{ "type": "bundle", "id": "bundle--56b06dc5-2cac-46c1-9827-40f7950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:31.000Z", "modified": "2016-02-02T10:21:31.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56b06dc5-2cac-46c1-9827-40f7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:31.000Z", "modified": "2016-02-02T10:21:31.000Z", "name": "OSINT Neutrino Exploit Kit \u00e2\u20ac\u201c One Flash File to Rule Them All by SpiderLabs", "published": "2016-02-02T10:22:12Z", "object_refs": [ "observed-data--56b06e40-1d8c-4c17-a38a-4edd950d210f", "url--56b06e40-1d8c-4c17-a38a-4edd950d210f", "observed-data--56b06e40-0720-4f15-a55a-45bd950d210f", "url--56b06e40-0720-4f15-a55a-45bd950d210f", "observed-data--56b06e41-49e0-42e1-be2e-4996950d210f", "url--56b06e41-49e0-42e1-be2e-4996950d210f", "observed-data--56b06e41-7338-45c2-be4a-4d02950d210f", "url--56b06e41-7338-45c2-be4a-4d02950d210f", "observed-data--56b06e41-c220-43ab-85d8-4b65950d210f", "url--56b06e41-c220-43ab-85d8-4b65950d210f", "observed-data--56b06e41-8174-4851-8b69-4f47950d210f", "url--56b06e41-8174-4851-8b69-4f47950d210f", "observed-data--56b06e42-6d78-48db-981d-4e9e950d210f", "url--56b06e42-6d78-48db-981d-4e9e950d210f", "observed-data--56b06e42-9248-48b9-94e9-4661950d210f", "url--56b06e42-9248-48b9-94e9-4661950d210f", "observed-data--56b06e42-884c-41e1-9d02-4dea950d210f", "url--56b06e42-884c-41e1-9d02-4dea950d210f", "vulnerability--56b06e43-bb98-4f46-8f01-47dd950d210f", "vulnerability--56b06e43-31b8-4c43-a4ca-4cf7950d210f", "vulnerability--56b06e43-5e4c-49b1-a587-45da950d210f", "vulnerability--56b06e43-9aa4-45ea-af96-4db5950d210f", "vulnerability--56b06e43-e444-402f-b7c9-40df950d210f", "indicator--56b08324-818c-454e-ad50-4dbc950d210f", "indicator--56b08324-53dc-4e5a-ad8e-49c4950d210f", "indicator--56b08324-e65c-4764-b7a1-47c2950d210f", "indicator--56b08325-c95c-4ac3-816a-4a50950d210f", "indicator--56b08325-d3f4-4fd1-b883-484b950d210f", "indicator--56b08325-0fbc-4079-ad7f-4721950d210f", "indicator--56b08326-70a0-45a7-ab8c-4b12950d210f", "indicator--56b08326-1ff4-4d32-b2a7-48af950d210f", "indicator--56b08326-a488-4231-b083-4f54950d210f", "indicator--56b08327-1a8c-40ae-9a0d-47b1950d210f", "indicator--56b08327-55d4-4d21-afee-4b59950d210f", "indicator--56b08327-9544-4acc-9589-41f0950d210f", "indicator--56b08328-301c-4c14-a1b3-4ee7950d210f", "indicator--56b08328-3fc0-466a-b935-429c950d210f", "indicator--56b08328-9104-4032-9412-4ce8950d210f", "indicator--56b08329-1264-47d0-95e7-4a78950d210f", "indicator--56b08329-6804-4c65-828b-48c0950d210f", "indicator--56b08329-6708-4024-8bf0-4e82950d210f", "indicator--56b0832a-2aa4-4456-9c85-4979950d210f", "indicator--56b0832a-9614-4c39-9c4f-44d0950d210f", "indicator--56b0832a-bd8c-4789-9d90-4f79950d210f", "indicator--56b0832b-b0ac-4d5e-b482-4f17950d210f", "indicator--56b0832b-0b14-4b57-941c-49d4950d210f", "indicator--56b0832b-7bcc-452a-beb9-4867950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "admiralty-scale:source-reliability=\"b\"", "admiralty-scale:information-credibility=\"1\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e40-1d8c-4c17-a38a-4edd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:16.000Z", "modified": "2016-02-02T08:52:16.000Z", "first_observed": "2016-02-02T08:52:16Z", "last_observed": "2016-02-02T08:52:16Z", "number_observed": 1, "object_refs": [ "url--56b06e40-1d8c-4c17-a38a-4edd950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e40-1d8c-4c17-a38a-4edd950d210f", "value": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Neutrino-Exploit-Kit-%E2%80%93-One-Flash-File-to-Rule-Them-All/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e40-0720-4f15-a55a-45bd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:16.000Z", "modified": "2016-02-02T08:52:16.000Z", "first_observed": "2016-02-02T08:52:16Z", "last_observed": "2016-02-02T08:52:16Z", "number_observed": 1, "object_refs": [ "url--56b06e40-0720-4f15-a55a-45bd950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e40-0720-4f15-a55a-45bd950d210f", "value": "https://www.virustotal.com/en/file/05a50b8b9cccdfa6adcb1f1173c021c8944b3aa5312e21e0af015a98735263b2/analysis/1447730847/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e41-49e0-42e1-be2e-4996950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:17.000Z", "modified": "2016-02-02T08:52:17.000Z", "first_observed": "2016-02-02T08:52:17Z", "last_observed": "2016-02-02T08:52:17Z", "number_observed": 1, "object_refs": [ "url--56b06e41-49e0-42e1-be2e-4996950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e41-49e0-42e1-be2e-4996950d210f", "value": "https://www.virustotal.com/en/file/7a1a1e3ae834e7682f3762c743ac44c5c35eeaf35f84ed6dcfff603c1e0357e8/analysis/1450952590/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e41-7338-45c2-be4a-4d02950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:17.000Z", "modified": "2016-02-02T08:52:17.000Z", "first_observed": "2016-02-02T08:52:17Z", "last_observed": "2016-02-02T08:52:17Z", "number_observed": 1, "object_refs": [ "url--56b06e41-7338-45c2-be4a-4d02950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e41-7338-45c2-be4a-4d02950d210f", "value": "https://www.virustotal.com/en/file/aee8a02ac4176d4c712520ea0eef75850ad88bf196db983d6d4ccbba6f100d76/analysis/1450952600/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e41-c220-43ab-85d8-4b65950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:17.000Z", "modified": "2016-02-02T08:52:17.000Z", "first_observed": "2016-02-02T08:52:17Z", "last_observed": "2016-02-02T08:52:17Z", "number_observed": 1, "object_refs": [ "url--56b06e41-c220-43ab-85d8-4b65950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e41-c220-43ab-85d8-4b65950d210f", "value": "https://www.virustotal.com/en/file/34b609d980a6baffe4ffe5927730c641b58c274239df68d1846566366940dcea/analysis/1450952611/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e41-8174-4851-8b69-4f47950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:17.000Z", "modified": "2016-02-02T08:52:17.000Z", "first_observed": "2016-02-02T08:52:17Z", "last_observed": "2016-02-02T08:52:17Z", "number_observed": 1, "object_refs": [ "url--56b06e41-8174-4851-8b69-4f47950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e41-8174-4851-8b69-4f47950d210f", "value": "https://www.virustotal.com/en/file/972ec16e4fc85c88326d7bb616f7091dbc1448369e23107bb7bc0ad15a1046bd/analysis/1450952680/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e42-6d78-48db-981d-4e9e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:18.000Z", "modified": "2016-02-02T08:52:18.000Z", "first_observed": "2016-02-02T08:52:18Z", "last_observed": "2016-02-02T08:52:18Z", "number_observed": 1, "object_refs": [ "url--56b06e42-6d78-48db-981d-4e9e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e42-6d78-48db-981d-4e9e950d210f", "value": "https://www.virustotal.com/en/file/806ab2c5b089bd3db019bc98ce00b28a57a936e06b3ad81104453b7aab2be43a/analysis/1450952686/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e42-9248-48b9-94e9-4661950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:18.000Z", "modified": "2016-02-02T08:52:18.000Z", "first_observed": "2016-02-02T08:52:18Z", "last_observed": "2016-02-02T08:52:18Z", "number_observed": 1, "object_refs": [ "url--56b06e42-9248-48b9-94e9-4661950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e42-9248-48b9-94e9-4661950d210f", "value": "https://www.virustotal.com/en/file/163822f0eda6927994cb60736b9eb51600c203c4869b51db362aaba5203c2e98/analysis/1450952692/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06e42-884c-41e1-9d02-4dea950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:18.000Z", "modified": "2016-02-02T08:52:18.000Z", "first_observed": "2016-02-02T08:52:18Z", "last_observed": "2016-02-02T08:52:18Z", "number_observed": 1, "object_refs": [ "url--56b06e42-884c-41e1-9d02-4dea950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06e42-884c-41e1-9d02-4dea950d210f", "value": "https://www.virustotal.com/en/file/fe5bfee142d70d9d2e80f9e09659a244a7aaa262df9088b3643626b0fdba11e0/analysis/1450952540/" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--56b06e43-bb98-4f46-8f01-47dd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:19.000Z", "modified": "2016-02-02T08:52:19.000Z", "name": "CVE-2015-2419", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-2419" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--56b06e43-31b8-4c43-a4ca-4cf7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:19.000Z", "modified": "2016-02-02T08:52:19.000Z", "name": "CVE-2013-2551", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2013-2551" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--56b06e43-5e4c-49b1-a587-45da950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:19.000Z", "modified": "2016-02-02T08:52:19.000Z", "name": "CVE-2014-6332", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-6332" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--56b06e43-9aa4-45ea-af96-4db5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:19.000Z", "modified": "2016-02-02T08:52:19.000Z", "name": "CVE-2015-7645", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-7645" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--56b06e43-e444-402f-b7c9-40df950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:52:19.000Z", "modified": "2016-02-02T08:52:19.000Z", "name": "CVE-2014-0569", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-0569" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08324-818c-454e-ad50-4dbc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:24.000Z", "modified": "2016-02-02T10:21:24.000Z", "pattern": "[file:hashes.MD5 = 'd4b9af141d7f2e1b97e55f17133f4919']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08324-53dc-4e5a-ad8e-49c4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:24.000Z", "modified": "2016-02-02T10:21:24.000Z", "pattern": "[file:hashes.SHA1 = 'e6607695a56f13c001c29ae0a4d9ac2b5741626c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08324-e65c-4764-b7a1-47c2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:24.000Z", "modified": "2016-02-02T10:21:24.000Z", "pattern": "[file:hashes.SHA256 = 'fe5bfee142d70d9d2e80f9e09659a244a7aaa262df9088b3643626b0fdba11e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08325-c95c-4ac3-816a-4a50950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:25.000Z", "modified": "2016-02-02T10:21:25.000Z", "pattern": "[file:hashes.MD5 = 'd523b243c629f71bcdbbd09a1274ec59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08325-d3f4-4fd1-b883-484b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:25.000Z", "modified": "2016-02-02T10:21:25.000Z", "pattern": "[file:hashes.SHA1 = '453a2e0069a26e9b7e2db638a8b1942e95c0a5a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08325-0fbc-4079-ad7f-4721950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:25.000Z", "modified": "2016-02-02T10:21:25.000Z", "pattern": "[file:hashes.SHA256 = '163822f0eda6927994cb60736b9eb51600c203c4869b51db362aaba5203c2e98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08326-70a0-45a7-ab8c-4b12950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:26.000Z", "modified": "2016-02-02T10:21:26.000Z", "pattern": "[file:hashes.MD5 = '4fc2d57dd2b96eca1d3e24441fc3c401']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08326-1ff4-4d32-b2a7-48af950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:26.000Z", "modified": "2016-02-02T10:21:26.000Z", "pattern": "[file:hashes.SHA1 = '3c0b6cf1d75aca0e339efecb700a3458aa27017e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08326-a488-4231-b083-4f54950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:26.000Z", "modified": "2016-02-02T10:21:26.000Z", "pattern": "[file:hashes.SHA256 = '806ab2c5b089bd3db019bc98ce00b28a57a936e06b3ad81104453b7aab2be43a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08327-1a8c-40ae-9a0d-47b1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:27.000Z", "modified": "2016-02-02T10:21:27.000Z", "pattern": "[file:hashes.MD5 = 'dbb069409242bcf180c48bbc22df9dd1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08327-55d4-4d21-afee-4b59950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:27.000Z", "modified": "2016-02-02T10:21:27.000Z", "pattern": "[file:hashes.SHA1 = 'efdb659b75d4af0aab67b40042755bfb1f84357e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08327-9544-4acc-9589-41f0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:27.000Z", "modified": "2016-02-02T10:21:27.000Z", "pattern": "[file:hashes.SHA256 = '972ec16e4fc85c88326d7bb616f7091dbc1448369e23107bb7bc0ad15a1046bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08328-301c-4c14-a1b3-4ee7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:28.000Z", "modified": "2016-02-02T10:21:28.000Z", "pattern": "[file:hashes.MD5 = '955c42d4d9ac6b821dcb022b790aad82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08328-3fc0-466a-b935-429c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:28.000Z", "modified": "2016-02-02T10:21:28.000Z", "pattern": "[file:hashes.SHA1 = '5eb520aec1f1c992771f6a4559cda73cd60a5aaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08328-9104-4032-9412-4ce8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:28.000Z", "modified": "2016-02-02T10:21:28.000Z", "pattern": "[file:hashes.SHA256 = '34b609d980a6baffe4ffe5927730c641b58c274239df68d1846566366940dcea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08329-1264-47d0-95e7-4a78950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:29.000Z", "modified": "2016-02-02T10:21:29.000Z", "pattern": "[file:hashes.MD5 = '4b0235980414e7fa8e188a0c2fc52b1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08329-6804-4c65-828b-48c0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:29.000Z", "modified": "2016-02-02T10:21:29.000Z", "pattern": "[file:hashes.SHA1 = '90e6bb86cb96abdcd82576669b7a3dfd3a5c641d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b08329-6708-4024-8bf0-4e82950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:29.000Z", "modified": "2016-02-02T10:21:29.000Z", "pattern": "[file:hashes.SHA256 = 'aee8a02ac4176d4c712520ea0eef75850ad88bf196db983d6d4ccbba6f100d76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0832a-2aa4-4456-9c85-4979950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:30.000Z", "modified": "2016-02-02T10:21:30.000Z", "pattern": "[file:hashes.MD5 = 'cd4ac99e8fe25c9365708745db6ac7ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0832a-9614-4c39-9c4f-44d0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:30.000Z", "modified": "2016-02-02T10:21:30.000Z", "pattern": "[file:hashes.SHA1 = '7bc541ef970788a07c973ff8844ea758136fd711']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0832a-bd8c-4789-9d90-4f79950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:30.000Z", "modified": "2016-02-02T10:21:30.000Z", "pattern": "[file:hashes.SHA256 = '7a1a1e3ae834e7682f3762c743ac44c5c35eeaf35f84ed6dcfff603c1e0357e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0832b-b0ac-4d5e-b482-4f17950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:30.000Z", "modified": "2016-02-02T10:21:30.000Z", "pattern": "[file:hashes.MD5 = '7f2b2f029fdc740b61d3b88c89913cf6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0832b-0b14-4b57-941c-49d4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:31.000Z", "modified": "2016-02-02T10:21:31.000Z", "pattern": "[file:hashes.SHA1 = '7a044056194b07daa6a4c104be03e6fccd9089dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0832b-7bcc-452a-beb9-4867950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T10:21:31.000Z", "modified": "2016-02-02T10:21:31.000Z", "pattern": "[file:hashes.SHA256 = '05a50b8b9cccdfa6adcb1f1173c021c8944b3aa5312e21e0af015a98735263b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T10:21:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }