{ "type": "bundle", "id": "bundle--570611e3-9f58-493b-8760-3510950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:44:00.000Z", "modified": "2016-04-07T09:44:00.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--570611e3-9f58-493b-8760-3510950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:44:00.000Z", "modified": "2016-04-07T09:44:00.000Z", "name": "OSINT - Most prevalent Android ransomware in the West arrives in Japan", "published": "2016-04-07T09:45:14Z", "object_refs": [ "indicator--570612a6-8674-4828-bc6a-350f950d210f", "indicator--570612a6-1054-4f41-b27c-350f950d210f", "indicator--570612a6-3f3c-4566-b896-350f950d210f", "indicator--570612a7-e4c0-4810-8057-350f950d210f", "indicator--570612a7-9348-424b-8e6f-350f950d210f", "indicator--570612a8-5b10-4167-a929-350f950d210f", "indicator--570612a8-8730-4810-a800-350f950d210f", "indicator--570612a8-f828-4b64-8e1a-350f950d210f", "indicator--570612a9-5b58-460d-be2e-350f950d210f", "indicator--570612a9-9730-4738-a560-350f950d210f", "indicator--570612a9-77d0-4fbc-8338-350f950d210f", "indicator--570612aa-53d8-4246-82c6-350f950d210f", "indicator--570612aa-6ab8-4f67-b6be-350f950d210f", "indicator--570612aa-8fe8-4da4-bdbc-350f950d210f", "indicator--570612ab-25a8-4edd-bb88-350f950d210f", "indicator--570612ab-bda4-47b1-a023-350f950d210f", "indicator--570612ac-043c-4833-b8a3-350f950d210f", "indicator--570612ac-e6d0-4dc6-80ec-350f950d210f", "indicator--570612ac-6d0c-440f-8d4e-350f950d210f", "indicator--570612ad-bf20-4f61-ab36-350f950d210f", "indicator--570612ad-8584-4958-b13b-350f950d210f", "indicator--570612ad-2b54-4750-83df-350f950d210f", "indicator--570612ad-a220-45b3-ba41-350f950d210f", "indicator--570612ae-b3ec-470a-827f-350f950d210f", "indicator--57062aeb-2470-44cf-ac9c-bac702de0b81", "indicator--57062aec-bad4-4768-ae81-bac702de0b81", "observed-data--57062aec-f388-4c68-8139-bac702de0b81", "url--57062aec-f388-4c68-8139-bac702de0b81", "indicator--57062aec-5e90-462e-9441-bac702de0b81", "indicator--57062aed-a830-4cd0-9c7b-bac702de0b81", "observed-data--57062aed-6204-4e15-84fc-bac702de0b81", "url--57062aed-6204-4e15-84fc-bac702de0b81", "indicator--57062aed-e790-4264-a54a-bac702de0b81", "indicator--57062aee-9e94-4efe-a1b4-bac702de0b81", "observed-data--57062aee-e3f4-4359-a7ef-bac702de0b81", "url--57062aee-e3f4-4359-a7ef-bac702de0b81", "indicator--57062aee-2dd8-4282-911b-bac702de0b81", "indicator--57062aee-82b4-4586-a27f-bac702de0b81", "observed-data--57062aef-17dc-4408-bb7b-bac702de0b81", "url--57062aef-17dc-4408-bb7b-bac702de0b81", "indicator--57062aef-c534-450e-8dca-bac702de0b81", "indicator--57062aef-e6f0-4f54-b832-bac702de0b81", "observed-data--57062af0-9e14-4061-b796-bac702de0b81", "url--57062af0-9e14-4061-b796-bac702de0b81", "indicator--57062af0-5324-4773-80c6-bac702de0b81", "indicator--57062af0-f644-4fab-83ae-bac702de0b81", "observed-data--57062af1-2034-4de7-88ca-bac702de0b81", "url--57062af1-2034-4de7-88ca-bac702de0b81", "indicator--57062af1-4b1c-4fce-aebf-bac702de0b81", "indicator--57062af1-4d04-4602-b35c-bac702de0b81", "observed-data--57062af1-f4e4-481e-8561-bac702de0b81", "url--57062af1-f4e4-481e-8561-bac702de0b81", "indicator--57062af2-0210-4a9d-950d-bac702de0b81", "indicator--57062af2-e7bc-4856-92d7-bac702de0b81", "observed-data--57062af2-cccc-44b4-886f-bac702de0b81", "url--57062af2-cccc-44b4-886f-bac702de0b81", "indicator--57062af3-d07c-4435-8487-bac702de0b81", "indicator--57062af3-3848-4896-8026-bac702de0b81", "observed-data--57062af3-56b4-4ad1-82c5-bac702de0b81", "url--57062af3-56b4-4ad1-82c5-bac702de0b81", "indicator--57062af4-188c-422d-96e0-bac702de0b81", "indicator--57062af4-9754-4e02-8a57-bac702de0b81", "observed-data--57062af4-8f94-48c0-bf5a-bac702de0b81", "url--57062af4-8f94-48c0-bf5a-bac702de0b81", "indicator--57062af4-4228-4990-b71a-bac702de0b81", "indicator--57062af5-95f4-460e-8932-bac702de0b81", "observed-data--57062af5-49d0-43a1-aecd-bac702de0b81", "url--57062af5-49d0-43a1-aecd-bac702de0b81", "indicator--57062af5-0924-40f9-b981-bac702de0b81", "indicator--57062af6-db00-4314-b108-bac702de0b81", "observed-data--57062af6-cf40-4f47-83d9-bac702de0b81", "url--57062af6-cf40-4f47-83d9-bac702de0b81", "indicator--57062af6-d690-4a2e-bdbf-bac702de0b81", "indicator--57062af7-8240-4ee6-b251-bac702de0b81", "observed-data--57062af7-38d4-4018-b785-bac702de0b81", "url--57062af7-38d4-4018-b785-bac702de0b81", "indicator--57062af7-bb64-4b49-84c0-bac702de0b81", "indicator--57062af7-66dc-41ca-8a3f-bac702de0b81", "observed-data--57062af8-afc8-42f8-a2ab-bac702de0b81", "url--57062af8-afc8-42f8-a2ab-bac702de0b81", "indicator--57062af8-1328-4fe8-b200-bac702de0b81", "indicator--57062af8-12a0-4f38-a9a8-bac702de0b81", "observed-data--57062af9-2e4c-4eeb-b0ff-bac702de0b81", "url--57062af9-2e4c-4eeb-b0ff-bac702de0b81", "indicator--57062af9-4ec4-4f69-9d3d-bac702de0b81", "indicator--57062af9-f40c-4838-b7e4-bac702de0b81", "observed-data--57062af9-7cb0-49e6-a122-bac702de0b81", "url--57062af9-7cb0-49e6-a122-bac702de0b81", "indicator--57062afa-f0ec-423b-9451-bac702de0b81", "indicator--57062afa-cf58-4214-a453-bac702de0b81", "observed-data--57062afa-e814-44df-923f-bac702de0b81", "url--57062afa-e814-44df-923f-bac702de0b81", "indicator--57062afb-5648-4a67-8042-bac702de0b81", "indicator--57062afb-1cf0-4c9c-9f8d-bac702de0b81", "observed-data--57062afb-52c8-48dc-b5f2-bac702de0b81", "url--57062afb-52c8-48dc-b5f2-bac702de0b81", "indicator--57062afc-fe8c-4292-acfd-bac702de0b81", "indicator--57062afc-14f0-4c63-aa6d-bac702de0b81", "observed-data--57062afc-2918-4628-b85e-bac702de0b81", "url--57062afc-2918-4628-b85e-bac702de0b81", "indicator--57062afc-d254-4caa-a381-bac702de0b81", "indicator--57062afd-3e98-4249-a03f-bac702de0b81", "observed-data--57062afd-31f4-40a9-bf9c-bac702de0b81", "url--57062afd-31f4-40a9-bf9c-bac702de0b81", "indicator--57062afd-7814-4d5e-9caa-bac702de0b81", "indicator--57062afe-6784-4da9-81a5-bac702de0b81", "observed-data--57062afe-54c8-4b8a-9822-bac702de0b81", "url--57062afe-54c8-4b8a-9822-bac702de0b81", "indicator--57062afe-9e24-409b-b0a6-bac702de0b81", "indicator--57062aff-5714-44fa-bda0-bac702de0b81", "observed-data--57062aff-c34c-43f4-970b-bac702de0b81", "url--57062aff-c34c-43f4-970b-bac702de0b81", "x-misp-attribute--57062bcc-e234-437b-afd9-3509950d210f", "observed-data--57062be0-1ec0-4bd2-9993-350e950d210f", "url--57062be0-1ec0-4bd2-9993-350e950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "malware_classification:malware-category=\"Ransomware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a6-8674-4828-bc6a-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:22.000Z", "modified": "2016-04-07T07:56:22.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '05a9fe032c557852df14be9c24e145bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a6-1054-4f41-b27c-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:22.000Z", "modified": "2016-04-07T07:56:22.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '0be58a6dedbff9a2d08861acddd9ecf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a6-3f3c-4566-b896-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:22.000Z", "modified": "2016-04-07T07:56:22.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '150171ee9bdace16028db879dc312a38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a7-e4c0-4810-8057-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:23.000Z", "modified": "2016-04-07T07:56:23.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '2edaf9b9dc0918dadc8ddfcedf49ca0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a7-9348-424b-8e6f-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:23.000Z", "modified": "2016-04-07T07:56:23.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '3d846a285f70cc881fb59500a259bd17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a8-5b10-4167-a929-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:24.000Z", "modified": "2016-04-07T07:56:24.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '432d6910a334f2dd4a17dcd5a513c374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a8-8730-4810-a800-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:24.000Z", "modified": "2016-04-07T07:56:24.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '47e1285eb9d63d6092ac1e4d3f8944ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a8-f828-4b64-8e1a-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:24.000Z", "modified": "2016-04-07T07:56:24.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '4bbafb6d3ae5f562b6a6b742cd25a5e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a9-5b58-460d-be2e-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:25.000Z", "modified": "2016-04-07T07:56:25.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '5d7405d140b3607e5aef0418b0a3e6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a9-9730-4738-a560-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:25.000Z", "modified": "2016-04-07T07:56:25.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '684d849b6c1538946f55ddb800cf654d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612a9-77d0-4fbc-8338-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:25.000Z", "modified": "2016-04-07T07:56:25.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '716140c878595dca1c447e2a4d59ffaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612aa-53d8-4246-82c6-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:26.000Z", "modified": "2016-04-07T07:56:26.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '7f16f02a4091d0d70ce0726c7323f654']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612aa-6ab8-4f67-b6be-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:26.000Z", "modified": "2016-04-07T07:56:26.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '9a28af9abec460af199713a6b99e6154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612aa-8fe8-4da4-bdbc-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:26.000Z", "modified": "2016-04-07T07:56:26.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '9aefe49b536f13400d4669bc9051074f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ab-25a8-4edd-bb88-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:27.000Z", "modified": "2016-04-07T07:56:27.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '9b2dee1d3d0f18f25048be5a84e7ec6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ab-bda4-47b1-a023-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:27.000Z", "modified": "2016-04-07T07:56:27.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '9d2003315ce87f89a38fe5ba8dfcc113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ac-043c-4833-b8a3-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:28.000Z", "modified": "2016-04-07T07:56:28.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'b307dbfbda494b98fc75762077a3f9bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ac-e6d0-4dc6-80ec-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:28.000Z", "modified": "2016-04-07T07:56:28.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'b495bd826e3414cb1cf1701d090aca3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ac-6d0c-440f-8d4e-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:28.000Z", "modified": "2016-04-07T07:56:28.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'b5689dbf26452811e97b3a1c877a4f02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ad-bf20-4f61-ab36-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:28.000Z", "modified": "2016-04-07T07:56:28.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'bad492bb6ebc5bee77d33529371b4cef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ad-8584-4958-b13b-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:29.000Z", "modified": "2016-04-07T07:56:29.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'bba6b9b0c656507e0a9ca2c715d75bea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ad-2b54-4750-83df-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:29.000Z", "modified": "2016-04-07T07:56:29.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'bf35624f3f004606801f40ef1b5a7122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ad-a220-45b3-ba41-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:29.000Z", "modified": "2016-04-07T07:56:29.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'c720f02f55839fddc580dc934df918b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570612ae-b3ec-470a-827f-350f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T07:56:30.000Z", "modified": "2016-04-07T07:56:30.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'f1015fa58b8a42e19749667d339002fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T07:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aeb-2470-44cf-ac9c-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:55.000Z", "modified": "2016-04-07T09:39:55.000Z", "description": "Imported via the freetext import. - Xchecked via VT: f1015fa58b8a42e19749667d339002fc", "pattern": "[file:hashes.SHA256 = '3270679b9725d1ba5d18d274bd83a08ddc700ddd6cbfce7347ece6887454b0fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aec-bad4-4768-ae81-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:56.000Z", "modified": "2016-04-07T09:39:56.000Z", "description": "Imported via the freetext import. - Xchecked via VT: f1015fa58b8a42e19749667d339002fc", "pattern": "[file:hashes.SHA1 = 'f710978f80447b9e7fc346f299752c225d11f01c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062aec-f388-4c68-8139-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:56.000Z", "modified": "2016-04-07T09:39:56.000Z", "first_observed": "2016-04-07T09:39:56Z", "last_observed": "2016-04-07T09:39:56Z", "number_observed": 1, "object_refs": [ "url--57062aec-f388-4c68-8139-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062aec-f388-4c68-8139-bac702de0b81", "value": "https://www.virustotal.com/file/3270679b9725d1ba5d18d274bd83a08ddc700ddd6cbfce7347ece6887454b0fb/analysis/1459541087/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aec-5e90-462e-9441-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:56.000Z", "modified": "2016-04-07T09:39:56.000Z", "description": "Imported via the freetext import. - Xchecked via VT: c720f02f55839fddc580dc934df918b6", "pattern": "[file:hashes.SHA256 = '46f55f2994118cae99dec80eae8aff4dc32cc3ec3a7ece44b9c78624794d3062']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aed-a830-4cd0-9c7b-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:57.000Z", "modified": "2016-04-07T09:39:57.000Z", "description": "Imported via the freetext import. - Xchecked via VT: c720f02f55839fddc580dc934df918b6", "pattern": "[file:hashes.SHA1 = '65d7df60e110c4948c7c1f1c334fb7d602e38fd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062aed-6204-4e15-84fc-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:57.000Z", "modified": "2016-04-07T09:39:57.000Z", "first_observed": "2016-04-07T09:39:57Z", "last_observed": "2016-04-07T09:39:57Z", "number_observed": 1, "object_refs": [ "url--57062aed-6204-4e15-84fc-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062aed-6204-4e15-84fc-bac702de0b81", "value": "https://www.virustotal.com/file/46f55f2994118cae99dec80eae8aff4dc32cc3ec3a7ece44b9c78624794d3062/analysis/1459541087/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aed-e790-4264-a54a-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:57.000Z", "modified": "2016-04-07T09:39:57.000Z", "description": "Imported via the freetext import. - Xchecked via VT: bf35624f3f004606801f40ef1b5a7122", "pattern": "[file:hashes.SHA256 = '015c8ebd8aeeeb6f83e574fc494bd9f64fef2e7f20dccd58c5b93e7f61796ce3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aee-9e94-4efe-a1b4-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:58.000Z", "modified": "2016-04-07T09:39:58.000Z", "description": "Imported via the freetext import. - Xchecked via VT: bf35624f3f004606801f40ef1b5a7122", "pattern": "[file:hashes.SHA1 = 'b562d6824c0a2bf6f089978ab8b8936b7974e313']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062aee-e3f4-4359-a7ef-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:58.000Z", "modified": "2016-04-07T09:39:58.000Z", "first_observed": "2016-04-07T09:39:58Z", "last_observed": "2016-04-07T09:39:58Z", "number_observed": 1, "object_refs": [ "url--57062aee-e3f4-4359-a7ef-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062aee-e3f4-4359-a7ef-bac702de0b81", "value": "https://www.virustotal.com/file/015c8ebd8aeeeb6f83e574fc494bd9f64fef2e7f20dccd58c5b93e7f61796ce3/analysis/1459541085/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aee-2dd8-4282-911b-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:58.000Z", "modified": "2016-04-07T09:39:58.000Z", "description": "Imported via the freetext import. - Xchecked via VT: bba6b9b0c656507e0a9ca2c715d75bea", "pattern": "[file:hashes.SHA256 = '5df4627e02ba1ef47cd2dcec02c9079012ce5ebd960cb0ff09a1737d248bd746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aee-82b4-4586-a27f-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:58.000Z", "modified": "2016-04-07T09:39:58.000Z", "description": "Imported via the freetext import. - Xchecked via VT: bba6b9b0c656507e0a9ca2c715d75bea", "pattern": "[file:hashes.SHA1 = 'f41bc0dc65f95cc2b24530b7ff9f5192e18eb4a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062aef-17dc-4408-bb7b-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:59.000Z", "modified": "2016-04-07T09:39:59.000Z", "first_observed": "2016-04-07T09:39:59Z", "last_observed": "2016-04-07T09:39:59Z", "number_observed": 1, "object_refs": [ "url--57062aef-17dc-4408-bb7b-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062aef-17dc-4408-bb7b-bac702de0b81", "value": "https://www.virustotal.com/file/5df4627e02ba1ef47cd2dcec02c9079012ce5ebd960cb0ff09a1737d248bd746/analysis/1459253178/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aef-c534-450e-8dca-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:59.000Z", "modified": "2016-04-07T09:39:59.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b5689dbf26452811e97b3a1c877a4f02", "pattern": "[file:hashes.SHA256 = '7c675ec8f29747a30094538d44e4d2a2867ad6efcf7ca8e7173453cc8da465c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aef-e6f0-4f54-b832-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:39:59.000Z", "modified": "2016-04-07T09:39:59.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b5689dbf26452811e97b3a1c877a4f02", "pattern": "[file:hashes.SHA1 = '0adf52dd8b8af46e22572d47dfe1e4e6b82fc34e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:39:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af0-9e14-4061-b796-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:00.000Z", "modified": "2016-04-07T09:40:00.000Z", "first_observed": "2016-04-07T09:40:00Z", "last_observed": "2016-04-07T09:40:00Z", "number_observed": 1, "object_refs": [ "url--57062af0-9e14-4061-b796-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af0-9e14-4061-b796-bac702de0b81", "value": "https://www.virustotal.com/file/7c675ec8f29747a30094538d44e4d2a2867ad6efcf7ca8e7173453cc8da465c8/analysis/1459660357/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af0-5324-4773-80c6-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:00.000Z", "modified": "2016-04-07T09:40:00.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b495bd826e3414cb1cf1701d090aca3a", "pattern": "[file:hashes.SHA256 = '1aae010129f299982682d46379c57563333b4a4fa60aabbf4d6b0e2af8533c07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af0-f644-4fab-83ae-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:00.000Z", "modified": "2016-04-07T09:40:00.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b495bd826e3414cb1cf1701d090aca3a", "pattern": "[file:hashes.SHA1 = 'f600aae91a279a68cf75c55ec0004af3e08086a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af1-2034-4de7-88ca-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:01.000Z", "modified": "2016-04-07T09:40:01.000Z", "first_observed": "2016-04-07T09:40:01Z", "last_observed": "2016-04-07T09:40:01Z", "number_observed": 1, "object_refs": [ "url--57062af1-2034-4de7-88ca-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af1-2034-4de7-88ca-bac702de0b81", "value": "https://www.virustotal.com/file/1aae010129f299982682d46379c57563333b4a4fa60aabbf4d6b0e2af8533c07/analysis/1459541081/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af1-4b1c-4fce-aebf-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:01.000Z", "modified": "2016-04-07T09:40:01.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b307dbfbda494b98fc75762077a3f9bc", "pattern": "[file:hashes.SHA256 = '4e16a0078f701bddfc9fdc3893c161eb0b9422a32b93cecb64e9e8a73ef127ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af1-4d04-4602-b35c-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:01.000Z", "modified": "2016-04-07T09:40:01.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b307dbfbda494b98fc75762077a3f9bc", "pattern": "[file:hashes.SHA1 = 'a4c3722e1c311bb3be8b334125ceb0f782283e7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af1-f4e4-481e-8561-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:01.000Z", "modified": "2016-04-07T09:40:01.000Z", "first_observed": "2016-04-07T09:40:01Z", "last_observed": "2016-04-07T09:40:01Z", "number_observed": 1, "object_refs": [ "url--57062af1-f4e4-481e-8561-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af1-f4e4-481e-8561-bac702de0b81", "value": "https://www.virustotal.com/file/4e16a0078f701bddfc9fdc3893c161eb0b9422a32b93cecb64e9e8a73ef127ac/analysis/1459541079/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af2-0210-4a9d-950d-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:02.000Z", "modified": "2016-04-07T09:40:02.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9d2003315ce87f89a38fe5ba8dfcc113", "pattern": "[file:hashes.SHA256 = '0e0c00f7b7cf9c0c5ed8747532e24ac4e3d339c6f3701a245b768f251abd3f07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af2-e7bc-4856-92d7-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:02.000Z", "modified": "2016-04-07T09:40:02.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9d2003315ce87f89a38fe5ba8dfcc113", "pattern": "[file:hashes.SHA1 = '4d667b2d751469c2d3a4863b6f9f347a57303a2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af2-cccc-44b4-886f-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:02.000Z", "modified": "2016-04-07T09:40:02.000Z", "first_observed": "2016-04-07T09:40:02Z", "last_observed": "2016-04-07T09:40:02Z", "number_observed": 1, "object_refs": [ "url--57062af2-cccc-44b4-886f-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af2-cccc-44b4-886f-bac702de0b81", "value": "https://www.virustotal.com/file/0e0c00f7b7cf9c0c5ed8747532e24ac4e3d339c6f3701a245b768f251abd3f07/analysis/1459541080/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af3-d07c-4435-8487-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:03.000Z", "modified": "2016-04-07T09:40:03.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9b2dee1d3d0f18f25048be5a84e7ec6f", "pattern": "[file:hashes.SHA256 = '79db9c8eb2d503da7b68086ce7fd68eee6fd1a19375a37c300d42a1d06154f26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af3-3848-4896-8026-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:03.000Z", "modified": "2016-04-07T09:40:03.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9b2dee1d3d0f18f25048be5a84e7ec6f", "pattern": "[file:hashes.SHA1 = 'c1415f2d56f14b531d86a425d10a128473bbbcdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af3-56b4-4ad1-82c5-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:03.000Z", "modified": "2016-04-07T09:40:03.000Z", "first_observed": "2016-04-07T09:40:03Z", "last_observed": "2016-04-07T09:40:03Z", "number_observed": 1, "object_refs": [ "url--57062af3-56b4-4ad1-82c5-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af3-56b4-4ad1-82c5-bac702de0b81", "value": "https://www.virustotal.com/file/79db9c8eb2d503da7b68086ce7fd68eee6fd1a19375a37c300d42a1d06154f26/analysis/1459541078/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af4-188c-422d-96e0-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:04.000Z", "modified": "2016-04-07T09:40:04.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9aefe49b536f13400d4669bc9051074f", "pattern": "[file:hashes.SHA256 = '759e0d6d2dc03428934a4cff8150da8fb5476ad4694afa2cc0bd224c3d8653b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af4-9754-4e02-8a57-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:04.000Z", "modified": "2016-04-07T09:40:04.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9aefe49b536f13400d4669bc9051074f", "pattern": "[file:hashes.SHA1 = '9364db0cadbf4d15a0903888bc32d4b3a9b87603']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af4-8f94-48c0-bf5a-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:04.000Z", "modified": "2016-04-07T09:40:04.000Z", "first_observed": "2016-04-07T09:40:04Z", "last_observed": "2016-04-07T09:40:04Z", "number_observed": 1, "object_refs": [ "url--57062af4-8f94-48c0-bf5a-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af4-8f94-48c0-bf5a-bac702de0b81", "value": "https://www.virustotal.com/file/759e0d6d2dc03428934a4cff8150da8fb5476ad4694afa2cc0bd224c3d8653b7/analysis/1459253246/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af4-4228-4990-b71a-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:04.000Z", "modified": "2016-04-07T09:40:04.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9a28af9abec460af199713a6b99e6154", "pattern": "[file:hashes.SHA256 = '0218024a577cc84e097423b010d815ed1b2600ca9cf53ab7fa1cbd3c14eee385']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af5-95f4-460e-8932-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:05.000Z", "modified": "2016-04-07T09:40:05.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 9a28af9abec460af199713a6b99e6154", "pattern": "[file:hashes.SHA1 = '7b61151a2c0bf757f3a4263199e75467c2fe38df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af5-49d0-43a1-aecd-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:05.000Z", "modified": "2016-04-07T09:40:05.000Z", "first_observed": "2016-04-07T09:40:05Z", "last_observed": "2016-04-07T09:40:05Z", "number_observed": 1, "object_refs": [ "url--57062af5-49d0-43a1-aecd-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af5-49d0-43a1-aecd-bac702de0b81", "value": "https://www.virustotal.com/file/0218024a577cc84e097423b010d815ed1b2600ca9cf53ab7fa1cbd3c14eee385/analysis/1459541075/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af5-0924-40f9-b981-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:05.000Z", "modified": "2016-04-07T09:40:05.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 7f16f02a4091d0d70ce0726c7323f654", "pattern": "[file:hashes.SHA256 = '2564e6f38e560a59356f328f0bd58e758e38e854f751324a4710f455a963645d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af6-db00-4314-b108-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:06.000Z", "modified": "2016-04-07T09:40:06.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 7f16f02a4091d0d70ce0726c7323f654", "pattern": "[file:hashes.SHA1 = 'daa08b40519a032f82ecd992f5a4f94b67ae30e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af6-cf40-4f47-83d9-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:06.000Z", "modified": "2016-04-07T09:40:06.000Z", "first_observed": "2016-04-07T09:40:06Z", "last_observed": "2016-04-07T09:40:06Z", "number_observed": 1, "object_refs": [ "url--57062af6-cf40-4f47-83d9-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af6-cf40-4f47-83d9-bac702de0b81", "value": "https://www.virustotal.com/file/2564e6f38e560a59356f328f0bd58e758e38e854f751324a4710f455a963645d/analysis/1459541075/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af6-d690-4a2e-bdbf-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:06.000Z", "modified": "2016-04-07T09:40:06.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 716140c878595dca1c447e2a4d59ffaa", "pattern": "[file:hashes.SHA256 = '00cb36057c7d6a363f80fb09539966c55e3a100b247774f47e39ca65444b80f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af7-8240-4ee6-b251-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:07.000Z", "modified": "2016-04-07T09:40:07.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 716140c878595dca1c447e2a4d59ffaa", "pattern": "[file:hashes.SHA1 = 'a3246178b181fd64c8c6733c09fb31e648844c33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af7-38d4-4018-b785-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:07.000Z", "modified": "2016-04-07T09:40:07.000Z", "first_observed": "2016-04-07T09:40:07Z", "last_observed": "2016-04-07T09:40:07Z", "number_observed": 1, "object_refs": [ "url--57062af7-38d4-4018-b785-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af7-38d4-4018-b785-bac702de0b81", "value": "https://www.virustotal.com/file/00cb36057c7d6a363f80fb09539966c55e3a100b247774f47e39ca65444b80f3/analysis/1459541074/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af7-bb64-4b49-84c0-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:07.000Z", "modified": "2016-04-07T09:40:07.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 684d849b6c1538946f55ddb800cf654d", "pattern": "[file:hashes.SHA256 = '4925af99a6ab9b09fc7efbf31e57bc2bf76dcec7fc826e688f975ee056654b5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af7-66dc-41ca-8a3f-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:07.000Z", "modified": "2016-04-07T09:40:07.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 684d849b6c1538946f55ddb800cf654d", "pattern": "[file:hashes.SHA1 = 'f8d9ee5796f7b380273a930e8063cc6065c01e56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af8-afc8-42f8-a2ab-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:08.000Z", "modified": "2016-04-07T09:40:08.000Z", "first_observed": "2016-04-07T09:40:08Z", "last_observed": "2016-04-07T09:40:08Z", "number_observed": 1, "object_refs": [ "url--57062af8-afc8-42f8-a2ab-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af8-afc8-42f8-a2ab-bac702de0b81", "value": "https://www.virustotal.com/file/4925af99a6ab9b09fc7efbf31e57bc2bf76dcec7fc826e688f975ee056654b5d/analysis/1459541073/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af8-1328-4fe8-b200-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:08.000Z", "modified": "2016-04-07T09:40:08.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 5d7405d140b3607e5aef0418b0a3e6fe", "pattern": "[file:hashes.SHA256 = '5b3b8c36c7bf0711c25d302096d6f2d75cd9b8b3914f11ac363401253f010635']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af8-12a0-4f38-a9a8-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:08.000Z", "modified": "2016-04-07T09:40:08.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 5d7405d140b3607e5aef0418b0a3e6fe", "pattern": "[file:hashes.SHA1 = '38ec3822cd55ca6846a41b36988a763f713d68a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af9-2e4c-4eeb-b0ff-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:09.000Z", "modified": "2016-04-07T09:40:09.000Z", "first_observed": "2016-04-07T09:40:09Z", "last_observed": "2016-04-07T09:40:09Z", "number_observed": 1, "object_refs": [ "url--57062af9-2e4c-4eeb-b0ff-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af9-2e4c-4eeb-b0ff-bac702de0b81", "value": "https://www.virustotal.com/file/5b3b8c36c7bf0711c25d302096d6f2d75cd9b8b3914f11ac363401253f010635/analysis/1459541071/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af9-4ec4-4f69-9d3d-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:09.000Z", "modified": "2016-04-07T09:40:09.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 4bbafb6d3ae5f562b6a6b742cd25a5e6", "pattern": "[file:hashes.SHA256 = '4f0b010d23285957e065264f5396b17b2b382f8f16a2946a5dd003ef897d7c69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062af9-f40c-4838-b7e4-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:09.000Z", "modified": "2016-04-07T09:40:09.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 4bbafb6d3ae5f562b6a6b742cd25a5e6", "pattern": "[file:hashes.SHA1 = '67913ce490e927e7fbc2ed88a996acf7d83f2727']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062af9-7cb0-49e6-a122-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:09.000Z", "modified": "2016-04-07T09:40:09.000Z", "first_observed": "2016-04-07T09:40:09Z", "last_observed": "2016-04-07T09:40:09Z", "number_observed": 1, "object_refs": [ "url--57062af9-7cb0-49e6-a122-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062af9-7cb0-49e6-a122-bac702de0b81", "value": "https://www.virustotal.com/file/4f0b010d23285957e065264f5396b17b2b382f8f16a2946a5dd003ef897d7c69/analysis/1459541072/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afa-f0ec-423b-9451-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:10.000Z", "modified": "2016-04-07T09:40:10.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 432d6910a334f2dd4a17dcd5a513c374", "pattern": "[file:hashes.SHA256 = '9fcfa3e3d306645b5e947ef149d35f2d3a7354d9b2e605f8c73cfacdc947bb8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afa-cf58-4214-a453-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:10.000Z", "modified": "2016-04-07T09:40:10.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 432d6910a334f2dd4a17dcd5a513c374", "pattern": "[file:hashes.SHA1 = '4d6bb87b34ba27a14fc258c3265ded96392d2a05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062afa-e814-44df-923f-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:10.000Z", "modified": "2016-04-07T09:40:10.000Z", "first_observed": "2016-04-07T09:40:10Z", "last_observed": "2016-04-07T09:40:10Z", "number_observed": 1, "object_refs": [ "url--57062afa-e814-44df-923f-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062afa-e814-44df-923f-bac702de0b81", "value": "https://www.virustotal.com/file/9fcfa3e3d306645b5e947ef149d35f2d3a7354d9b2e605f8c73cfacdc947bb8e/analysis/1459541070/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afb-5648-4a67-8042-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:11.000Z", "modified": "2016-04-07T09:40:11.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 3d846a285f70cc881fb59500a259bd17", "pattern": "[file:hashes.SHA256 = '2e3e547e006d0a8adc0e90f3b867ddec92b0d0f734bc119001a36e3dee017442']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afb-1cf0-4c9c-9f8d-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:11.000Z", "modified": "2016-04-07T09:40:11.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 3d846a285f70cc881fb59500a259bd17", "pattern": "[file:hashes.SHA1 = 'ec52052b4dc8c37708f9cd277a1efaaabc4fe522']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062afb-52c8-48dc-b5f2-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:11.000Z", "modified": "2016-04-07T09:40:11.000Z", "first_observed": "2016-04-07T09:40:11Z", "last_observed": "2016-04-07T09:40:11Z", "number_observed": 1, "object_refs": [ "url--57062afb-52c8-48dc-b5f2-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062afb-52c8-48dc-b5f2-bac702de0b81", "value": "https://www.virustotal.com/file/2e3e547e006d0a8adc0e90f3b867ddec92b0d0f734bc119001a36e3dee017442/analysis/1459541069/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afc-fe8c-4292-acfd-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:12.000Z", "modified": "2016-04-07T09:40:12.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 2edaf9b9dc0918dadc8ddfcedf49ca0f", "pattern": "[file:hashes.SHA256 = '2f5ce71023dbf767ccfd8b19bd387156222c4f07ba3351cd147f2af182f00db4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afc-14f0-4c63-aa6d-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:12.000Z", "modified": "2016-04-07T09:40:12.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 2edaf9b9dc0918dadc8ddfcedf49ca0f", "pattern": "[file:hashes.SHA1 = '35a17e1dc9330558b0a221df6f119c5f57c93863']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062afc-2918-4628-b85e-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:12.000Z", "modified": "2016-04-07T09:40:12.000Z", "first_observed": "2016-04-07T09:40:12Z", "last_observed": "2016-04-07T09:40:12Z", "number_observed": 1, "object_refs": [ "url--57062afc-2918-4628-b85e-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062afc-2918-4628-b85e-bac702de0b81", "value": "https://www.virustotal.com/file/2f5ce71023dbf767ccfd8b19bd387156222c4f07ba3351cd147f2af182f00db4/analysis/1459541068/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afc-d254-4caa-a381-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:12.000Z", "modified": "2016-04-07T09:40:12.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 150171ee9bdace16028db879dc312a38", "pattern": "[file:hashes.SHA256 = '13624dae2cbf6b4faab81d47147a71d989a749cab7fcbc1941d481f7251ec71e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afd-3e98-4249-a03f-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:13.000Z", "modified": "2016-04-07T09:40:13.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 150171ee9bdace16028db879dc312a38", "pattern": "[file:hashes.SHA1 = '13108aed56f8ca540c926a06bdb3f9dbbae9f6e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062afd-31f4-40a9-bf9c-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:13.000Z", "modified": "2016-04-07T09:40:13.000Z", "first_observed": "2016-04-07T09:40:13Z", "last_observed": "2016-04-07T09:40:13Z", "number_observed": 1, "object_refs": [ "url--57062afd-31f4-40a9-bf9c-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062afd-31f4-40a9-bf9c-bac702de0b81", "value": "https://www.virustotal.com/file/13624dae2cbf6b4faab81d47147a71d989a749cab7fcbc1941d481f7251ec71e/analysis/1459541068/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afd-7814-4d5e-9caa-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:13.000Z", "modified": "2016-04-07T09:40:13.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 0be58a6dedbff9a2d08861acddd9ecf8", "pattern": "[file:hashes.SHA256 = '9f8300c6cb3ff906241a4262765413900bbc4ebfe692de0480f228071fe9314c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afe-6784-4da9-81a5-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:14.000Z", "modified": "2016-04-07T09:40:14.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 0be58a6dedbff9a2d08861acddd9ecf8", "pattern": "[file:hashes.SHA1 = 'e9b13af1ebe4569b2448939ed71d4aff45ce1ad8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062afe-54c8-4b8a-9822-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:14.000Z", "modified": "2016-04-07T09:40:14.000Z", "first_observed": "2016-04-07T09:40:14Z", "last_observed": "2016-04-07T09:40:14Z", "number_observed": 1, "object_refs": [ "url--57062afe-54c8-4b8a-9822-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062afe-54c8-4b8a-9822-bac702de0b81", "value": "https://www.virustotal.com/file/9f8300c6cb3ff906241a4262765413900bbc4ebfe692de0480f228071fe9314c/analysis/1459541066/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062afe-9e24-409b-b0a6-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:14.000Z", "modified": "2016-04-07T09:40:14.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 05a9fe032c557852df14be9c24e145bb", "pattern": "[file:hashes.SHA256 = '4d019fac5eb9ba211baa6239e5f51ac4ab2e274d96907b40cf3a0a67fba433f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57062aff-5714-44fa-bda0-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:15.000Z", "modified": "2016-04-07T09:40:15.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 05a9fe032c557852df14be9c24e145bb", "pattern": "[file:hashes.SHA1 = '9631b1dc62cdcc2d7390eec76a9fd2f61ba7a450']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-07T09:40:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062aff-c34c-43f4-970b-bac702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:40:15.000Z", "modified": "2016-04-07T09:40:15.000Z", "first_observed": "2016-04-07T09:40:15Z", "last_observed": "2016-04-07T09:40:15Z", "number_observed": 1, "object_refs": [ "url--57062aff-c34c-43f4-970b-bac702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062aff-c34c-43f4-970b-bac702de0b81", "value": "https://www.virustotal.com/file/4d019fac5eb9ba211baa6239e5f51ac4ab2e274d96907b40cf3a0a67fba433f8/analysis/1459253130/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--57062bcc-e234-437b-afd9-3509950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:43:40.000Z", "modified": "2016-04-07T09:43:40.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Android.Lockdroid ransomware expands to Asia by targeting Japan first. The malware poses as a system update and locks the device from use." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57062be0-1ec0-4bd2-9993-350e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-07T09:44:00.000Z", "modified": "2016-04-07T09:44:00.000Z", "first_observed": "2016-04-07T09:44:00Z", "last_observed": "2016-04-07T09:44:00Z", "number_observed": 1, "object_refs": [ "url--57062be0-1ec0-4bd2-9993-350e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57062be0-1ec0-4bd2-9993-350e950d210f", "value": "http://www.symantec.com/connect/blogs/most-prevalent-android-ransomware-west-arrives-japan" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }