{ "type": "bundle", "id": "bundle--57460863-76dc-4272-8116-4ea302de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-27T08:38:38.000Z", "modified": "2016-07-27T08:38:38.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57460863-76dc-4272-8116-4ea302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-27T08:38:38.000Z", "modified": "2016-07-27T08:38:38.000Z", "name": "OSINT - CVE-2015-2545: overview of current threats", "published": "2016-07-27T08:39:06Z", "object_refs": [ "vulnerability--57460889-aeb0-4560-95a9-4f1802de0b81", "observed-data--574608d6-0abc-48d9-9b54-443502de0b81", "url--574608d6-0abc-48d9-9b54-443502de0b81", "x-misp-attribute--574608e6-2b38-4738-b31a-453902de0b81", "indicator--57460928-61e0-4a43-83f2-477202de0b81", "indicator--57460929-ad38-4a8d-9e38-45bb02de0b81", "indicator--57460929-61c0-4cb1-aa13-4f7e02de0b81", "indicator--5746092a-6dd0-420b-ba0c-4b4a02de0b81", "indicator--5746094e-8e0c-489f-93bf-4b9502de0b81", "indicator--5746094f-cd60-4203-a6b2-467e02de0b81", "indicator--57460998-5644-40f4-9db5-488702de0b81", "indicator--574609cb-b624-4311-85cb-41ba02de0b81", "indicator--57460a0b-88c8-4d09-8a10-45ca02de0b81", "indicator--57460a0b-9768-43d3-bd39-4a3f02de0b81", "indicator--57460a0b-3c7c-4504-b6a3-488e02de0b81", "indicator--57460a0c-9ee4-4b9c-a7bb-44bd02de0b81", "indicator--57460a0c-3538-46c6-903b-472e02de0b81", "indicator--57460a0d-e3d8-4ddc-b1b2-4d2a02de0b81", "indicator--57460a0d-d384-4108-99dc-43e602de0b81", "indicator--57460a0d-05f8-4769-9f57-41c302de0b81", "indicator--57460a5a-a738-4354-a28b-434902de0b81", "indicator--57460a5a-4b44-4948-842e-42bf02de0b81", "indicator--57460a5b-9358-4317-9e00-451902de0b81", "indicator--57460a5b-a94c-4b80-af51-4d2802de0b81", "indicator--57460a5b-a1d8-4c40-afe6-448902de0b81", "indicator--57460a5c-92c4-425f-8048-409402de0b81", "indicator--57460a5c-6788-4cbb-a57b-467402de0b81", "indicator--57460a5c-040c-47b0-9e8a-424702de0b81", "indicator--57460a5d-8bf8-4467-b032-4f6d02de0b81", "indicator--57460aab-7250-4e4e-a149-4f0802de0b81", "indicator--57460ac4-b81c-4962-a877-4bd702de0b81", "indicator--57460ac4-848c-4f38-a3f5-455302de0b81", "indicator--57460b11-4d68-4fb9-a1a2-4ec202de0b81", "indicator--57460b12-3aa4-4416-8b50-4fd702de0b81", "indicator--57460b12-f4c8-44b4-a0b5-459702de0b81", "indicator--57460b12-2e74-4080-ba7e-468402de0b81", "indicator--57460b33-0d18-47d6-b3c8-467102de0b81", "indicator--57460b6e-9314-47e7-8f43-4aec02de0b81", "indicator--57460b6e-04e8-435c-9c6d-4afe02de0b81", "indicator--57460b6e-ca7c-43e4-9de2-419302de0b81", "indicator--57460bb6-e4d0-4c1f-b19a-4cc902de0b81", "indicator--57460bb6-5ed8-403c-bfc3-46d502de0b81", "indicator--57460bb7-8b94-4426-a516-465102de0b81", "indicator--57460bb7-5abc-41e9-8f48-471a02de0b81", "indicator--57460bb7-5dac-4821-b3cc-4c1102de0b81", "indicator--57460bb8-da3c-4092-b589-4f6d02de0b81", "indicator--57460c01-da8c-4831-a3b7-434d02de0b81", "indicator--57460c02-a9f0-4aee-86c3-4cc502de0b81", "observed-data--57460c02-add0-4029-8b6f-412e02de0b81", "url--57460c02-add0-4029-8b6f-412e02de0b81", "indicator--57460c03-e688-4ff9-a888-452a02de0b81", "indicator--57460c03-ae98-4185-b4d4-405102de0b81", "observed-data--57460c04-44e8-43e7-b23d-45a102de0b81", "url--57460c04-44e8-43e7-b23d-45a102de0b81", "indicator--57460c04-9008-43ba-9994-483102de0b81", "indicator--57460c04-ef20-4fd9-912d-493f02de0b81", "observed-data--57460c05-7538-4d64-ae0a-42c302de0b81", "url--57460c05-7538-4d64-ae0a-42c302de0b81", "indicator--57460c05-4b18-493f-9403-471102de0b81", "indicator--57460c06-8dbc-4313-baac-492302de0b81", "observed-data--57460c06-c2e4-47eb-bdf2-4bfb02de0b81", "url--57460c06-c2e4-47eb-bdf2-4bfb02de0b81", "indicator--57460c07-d200-400e-b3af-423602de0b81", "indicator--57460c07-6844-4ad1-bba9-41ec02de0b81", "observed-data--57460c07-2530-431c-b761-4dfa02de0b81", "url--57460c07-2530-431c-b761-4dfa02de0b81", "indicator--57460c08-6cb8-4762-b60e-4f5102de0b81", "indicator--57460c08-4894-4a04-98d1-444102de0b81", "observed-data--57460c09-5318-4158-90c5-463502de0b81", "url--57460c09-5318-4158-90c5-463502de0b81", "indicator--57460c09-5ab4-4592-83ed-44b502de0b81", "indicator--57460c0a-d480-4a88-9eb0-41c802de0b81", "observed-data--57460c0a-8b3c-4f04-8981-4e9d02de0b81", "url--57460c0a-8b3c-4f04-8981-4e9d02de0b81", "indicator--57460c0a-0800-4d12-8383-401102de0b81", "indicator--57460c0b-4ab8-4de1-8259-487702de0b81", "observed-data--57460c0b-8fe4-4a00-9aef-47cb02de0b81", "url--57460c0b-8fe4-4a00-9aef-47cb02de0b81", "indicator--57460c0c-22e4-4fd4-a42b-45e602de0b81", "indicator--57460c0c-b8c0-4913-a3fa-4d8202de0b81", "observed-data--57460c0d-7c3c-4b38-ab60-4f2402de0b81", "url--57460c0d-7c3c-4b38-ab60-4f2402de0b81", "indicator--57460c0d-9d08-4b8d-9245-49d402de0b81", "indicator--57460c0d-3bb0-42dc-994b-410302de0b81", "observed-data--57460c0e-15b8-4410-8cb7-454d02de0b81", "url--57460c0e-15b8-4410-8cb7-454d02de0b81", "indicator--57460c0e-8c28-4313-a417-4f5702de0b81", "indicator--57460c0f-6ee4-46f4-8ca7-4a6402de0b81", "observed-data--57460c0f-5548-4146-9105-42b602de0b81", "url--57460c0f-5548-4146-9105-42b602de0b81", "indicator--57460c10-81f0-4684-8c4c-49eb02de0b81", "indicator--57460c10-ad14-451b-802e-44bb02de0b81", "observed-data--57460c10-0e94-4dc4-ad53-447202de0b81", "url--57460c10-0e94-4dc4-ad53-447202de0b81", "indicator--57460c11-e8e0-4acd-a9b8-4cbe02de0b81", "indicator--57460c11-6bdc-461c-ace8-429802de0b81", "observed-data--57460c12-eba8-4360-8fda-40b702de0b81", "url--57460c12-eba8-4360-8fda-40b702de0b81", "indicator--57460c12-0c68-4d35-9524-4a8102de0b81", "indicator--57460c12-3f18-4de3-9ce6-47d002de0b81", "observed-data--57460c13-8078-42e0-bc53-4dc902de0b81", "url--57460c13-8078-42e0-bc53-4dc902de0b81", "indicator--57460c13-2428-4521-8a72-4fb802de0b81", "indicator--57460c14-88c0-4ff6-8f31-4c0002de0b81", "observed-data--57460c14-6d70-4035-aee1-4eb702de0b81", "url--57460c14-6d70-4035-aee1-4eb702de0b81", "indicator--57460c14-7924-4921-aad9-4fb902de0b81", "indicator--57460c15-0d08-4786-9fb2-403e02de0b81", "observed-data--57460c15-2d38-4aae-8764-47ce02de0b81", "url--57460c15-2d38-4aae-8764-47ce02de0b81", "indicator--57460c16-70c4-40f1-8327-4d9a02de0b81", "indicator--57460c16-d238-476d-bbf8-4f0e02de0b81", "observed-data--57460c16-ac98-4a52-bbe2-489202de0b81", "url--57460c16-ac98-4a52-bbe2-489202de0b81", "indicator--57460c17-48ac-4f94-b9ee-4aa202de0b81", "indicator--57460c17-7b8c-46e3-bbb1-44a402de0b81", "observed-data--57460c17-75fc-4e71-bdab-4b7f02de0b81", "url--57460c17-75fc-4e71-bdab-4b7f02de0b81", "indicator--57460c18-384c-4f96-ab3c-4dd102de0b81", "indicator--57460c18-6224-4072-81e8-449a02de0b81", "observed-data--57460c18-be9c-480a-9fab-477502de0b81", "url--57460c18-be9c-480a-9fab-477502de0b81", "indicator--57460c19-a3dc-4911-bf50-451e02de0b81", "indicator--57460c19-4c04-4e65-9eb8-445702de0b81", "observed-data--57460c19-456c-494a-b765-4fa102de0b81", "url--57460c19-456c-494a-b765-4fa102de0b81", "indicator--57460c1a-ad58-4ef9-bb4d-4ce002de0b81", "indicator--57460c1a-c00c-48cf-8d94-483202de0b81", "observed-data--57460c1b-cd80-4797-980c-46c902de0b81", "url--57460c1b-cd80-4797-980c-46c902de0b81", "indicator--57460c1b-0ef0-4c52-a04d-420202de0b81", "indicator--57460c1b-d1a4-49fe-960a-415b02de0b81", "observed-data--57460c1c-1fbc-4beb-b6f1-433a02de0b81", "url--57460c1c-1fbc-4beb-b6f1-433a02de0b81", "indicator--57460c1c-51d4-43cf-a490-4a5702de0b81", "indicator--57460c1c-ac6c-4ceb-bab8-4ab902de0b81", "observed-data--57460c1d-a1f0-47c5-9029-4f7502de0b81", "url--57460c1d-a1f0-47c5-9029-4f7502de0b81", "indicator--57460c1d-6c8c-4374-911c-492602de0b81", "indicator--57460c1e-23bc-4d2c-9338-4e8102de0b81", "observed-data--57460c1e-7f14-4a52-bb7d-4d0e02de0b81", "url--57460c1e-7f14-4a52-bb7d-4d0e02de0b81", "indicator--57460c1e-16fc-4357-bcfb-4d2002de0b81", "indicator--57460c1f-8cc8-4e06-afc4-423202de0b81", "observed-data--57460c1f-764c-49a1-869f-44fe02de0b81", "url--57460c1f-764c-49a1-869f-44fe02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "estimative-language:likelihood-probability=\"very-likely\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--57460889-aeb0-4560-95a9-4f1802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:18:17.000Z", "modified": "2016-05-25T20:18:17.000Z", "name": "CVE-2015-2545", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-2545" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574608d6-0abc-48d9-9b54-443502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:19:34.000Z", "modified": "2016-05-25T20:19:34.000Z", "first_observed": "2016-05-25T20:19:34Z", "last_observed": "2016-05-25T20:19:34Z", "number_observed": 1, "object_refs": [ "url--574608d6-0abc-48d9-9b54-443502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574608d6-0abc-48d9-9b54-443502de0b81", "value": "https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--574608e6-2b38-4738-b31a-453902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:19:50.000Z", "modified": "2016-05-25T20:19:50.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft\u00e2\u20ac\u2122s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.\r\n\r\nThe error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods.\r\n\r\nThe exploit was discovered in the wild in August 2015, when it was used in a targeted attack by the Platinum group, presumably against targets in India. Over the following months, there was significant growth in the number of threat actors using the vulnerability as a primary tool for initial penetration, with both the attack groups and their targets located in South-East and Central Asia and the Far East.\r\n\r\nIn this research paper, we discuss examples of attacks using the CVE-2015-2545 vulnerability undertaken by some of these groups." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460928-61e0-4a43-83f2-477202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:20:56.000Z", "modified": "2016-05-25T20:20:56.000Z", "description": "SVCMONDR attacks", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.13.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:20:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460929-ad38-4a8d-9e38-45bb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:20:57.000Z", "modified": "2016-05-25T20:20:57.000Z", "description": "SVCMONDR attacks", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.128.10.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:20:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460929-61c0-4cb1-aa13-4f7e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:20:57.000Z", "modified": "2016-05-25T20:20:57.000Z", "description": "SVCMONDR attacks", "pattern": "[domain-name:value = 'www.ocaler.mooo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:20:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5746092a-6dd0-420b-ba0c-4b4a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:20:58.000Z", "modified": "2016-05-25T20:20:58.000Z", "description": "SVCMONDR attacks", "pattern": "[domain-name:value = 'www.onmypc.serverpit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:20:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5746094e-8e0c-489f-93bf-4b9502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:21:34.000Z", "modified": "2016-05-25T20:21:34.000Z", "description": "(svcmondr.ex, Taiwan) - SVCMONDR attacks", "pattern": "[file:hashes.MD5 = '8052234dcd41a7d619acb0ec9636be0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:21:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5746094f-cd60-4203-a6b2-467e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:21:35.000Z", "modified": "2016-05-25T20:21:35.000Z", "description": "(svcmondr.ex,Thailand) - SVCMONDR attacks", "pattern": "[file:hashes.MD5 = '046b98a742cecc11fb18d9554483be2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:21:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460998-5644-40f4-9db5-488702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:22:48.000Z", "modified": "2016-05-25T20:22:48.000Z", "description": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks", "pattern": "[file:hashes.MD5 = 'd0533874d7255b881187e842e747c268']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574609cb-b624-4311-85cb-41ba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:23:39.000Z", "modified": "2016-05-25T20:23:39.000Z", "description": "EPS - Taiwan - SVCMONDR attacks", "pattern": "[file:hashes.MD5 = '98c57aa9c7e3f90c4eb4afeba8128484']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:23:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0b-88c8-4d09-8a10-45ca02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:43.000Z", "modified": "2016-05-25T20:24:43.000Z", "description": "Danti", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.208.4.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0b-9768-43d3-bd39-4a3f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:43.000Z", "modified": "2016-05-25T20:24:43.000Z", "description": "Danti", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.208.4.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0b-3c7c-4504-b6a3-488e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:43.000Z", "modified": "2016-05-25T20:24:43.000Z", "description": "Danti", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.150.227.135']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0c-9ee4-4b9c-a7bb-44bd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:44.000Z", "modified": "2016-05-25T20:24:44.000Z", "description": "Danti port 443", "pattern": "[domain-name:value = 'goback.strangled.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0c-3538-46c6-903b-472e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:44.000Z", "modified": "2016-05-25T20:24:44.000Z", "description": "Danti", "pattern": "[domain-name:value = 'carwiseplot.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0d-e3d8-4ddc-b1b2-4d2a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-27T08:38:38.000Z", "modified": "2016-07-27T08:38:38.000Z", "description": "Danti", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.144.69.54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-27T08:38:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0d-d384-4108-99dc-43e602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:45.000Z", "modified": "2016-05-25T20:24:45.000Z", "description": "Danti", "pattern": "[domain-name:value = 'newsupdate.dynssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a0d-05f8-4769-9f57-41c302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:24:45.000Z", "modified": "2016-05-25T20:24:45.000Z", "description": "Danti", "pattern": "[domain-name:value = 'dnsnews.dns05.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:24:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5a-a738-4354-a28b-434902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:02.000Z", "modified": "2016-05-25T20:26:02.000Z", "description": "(dropper, from cab-archive) - Danti", "pattern": "[file:hashes.MD5 = '6bbdbf6d3b24b8bfa296b9c76b95bb2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5a-4b44-4948-842e-42bf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:02.000Z", "modified": "2016-05-25T20:26:02.000Z", "description": "(http.exe) - Danti", "pattern": "[file:hashes.MD5 = '3fbe576d33595734a92a665e72e5a04f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5b-9358-4317-9e00-451902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:03.000Z", "modified": "2016-05-25T20:26:03.000Z", "description": "(lsass.exe) - Danti", "pattern": "[file:hashes.MD5 = '8ad9cb6b948bcf7f9211887e0cf6f02a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5b-a94c-4b80-af51-4d2802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:03.000Z", "modified": "2016-05-25T20:26:03.000Z", "description": "Danti", "pattern": "[file:hashes.MD5 = '9469dd12136b6514d82c3b01d6082f59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5b-a1d8-4c40-afe6-448902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:03.000Z", "modified": "2016-05-25T20:26:03.000Z", "description": "(mshtml.dll) - Danti", "pattern": "[file:hashes.MD5 = 'be0cc8411c066eac246097045b73c282']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5c-92c4-425f-8048-409402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:04.000Z", "modified": "2016-05-25T20:26:04.000Z", "description": "Danti", "pattern": "[file:hashes.MD5 = 'bae673964e9bc2a45ebcc667895104ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5c-6788-4cbb-a57b-467402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:04.000Z", "modified": "2016-05-25T20:26:04.000Z", "description": "(update.dat) - Danti", "pattern": "[file:hashes.MD5 = 'd44e971b202d573f8c797845c90e4658']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5c-040c-47b0-9e8a-424702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:04.000Z", "modified": "2016-05-25T20:26:04.000Z", "description": "(potplayer.dll) - Danti", "pattern": "[file:hashes.MD5 = '332397ec261393aaa58522c4357c3e48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460a5d-8bf8-4467-b032-4f6d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:26:05.000Z", "modified": "2016-05-25T20:26:05.000Z", "description": "(appinfo.dat) - Danti", "pattern": "[file:hashes.MD5 = '2460871a040628c379e04f79af37060d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:26:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460aab-7250-4e4e-a149-4f0802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:27:23.000Z", "modified": "2016-05-25T20:27:23.000Z", "description": "Potplayer - Danti", "pattern": "[file:hashes.MD5 = 'f16903b2ff82689404f7d0820f461e5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:27:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460ac4-b81c-4962-a877-4bd702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:27:48.000Z", "modified": "2016-05-25T20:27:48.000Z", "description": "RarSFX - Danti", "pattern": "[file:hashes.MD5 = 'd0407e1a66ee2082a0d170814bd4ab02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:27:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460ac4-848c-4f38-a3f5-455302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:27:48.000Z", "modified": "2016-05-25T20:27:48.000Z", "description": "RarSFX - Danti", "pattern": "[file:hashes.MD5 = '4902abe46039d36b45ac8a39c745445a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:27:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b11-4d68-4fb9-a1a2-4ec202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:29:05.000Z", "modified": "2016-05-25T20:29:05.000Z", "description": "(India, from Mission list) - Danti", "pattern": "[file:hashes.MD5 = '07f4b663cc3bcb5899edba9eaf9cf4b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:29:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b12-3aa4-4416-8b50-4fd702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:29:06.000Z", "modified": "2016-05-25T20:29:06.000Z", "description": "(India, HQ List) - Danti", "pattern": "[file:hashes.MD5 = 'a90a329335fa0af64d8394b28e0f86c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b12-f4c8-44b4-a0b5-459702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:29:06.000Z", "modified": "2016-05-25T20:29:06.000Z", "description": "(India, Hotels) - Danti", "pattern": "[file:hashes.MD5 = 'b751323586c5e36d1d644ab42888a100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b12-2e74-4080-ba7e-468402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:29:06.000Z", "modified": "2016-05-25T20:29:06.000Z", "description": "(Holidays in India in 2016) - Danti", "pattern": "[file:hashes.MD5 = '8cd2eb90fabd03ac97279d398b09a5e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b33-0d18-47d6-b3c8-467102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:29:39.000Z", "modified": "2016-05-25T20:29:39.000Z", "description": "(Holidays in India in 2016) - Danti", "pattern": "[file:hashes.MD5 = 'd91f101427a39d9f40c41aa041197a9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:29:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b6e-9314-47e7-8f43-4aec02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:30:38.000Z", "modified": "2016-05-25T20:30:38.000Z", "description": "Doc web archive - (HQ List)", "pattern": "[file:hashes.MD5 = 'c591263d56b57dfadd06a68dd9657343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b6e-04e8-435c-9c6d-4afe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:30:38.000Z", "modified": "2016-05-25T20:30:38.000Z", "description": "Doc web archive - (Mission List)", "pattern": "[file:hashes.MD5 = 'aebf03ceaef042a833ee5459016f5bde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460b6e-ca7c-43e4-9de2-419302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:30:38.000Z", "modified": "2016-05-25T20:30:38.000Z", "description": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels)", "pattern": "[file:hashes.MD5 = 'fd6636af7d2358c40fe6923b23a690e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460bb6-e4d0-4c1f-b19a-4cc902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:31:50.000Z", "modified": "2016-05-25T20:31:50.000Z", "description": "(chancery@indianembassy.hu) - Danti", "pattern": "[file:hashes.MD5 = 'aae962611da956a26a76d185455f1d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460bb6-5ed8-403c-bfc3-46d502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:31:50.000Z", "modified": "2016-05-25T20:31:50.000Z", "description": "(amb.bogota@mea.gov.in) - Danti", "pattern": "[file:hashes.MD5 = '3ed40dec891fd48c7ec6fa49b1058d24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460bb7-8b94-4426-a516-465102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:31:51.000Z", "modified": "2016-05-25T20:31:51.000Z", "description": "(amb.copenhagen@mea.gov.in) - Danti", "pattern": "[file:hashes.MD5 = '1aefd1c30d1710f901c70be7f1366cae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:31:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460bb7-5abc-41e9-8f48-471a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:31:51.000Z", "modified": "2016-05-25T20:31:51.000Z", "description": "(India, dsfsi@nic.in) - Danti", "pattern": "[file:hashes.MD5 = 'f4c1e96717c82b14ca76384cb005fbe5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:31:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460bb7-5dac-4821-b3cc-4c1102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:31:51.000Z", "modified": "2016-05-25T20:31:51.000Z", "description": "(India, chumarpost@gmail.com) - Danti", "pattern": "[file:hashes.MD5 = '1ba92c6d35b7a31046e013d35fa48775']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:31:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460bb8-da3c-4092-b589-4f6d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:31:52.000Z", "modified": "2016-05-25T20:31:52.000Z", "description": "(India, Cabinet Secretary) - Danti", "pattern": "[file:hashes.MD5 = '6d55eb3ced35c7479f67167d84bf15f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:31:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c01-da8c-4831-a3b7-434d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:05.000Z", "modified": "2016-05-25T20:33:05.000Z", "description": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "pattern": "[file:hashes.SHA256 = '7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c02-a9f0-4aee-86c3-4cc502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:06.000Z", "modified": "2016-05-25T20:33:06.000Z", "description": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "pattern": "[file:hashes.SHA1 = 'd12324a522b404b7949a971fbe767ae06b03c576']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c02-add0-4029-8b6f-412e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:06.000Z", "modified": "2016-05-25T20:33:06.000Z", "first_observed": "2016-05-25T20:33:06Z", "last_observed": "2016-05-25T20:33:06Z", "number_observed": 1, "object_refs": [ "url--57460c02-add0-4029-8b6f-412e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c02-add0-4029-8b6f-412e02de0b81", "value": "https://www.virustotal.com/file/7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a/analysis/1463177598/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c03-e688-4ff9-a888-452a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:07.000Z", "modified": "2016-05-25T20:33:07.000Z", "description": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775", "pattern": "[file:hashes.SHA256 = 'e60bd3259177f787718e940c1bb2196ffd3ea0d1f722cc644c85006ddb7a28f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c03-ae98-4185-b4d4-405102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:07.000Z", "modified": "2016-05-25T20:33:07.000Z", "description": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775", "pattern": "[file:hashes.SHA1 = '8f2b1de6ef70b1ac5ffb8f3aa77af6c402cfdf56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c04-44e8-43e7-b23d-45a102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:08.000Z", "modified": "2016-05-25T20:33:08.000Z", "first_observed": "2016-05-25T20:33:08Z", "last_observed": "2016-05-25T20:33:08Z", "number_observed": 1, "object_refs": [ "url--57460c04-44e8-43e7-b23d-45a102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c04-44e8-43e7-b23d-45a102de0b81", "value": "https://www.virustotal.com/file/e60bd3259177f787718e940c1bb2196ffd3ea0d1f722cc644c85006ddb7a28f3/analysis/1456743780/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c04-9008-43ba-9994-483102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:08.000Z", "modified": "2016-05-25T20:33:08.000Z", "description": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "pattern": "[file:hashes.SHA256 = '5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c04-ef20-4fd9-912d-493f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:08.000Z", "modified": "2016-05-25T20:33:08.000Z", "description": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "pattern": "[file:hashes.SHA1 = 'c4830ed7558cff7abebc15e13fb0a9ad8d1edb71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c05-7538-4d64-ae0a-42c302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:09.000Z", "modified": "2016-05-25T20:33:09.000Z", "first_observed": "2016-05-25T20:33:09Z", "last_observed": "2016-05-25T20:33:09Z", "number_observed": 1, "object_refs": [ "url--57460c05-7538-4d64-ae0a-42c302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c05-7538-4d64-ae0a-42c302de0b81", "value": "https://www.virustotal.com/file/5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b/analysis/1462540391/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c05-4b18-493f-9403-471102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:09.000Z", "modified": "2016-05-25T20:33:09.000Z", "description": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae", "pattern": "[file:hashes.SHA256 = '1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c06-8dbc-4313-baac-492302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:10.000Z", "modified": "2016-05-25T20:33:10.000Z", "description": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae", "pattern": "[file:hashes.SHA1 = '6793228ee3b6bd1a4bc91f17460b89d12d347fc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c06-c2e4-47eb-bdf2-4bfb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:10.000Z", "modified": "2016-05-25T20:33:10.000Z", "first_observed": "2016-05-25T20:33:10Z", "last_observed": "2016-05-25T20:33:10Z", "number_observed": 1, "object_refs": [ "url--57460c06-c2e4-47eb-bdf2-4bfb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c06-c2e4-47eb-bdf2-4bfb02de0b81", "value": "https://www.virustotal.com/file/1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51/analysis/1464092908/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c07-d200-400e-b3af-423602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:11.000Z", "modified": "2016-05-25T20:33:11.000Z", "description": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24", "pattern": "[file:hashes.SHA256 = 'de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c07-6844-4ad1-bba9-41ec02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:11.000Z", "modified": "2016-05-25T20:33:11.000Z", "description": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24", "pattern": "[file:hashes.SHA1 = '0e2c603e23219598dc3432d94df6dfae147cceab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c07-2530-431c-b761-4dfa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:11.000Z", "modified": "2016-05-25T20:33:11.000Z", "first_observed": "2016-05-25T20:33:11Z", "last_observed": "2016-05-25T20:33:11Z", "number_observed": 1, "object_refs": [ "url--57460c07-2530-431c-b761-4dfa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c07-2530-431c-b761-4dfa02de0b81", "value": "https://www.virustotal.com/file/de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649/analysis/1464092543/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c08-6cb8-4762-b60e-4f5102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:12.000Z", "modified": "2016-05-25T20:33:12.000Z", "description": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44", "pattern": "[file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c08-4894-4a04-98d1-444102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:12.000Z", "modified": "2016-05-25T20:33:12.000Z", "description": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44", "pattern": "[file:hashes.SHA1 = '8bed9000c2f6347e683beadb1a5d4dedaccbd21f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c09-5318-4158-90c5-463502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:13.000Z", "modified": "2016-05-25T20:33:13.000Z", "first_observed": "2016-05-25T20:33:13Z", "last_observed": "2016-05-25T20:33:13Z", "number_observed": 1, "object_refs": [ "url--57460c09-5318-4158-90c5-463502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c09-5318-4158-90c5-463502de0b81", "value": "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1464093143/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c09-5ab4-4592-83ed-44b502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:13.000Z", "modified": "2016-05-25T20:33:13.000Z", "description": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8", "pattern": "[file:hashes.SHA256 = '6a1706e1351cf911126b0ee57a11ed01135f7d42d911b4067f61067786407e7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0a-d480-4a88-9eb0-41c802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:14.000Z", "modified": "2016-05-25T20:33:14.000Z", "description": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8", "pattern": "[file:hashes.SHA1 = '415c13cfc0344303fc484c8465f973525975a338']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c0a-8b3c-4f04-8981-4e9d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:14.000Z", "modified": "2016-05-25T20:33:14.000Z", "first_observed": "2016-05-25T20:33:14Z", "last_observed": "2016-05-25T20:33:14Z", "number_observed": 1, "object_refs": [ "url--57460c0a-8b3c-4f04-8981-4e9d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c0a-8b3c-4f04-8981-4e9d02de0b81", "value": "https://www.virustotal.com/file/6a1706e1351cf911126b0ee57a11ed01135f7d42d911b4067f61067786407e7e/analysis/1458811357/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0a-0800-4d12-8383-401102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:14.000Z", "modified": "2016-05-25T20:33:14.000Z", "description": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde", "pattern": "[file:hashes.SHA256 = '785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0b-4ab8-4de1-8259-487702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:15.000Z", "modified": "2016-05-25T20:33:15.000Z", "description": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde", "pattern": "[file:hashes.SHA1 = '31b92f816c9f3f45aeb435d47b654cd02c07a633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c0b-8fe4-4a00-9aef-47cb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:15.000Z", "modified": "2016-05-25T20:33:15.000Z", "first_observed": "2016-05-25T20:33:15Z", "last_observed": "2016-05-25T20:33:15Z", "number_observed": 1, "object_refs": [ "url--57460c0b-8fe4-4a00-9aef-47cb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c0b-8fe4-4a00-9aef-47cb02de0b81", "value": "https://www.virustotal.com/file/785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db/analysis/1464092177/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0c-22e4-4fd4-a42b-45e602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:16.000Z", "modified": "2016-05-25T20:33:16.000Z", "description": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "pattern": "[file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0c-b8c0-4913-a3fa-4d8202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:16.000Z", "modified": "2016-05-25T20:33:16.000Z", "description": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "pattern": "[file:hashes.SHA1 = '8c248daec675cb873a9ee850336e871dd4642c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c0d-7c3c-4b38-ab60-4f2402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:17.000Z", "modified": "2016-05-25T20:33:17.000Z", "first_observed": "2016-05-25T20:33:17Z", "last_observed": "2016-05-25T20:33:17Z", "number_observed": 1, "object_refs": [ "url--57460c0d-7c3c-4b38-ab60-4f2402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c0d-7c3c-4b38-ab60-4f2402de0b81", "value": "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1464091843/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0d-9d08-4b8d-9245-49d402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:17.000Z", "modified": "2016-05-25T20:33:17.000Z", "description": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c", "pattern": "[file:hashes.SHA256 = 'ba0b721350a6fcc036b0b78cc13ecb154a4f11d221c1be763ee3c559ef544028']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0d-3bb0-42dc-994b-410302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:17.000Z", "modified": "2016-05-25T20:33:17.000Z", "description": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c", "pattern": "[file:hashes.SHA1 = '9fcf5973260f0c5ca3f95570b76dbaab1a1c28d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c0e-15b8-4410-8cb7-454d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:18.000Z", "modified": "2016-05-25T20:33:18.000Z", "first_observed": "2016-05-25T20:33:18Z", "last_observed": "2016-05-25T20:33:18Z", "number_observed": 1, "object_refs": [ "url--57460c0e-15b8-4410-8cb7-454d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c0e-15b8-4410-8cb7-454d02de0b81", "value": "https://www.virustotal.com/file/ba0b721350a6fcc036b0b78cc13ecb154a4f11d221c1be763ee3c559ef544028/analysis/1460625569/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0e-8c28-4313-a417-4f5702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:18.000Z", "modified": "2016-05-25T20:33:18.000Z", "description": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9", "pattern": "[file:hashes.SHA256 = 'bfe23053efd11dbe2d577e25f5d029c0e145f0ef1c14753e03010e95c1d1d910']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c0f-6ee4-46f4-8ca7-4a6402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:19.000Z", "modified": "2016-05-25T20:33:19.000Z", "description": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9", "pattern": "[file:hashes.SHA1 = '81a82080da14b670a39d5b34728a9e79ba7ccbec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c0f-5548-4146-9105-42b602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:19.000Z", "modified": "2016-05-25T20:33:19.000Z", "first_observed": "2016-05-25T20:33:19Z", "last_observed": "2016-05-25T20:33:19Z", "number_observed": 1, "object_refs": [ "url--57460c0f-5548-4146-9105-42b602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c0f-5548-4146-9105-42b602de0b81", "value": "https://www.virustotal.com/file/bfe23053efd11dbe2d577e25f5d029c0e145f0ef1c14753e03010e95c1d1d910/analysis/1463393903/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c10-81f0-4684-8c4c-49eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:20.000Z", "modified": "2016-05-25T20:33:20.000Z", "description": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02", "pattern": "[file:hashes.SHA256 = 'b75ab0079160d388f92e641789415566e0b9e276859ebe3b9d08f074d9d2fd74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c10-ad14-451b-802e-44bb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:20.000Z", "modified": "2016-05-25T20:33:20.000Z", "description": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02", "pattern": "[file:hashes.SHA1 = 'eeccda3083a268c377f65574a8e7ac8ceffed20a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c10-0e94-4dc4-ad53-447202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:20.000Z", "modified": "2016-05-25T20:33:20.000Z", "first_observed": "2016-05-25T20:33:20Z", "last_observed": "2016-05-25T20:33:20Z", "number_observed": 1, "object_refs": [ "url--57460c10-0e94-4dc4-ad53-447202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c10-0e94-4dc4-ad53-447202de0b81", "value": "https://www.virustotal.com/file/b75ab0079160d388f92e641789415566e0b9e276859ebe3b9d08f074d9d2fd74/analysis/1459200615/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c11-e8e0-4acd-a9b8-4cbe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:21.000Z", "modified": "2016-05-25T20:33:21.000Z", "description": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d", "pattern": "[file:hashes.SHA256 = '76da9d0046fe76fc28b80c4c1062b17852264348fd873b7dd781f39491f911e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c11-6bdc-461c-ace8-429802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:21.000Z", "modified": "2016-05-25T20:33:21.000Z", "description": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d", "pattern": "[file:hashes.SHA1 = '58b6b5fd3f2bfd182622f547a93222a4afdf4e76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c12-eba8-4360-8fda-40b702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:22.000Z", "modified": "2016-05-25T20:33:22.000Z", "first_observed": "2016-05-25T20:33:22Z", "last_observed": "2016-05-25T20:33:22Z", "number_observed": 1, "object_refs": [ "url--57460c12-eba8-4360-8fda-40b702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c12-eba8-4360-8fda-40b702de0b81", "value": "https://www.virustotal.com/file/76da9d0046fe76fc28b80c4c1062b17852264348fd873b7dd781f39491f911e0/analysis/1459917767/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c12-0c68-4d35-9524-4a8102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:22.000Z", "modified": "2016-05-25T20:33:22.000Z", "description": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d", "pattern": "[file:hashes.SHA256 = '904a005e253a723263274c46236739cc907471f597e333836e153da142c62dc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c12-3f18-4de3-9ce6-47d002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:22.000Z", "modified": "2016-05-25T20:33:22.000Z", "description": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d", "pattern": "[file:hashes.SHA1 = '1cabd426bc1b1825f045c21f6face31a9512a1fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c13-8078-42e0-bc53-4dc902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:23.000Z", "modified": "2016-05-25T20:33:23.000Z", "first_observed": "2016-05-25T20:33:23Z", "last_observed": "2016-05-25T20:33:23Z", "number_observed": 1, "object_refs": [ "url--57460c13-8078-42e0-bc53-4dc902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c13-8078-42e0-bc53-4dc902de0b81", "value": "https://www.virustotal.com/file/904a005e253a723263274c46236739cc907471f597e333836e153da142c62dc1/analysis/1462190688/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c13-2428-4521-8a72-4fb802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:23.000Z", "modified": "2016-05-25T20:33:23.000Z", "description": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48", "pattern": "[file:hashes.SHA256 = '705409bc11fb45fa3c4e2fa9dd35af7d4613e52a713d9c6ea6bc4baff49aa74a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c14-88c0-4ff6-8f31-4c0002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:24.000Z", "modified": "2016-05-25T20:33:24.000Z", "description": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48", "pattern": "[file:hashes.SHA1 = '6f10644a4509d6fc8bbefee04db855b43d9f91c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c14-6d70-4035-aee1-4eb702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:24.000Z", "modified": "2016-05-25T20:33:24.000Z", "first_observed": "2016-05-25T20:33:24Z", "last_observed": "2016-05-25T20:33:24Z", "number_observed": 1, "object_refs": [ "url--57460c14-6d70-4035-aee1-4eb702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c14-6d70-4035-aee1-4eb702de0b81", "value": "https://www.virustotal.com/file/705409bc11fb45fa3c4e2fa9dd35af7d4613e52a713d9c6ea6bc4baff49aa74a/analysis/1463384101/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c14-7924-4921-aad9-4fb902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:24.000Z", "modified": "2016-05-25T20:33:24.000Z", "description": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658", "pattern": "[file:hashes.SHA256 = 'f49bbd7f0ecfa75b134e2cf0acc9931872d79072069f35a49f6de1a0a2347e2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c15-0d08-4786-9fb2-403e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:25.000Z", "modified": "2016-05-25T20:33:25.000Z", "description": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658", "pattern": "[file:hashes.SHA1 = 'af3ae8a6164e31b366ec372d699e1c89ad1b42fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c15-2d38-4aae-8764-47ce02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:25.000Z", "modified": "2016-05-25T20:33:25.000Z", "first_observed": "2016-05-25T20:33:25Z", "last_observed": "2016-05-25T20:33:25Z", "number_observed": 1, "object_refs": [ "url--57460c15-2d38-4aae-8764-47ce02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c15-2d38-4aae-8764-47ce02de0b81", "value": "https://www.virustotal.com/file/f49bbd7f0ecfa75b134e2cf0acc9931872d79072069f35a49f6de1a0a2347e2a/analysis/1459239370/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c16-70c4-40f1-8327-4d9a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:26.000Z", "modified": "2016-05-25T20:33:26.000Z", "description": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef", "pattern": "[file:hashes.SHA256 = '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c16-d238-476d-bbf8-4f0e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:26.000Z", "modified": "2016-05-25T20:33:26.000Z", "description": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef", "pattern": "[file:hashes.SHA1 = 'f1f895aa6bdb7369525abfb86b4475241e9dbfbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c16-ac98-4a52-bbe2-489202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:26.000Z", "modified": "2016-05-25T20:33:26.000Z", "first_observed": "2016-05-25T20:33:26Z", "last_observed": "2016-05-25T20:33:26Z", "number_observed": 1, "object_refs": [ "url--57460c16-ac98-4a52-bbe2-489202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c16-ac98-4a52-bbe2-489202de0b81", "value": "https://www.virustotal.com/file/67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed/analysis/1464058721/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c17-48ac-4f94-b9ee-4aa202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:27.000Z", "modified": "2016-05-25T20:33:27.000Z", "description": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282", "pattern": "[file:hashes.SHA256 = '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c17-7b8c-46e3-bbb1-44a402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:27.000Z", "modified": "2016-05-25T20:33:27.000Z", "description": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282", "pattern": "[file:hashes.SHA1 = '1a14cfdf652bcd1df572e47ed261abe453a41399']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c17-75fc-4e71-bdab-4b7f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:27.000Z", "modified": "2016-05-25T20:33:27.000Z", "first_observed": "2016-05-25T20:33:27Z", "last_observed": "2016-05-25T20:33:27Z", "number_observed": 1, "object_refs": [ "url--57460c17-75fc-4e71-bdab-4b7f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c17-75fc-4e71-bdab-4b7f02de0b81", "value": "https://www.virustotal.com/file/9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba/analysis/1464058857/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c18-384c-4f96-ab3c-4dd102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:28.000Z", "modified": "2016-05-25T20:33:28.000Z", "description": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59", "pattern": "[file:hashes.SHA256 = '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c18-6224-4072-81e8-449a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:28.000Z", "modified": "2016-05-25T20:33:28.000Z", "description": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59", "pattern": "[file:hashes.SHA1 = '47a963e7588e9af060dfac62b94076f270d4008e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c18-be9c-480a-9fab-477502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:28.000Z", "modified": "2016-05-25T20:33:28.000Z", "first_observed": "2016-05-25T20:33:28Z", "last_observed": "2016-05-25T20:33:28Z", "number_observed": 1, "object_refs": [ "url--57460c18-be9c-480a-9fab-477502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c18-be9c-480a-9fab-477502de0b81", "value": "https://www.virustotal.com/file/2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18/analysis/1464079999/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c19-a3dc-4911-bf50-451e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:29.000Z", "modified": "2016-05-25T20:33:29.000Z", "description": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a", "pattern": "[file:hashes.SHA256 = '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c19-4c04-4e65-9eb8-445702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:29.000Z", "modified": "2016-05-25T20:33:29.000Z", "description": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a", "pattern": "[file:hashes.SHA1 = '0246a237b281162059b84f1bc013d90bbb4104f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c19-456c-494a-b765-4fa102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:29.000Z", "modified": "2016-05-25T20:33:29.000Z", "first_observed": "2016-05-25T20:33:29Z", "last_observed": "2016-05-25T20:33:29Z", "number_observed": 1, "object_refs": [ "url--57460c19-456c-494a-b765-4fa102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c19-456c-494a-b765-4fa102de0b81", "value": "https://www.virustotal.com/file/38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f/analysis/1464170885/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1a-ad58-4ef9-bb4d-4ce002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:30.000Z", "modified": "2016-05-25T20:33:30.000Z", "description": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f", "pattern": "[file:hashes.SHA256 = 'ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1a-c00c-48cf-8d94-483202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:30.000Z", "modified": "2016-05-25T20:33:30.000Z", "description": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f", "pattern": "[file:hashes.SHA1 = 'fe48b93058cf7e0ff9c27ec9322015d230545646']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c1b-cd80-4797-980c-46c902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:31.000Z", "modified": "2016-05-25T20:33:31.000Z", "first_observed": "2016-05-25T20:33:31Z", "last_observed": "2016-05-25T20:33:31Z", "number_observed": 1, "object_refs": [ "url--57460c1b-cd80-4797-980c-46c902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c1b-cd80-4797-980c-46c902de0b81", "value": "https://www.virustotal.com/file/ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666/analysis/1463728182/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1b-0ef0-4c52-a04d-420202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:31.000Z", "modified": "2016-05-25T20:33:31.000Z", "description": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f", "pattern": "[file:hashes.SHA256 = '9e7e5f70c4b32a4d5e8c798c26671843e76bb4bd5967056a822e982ed36e047b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1b-d1a4-49fe-960a-415b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:31.000Z", "modified": "2016-05-25T20:33:31.000Z", "description": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f", "pattern": "[file:hashes.SHA1 = '469abc3cf1e3b871566cf404c1e382a5b7a20212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c1c-1fbc-4beb-b6f1-433a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:32.000Z", "modified": "2016-05-25T20:33:32.000Z", "first_observed": "2016-05-25T20:33:32Z", "last_observed": "2016-05-25T20:33:32Z", "number_observed": 1, "object_refs": [ "url--57460c1c-1fbc-4beb-b6f1-433a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c1c-1fbc-4beb-b6f1-433a02de0b81", "value": "https://www.virustotal.com/file/9e7e5f70c4b32a4d5e8c798c26671843e76bb4bd5967056a822e982ed36e047b/analysis/1459335213/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1c-51d4-43cf-a490-4a5702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:32.000Z", "modified": "2016-05-25T20:33:32.000Z", "description": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268", "pattern": "[file:hashes.SHA256 = 'd903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1c-ac6c-4ceb-bab8-4ab902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:32.000Z", "modified": "2016-05-25T20:33:32.000Z", "description": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268", "pattern": "[file:hashes.SHA1 = '8cca13ea2381b50be9880047d504d9bc423c1102']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c1d-a1f0-47c5-9029-4f7502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:33.000Z", "modified": "2016-05-25T20:33:33.000Z", "first_observed": "2016-05-25T20:33:33Z", "last_observed": "2016-05-25T20:33:33Z", "number_observed": 1, "object_refs": [ "url--57460c1d-a1f0-47c5-9029-4f7502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c1d-a1f0-47c5-9029-4f7502de0b81", "value": "https://www.virustotal.com/file/d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2/analysis/1456452590/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1d-6c8c-4374-911c-492602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:33.000Z", "modified": "2016-05-25T20:33:33.000Z", "description": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d", "pattern": "[file:hashes.SHA256 = 'ee6cfaa117cce98abe49ae0c3c848bc5669dca53e8219ee6a338491393799118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1e-23bc-4d2c-9338-4e8102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:34.000Z", "modified": "2016-05-25T20:33:34.000Z", "description": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d", "pattern": "[file:hashes.SHA1 = 'fe54fd458dcef3f120c71c7818ddd5a6d6731c29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c1e-7f14-4a52-bb7d-4d0e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:34.000Z", "modified": "2016-05-25T20:33:34.000Z", "first_observed": "2016-05-25T20:33:34Z", "last_observed": "2016-05-25T20:33:34Z", "number_observed": 1, "object_refs": [ "url--57460c1e-7f14-4a52-bb7d-4d0e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c1e-7f14-4a52-bb7d-4d0e02de0b81", "value": "https://www.virustotal.com/file/ee6cfaa117cce98abe49ae0c3c848bc5669dca53e8219ee6a338491393799118/analysis/1462817646/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1e-16fc-4357-bcfb-4d2002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:34.000Z", "modified": "2016-05-25T20:33:34.000Z", "description": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b", "pattern": "[file:hashes.SHA256 = '12ca6760857d1bb0751c3e108d4175ebcbc9688cfecad0db189efc56b0ff9768']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57460c1f-8cc8-4e06-afc4-423202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:35.000Z", "modified": "2016-05-25T20:33:35.000Z", "description": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b", "pattern": "[file:hashes.SHA1 = 'a512228f9499a96d7cbf027854a04032d742fd6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-25T20:33:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57460c1f-764c-49a1-869f-44fe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-25T20:33:35.000Z", "modified": "2016-05-25T20:33:35.000Z", "first_observed": "2016-05-25T20:33:35Z", "last_observed": "2016-05-25T20:33:35Z", "number_observed": 1, "object_refs": [ "url--57460c1f-764c-49a1-869f-44fe02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57460c1f-764c-49a1-869f-44fe02de0b81", "value": "https://www.virustotal.com/file/12ca6760857d1bb0751c3e108d4175ebcbc9688cfecad0db189efc56b0ff9768/analysis/1464134416/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }