{ "type": "bundle", "id": "bundle--56425772-8500-45c6-9575-6056950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:39:01.000Z", "modified": "2015-11-11T06:39:01.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56425772-8500-45c6-9575-6056950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:39:01.000Z", "modified": "2015-11-11T06:39:01.000Z", "name": "OSINT Macro documents with XOR Encoded Payloads by PhishMe", "published": "2015-11-11T06:39:05Z", "object_refs": [ "observed-data--564257a4-c8e4-45ee-85cb-68b9950d210b", "url--564257a4-c8e4-45ee-85cb-68b9950d210b", "observed-data--564257a4-dc24-4003-ba5d-68b9950d210b", "url--564257a4-dc24-4003-ba5d-68b9950d210b", "indicator--564257d9-0874-4b4c-a7e7-41c1950d210b", "indicator--564257d9-2698-4470-a9cf-4a37950d210b", "indicator--564257da-6700-4ad5-85c9-4f66950d210b", "indicator--564257da-bc04-40c4-a00c-4ee3950d210b", "indicator--564257db-c1f4-40f5-bb86-4f46950d210b", "indicator--564257db-28e0-40b0-8ca7-450e950d210b", "indicator--564257dc-a3c8-429f-ac03-454a950d210b", "indicator--564257dc-1118-4bf2-9236-4520950d210b", "indicator--564257dd-975c-4f08-8e5c-4a77950d210b", "indicator--564257dd-3508-4ea3-bc79-4aee950d210b", "indicator--564257de-b044-4b6f-975e-4a1f950d210b", "indicator--564257de-2384-4fc4-abb4-4787950d210b", "indicator--564257df-89e0-4c5f-adde-46aa950d210b", "indicator--564257df-1000-41fb-86e2-46fc950d210b", "indicator--564257df-ab7c-4b4a-bc73-43e2950d210b", "indicator--564257e0-cdc8-44b6-b522-4f0f950d210b", "indicator--564257e0-1050-4ff4-9bd5-440b950d210b", "indicator--564257e1-ba44-43e5-b26c-4459950d210b", "indicator--564257e1-0dc8-4d4d-8e82-4def950d210b", "indicator--564257e2-f604-43c4-9c84-4670950d210b", "indicator--564257e2-5b68-490b-838d-4f7c950d210b", "indicator--564257e3-c77c-4eaa-88c1-4671950d210b", "indicator--564257e3-7d40-43c9-836d-4ff7950d210b", "indicator--564257e4-b6b4-489c-ae17-4ada950d210b", "indicator--564257e4-6150-4492-b77c-44a6950d210b", "indicator--564257e5-0a28-44b8-9746-424e950d210b", "indicator--564257e5-d794-49d1-923a-4b64950d210b", "indicator--564257e6-90d0-4602-9126-4793950d210b", "indicator--564257e6-2228-48a1-b657-4a8a950d210b", "indicator--564257e7-1fb4-4784-9fbc-4d93950d210b", "indicator--564257e7-b818-4071-8678-4126950d210b", "indicator--564257e8-f91c-4c1f-a83d-4114950d210b", "indicator--564257e8-5450-4b7d-8107-4ea0950d210b", "indicator--5642e05c-b2ac-435e-8e69-cf3b950d210b", "indicator--5642e05d-5bd0-4654-9173-cf3b950d210b", "observed-data--5642e05d-5c80-4e8b-b8bd-cf3b950d210b", "url--5642e05d-5c80-4e8b-b8bd-cf3b950d210b", "indicator--5642e05d-7228-48a1-878a-cf3b950d210b", "indicator--5642e05e-7f10-43eb-abf3-cf3b950d210b", "observed-data--5642e05e-fe34-4e45-bc71-cf3b950d210b", "url--5642e05e-fe34-4e45-bc71-cf3b950d210b", "indicator--5642e05f-21c8-4e6d-95de-cf3b950d210b", "indicator--5642e05f-2524-4897-a9e4-cf3b950d210b", "observed-data--5642e05f-f524-4a8e-964d-cf3b950d210b", "url--5642e05f-f524-4a8e-964d-cf3b950d210b", "indicator--5642e060-4254-4c74-a273-cf3b950d210b", "indicator--5642e060-83d4-4c39-83f0-cf3b950d210b", "observed-data--5642e061-a414-4721-bb09-cf3b950d210b", "url--5642e061-a414-4721-bb09-cf3b950d210b", "indicator--5642e061-dbdc-40e1-9046-cf3b950d210b", "indicator--5642e061-b8c0-4e7e-b9f2-cf3b950d210b", "observed-data--5642e062-26e0-4b53-b43e-cf3b950d210b", "url--5642e062-26e0-4b53-b43e-cf3b950d210b", "indicator--5642e062-1d50-48d9-aeb4-cf3b950d210b", "indicator--5642e063-f650-40eb-8441-cf3b950d210b", "observed-data--5642e063-ef9c-44b3-8f16-cf3b950d210b", "url--5642e063-ef9c-44b3-8f16-cf3b950d210b", "indicator--5642e063-1cc8-4af3-bedc-cf3b950d210b", "indicator--5642e064-effc-4189-b0ea-cf3b950d210b", "observed-data--5642e064-3c6c-4e78-bc64-cf3b950d210b", "url--5642e064-3c6c-4e78-bc64-cf3b950d210b", "indicator--5642e065-ab24-419d-90f4-cf3b950d210b", "indicator--5642e065-0828-45ae-9f47-cf3b950d210b", "observed-data--5642e065-d998-48b4-9b6e-cf3b950d210b", "url--5642e065-d998-48b4-9b6e-cf3b950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--564257a4-c8e4-45ee-85cb-68b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:46:28.000Z", "modified": "2015-11-10T20:46:28.000Z", "first_observed": "2015-11-10T20:46:28Z", "last_observed": "2015-11-10T20:46:28Z", "number_observed": 1, "object_refs": [ "url--564257a4-c8e4-45ee-85cb-68b9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--564257a4-c8e4-45ee-85cb-68b9950d210b", "value": "http://phishme.com/macro-documents-with-xor-encoded-payloads/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--564257a4-dc24-4003-ba5d-68b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:46:28.000Z", "modified": "2015-11-10T20:46:28.000Z", "first_observed": "2015-11-10T20:46:28Z", "last_observed": "2015-11-10T20:46:28Z", "number_observed": 1, "object_refs": [ "url--564257a4-dc24-4003-ba5d-68b9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--564257a4-dc24-4003-ba5d-68b9950d210b", "value": "http://phishme.com/wp-content/uploads/Intel.csv" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257d9-0874-4b4c-a7e7-41c1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:21.000Z", "modified": "2015-11-10T20:47:21.000Z", "pattern": "[url:value = 'http://vintageselects.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257d9-2698-4470-a9cf-4a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:21.000Z", "modified": "2015-11-10T20:47:21.000Z", "pattern": "[url:value = 'http://finehotels.net/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257da-6700-4ad5-85c9-4f66950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:22.000Z", "modified": "2015-11-10T20:47:22.000Z", "pattern": "[url:value = 'http://basislabel.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257da-bc04-40c4-a00c-4ee3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:22.000Z", "modified": "2015-11-10T20:47:22.000Z", "pattern": "[url:value = 'http://textidea.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257db-c1f4-40f5-bb86-4f46950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:23.000Z", "modified": "2015-11-10T20:47:23.000Z", "pattern": "[url:value = 'http://camelcap.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257db-28e0-40b0-8ca7-450e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:23.000Z", "modified": "2015-11-10T20:47:23.000Z", "pattern": "[url:value = 'http://mgsmedia.ru/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257dc-a3c8-429f-ac03-454a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:24.000Z", "modified": "2015-11-10T20:47:24.000Z", "pattern": "[url:value = 'http://pausephone.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257dc-1118-4bf2-9236-4520950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:24.000Z", "modified": "2015-11-10T20:47:24.000Z", "pattern": "[url:value = 'http://fievenghapun.ru/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257dd-975c-4f08-8e5c-4a77950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:25.000Z", "modified": "2015-11-10T20:47:25.000Z", "pattern": "[url:value = 'http://zilibrinixs.net/mizzo773/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257dd-3508-4ea3-bc79-4aee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:25.000Z", "modified": "2015-11-10T20:47:25.000Z", "pattern": "[url:value = 'http://guesstrade.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257de-b044-4b6f-975e-4a1f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:26.000Z", "modified": "2015-11-10T20:47:26.000Z", "pattern": "[url:value = 'http://beheutsi.ru/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257de-2384-4fc4-abb4-4787950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:26.000Z", "modified": "2015-11-10T20:47:26.000Z", "pattern": "[url:value = 'http://wildclick.net/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257df-89e0-4c5f-adde-46aa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:27.000Z", "modified": "2015-11-10T20:47:27.000Z", "pattern": "[url:value = 'http://juskinsandfo.ru/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257df-1000-41fb-86e2-46fc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:27.000Z", "modified": "2015-11-10T20:47:27.000Z", "pattern": "[url:value = 'http://ninthclub.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257df-ab7c-4b4a-bc73-43e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:27.000Z", "modified": "2015-11-10T20:47:27.000Z", "pattern": "[url:value = 'http://yeebay.co/media/system/host.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e0-cdc8-44b6-b522-4f0f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:28.000Z", "modified": "2015-11-10T20:47:28.000Z", "pattern": "[url:value = 'http://helloalliance.net/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e0-1050-4ff4-9bd5-440b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:28.000Z", "modified": "2015-11-10T20:47:28.000Z", "pattern": "[file:hashes.MD5 = '444e36f7f825164db3cb165526b38d7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e1-ba44-43e5-b26c-4459950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:29.000Z", "modified": "2015-11-10T20:47:29.000Z", "pattern": "[file:hashes.MD5 = '4c4e81db339f03b0b5ab0d18d3a40202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e1-0dc8-4d4d-8e82-4def950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:29.000Z", "modified": "2015-11-10T20:47:29.000Z", "pattern": "[file:hashes.MD5 = '25cd7beff6db77752efda58b703c1acd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e2-f604-43c4-9c84-4670950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:30.000Z", "modified": "2015-11-10T20:47:30.000Z", "pattern": "[file:hashes.MD5 = 'b198efe59d67728c7d0a339a7490222c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e2-5b68-490b-838d-4f7c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:30.000Z", "modified": "2015-11-10T20:47:30.000Z", "pattern": "[file:hashes.MD5 = '539ffbf98931aaaea5b745640988071a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e3-c77c-4eaa-88c1-4671950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:31.000Z", "modified": "2015-11-10T20:47:31.000Z", "pattern": "[file:hashes.MD5 = '88c69cd7738b6c2228e3c602d385fab3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e3-7d40-43c9-836d-4ff7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:31.000Z", "modified": "2015-11-10T20:47:31.000Z", "pattern": "[url:value = 'http://webshop.outsourcing4work.de/m1.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e4-b6b4-489c-ae17-4ada950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:32.000Z", "modified": "2015-11-10T20:47:32.000Z", "pattern": "[file:hashes.MD5 = '7b14b4a5c21168de932e3c9bdce5805e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e4-6150-4492-b77c-44a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:32.000Z", "modified": "2015-11-10T20:47:32.000Z", "pattern": "[file:hashes.MD5 = '6a2acafe7cd587351b3ef40b0f0384cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e5-0a28-44b8-9746-424e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:33.000Z", "modified": "2015-11-10T20:47:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.148.26.44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e5-d794-49d1-923a-4b64950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:33.000Z", "modified": "2015-11-10T20:47:33.000Z", "pattern": "[url:value = 'http://hungphatea.com.au/media/system/host.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e6-90d0-4602-9126-4793950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:34.000Z", "modified": "2015-11-10T20:47:34.000Z", "pattern": "[url:value = 'http://castuning.ru/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e6-2228-48a1-b657-4a8a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:34.000Z", "modified": "2015-11-10T20:47:34.000Z", "pattern": "[url:value = 'http://seaboy.net/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e7-1fb4-4784-9fbc-4d93950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:35.000Z", "modified": "2015-11-10T20:47:35.000Z", "pattern": "[url:value = 'http://hybridtrend.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e7-b818-4071-8678-4126950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:35.000Z", "modified": "2015-11-10T20:47:35.000Z", "pattern": "[url:value = 'http://gourmet.pergaz.com/media/system/host.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e8-f91c-4c1f-a83d-4114950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:36.000Z", "modified": "2015-11-10T20:47:36.000Z", "pattern": "[url:value = 'http://circlewear.net/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564257e8-5450-4b7d-8107-4ea0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-10T20:47:36.000Z", "modified": "2015-11-10T20:47:36.000Z", "pattern": "[url:value = 'http://ideagreens.com/work/new/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-10T20:47:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e05c-b2ac-435e-8e69-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:48.000Z", "modified": "2015-11-11T06:29:48.000Z", "description": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd", "pattern": "[file:hashes.SHA256 = 'f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e05d-5bd0-4654-9173-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:49.000Z", "modified": "2015-11-11T06:29:49.000Z", "description": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd", "pattern": "[file:hashes.SHA1 = '0be14ac098d24b2ec3cd7f7560e2a47587c33f8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e05d-5c80-4e8b-b8bd-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:49.000Z", "modified": "2015-11-11T06:29:49.000Z", "first_observed": "2015-11-11T06:29:49Z", "last_observed": "2015-11-11T06:29:49Z", "number_observed": 1, "object_refs": [ "url--5642e05d-5c80-4e8b-b8bd-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e05d-5c80-4e8b-b8bd-cf3b950d210b", "value": "https://www.virustotal.com/file/f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2/analysis/1446306023/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e05d-7228-48a1-878a-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:49.000Z", "modified": "2015-11-11T06:29:49.000Z", "description": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e", "pattern": "[file:hashes.SHA256 = 'dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e05e-7f10-43eb-abf3-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:50.000Z", "modified": "2015-11-11T06:29:50.000Z", "description": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e", "pattern": "[file:hashes.SHA1 = '0dcae2786f206149c06940c168945c58ae916be3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e05e-fe34-4e45-bc71-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:50.000Z", "modified": "2015-11-11T06:29:50.000Z", "first_observed": "2015-11-11T06:29:50Z", "last_observed": "2015-11-11T06:29:50Z", "number_observed": 1, "object_refs": [ "url--5642e05e-fe34-4e45-bc71-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e05e-fe34-4e45-bc71-cf3b950d210b", "value": "https://www.virustotal.com/file/dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00/analysis/1446984972/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e05f-21c8-4e6d-95de-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:51.000Z", "modified": "2015-11-11T06:29:51.000Z", "description": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3", "pattern": "[file:hashes.SHA256 = '8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e05f-2524-4897-a9e4-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:51.000Z", "modified": "2015-11-11T06:29:51.000Z", "description": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3", "pattern": "[file:hashes.SHA1 = 'ba6c7c6139f293dc5c442bf838c0bf90967496ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e05f-f524-4a8e-964d-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:51.000Z", "modified": "2015-11-11T06:29:51.000Z", "first_observed": "2015-11-11T06:29:51Z", "last_observed": "2015-11-11T06:29:51Z", "number_observed": 1, "object_refs": [ "url--5642e05f-f524-4a8e-964d-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e05f-f524-4a8e-964d-cf3b950d210b", "value": "https://www.virustotal.com/file/8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597/analysis/1446927268/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e060-4254-4c74-a273-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:52.000Z", "modified": "2015-11-11T06:29:52.000Z", "description": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a", "pattern": "[file:hashes.SHA256 = 'f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e060-83d4-4c39-83f0-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:52.000Z", "modified": "2015-11-11T06:29:52.000Z", "description": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a", "pattern": "[file:hashes.SHA1 = 'c0c2d67ed3cb2f684687c33846a62557faa20059']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e061-a414-4721-bb09-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:53.000Z", "modified": "2015-11-11T06:29:53.000Z", "first_observed": "2015-11-11T06:29:53Z", "last_observed": "2015-11-11T06:29:53Z", "number_observed": 1, "object_refs": [ "url--5642e061-a414-4721-bb09-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e061-a414-4721-bb09-cf3b950d210b", "value": "https://www.virustotal.com/file/f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4/analysis/1446984946/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e061-dbdc-40e1-9046-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:53.000Z", "modified": "2015-11-11T06:29:53.000Z", "description": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c", "pattern": "[file:hashes.SHA256 = '2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e061-b8c0-4e7e-b9f2-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:53.000Z", "modified": "2015-11-11T06:29:53.000Z", "description": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c", "pattern": "[file:hashes.SHA1 = 'b0c27b220d32f2e94d75c0074835a8345f81b725']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e062-26e0-4b53-b43e-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:54.000Z", "modified": "2015-11-11T06:29:54.000Z", "first_observed": "2015-11-11T06:29:54Z", "last_observed": "2015-11-11T06:29:54Z", "number_observed": 1, "object_refs": [ "url--5642e062-26e0-4b53-b43e-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e062-26e0-4b53-b43e-cf3b950d210b", "value": "https://www.virustotal.com/file/2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4/analysis/1447109802/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e062-1d50-48d9-aeb4-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:54.000Z", "modified": "2015-11-11T06:29:54.000Z", "description": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd", "pattern": "[file:hashes.SHA256 = '7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e063-f650-40eb-8441-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:55.000Z", "modified": "2015-11-11T06:29:55.000Z", "description": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd", "pattern": "[file:hashes.SHA1 = '69d552eec7853df9c92802ac8f4a0601366b1e72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e063-ef9c-44b3-8f16-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:55.000Z", "modified": "2015-11-11T06:29:55.000Z", "first_observed": "2015-11-11T06:29:55Z", "last_observed": "2015-11-11T06:29:55Z", "number_observed": 1, "object_refs": [ "url--5642e063-ef9c-44b3-8f16-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e063-ef9c-44b3-8f16-cf3b950d210b", "value": "https://www.virustotal.com/file/7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca/analysis/1446249621/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e063-1cc8-4af3-bedc-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:55.000Z", "modified": "2015-11-11T06:29:55.000Z", "description": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202", "pattern": "[file:hashes.SHA256 = '5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e064-effc-4189-b0ea-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:56.000Z", "modified": "2015-11-11T06:29:56.000Z", "description": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202", "pattern": "[file:hashes.SHA1 = '92eab2d3224bd1c465052dc48bca7e379c7c1cdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e064-3c6c-4e78-bc64-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:56.000Z", "modified": "2015-11-11T06:29:56.000Z", "first_observed": "2015-11-11T06:29:56Z", "last_observed": "2015-11-11T06:29:56Z", "number_observed": 1, "object_refs": [ "url--5642e064-3c6c-4e78-bc64-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e064-3c6c-4e78-bc64-cf3b950d210b", "value": "https://www.virustotal.com/file/5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340/analysis/1446927456/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e065-ab24-419d-90f4-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:57.000Z", "modified": "2015-11-11T06:29:57.000Z", "description": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e", "pattern": "[file:hashes.SHA256 = 'db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642e065-0828-45ae-9f47-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:57.000Z", "modified": "2015-11-11T06:29:57.000Z", "description": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e", "pattern": "[file:hashes.SHA1 = '97ea5ac4bc95e6d660c362bf478b4d1f6bfaf7db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-11T06:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5642e065-d998-48b4-9b6e-cf3b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-11T06:29:57.000Z", "modified": "2015-11-11T06:29:57.000Z", "first_observed": "2015-11-11T06:29:57Z", "last_observed": "2015-11-11T06:29:57Z", "number_observed": 1, "object_refs": [ "url--5642e065-d998-48b4-9b6e-cf3b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5642e065-d998-48b4-9b6e-cf3b950d210b", "value": "https://www.virustotal.com/file/db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401/analysis/1446472959/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }