{ "type": "bundle", "id": "bundle--57504442-9454-4159-a7e9-4ad8950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:32.000Z", "modified": "2016-06-02T14:49:32.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57504442-9454-4159-a7e9-4ad8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:32.000Z", "modified": "2016-06-02T14:49:32.000Z", "name": "OSINT - IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems", "published": "2016-06-02T14:57:13Z", "object_refs": [ "observed-data--57504478-e3f8-49d3-a594-41f4950d210f", "url--57504478-e3f8-49d3-a594-41f4950d210f", "x-misp-attribute--57504487-2318-431d-a74a-44ca950d210f", "x-misp-attribute--575044c0-ed64-4bdb-896e-48e8950d210f", "x-misp-attribute--575044c0-00ec-4eeb-847a-4d29950d210f", "x-misp-attribute--575044c0-0ab0-4bbc-9f4e-4c71950d210f", "observed-data--575044c0-2cac-42b2-8b05-48e4950d210f", "file--575044c0-2cac-42b2-8b05-48e4950d210f", "artifact--575044c0-2cac-42b2-8b05-48e4950d210f", "indicator--575046d2-9500-493e-b3e8-45e4950d210f", "indicator--575046d2-e6a0-4bbe-b726-462f950d210f", "indicator--575046d3-1964-41ad-a7c9-448d950d210f", "indicator--575046d3-1a14-438d-8dae-491c950d210f", "indicator--575046d3-3c0c-4082-952c-47c0950d210f", "indicator--5750473b-ebbc-44cc-b36c-448b950d210f", "indicator--5750473c-b534-4744-aeb2-4b9a950d210f", "indicator--5750473c-2580-4edd-9754-4aa3950d210f", "indicator--5750473c-4fe0-458b-ad9c-4609950d210f", "indicator--5750473d-1820-407b-bf40-4bc1950d210f", "indicator--5750473d-d9d4-4360-a946-432e950d210f", "indicator--5750473d-9d4c-4a1e-a22f-400d950d210f", "indicator--5750473e-7ad8-4668-a8bb-47ec950d210f", "indicator--5750473e-84e8-4e45-bacc-47e3950d210f", "indicator--5750473f-5370-4378-8c25-4aee950d210f", "indicator--5750477c-f99c-4bec-b2db-4a4602de0b81", "indicator--5750477c-d628-4005-98d4-44bd02de0b81", "observed-data--5750477d-4560-4f9c-9ec9-4eb002de0b81", "url--5750477d-4560-4f9c-9ec9-4eb002de0b81", "indicator--5750477d-3a90-4eaa-8115-4aa302de0b81", "indicator--5750477d-6c3c-4f7c-bb1e-404b02de0b81", "observed-data--5750477e-9020-4f82-b088-416e02de0b81", "url--5750477e-9020-4f82-b088-416e02de0b81", "indicator--5750477e-57f8-49ad-9f54-4f0a02de0b81", "indicator--5750477f-bde8-4e9d-8a6c-4c7f02de0b81", "observed-data--5750477f-e40c-402c-acba-429102de0b81", "url--5750477f-e40c-402c-acba-429102de0b81", "indicator--57504780-bfac-40e7-965a-487702de0b81", "indicator--57504780-80c8-4d82-9fcf-41cf02de0b81", "observed-data--57504780-64a0-4a17-b875-4f2902de0b81", "url--57504780-64a0-4a17-b875-4f2902de0b81", "indicator--57504781-1110-4799-a73a-47e402de0b81", "indicator--57504781-ea48-4f48-9ff7-46dc02de0b81", "observed-data--57504781-b830-4094-81bd-48cb02de0b81", "url--57504781-b830-4094-81bd-48cb02de0b81", "indicator--57504782-6e6c-4ec3-a8f4-416f02de0b81", "indicator--57504782-5010-457e-9198-46e202de0b81", "observed-data--57504782-f5e0-4152-a3c7-4d0a02de0b81", "url--57504782-f5e0-4152-a3c7-4d0a02de0b81", "indicator--57504783-f900-4e95-bdce-41b902de0b81", "indicator--57504783-dad0-4fb6-a60d-4aef02de0b81", "observed-data--57504783-1260-4771-aec3-4b3402de0b81", "url--57504783-1260-4771-aec3-4b3402de0b81", "indicator--57504784-1cfc-48d5-8fe8-464a02de0b81", "indicator--57504784-5e84-4419-9644-484002de0b81", "observed-data--57504784-4cd4-4679-9f3c-4c8302de0b81", "url--57504784-4cd4-4679-9f3c-4c8302de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57504478-e3f8-49d3-a594-41f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:36:40.000Z", "modified": "2016-06-02T14:36:40.000Z", "first_observed": "2016-06-02T14:36:40Z", "last_observed": "2016-06-02T14:36:40Z", "number_observed": 1, "object_refs": [ "url--57504478-e3f8-49d3-a594-41f4950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57504478-e3f8-49d3-a594-41f4950d210f", "value": "https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--57504487-2318-431d-a74a-44ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:36:55.000Z", "modified": "2016-06-02T14:36:55.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE.\r\n\r\nFLARE found the samples on VirusTotal while researching droppers compiled with PyInstaller \u00e2\u20ac\u201d an approach used by numerous malicious actors. The IRONGATE samples stood out based on their references to SCADA and associated functionality. Two samples of the malware payload were uploaded by different sources in 2014, but none of the antivirus vendors featured on VirusTotal flagged them as malicious.\r\n\r\nSiemens Product Computer Emergency Readiness Team (ProductCERT) confirmed that IRONGATE is not viable against operational Siemens control systems and determined that IRONGATE does not exploit any vulnerabilities in Siemens products. We are unable to associate IRONGATE with any campaigns or threat actors. We acknowledge that IRONGATE could be a test case, proof of concept, or research activity for ICS attack techniques.\r\n\r\nOur analysis finds that IRONGATE invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community." }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--575044c0-ed64-4bdb-896e-48e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:37:52.000Z", "modified": "2016-06-02T14:37:52.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_comment": "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc", "x_misp_type": "comment", "x_misp_value": "info: IRONGATE (FAMILY)\nby FireEye" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--575044c0-00ec-4eeb-847a-4d29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:37:52.000Z", "modified": "2016-06-02T14:37:52.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_comment": "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc", "x_misp_type": "comment", "x_misp_value": "uuid: 9cee306d-5441-4cd3-932d-f3119752634c" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--575044c0-0ab0-4bbc-9f4e-4c71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:37:52.000Z", "modified": "2016-06-02T14:37:52.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_comment": "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc", "x_misp_type": "comment", "x_misp_value": "date: 2015-08-21T16:39:02Z" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--575044c0-2cac-42b2-8b05-48e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:37:52.000Z", "modified": "2016-06-02T14:37:52.000Z", "first_observed": "2016-06-02T14:37:52Z", "last_observed": "2016-06-02T14:37:52Z", "number_observed": 1, "object_refs": [ "file--575044c0-2cac-42b2-8b05-48e4950d210f", "artifact--575044c0-2cac-42b2-8b05-48e4950d210f" ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"External analysis\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--575044c0-2cac-42b2-8b05-48e4950d210f", "name": "9cee306d-5441-4cd3-932d-f3119752634c.ioc", "content_ref": "artifact--575044c0-2cac-42b2-8b05-48e4950d210f" }, { "type": "artifact", "spec_version": "2.1", "id": "artifact--575044c0-2cac-42b2-8b05-48e4950d210f", "payload_bin": "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPCEtLQogICAgVElUTEU6ICAgICAgICAgIDljZWUzMDZkLTU0NDEtNGNkMy05MzJkLWYzMTE5NzUyNjM0Yy5pb2MKICAgIFZFUlNJT046ICAgICAgICAxLjAKICAgIERFU0NSSVBUSU9OOiAgICBPcGVuSU9DIGZpbGUKICAgIExJQ0VOU0U6ICAgICAgICBDb3B5cmlnaHQgMjAxNiBGaXJlRXllIENvcnBvcmF0aW9uLiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSAyLjAgbGljZW5zZS4KCiAgICBGaXJlRXllIGxpY2Vuc2VzIHRoaXMgZmlsZSB0byB5b3UgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uCiAgICAyLjAgKHRoZSAiTGljZW5zZSIpOyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlCiAgICBMaWNlbnNlLiAgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0OgoKICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCgogICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvcgogICAgaW1wbGllZC4gIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZwogICAgcGVybWlzc2lvbnMgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLgotLT4KPGlvYyB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWFuZGlhbnQuY29tLzIwMTAvaW9jIiBpZD0iOWNlZTMwNmQtNTQ0MS00Y2QzLTkzMmQtZjMxMTk3NTI2MzRjIiBsYXN0LW1vZGlmaWVkPSIyMDE2LTA1LTE4VDE0OjExOjA1WiI+CiAgPHNob3J0X2Rlc2NyaXB0aW9uPklST05HQVRFIChGQU1JTFkpPC9zaG9ydF9kZXNjcmlwdGlvbj4KICA8ZGVzY3JpcHRpb24+SVJPTkdBVEUgaXMgYSB0b29sIHRoYXQgdGFyZ2V0cyBiaW9nYXMuZXhlIHByb2dyYW1zIGJ5IHJlcGxhY2luZyB0aGUgU3RlcDdDb25NZ3IuZGxsIGxpYnJhcnkgd2l0aCBhIG1hbGljaW91cyBvbmUuIFRoZSBtYWxpY2lvdXMgU3RlcDdDb25NZ3IuZGxsIGxpYnJhcnkgcGVyZm9ybXMgRExMIGhpamFja2luZyB3aGVyZSBpdCByZWNvcmRzIGRhdGEgYW5kIHJlcGxheXMgaXQgYmFjayB0byB0aGUgcGFyZW50IHByb2dyYW0uIFRoZSBtYWxpY2lvdXMgU3RlcDdDb25NZ3IuZGxsIGxpYnJhcnkgYWxzbyBzZW5kcyBkYXRhIHRvIHdoYXQgaXMgc3VzcGVjdGVkIHRvIGJlIHRoZSBzaW11bGF0ZWQgb3IgY29udHJvbGxlZCBkZXZpY2UuIFRoaXMgSU9DIGNvbnRhaW5zIGluZGljYXRvcnMgZGV0YWlsZWQgaW4gdGhlIGJsb2cgcG9zdCAiSVJPTkdBVEUgSUNTIE1hbHdhcmU6IE5vdGhpbmcgdG8gU2VlIEhlcmUsIE1hc2tpbmcgTWFsaWNpb3VzIEFjdGl2aXR5IG9uIFNDQURBIFN5c3RlbXMiIHRoYXQgY2FuIGJlIHJlYWQgaGVyZTogaHR0cHM6Ly93d3cuZmlyZWV5ZS5jb20vYmxvZy90aHJlYXQtcmVzZWFyY2gvMjAxNi8wNi9pcm9uZ2F0ZV9pY3NfbWFsd2FyZS5odG1sPC9kZXNjcmlwdGlvbj4KICA8a2V5d29yZHMvPgogIDxhdXRob3JlZF9ieT5GaXJlRXllPC9hdXRob3JlZF9ieT4KICA8YXV0aG9yZWRfZGF0ZT4yMDE1LTA4LTIxVDE2OjM5OjAyWjwvYXV0aG9yZWRfZGF0ZT4KICA8bGlua3M+CiAgICA8bGluayByZWw9ImZhbWlseSI+SVJPTkdBVEU8L2xpbms+CiAgICA8bGluayByZWw9ImxpY2Vuc2UiPkFwYWNoZSAyLjA8L2xpbms+CiAgPC9saW5rcz4KICA8ZGVmaW5pdGlvbj4KICAgIDxJbmRpY2F0b3IgaWQ9IjdkODFkZWU5LTc3ZmItNDEwZS1hODIxLTVlOWQzOWJmYWJlNiIgb3BlcmF0b3I9Ik9SIj4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9ImIzNmY1MWQzLTJjMmEtNGZmMC05ZjcwLWNlYjI0ZDFjMTIwYyIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij5FREEwMjFBQ0FDQTgxQUU5OUUzOUVDQ0RBMDE2MzI5NTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iNzYxNTM3MjctNmNiMi00MTlhLWIyOWYtMTI4MGYwODhhZWZkIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjlCNTg4QURCMUQwQUU3MkNFQjQwNTEwMzFGRDFGMUYzPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJiNGU2NDc3NC03YTBmLTRlYmItOGY5Mi00MDI2NGJiNDg2NDUiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+RUMwN0E1RUNCMTgyOTYwNzc3MDA3QUZFMkMwNzdBMUQ8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjhkODA4ZDgwLTlhODYtNDk5Zi1hYWU3LTAwN2JlMmRmNzU5ZSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij4wMjZCQzU4MzAwREUwMjQ1NTkzN0NFRjQ2NDA1RjA2NTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iYzk1Nzc5MDYtZWIzMy00NTcxLTk0OGMtYzI3MzE2MDQ4ODVkIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPkE3OTU5NkJDQ0E1MzdGQTNGQTQ1MDM3RjQ4NTVGRDAwPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSI3MTJhNWFkZC1kNTIwLTQzNDMtOTcyYy0xODI3MDU3YzQ2MTAiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9GaWxlTmFtZSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5TdGVwN0Nvbk1nci5kbGw8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjA3YmE2NWE5LTQyYjAtNDcyNy1iNGEyLWQ0MjlmNWNkYTRjMyIgY29uZGl0aW9uPSJjb250YWlucyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IlByb2Nlc3NJdGVtIiBzZWFyY2g9IlByb2Nlc3NJdGVtL2FyZ3VtZW50cyIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5zY29tbWEgc2N4cnQyLmluaTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iYTBiOTQzYzAtNDBlYi00MzY5LTg1OTktMjFkYjBhOGY3NGU1IiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjk1NzU4MUZCMzhBNEU3NkU4NEY2MEUyQkIxOUI5NDk5PC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSIxZjI1Nzk2ZC1iYmY5LTRmYWItYWYxNS0yZWVkOTg3ZDEzMjIiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+NzVEMTE4OTk2RjUxOTBFREFGQ0ExQjE5MDRBN0VFQTg8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9ImIzNWRjYzcwLTliMmYtNDU5Yi1hODM5LWQxOGRhY2RhM2U3ZiIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij45RjM3RTFFQTA4RTZBNEFFMDNFOUZFQkE2RDFGNjI1OTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iZTkyNjc2MGMtMzU1Ny00YjAwLThlNjMtOGI3NDEwNzM3ODE4IiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjMxNTJGMjFENzAxQTIzOTdFN0IyMjcxMUI4MDE5QjgyPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJiMGU0MmVlMC0wZTQ5LTQxZjgtOGY0Ny0wMTY0YzVkMTg1MzciIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+RUYyQTk3NTEyRkRCNDVDRDI2MDg5QUQyRkY2MUYxQ0M8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9ImZlYzg2YmFhLTJmNDMtNDg2Yy05ZTllLTcyOTQ5ZGQ3YmY0OSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij40MTkwNjQwMzIwNkVBNUM3RENEQkZBRTIzMEFERDlGQTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iNWQ1MDlhMzItNjRhMS00YTJlLWI5YjAtOTU3NTAyYjdjNjI2IiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjg3NEY3QkNBQjcxRjQ3NDVFQTZDREEyRTJGQjVBNzhDPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJiY2IyMDhmMy0zODk3LTQzYTItOTMwOC04NzdhZThkOTk3MWYiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+N0M1MTQ3NEU2NTYwQzUxREZDODE1RDRBMjI3QkExQUE8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjA4OGE1OWQxLWQyNzMtNDMwNi1hZTdmLTFlNjhkY2ZmMjcwYSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJzdHJpbmciPnVwZGF0ZV9ub19waXBlLmV4ZTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iMDJmMjE3MTktMzc4OS00YzM5LThjNzktZDg2NDkyMDdiMDZiIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vUEVJbmZvL1ZlcnNpb25JbmZvTGlzdC9WZXJzaW9uSW5mb0l0ZW0vT3JpZ2luYWxGaWxlbmFtZSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5QYWNrYWdpbmdNb2R1bGUuZXhlPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJjMzA1NjI2OC00ZTYxLTRiNWUtODc2Mi1lYmZhN2IyOTAxNzkiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9GaWxlTmFtZSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5zY3hydDIuaW5pPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3IgaWQ9IjRiOGU4YzA1LWE4ZjktNGFmZi05YjdiLWJkNzMwMWUxY2ZkNyIgb3BlcmF0b3I9IkFORCI+CiAgICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjMxN2RjOWQyLWJkOTItNGZiMS04N2IxLWNiNWExNThhNDgyOCIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+MUYzMzhCREQ5MkYwODgwM0EyQUM3MDIyQTM0RDk4RkQ8L0NvbnRlbnQ+CiAgICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJlYzk2Yjg1MC0yMzhhLTRiMWEtYTQwZS03MTdiODg1MjIxOTEiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+aW5zdGFsbC5leGU8L0NvbnRlbnQ+CiAgICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8L0luZGljYXRvcj4KICAgICAgPEluZGljYXRvciBpZD0iN2ZmMzY5NTMtMzYzMi00MDUzLWFiNDgtZjliOTA1NjBmN2NlIiBvcGVyYXRvcj0iQU5EIj4KICAgICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iYzU0MjE4YzEtZmY1OS00NmY4LTlkMWQtY2M4YmU3ZTBiMmNkIiBjb25kaXRpb249ImlzIj4KICAgICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij43QTBDMTAxN0U2QjVCQjVEQzc3NkIzQjg4M0ExRDBFMDwvQ29udGVudD4KICAgICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjE5NjRlMGE2LTgwNTAtNGVkNi04ZGYyLTk4MzI1YzYyYzY4MCIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vRmlsZU5hbWUiIHR5cGU9Im1pciIvPgogICAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5hdWRpb2RnLmV4ZTwvQ29udGVudD4KICAgICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDwvSW5kaWNhdG9yPgogICAgICA8SW5kaWNhdG9yIGlkPSI4MjA4ZjgzMy0xN2Q5LTQ4NDQtOTZjZS02M2MxYzc5ZGI0YWIiIG9wZXJhdG9yPSJBTkQiPgogICAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSI3MzQwYjQ4Yy05ZTRlLTQzOTItYjMyZi0zZWZjMWU5ZmJlNTEiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+c2NhZGEuZXhlPC9Db250ZW50PgogICAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iN2UxMjUwNTEtZjBmMC00NWYwLWIxY2UtMDdiMTZiZWM5MmMyIiBjb25kaXRpb249ImlzIj4KICAgICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9QRUluZm8vSW1wb3J0ZWRNb2R1bGVzL01vZHVsZS9OYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+bXNjb3JlZS5kbGw8L0NvbnRlbnQ+CiAgICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8L0luZGljYXRvcj4KICAgIDwvSW5kaWNhdG9yPgogIDwvZGVmaW5pdGlvbj4KPC9pb2M+Cg==" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--575046d2-9500-493e-b3e8-45e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:46:42.000Z", "modified": "2016-06-02T14:46:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'eda021acaca81ae99e39eccda0163295']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:46:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--575046d2-e6a0-4bbe-b726-462f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:46:42.000Z", "modified": "2016-06-02T14:46:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '9b588adb1d0ae72ceb4051031fd1f1f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:46:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--575046d3-1964-41ad-a7c9-448d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:46:43.000Z", "modified": "2016-06-02T14:46:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'ec07a5ecb182960777007afe2c077a1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:46:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--575046d3-1a14-438d-8dae-491c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:46:43.000Z", "modified": "2016-06-02T14:46:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '026bc58300de02455937cef46405f065']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:46:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--575046d3-3c0c-4082-952c-47c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:46:43.000Z", "modified": "2016-06-02T14:46:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'a79596bcca537fa3fa45037f4855fd00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:46:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473b-ebbc-44cc-b36c-448b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:27.000Z", "modified": "2016-06-02T14:48:27.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '957581fb38a4e76e84f60e2bb19b9499']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473c-b534-4744-aeb2-4b9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:28.000Z", "modified": "2016-06-02T14:48:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '75d118996f5190edafca1b1904a7eea8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473c-2580-4edd-9754-4aa3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:28.000Z", "modified": "2016-06-02T14:48:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '9f37e1ea08e6a4ae03e9feba6d1f6259']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473c-4fe0-458b-ad9c-4609950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:28.000Z", "modified": "2016-06-02T14:48:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '3152f21d701a2397e7b22711b8019b82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473d-1820-407b-bf40-4bc1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:29.000Z", "modified": "2016-06-02T14:48:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'ef2a97512fdb45cd26089ad2ff61f1cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473d-d9d4-4360-a946-432e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:29.000Z", "modified": "2016-06-02T14:48:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '41906403206ea5c7dcdbfae230add9fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473d-9d4c-4a1e-a22f-400d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:29.000Z", "modified": "2016-06-02T14:48:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '874f7bcab71f4745ea6cda2e2fb5a78c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473e-7ad8-4668-a8bb-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:30.000Z", "modified": "2016-06-02T14:48:30.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '7c51474e6560c51dfc815d4a227ba1aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473e-84e8-4e45-bacc-47e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:30.000Z", "modified": "2016-06-02T14:48:30.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '1f338bdd92f08803a2ac7022a34d98fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750473f-5370-4378-8c25-4aee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:48:31.000Z", "modified": "2016-06-02T14:48:31.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '7a0c1017e6b5bb5dc776b3b883a1d0e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:48:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750477c-f99c-4bec-b2db-4a4602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:32.000Z", "modified": "2016-06-02T14:49:32.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0", "pattern": "[file:hashes.SHA256 = '83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750477c-d628-4005-98d4-44bd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:32.000Z", "modified": "2016-06-02T14:49:32.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0", "pattern": "[file:hashes.SHA1 = '9efe39c0a6bff5dc18d3adf3b9522b5346cdbb9b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5750477d-4560-4f9c-9ec9-4eb002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:33.000Z", "modified": "2016-06-02T14:49:33.000Z", "first_observed": "2016-06-02T14:49:33Z", "last_observed": "2016-06-02T14:49:33Z", "number_observed": 1, "object_refs": [ "url--5750477d-4560-4f9c-9ec9-4eb002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5750477d-4560-4f9c-9ec9-4eb002de0b81", "value": "https://www.virustotal.com/file/83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee/analysis/1463302803/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750477d-3a90-4eaa-8115-4aa302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:33.000Z", "modified": "2016-06-02T14:49:33.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd", "pattern": "[file:hashes.SHA256 = '750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750477d-6c3c-4f7c-bb1e-404b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:33.000Z", "modified": "2016-06-02T14:49:33.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd", "pattern": "[file:hashes.SHA1 = '38ec222e82b538c8607485d4dd191b5b4eed4fdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5750477e-9020-4f82-b088-416e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:34.000Z", "modified": "2016-06-02T14:49:34.000Z", "first_observed": "2016-06-02T14:49:34Z", "last_observed": "2016-06-02T14:49:34Z", "number_observed": 1, "object_refs": [ "url--5750477e-9020-4f82-b088-416e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5750477e-9020-4f82-b088-416e02de0b81", "value": "https://www.virustotal.com/file/750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff/analysis/1464877732/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750477e-57f8-49ad-9f54-4f0a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:34.000Z", "modified": "2016-06-02T14:49:34.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c", "pattern": "[file:hashes.SHA256 = '0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5750477f-bde8-4e9d-8a6c-4c7f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:35.000Z", "modified": "2016-06-02T14:49:35.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c", "pattern": "[file:hashes.SHA1 = '7e6cce889cda22b18defc6319d02b3b93e9e2474']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5750477f-e40c-402c-acba-429102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:35.000Z", "modified": "2016-06-02T14:49:35.000Z", "first_observed": "2016-06-02T14:49:35Z", "last_observed": "2016-06-02T14:49:35Z", "number_observed": 1, "object_refs": [ "url--5750477f-e40c-402c-acba-429102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5750477f-e40c-402c-acba-429102de0b81", "value": "https://www.virustotal.com/file/0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3/analysis/1464877708/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504780-bfac-40e7-965a-487702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:36.000Z", "modified": "2016-06-02T14:49:36.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc", "pattern": "[file:hashes.SHA256 = '386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504780-80c8-4d82-9fcf-41cf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:36.000Z", "modified": "2016-06-02T14:49:36.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc", "pattern": "[file:hashes.SHA1 = 'bcdac11106908c8c37f200c0e028b11c4a89adc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57504780-64a0-4a17-b875-4f2902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:36.000Z", "modified": "2016-06-02T14:49:36.000Z", "first_observed": "2016-06-02T14:49:36Z", "last_observed": "2016-06-02T14:49:36Z", "number_observed": 1, "object_refs": [ "url--57504780-64a0-4a17-b875-4f2902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57504780-64a0-4a17-b875-4f2902de0b81", "value": "https://www.virustotal.com/file/386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a/analysis/1464877705/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504781-1110-4799-a73a-47e402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:37.000Z", "modified": "2016-06-02T14:49:37.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82", "pattern": "[file:hashes.SHA256 = '882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504781-ea48-4f48-9ff7-46dc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:37.000Z", "modified": "2016-06-02T14:49:37.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82", "pattern": "[file:hashes.SHA1 = '97594fe0ad83ae00f3888ff4722a3e00729a2e1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57504781-b830-4094-81bd-48cb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:37.000Z", "modified": "2016-06-02T14:49:37.000Z", "first_observed": "2016-06-02T14:49:37Z", "last_observed": "2016-06-02T14:49:37Z", "number_observed": 1, "object_refs": [ "url--57504781-b830-4094-81bd-48cb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57504781-b830-4094-81bd-48cb02de0b81", "value": "https://www.virustotal.com/file/882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a/analysis/1464877712/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504782-6e6c-4ec3-a8f4-416f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:38.000Z", "modified": "2016-06-02T14:49:38.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259", "pattern": "[file:hashes.SHA256 = 'a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504782-5010-457e-9198-46e202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:38.000Z", "modified": "2016-06-02T14:49:38.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259", "pattern": "[file:hashes.SHA1 = '8f28e619ae3301869089f4cd45558f2b13444714']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57504782-f5e0-4152-a3c7-4d0a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:38.000Z", "modified": "2016-06-02T14:49:38.000Z", "first_observed": "2016-06-02T14:49:38Z", "last_observed": "2016-06-02T14:49:38Z", "number_observed": 1, "object_refs": [ "url--57504782-f5e0-4152-a3c7-4d0a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57504782-f5e0-4152-a3c7-4d0a02de0b81", "value": "https://www.virustotal.com/file/a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27/analysis/1464871938/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504783-f900-4e95-bdce-41b902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:39.000Z", "modified": "2016-06-02T14:49:39.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8", "pattern": "[file:hashes.SHA256 = '2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504783-dad0-4fb6-a60d-4aef02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:39.000Z", "modified": "2016-06-02T14:49:39.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8", "pattern": "[file:hashes.SHA1 = 'b99970e86ae3f412bda5f20a8318e70559c617f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57504783-1260-4771-aec3-4b3402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:39.000Z", "modified": "2016-06-02T14:49:39.000Z", "first_observed": "2016-06-02T14:49:39Z", "last_observed": "2016-06-02T14:49:39Z", "number_observed": 1, "object_refs": [ "url--57504783-1260-4771-aec3-4b3402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57504783-1260-4771-aec3-4b3402de0b81", "value": "https://www.virustotal.com/file/2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0/analysis/1464877725/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504784-1cfc-48d5-8fe8-464a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:40.000Z", "modified": "2016-06-02T14:49:40.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499", "pattern": "[file:hashes.SHA256 = 'ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57504784-5e84-4419-9644-484002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:40.000Z", "modified": "2016-06-02T14:49:40.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499", "pattern": "[file:hashes.SHA1 = '8fb1cafbb8ca65c1b8236a20079c40fb4ffbaa68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-02T14:49:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57504784-4cd4-4679-9f3c-4c8302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-02T14:49:40.000Z", "modified": "2016-06-02T14:49:40.000Z", "first_observed": "2016-06-02T14:49:40Z", "last_observed": "2016-06-02T14:49:40Z", "number_observed": 1, "object_refs": [ "url--57504784-4cd4-4679-9f3c-4c8302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57504784-4cd4-4679-9f3c-4c8302de0b81", "value": "https://www.virustotal.com/file/ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a/analysis/1464877728/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }