08-06T14:02:08.000Z", "name": "CVE-2011-3544", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2011-3544" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55c368e0-8118-4882-84a0-41fa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-06T14:02:08.000Z", "modified": "2015-08-06T14:02:08.000Z", "name": "CVE-2010-0738", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2010-0738" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fc9-00bc-4521-ac22-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:41.000Z", "modified": "2016-02-19T01:28:41.000Z", "description": "Automatically added (via 014122d7851fa8bf4070a8fc2acd5dc5)", "pattern": "[file:hashes.SHA1 = '1a6fca14615bb29549f8f813565ec2619528e769']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fcc-9ef8-4710-9677-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:44.000Z", "modified": "2016-02-19T01:28:44.000Z", "description": "Automatically added (via 380c02b1fd93eb22028862117a2f19e3)", "pattern": "[file:hashes.SHA1 = '789c4fb1cfc2eb8cfe66e5407a75b10e5f9ea466']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fce-2f0c-406b-a770-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:46.000Z", "modified": "2016-02-19T01:28:46.000Z", "description": "Automatically added (via 8ea5d8bb6b28191e4436456c35477e39)", "pattern": "[file:hashes.SHA1 = '4b6e48e50642a43fd038ee5a21891d11d466ca76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fd0-45bc-461e-afe0-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:48.000Z", "modified": "2016-02-19T01:28:48.000Z", "description": "Automatically added (via a554efc889714c70e9362bdc81fadd6a)", "pattern": "[file:hashes.SHA1 = '02250681d57f7c5c0fa0de502153b7c4cf65ec91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fd2-7628-4831-8a8c-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:50.000Z", "modified": "2016-02-19T01:28:50.000Z", "description": "Automatically added (via 81ed752590752016cb1c12f3e9ab3454)", "pattern": "[file:hashes.SHA1 = 'b20aa92329ea0288351dcc5d4334f517254f98af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fd7-c844-4cf5-9d45-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:55.000Z", "modified": "2016-02-19T01:28:55.000Z", "description": "Automatically added (via 40092f76fea082b05e9631d91975a401)", "pattern": "[file:hashes.SHA1 = '8e02d4b03cc0fee18dfc9bec0f4f9a36c1577ae1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fdb-a3dc-4d99-81de-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:59.000Z", "modified": "2016-02-19T01:28:59.000Z", "description": "Automatically added (via 37933acfa8d8e78c54413d88ca705e17)", "pattern": "[file:hashes.SHA1 = '0f15471f07185ced8d80776bae760b7d69219c31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fde-6268-48f4-b377-48e1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:02.000Z", "modified": "2016-02-19T01:29:02.000Z", "description": "Automatically added (via bf2e2283b19b0febc4bd1f47aa82a94c)", "pattern": "[file:hashes.SHA1 = '62ec1d4661c647ab8d18459b26b685711b3a3bb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fdf-90f0-4af6-86cd-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:03.000Z", "modified": "2016-02-19T01:29:03.000Z", "description": "Automatically added (via d0eec2294a70ceff84ca8d0ed7939fb5)", "pattern": "[file:hashes.SHA1 = '46b32915d225a3206f19856f54413dbff3a7fc9b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe0-563c-4210-92f3-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:04.000Z", "modified": "2016-02-19T01:29:04.000Z", "description": "Automatically added (via e91d2464c8767552036dd0294fc7e6fb)", "pattern": "[file:hashes.SHA1 = '84d9067c3af2ae137d0f7351b24ccbf68202bc7f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe2-29fc-4dea-b6f7-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:06.000Z", "modified": "2016-02-19T01:29:06.000Z", "description": "Automatically added (via f627bc2db3cab34d97c8949931cb432d)", "pattern": "[file:hashes.SHA1 = 'f6690169da83c15379ab3d118df00ebfaed0ce28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe3-48e8-4749-868a-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:07.000Z", "modified": "2016-02-19T01:29:07.000Z", "description": "Automatically added (via f7a842eb1364d1269b40a344510068e8)", "pattern": "[file:hashes.SHA1 = '009743fda0d47802bee85f627e8727f7216c464b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe5-13fc-4f66-924c-4c4b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:09.000Z", "modified": "2016-02-19T01:29:09.000Z", "description": "Automatically added (via 7cffd679599fb8579abae8f32ce49026)", "pattern": "[file:hashes.SHA1 = '8273be8d8666b8577bb7feb0d1134cbff199446f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe6-094c-4448-b710-463c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:10.000Z", "modified": "2016-02-19T01:29:10.000Z", "description": "Automatically added (via 86a05dcffe87caf7099dda44d9ec6b48)", "pattern": "[file:hashes.SHA1 = '56c9ec1ee39c746ffb5b9c8c1ff1ebd1d62946cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fca-3e74-4580-9285-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:42.000Z", "modified": "2016-02-19T01:28:42.000Z", "description": "Automatically added (via 014122d7851fa8bf4070a8fc2acd5dc5)", "pattern": "[file:hashes.SHA256 = '4ed906ee616d44603db4ce158930e1105f6a35d4edfd1a7b1a30b18b9b2f328e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fcc-fcc4-4cae-8c13-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:44.000Z", "modified": "2016-02-19T01:28:44.000Z", "description": "Automatically added (via 380c02b1fd93eb22028862117a2f19e3)", "pattern": "[file:hashes.SHA256 = '8d2bfbd976f6361f6e069cf9d6c1141b6a88f05ac535cc9120183d9853fb23d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fce-df60-4f03-991a-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:46.000Z", "modified": "2016-02-19T01:28:46.000Z", "description": "Automatically added (via 8ea5d8bb6b28191e4436456c35477e39)", "pattern": "[file:hashes.SHA256 = '19be90c152f7a174835fd05a0b6f722e29c648969579ed7587ae036679e66a7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fd0-5650-4895-8c3e-40f3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:48.000Z", "modified": "2016-02-19T01:28:48.000Z", "description": "Automatically added (via a554efc889714c70e9362bdc81fadd6a)", "pattern": "[file:hashes.SHA256 = '4073bbdcbc0d7e87a374d0eee0d0734f5acce91a2ae074d52462465598bd50f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fd3-1828-4a72-9171-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:51.000Z", "modified": "2016-02-19T01:28:51.000Z", "description": "Automatically added (via 81ed752590752016cb1c12f3e9ab3454)", "pattern": "[file:hashes.SHA256 = '1052ad7f4d49542e4da07fa8ea59c15c40bc09a4d726fad023daafdf05866ebb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fd8-4cac-45f7-ae6d-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:56.000Z", "modified": "2016-02-19T01:28:56.000Z", "description": "Automatically added (via 40092f76fea082b05e9631d91975a401)", "pattern": "[file:hashes.SHA256 = '1277ede988438d4168bb5b135135dd3b9ae7d9badcdf1421132ca4692dd18386']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fdb-24d4-43b8-88b8-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:28:59.000Z", "modified": "2016-02-19T01:28:59.000Z", "description": "Automatically added (via 37933acfa8d8e78c54413d88ca705e17)", "pattern": "[file:hashes.SHA256 = '594b4eaaabe50023e6c6d0d82ed120f654771de8e7435821f4ff0e90696d3b88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:28:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fde-7534-49d5-a04d-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:02.000Z", "modified": "2016-02-19T01:29:02.000Z", "description": "Automatically added (via bf2e2283b19b0febc4bd1f47aa82a94c)", "pattern": "[file:hashes.SHA256 = 'fb61c5d96c4706708f367bc2b001c80c6f5f7da305b5cdf69bf282ceb5e49e66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe0-8dc0-4106-9f64-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:04.000Z", "modified": "2016-02-19T01:29:04.000Z", "description": "Automatically added (via d0eec2294a70ceff84ca8d0ed7939fb5)", "pattern": "[file:hashes.SHA256 = 'be334d1f8fa65a723af65200a166c2bbdb06690c8b30fafe772600e4662fc68b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe1-dd60-4b20-8ab8-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:05.000Z", "modified": "2016-02-19T01:29:05.000Z", "description": "Automatically added (via e91d2464c8767552036dd0294fc7e6fb)", "pattern": "[file:hashes.SHA256 = '6c07092cd9f345c0e25bd2e405fb3fa8a3ea98556dd90928c84316d14765488b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe2-f974-411c-8fbe-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:06.000Z", "modified": "2016-02-19T01:29:06.000Z", "description": "Automatically added (via f627bc2db3cab34d97c8949931cb432d)", "pattern": "[file:hashes.SHA256 = 'e2787bee7ca5a88c0ce2df60eddf9256931beade58f1468a6da49462143a5293']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe4-7a7c-4d3b-bf29-43c0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:08.000Z", "modified": "2016-02-19T01:29:08.000Z", "description": "Automatically added (via f7a842eb1364d1269b40a344510068e8)", "pattern": "[file:hashes.SHA256 = '555952aa5bcca4fa5ad5a7269fece99b1a04816d104ecd8aefabaa1435f65fa5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe5-019c-484b-93af-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:09.000Z", "modified": "2016-02-19T01:29:09.000Z", "description": "Automatically added (via 7cffd679599fb8579abae8f32ce49026)", "pattern": "[file:hashes.SHA256 = '65bbf0bd8c6e1ccdb60cf646d7084e1452cb111d97d21d6e8117b1944f3dc71e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c66fe7-3414-4ffb-a392-4ec6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:29:11.000Z", "modified": "2016-02-19T01:29:11.000Z", "description": "Automatically added (via 86a05dcffe87caf7099dda44d9ec6b48)", "pattern": "[file:hashes.SHA256 = '9873aa65dca6508710b01fe0bd97b464ea4e999666ee8d020781a289ee1a4dc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:29:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }