{ "type": "bundle", "id": "bundle--577e3339-2418-48f2-ade0-034eac1064c3", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:10.000Z", "modified": "2016-07-26T12:08:10.000Z", "name": "clearskysec.com", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--577e3339-2418-48f2-ade0-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:10.000Z", "modified": "2016-07-26T12:08:10.000Z", "name": "YellowAlbatross/Sphinx malware by 360-Qihoo and some OSINT", "published": "2016-07-26T12:08:31Z", "object_refs": [ "x-misp-attribute--577e68a9-f888-477e-ba15-0a24ac1064c3", "observed-data--5782579d-67a8-4cf7-bd6f-0618ac1064c3", "url--5782579d-67a8-4cf7-bd6f-0618ac1064c3", "indicator--577e6881-966c-47a1-bc72-058aac1064c3", "indicator--577e6881-9394-4f4f-b5a5-058aac1064c3", "indicator--577e6881-0714-4478-af1c-058aac1064c3", "indicator--577e6881-cf84-404b-9e7c-058aac1064c3", "indicator--577e6881-5ac0-4f77-8bcf-058aac1064c3", "indicator--577e6881-213c-4a52-ac38-058aac1064c3", "indicator--577e6881-fa14-4c47-9afe-058aac1064c3", "indicator--577e3c71-5964-4e89-9983-034eac1064c3", "indicator--577e3c71-2db0-48dc-8c5b-034eac1064c3", "indicator--577e6881-4530-4078-a679-058aac1064c3", "indicator--577e6881-24d0-47c7-8672-058aac1064c3", "indicator--577e6881-1474-4ca8-9e4a-058aac1064c3", "x-misp-attribute--577e68c3-9ae0-4044-bb67-0605ac1064c3", "indicator--577e3c71-b410-4956-8d3e-034eac1064c3", "indicator--577e6881-78f4-4b58-8f01-058aac1064c3", "indicator--577e6881-19f0-4bd4-b18f-058aac1064c3", "indicator--577e6881-2d84-46f2-8096-058aac1064c3", "indicator--577e6881-17b0-4603-a4b7-058aac1064c3", "indicator--577e6881-a6c0-4335-b448-058aac1064c3", "indicator--577e6881-f35c-4c55-8994-058aac1064c3", "indicator--577e6881-b5b0-4b86-9964-058aac1064c3", "indicator--577e6881-d844-481f-ad0b-058aac1064c3", "indicator--577e6881-bc30-49be-9a4a-058aac1064c3", "indicator--577e6881-7e20-446c-8402-058aac1064c3", "indicator--577e6881-47e0-4672-90d7-058aac1064c3", "indicator--577e6881-1010-4266-8d99-058aac1064c3", "indicator--577e6881-d3f4-41f0-b92c-058aac1064c3", "indicator--577e6881-c71c-4df0-b8f3-058aac1064c3", "indicator--577e6881-c660-439c-92d2-058aac1064c3", "indicator--577e6881-c4dc-4ea6-b8d2-058aac1064c3", "indicator--577e6881-e428-4c48-852e-058aac1064c3", "indicator--577e6881-d624-4809-9978-058aac1064c3", "indicator--577e6881-0bc8-49ab-a795-058aac1064c3", "indicator--577e6881-12dc-49a0-9299-058aac1064c3", "indicator--577e6881-1478-4fd3-9ad6-058aac1064c3", "indicator--577e6881-5d90-4a47-8f6a-058aac1064c3", "indicator--577e3c3c-6658-4920-b79a-034dac1064c3", "indicator--577e3c3c-f864-4cce-9a80-034dac1064c3", "indicator--577e3c3c-f8b0-4899-92b1-034dac1064c3", "indicator--577e3c3c-e95c-4a4c-b8fc-034dac1064c3", "indicator--577e3c3c-a164-4952-b006-034dac1064c3", "indicator--577e3c3c-95f8-4bb7-a239-034dac1064c3", "indicator--577e3c71-8d28-4bea-bce0-034eac1064c3", "indicator--577e3c71-b95c-4a32-a9d4-034eac1064c3", "indicator--577e3c71-50d4-4b31-8a1a-034eac1064c3", "indicator--577e3c71-2754-41ca-8aaf-034eac1064c3", "indicator--577e3c71-eb78-4e69-883d-034eac1064c3", "indicator--577e6881-eb4c-4831-b18f-058aac1064c3", "indicator--577e6881-0b3c-4589-b6c8-058aac1064c3", "indicator--577e6881-0e44-4227-96a3-058aac1064c3", "indicator--577e6881-096c-4d64-8221-058aac1064c3", "indicator--577e6881-df24-4a4c-9a96-058aac1064c3", "indicator--577e6881-f618-4494-a0bc-058aac1064c3", "indicator--577e6881-b974-4b71-bc63-058aac1064c3", "indicator--579752aa-f9f8-4f39-8fed-4e6602de0b81", "indicator--579752ab-0094-451f-9b6d-48cc02de0b81", "observed-data--579752ab-21c0-4976-9049-439e02de0b81", "url--579752ab-21c0-4976-9049-439e02de0b81", "indicator--579752ab-d538-46a5-a43c-461402de0b81", "indicator--579752ab-defc-421d-af2f-4b4802de0b81", "observed-data--579752ab-54ec-4182-a8d3-4aee02de0b81", "url--579752ab-54ec-4182-a8d3-4aee02de0b81", "indicator--579752ac-2da4-48b1-b55f-428f02de0b81", "indicator--579752ac-205c-4714-9189-409202de0b81", "observed-data--579752ac-4c38-446b-88c8-47f002de0b81", "url--579752ac-4c38-446b-88c8-47f002de0b81", "indicator--579752ac-5888-483e-b31e-4b3102de0b81", "indicator--579752ad-7a3c-4250-8a4a-4f0a02de0b81", "observed-data--579752ad-3d94-485f-9585-47e802de0b81", "url--579752ad-3d94-485f-9585-47e802de0b81", "indicator--579752ad-8044-4220-bd4a-4e2502de0b81", "indicator--579752ad-5310-4ed3-bf39-4eba02de0b81", "observed-data--579752ad-7140-4346-af59-4e2302de0b81", "url--579752ad-7140-4346-af59-4e2302de0b81", "indicator--579752ae-bf38-4099-be79-437802de0b81", "indicator--579752ae-4bd8-4ff0-a516-492902de0b81", "observed-data--579752ae-1ff4-4d06-81a1-406302de0b81", "url--579752ae-1ff4-4d06-81a1-406302de0b81", "indicator--579752ae-70fc-455c-9822-46bb02de0b81", "indicator--579752af-ed74-4bfd-84aa-4ab202de0b81", "observed-data--579752af-9d60-4f6c-90fa-468402de0b81", "url--579752af-9d60-4f6c-90fa-468402de0b81", "indicator--579752af-5fe0-433c-b792-451002de0b81", "indicator--579752af-0034-47ea-a355-4c8602de0b81", "observed-data--579752af-4e3c-4e5f-8082-426f02de0b81", "url--579752af-4e3c-4e5f-8082-426f02de0b81", "indicator--579752af-4f0c-4c4a-8696-494402de0b81", "indicator--579752b0-2e80-4f09-bfdb-41fb02de0b81", "observed-data--579752b0-b3dc-4068-8c97-401802de0b81", "url--579752b0-b3dc-4068-8c97-401802de0b81", "indicator--579752b0-2938-4046-ab88-493d02de0b81", "indicator--579752b0-4388-477d-b422-420b02de0b81", "observed-data--579752b0-3958-479e-8fe6-4e3602de0b81", "url--579752b0-3958-479e-8fe6-4e3602de0b81", "indicator--579752b1-cee8-47c0-92e5-499a02de0b81", "indicator--579752b1-0ef8-4556-8d0c-453b02de0b81", "observed-data--579752b1-0b48-44e0-ae1b-4c8702de0b81", "url--579752b1-0b48-44e0-ae1b-4c8702de0b81", "indicator--579752b1-8a68-4113-9945-473402de0b81", "indicator--579752b1-6ff4-4ef5-a322-4e5302de0b81", "observed-data--579752b2-8fac-4cc4-94d2-433a02de0b81", "url--579752b2-8fac-4cc4-94d2-433a02de0b81", "indicator--579752b2-1c38-40ff-bfd1-446602de0b81", "indicator--579752b2-5754-481c-a524-418202de0b81", "observed-data--579752b2-edf4-406c-8c67-42e002de0b81", "url--579752b2-edf4-406c-8c67-42e002de0b81", "indicator--579752b2-d7fc-4218-bb61-4a1502de0b81", "indicator--579752b3-9340-419a-833e-435c02de0b81", "observed-data--579752b3-3ee0-4974-afd2-464202de0b81", "url--579752b3-3ee0-4974-afd2-464202de0b81", "indicator--579752b3-69f0-4e34-81e0-495002de0b81", "indicator--579752b3-282c-469e-8226-439102de0b81", "observed-data--579752b3-3168-4da6-a5c1-4be802de0b81", "url--579752b3-3168-4da6-a5c1-4be802de0b81", "indicator--579752b4-5dd4-4f81-a556-474302de0b81", "indicator--579752b4-2ed0-4201-a1c4-455302de0b81", "observed-data--579752b4-726c-4662-9203-409a02de0b81", "url--579752b4-726c-4662-9203-409a02de0b81", "indicator--579752b4-cec8-4b03-ba79-4e7702de0b81", "indicator--579752b4-8c60-454d-86ef-4c9402de0b81", "observed-data--579752b5-4020-4f7f-8e2a-449702de0b81", "url--579752b5-4020-4f7f-8e2a-449702de0b81", "indicator--579752b5-3f84-4308-9a10-4f7602de0b81", "indicator--579752b5-8cb8-4051-849c-454902de0b81", "observed-data--579752b5-8cb8-4edc-9c06-486d02de0b81", "url--579752b5-8cb8-4edc-9c06-486d02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--577e68a9-f888-477e-ba15-0a24ac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:35:21.000Z", "modified": "2016-07-07T14:35:21.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32.YellowAlbatross" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5782579d-67a8-4cf7-bd6f-0618ac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-10T14:11:41.000Z", "modified": "2016-07-10T14:11:41.000Z", "first_observed": "2016-07-10T14:11:41Z", "last_observed": "2016-07-10T14:11:41Z", "number_observed": 1, "object_refs": [ "url--5782579d-67a8-4cf7-bd6f-0618ac1064c3" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5782579d-67a8-4cf7-bd6f-0618ac1064c3", "value": "http://www.aqniu.com/threat-alert/17332.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-966c-47a1-bc72-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'ss4m1.dnsdojo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-9394-4f4f-b5a5-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'avg99.does-it.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-0714-4478-af1c-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'adobe.sells-it.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-cf84-404b-9e7c-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'microwindows.is-by.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-5ac0-4f77-8bcf-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'wolfxx.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-213c-4a52-ac38-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'avg999.hot.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-fa14-4c47-9afe-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[domain-name:value = 'israelleaks.is-a-chef.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-5964-4e89-9983-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:36:03.000Z", "modified": "2016-07-07T14:36:03.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.205.194.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:36:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-2db0-48dc-8c5b-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:36:00.000Z", "modified": "2016-07-07T14:36:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.205.194.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:36:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-4530-4078-a679-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.168.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-24d0-47c7-8672-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.157.250.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-1474-4ca8-9e4a-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.18.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--577e68c3-9ae0-4044-bb67-0605ac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:35:47.000Z", "modified": "2016-07-07T14:35:47.000Z", "labels": [ "misp:type=\"pattern-in-traffic\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Network activity", "x_misp_type": "pattern-in-traffic", "x_misp_value": "/nouba/gadling.php" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-b410-4956-8d3e-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:36:06.000Z", "modified": "2016-07-07T14:36:06.000Z", "pattern": "[url:value = 'http://israelleaks.is-a-chef.com/leaks/isleaks.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-78f4-4b58-8f01-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[url:value = 'https://www.facebook.com/ofir.hadad.963']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-19f0-4bd4-b18f-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[url:value = 'https://www.facebook.com/rafi.partook']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-2d84-46f2-8096-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[url:value = 'https://www.facebook.com/people/\\\\%D7\\\\%90\\\\%D7\\\\%95\\\\%D7\\\\%94\\\\%D7\\\\%93-\\\\%D7\\\\%A4\\\\%D7\\\\%93\\\\%D7\\\\%']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-17b0-4603-a4b7-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[url:value = 'https://www.facebook.com/tuti.rotam.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-a6c0-4335-b448-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\zcore.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-f35c-4c55-8994-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\zcore32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-b5b0-4b86-9964-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcomm.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-d844-481f-ad0b-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcomm32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-bc30-49be-9a4a-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plginput.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-7e20-446c-8402-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plginput32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-47e0-4672-90d7-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcmd.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-1010-4266-8d99-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcmd32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-d3f4-41f0-b92c-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgurl.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-c71c-4df0-b8f3-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgurl32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-c660-439c-92d2-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgskype.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-c4dc-4ea6-b8d2-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgskype32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-e428-4c48-852e-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgavbug.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-d624-4809-9978-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgavbug32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-0bc8-49ab-a795-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgusrstl.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-12dc-49a0-9299-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgusrstl32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-1478-4fd3-9ad6-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgfsflt.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-5d90-4a47-8f6a-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:name = 'Files\\\\officeplugin\\\\plgfsflt32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c3c-6658-4920-b79a-034dac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:25:48.000Z", "modified": "2016-07-07T11:25:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'adddf1abce1f71578fa862bbdcd1478d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c3c-f864-4cce-9a80-034dac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:25:48.000Z", "modified": "2016-07-07T11:25:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '0fea31c7b54b873fcb2bd1d627262b7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c3c-f8b0-4899-92b1-034dac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:25:48.000Z", "modified": "2016-07-07T11:25:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'fb338a6f49cb5b1300c6b4b70c8bdaff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c3c-e95c-4a4c-b8fc-034dac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:25:48.000Z", "modified": "2016-07-07T11:25:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '45e850ce0f585f0a8f3725755ee22fdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c3c-a164-4952-b006-034dac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:25:48.000Z", "modified": "2016-07-07T11:25:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'ef1b4c9519216805ad7e1946d1329943']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c3c-95f8-4bb7-a239-034dac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:25:48.000Z", "modified": "2016-07-07T11:25:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '69bd530b81f0ad16998fce322cc87536']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-8d28-4bea-bce0-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:26:41.000Z", "modified": "2016-07-07T11:26:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '1e4ed1704e31917f8652aa0078a85459']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:26:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-b95c-4a32-a9d4-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:26:41.000Z", "modified": "2016-07-07T11:26:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '52f461a133e95328ccd9ba7f70e2f3e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:26:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-50d4-4b31-8a1a-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:26:41.000Z", "modified": "2016-07-07T11:26:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'c80b3fb9293a932b4e814a32e7ca76d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:26:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-2754-41ca-8aaf-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:26:41.000Z", "modified": "2016-07-07T11:26:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '1ed42d19ca305d296b2f68e1381bd27c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:26:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e3c71-eb78-4e69-883d-034eac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T11:26:41.000Z", "modified": "2016-07-07T11:26:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'c8926bbd4caa6de78e7d82da756e9aa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T11:26:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-eb4c-4831-b18f-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = 'd2aab99d804df4e47fda7a6c09322758']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-0b3c-4589-b6c8-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = 'e5923cf0ee63e0331e4cccc3f11836eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-0e44-4227-96a3-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = '831c7e0e3794724cb7bd449aa522319d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-096c-4d64-8221-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = '61d7ab10018cfe65115b30d437f02c74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-df24-4a4c-9a96-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = 'b2cd288aa9f38bf25da8a6be646e1de1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-f618-4494-a0bc-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = 'eede6f6ba9c312206c7c39b03dffaaa9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--577e6881-b974-4b71-bc63-058aac1064c3", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-07T14:34:41.000Z", "modified": "2016-07-07T14:34:41.000Z", "pattern": "[file:hashes.MD5 = 'ac20427b2d72dee63aff982b5b939694']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-07T14:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752aa-f9f8-4f39-8fed-4e6602de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:10.000Z", "modified": "2016-07-26T12:08:10.000Z", "description": "- Xchecked via VT: ac20427b2d72dee63aff982b5b939694", "pattern": "[file:hashes.SHA256 = '8ff7be63a27f879d134c76ceae57bc5aa8ff0fd5e7da86607c489ab4e9784ec7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ab-0094-451f-9b6d-48cc02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:11.000Z", "modified": "2016-07-26T12:08:11.000Z", "description": "- Xchecked via VT: ac20427b2d72dee63aff982b5b939694", "pattern": "[file:hashes.SHA1 = '1a1789b97e98eeb2a2dc6e122bff8f0d79079d27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752ab-21c0-4976-9049-439e02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:11.000Z", "modified": "2016-07-26T12:08:11.000Z", "first_observed": "2016-07-26T12:08:11Z", "last_observed": "2016-07-26T12:08:11Z", "number_observed": 1, "object_refs": [ "url--579752ab-21c0-4976-9049-439e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752ab-21c0-4976-9049-439e02de0b81", "value": "https://www.virustotal.com/file/8ff7be63a27f879d134c76ceae57bc5aa8ff0fd5e7da86607c489ab4e9784ec7/analysis/1460947214/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ab-d538-46a5-a43c-461402de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:11.000Z", "modified": "2016-07-26T12:08:11.000Z", "description": "- Xchecked via VT: eede6f6ba9c312206c7c39b03dffaaa9", "pattern": "[file:hashes.SHA256 = '6dee2de9fc9ade1d3d94a550efc421bcdd0e5c5f6d88c17302c59d764bb666bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ab-defc-421d-af2f-4b4802de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:11.000Z", "modified": "2016-07-26T12:08:11.000Z", "description": "- Xchecked via VT: eede6f6ba9c312206c7c39b03dffaaa9", "pattern": "[file:hashes.SHA1 = '5437f6a44b5ae8f8ea4f72169eba0f24a5823199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752ab-54ec-4182-a8d3-4aee02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:11.000Z", "modified": "2016-07-26T12:08:11.000Z", "first_observed": "2016-07-26T12:08:11Z", "last_observed": "2016-07-26T12:08:11Z", "number_observed": 1, "object_refs": [ "url--579752ab-54ec-4182-a8d3-4aee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752ab-54ec-4182-a8d3-4aee02de0b81", "value": "https://www.virustotal.com/file/6dee2de9fc9ade1d3d94a550efc421bcdd0e5c5f6d88c17302c59d764bb666bc/analysis/1460947226/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ac-2da4-48b1-b55f-428f02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:12.000Z", "modified": "2016-07-26T12:08:12.000Z", "description": "- Xchecked via VT: b2cd288aa9f38bf25da8a6be646e1de1", "pattern": "[file:hashes.SHA256 = '7bc6540222a6cf62e2dc0cd801130aa4f3fe355dcbe1f37e931b345eccc41474']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ac-205c-4714-9189-409202de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:12.000Z", "modified": "2016-07-26T12:08:12.000Z", "description": "- Xchecked via VT: b2cd288aa9f38bf25da8a6be646e1de1", "pattern": "[file:hashes.SHA1 = 'c87715e29f122c6e01571af94e6562475424cd4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752ac-4c38-446b-88c8-47f002de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:12.000Z", "modified": "2016-07-26T12:08:12.000Z", "first_observed": "2016-07-26T12:08:12Z", "last_observed": "2016-07-26T12:08:12Z", "number_observed": 1, "object_refs": [ "url--579752ac-4c38-446b-88c8-47f002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752ac-4c38-446b-88c8-47f002de0b81", "value": "https://www.virustotal.com/file/7bc6540222a6cf62e2dc0cd801130aa4f3fe355dcbe1f37e931b345eccc41474/analysis/1467790373/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ac-5888-483e-b31e-4b3102de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:12.000Z", "modified": "2016-07-26T12:08:12.000Z", "description": "- Xchecked via VT: 61d7ab10018cfe65115b30d437f02c74", "pattern": "[file:hashes.SHA256 = '330fc47182675cd51cb314f7b2c38e7df04209259452c11aae74a589e1571529']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ad-7a3c-4250-8a4a-4f0a02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:13.000Z", "modified": "2016-07-26T12:08:13.000Z", "description": "- Xchecked via VT: 61d7ab10018cfe65115b30d437f02c74", "pattern": "[file:hashes.SHA1 = '63f9a6593b92af2bf8a37114b11d4ff307e62e5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752ad-3d94-485f-9585-47e802de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:13.000Z", "modified": "2016-07-26T12:08:13.000Z", "first_observed": "2016-07-26T12:08:13Z", "last_observed": "2016-07-26T12:08:13Z", "number_observed": 1, "object_refs": [ "url--579752ad-3d94-485f-9585-47e802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752ad-3d94-485f-9585-47e802de0b81", "value": "https://www.virustotal.com/file/330fc47182675cd51cb314f7b2c38e7df04209259452c11aae74a589e1571529/analysis/1460947241/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ad-8044-4220-bd4a-4e2502de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:13.000Z", "modified": "2016-07-26T12:08:13.000Z", "description": "- Xchecked via VT: 831c7e0e3794724cb7bd449aa522319d", "pattern": "[file:hashes.SHA256 = 'f029c5622ec5b92a5c9612ce61cadf2ca0db6c615f6e663660e063c5e9c39d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ad-5310-4ed3-bf39-4eba02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:13.000Z", "modified": "2016-07-26T12:08:13.000Z", "description": "- Xchecked via VT: 831c7e0e3794724cb7bd449aa522319d", "pattern": "[file:hashes.SHA1 = '7cb81d661e6b8856f545583363a393e1a5f4150c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752ad-7140-4346-af59-4e2302de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:13.000Z", "modified": "2016-07-26T12:08:13.000Z", "first_observed": "2016-07-26T12:08:13Z", "last_observed": "2016-07-26T12:08:13Z", "number_observed": 1, "object_refs": [ "url--579752ad-7140-4346-af59-4e2302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752ad-7140-4346-af59-4e2302de0b81", "value": "https://www.virustotal.com/file/f029c5622ec5b92a5c9612ce61cadf2ca0db6c615f6e663660e063c5e9c39d44/analysis/1467811895/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ae-bf38-4099-be79-437802de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:14.000Z", "modified": "2016-07-26T12:08:14.000Z", "description": "- Xchecked via VT: e5923cf0ee63e0331e4cccc3f11836eb", "pattern": "[file:hashes.SHA256 = '669bda513a8767b4acc6894872f022dfb65797e38405febd52b2fdabf0d13084']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ae-4bd8-4ff0-a516-492902de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:14.000Z", "modified": "2016-07-26T12:08:14.000Z", "description": "- Xchecked via VT: e5923cf0ee63e0331e4cccc3f11836eb", "pattern": "[file:hashes.SHA1 = 'b02c084ba6ccafc9e5fa288f1bee466a2187dd65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752ae-1ff4-4d06-81a1-406302de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:14.000Z", "modified": "2016-07-26T12:08:14.000Z", "first_observed": "2016-07-26T12:08:14Z", "last_observed": "2016-07-26T12:08:14Z", "number_observed": 1, "object_refs": [ "url--579752ae-1ff4-4d06-81a1-406302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752ae-1ff4-4d06-81a1-406302de0b81", "value": "https://www.virustotal.com/file/669bda513a8767b4acc6894872f022dfb65797e38405febd52b2fdabf0d13084/analysis/1460947224/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752ae-70fc-455c-9822-46bb02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:14.000Z", "modified": "2016-07-26T12:08:14.000Z", "description": "- Xchecked via VT: d2aab99d804df4e47fda7a6c09322758", "pattern": "[file:hashes.SHA256 = '77e7c3422500d33b38ec84c9adbe655e2ecaac2eb92f8535104f186ab3515e6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752af-ed74-4bfd-84aa-4ab202de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:15.000Z", "modified": "2016-07-26T12:08:15.000Z", "description": "- Xchecked via VT: d2aab99d804df4e47fda7a6c09322758", "pattern": "[file:hashes.SHA1 = '01b509b13b36468b5341b2a62a4feae586e303df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752af-9d60-4f6c-90fa-468402de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:15.000Z", "modified": "2016-07-26T12:08:15.000Z", "first_observed": "2016-07-26T12:08:15Z", "last_observed": "2016-07-26T12:08:15Z", "number_observed": 1, "object_refs": [ "url--579752af-9d60-4f6c-90fa-468402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752af-9d60-4f6c-90fa-468402de0b81", "value": "https://www.virustotal.com/file/77e7c3422500d33b38ec84c9adbe655e2ecaac2eb92f8535104f186ab3515e6f/analysis/1460947244/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752af-5fe0-433c-b792-451002de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:15.000Z", "modified": "2016-07-26T12:08:15.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: c8926bbd4caa6de78e7d82da756e9aa1", "pattern": "[file:hashes.SHA256 = '9f705ebd29d8ba697e6c4edac0a7a4b93a2bb880b8646f74489f38672af398df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752af-0034-47ea-a355-4c8602de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:15.000Z", "modified": "2016-07-26T12:08:15.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: c8926bbd4caa6de78e7d82da756e9aa1", "pattern": "[file:hashes.SHA1 = '84ddce44de9833eaac7a0a76640c342e47a39c75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752af-4e3c-4e5f-8082-426f02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:15.000Z", "modified": "2016-07-26T12:08:15.000Z", "first_observed": "2016-07-26T12:08:15Z", "last_observed": "2016-07-26T12:08:15Z", "number_observed": 1, "object_refs": [ "url--579752af-4e3c-4e5f-8082-426f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752af-4e3c-4e5f-8082-426f02de0b81", "value": "https://www.virustotal.com/file/9f705ebd29d8ba697e6c4edac0a7a4b93a2bb880b8646f74489f38672af398df/analysis/1467811893/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752af-4f0c-4c4a-8696-494402de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:15.000Z", "modified": "2016-07-26T12:08:15.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1ed42d19ca305d296b2f68e1381bd27c", "pattern": "[file:hashes.SHA256 = '9dea52911e4b87d532b3e17ab840bb8ac16dcb7090fe7539742bdc61fe7fba25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b0-2e80-4f09-bfdb-41fb02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:16.000Z", "modified": "2016-07-26T12:08:16.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1ed42d19ca305d296b2f68e1381bd27c", "pattern": "[file:hashes.SHA1 = '600ed32e8dfe056a647e5e3ec698cbf0ac1f79b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b0-b3dc-4068-8c97-401802de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:16.000Z", "modified": "2016-07-26T12:08:16.000Z", "first_observed": "2016-07-26T12:08:16Z", "last_observed": "2016-07-26T12:08:16Z", "number_observed": 1, "object_refs": [ "url--579752b0-b3dc-4068-8c97-401802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b0-b3dc-4068-8c97-401802de0b81", "value": "https://www.virustotal.com/file/9dea52911e4b87d532b3e17ab840bb8ac16dcb7090fe7539742bdc61fe7fba25/analysis/1467811893/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b0-2938-4046-ab88-493d02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:16.000Z", "modified": "2016-07-26T12:08:16.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: c80b3fb9293a932b4e814a32e7ca76d3", "pattern": "[file:hashes.SHA256 = '9b1590d1ed271fa0148f39c120570e5af8c919f38d5eb68f08301481ce013b0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b0-4388-477d-b422-420b02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:16.000Z", "modified": "2016-07-26T12:08:16.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: c80b3fb9293a932b4e814a32e7ca76d3", "pattern": "[file:hashes.SHA1 = 'afbe30048827a90803b8e63de3e80640d2cfc06c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b0-3958-479e-8fe6-4e3602de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:16.000Z", "modified": "2016-07-26T12:08:16.000Z", "first_observed": "2016-07-26T12:08:16Z", "last_observed": "2016-07-26T12:08:16Z", "number_observed": 1, "object_refs": [ "url--579752b0-3958-479e-8fe6-4e3602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b0-3958-479e-8fe6-4e3602de0b81", "value": "https://www.virustotal.com/file/9b1590d1ed271fa0148f39c120570e5af8c919f38d5eb68f08301481ce013b0f/analysis/1468918980/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b1-cee8-47c0-92e5-499a02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:17.000Z", "modified": "2016-07-26T12:08:17.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 52f461a133e95328ccd9ba7f70e2f3e6", "pattern": "[file:hashes.SHA256 = 'e84ebe6fffe1bf61ceecc7b149dc6d386f2db7f74097cd841b92673ff59e0c96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b1-0ef8-4556-8d0c-453b02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:17.000Z", "modified": "2016-07-26T12:08:17.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 52f461a133e95328ccd9ba7f70e2f3e6", "pattern": "[file:hashes.SHA1 = '7401dcd464a490d00eb2bf1e28c26ddb345ae069']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b1-0b48-44e0-ae1b-4c8702de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:17.000Z", "modified": "2016-07-26T12:08:17.000Z", "first_observed": "2016-07-26T12:08:17Z", "last_observed": "2016-07-26T12:08:17Z", "number_observed": 1, "object_refs": [ "url--579752b1-0b48-44e0-ae1b-4c8702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b1-0b48-44e0-ae1b-4c8702de0b81", "value": "https://www.virustotal.com/file/e84ebe6fffe1bf61ceecc7b149dc6d386f2db7f74097cd841b92673ff59e0c96/analysis/1468918914/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b1-8a68-4113-9945-473402de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:17.000Z", "modified": "2016-07-26T12:08:17.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1e4ed1704e31917f8652aa0078a85459", "pattern": "[file:hashes.SHA256 = '60a63023532927deef3c08ec915146cf1e10a2c101bb6f6d05ad8d9d5dd499da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b1-6ff4-4ef5-a322-4e5302de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:17.000Z", "modified": "2016-07-26T12:08:17.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1e4ed1704e31917f8652aa0078a85459", "pattern": "[file:hashes.SHA1 = '5cb8995c41832c6cac544a300155c0ef904b2d71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b2-8fac-4cc4-94d2-433a02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:18.000Z", "modified": "2016-07-26T12:08:18.000Z", "first_observed": "2016-07-26T12:08:18Z", "last_observed": "2016-07-26T12:08:18Z", "number_observed": 1, "object_refs": [ "url--579752b2-8fac-4cc4-94d2-433a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b2-8fac-4cc4-94d2-433a02de0b81", "value": "https://www.virustotal.com/file/60a63023532927deef3c08ec915146cf1e10a2c101bb6f6d05ad8d9d5dd499da/analysis/1467811896/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b2-1c38-40ff-bfd1-446602de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:18.000Z", "modified": "2016-07-26T12:08:18.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 69bd530b81f0ad16998fce322cc87536", "pattern": "[file:hashes.SHA256 = '86d0768a6b840d3b308e25e03274c59c1e0a461d71905f2fd7e47c5d993bacba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b2-5754-481c-a524-418202de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:18.000Z", "modified": "2016-07-26T12:08:18.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 69bd530b81f0ad16998fce322cc87536", "pattern": "[file:hashes.SHA1 = '5c47a995acf382fe8a35ffeadcec404ea3f2437f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b2-edf4-406c-8c67-42e002de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:18.000Z", "modified": "2016-07-26T12:08:18.000Z", "first_observed": "2016-07-26T12:08:18Z", "last_observed": "2016-07-26T12:08:18Z", "number_observed": 1, "object_refs": [ "url--579752b2-edf4-406c-8c67-42e002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b2-edf4-406c-8c67-42e002de0b81", "value": "https://www.virustotal.com/file/86d0768a6b840d3b308e25e03274c59c1e0a461d71905f2fd7e47c5d993bacba/analysis/1467811895/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b2-d7fc-4218-bb61-4a1502de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:18.000Z", "modified": "2016-07-26T12:08:18.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: ef1b4c9519216805ad7e1946d1329943", "pattern": "[file:hashes.SHA256 = '3b95975db3726b119eb08d674dac84fdbf2e92d74ed27b20b0450e23d84f7ae7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b3-9340-419a-833e-435c02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:19.000Z", "modified": "2016-07-26T12:08:19.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: ef1b4c9519216805ad7e1946d1329943", "pattern": "[file:hashes.SHA1 = '440dd71d0ab55171ac7d190e5fa32d81940bded4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b3-3ee0-4974-afd2-464202de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:19.000Z", "modified": "2016-07-26T12:08:19.000Z", "first_observed": "2016-07-26T12:08:19Z", "last_observed": "2016-07-26T12:08:19Z", "number_observed": 1, "object_refs": [ "url--579752b3-3ee0-4974-afd2-464202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b3-3ee0-4974-afd2-464202de0b81", "value": "https://www.virustotal.com/file/3b95975db3726b119eb08d674dac84fdbf2e92d74ed27b20b0450e23d84f7ae7/analysis/1467811896/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b3-69f0-4e34-81e0-495002de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:19.000Z", "modified": "2016-07-26T12:08:19.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 45e850ce0f585f0a8f3725755ee22fdb", "pattern": "[file:hashes.SHA256 = '66d453abbbabebcb71b04d1381cafb6b1b6514d6302dbcefb2054f36efc49eeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b3-282c-469e-8226-439102de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:19.000Z", "modified": "2016-07-26T12:08:19.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 45e850ce0f585f0a8f3725755ee22fdb", "pattern": "[file:hashes.SHA1 = 'f8cd5cb6bbd13c852db5eb2c50177d8058e51f7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b3-3168-4da6-a5c1-4be802de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:19.000Z", "modified": "2016-07-26T12:08:19.000Z", "first_observed": "2016-07-26T12:08:19Z", "last_observed": "2016-07-26T12:08:19Z", "number_observed": 1, "object_refs": [ "url--579752b3-3168-4da6-a5c1-4be802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b3-3168-4da6-a5c1-4be802de0b81", "value": "https://www.virustotal.com/file/66d453abbbabebcb71b04d1381cafb6b1b6514d6302dbcefb2054f36efc49eeb/analysis/1467821117/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b4-5dd4-4f81-a556-474302de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:20.000Z", "modified": "2016-07-26T12:08:20.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: fb338a6f49cb5b1300c6b4b70c8bdaff", "pattern": "[file:hashes.SHA256 = '036addd2376acdf692a6f23f21bc9d3320a61b9b47ec0188578ba27dc72c3733']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b4-2ed0-4201-a1c4-455302de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:20.000Z", "modified": "2016-07-26T12:08:20.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: fb338a6f49cb5b1300c6b4b70c8bdaff", "pattern": "[file:hashes.SHA1 = '5084b389ae50cd76a0058061d681f6e51d591f66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b4-726c-4662-9203-409a02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:20.000Z", "modified": "2016-07-26T12:08:20.000Z", "first_observed": "2016-07-26T12:08:20Z", "last_observed": "2016-07-26T12:08:20Z", "number_observed": 1, "object_refs": [ "url--579752b4-726c-4662-9203-409a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b4-726c-4662-9203-409a02de0b81", "value": "https://www.virustotal.com/file/036addd2376acdf692a6f23f21bc9d3320a61b9b47ec0188578ba27dc72c3733/analysis/1467811893/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b4-cec8-4b03-ba79-4e7702de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:20.000Z", "modified": "2016-07-26T12:08:20.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 0fea31c7b54b873fcb2bd1d627262b7d", "pattern": "[file:hashes.SHA256 = 'f7a98a0ed6d62f9007ad3001744d3fd5eb7c1ce768f1a09f3c2c9383f45ce2ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b4-8c60-454d-86ef-4c9402de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:20.000Z", "modified": "2016-07-26T12:08:20.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 0fea31c7b54b873fcb2bd1d627262b7d", "pattern": "[file:hashes.SHA1 = '4755b4c44aa3ec2ea24b83510a96ddd065b67115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b5-4020-4f7f-8e2a-449702de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:21.000Z", "modified": "2016-07-26T12:08:21.000Z", "first_observed": "2016-07-26T12:08:21Z", "last_observed": "2016-07-26T12:08:21Z", "number_observed": 1, "object_refs": [ "url--579752b5-4020-4f7f-8e2a-449702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b5-4020-4f7f-8e2a-449702de0b81", "value": "https://www.virustotal.com/file/f7a98a0ed6d62f9007ad3001744d3fd5eb7c1ce768f1a09f3c2c9383f45ce2ec/analysis/1467811895/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b5-3f84-4308-9a10-4f7602de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:21.000Z", "modified": "2016-07-26T12:08:21.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: adddf1abce1f71578fa862bbdcd1478d", "pattern": "[file:hashes.SHA256 = 'cfd52e29044229fcbf1c3eee35601bb6df2d64943c56a24b6dd93384feaf857e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579752b5-8cb8-4051-849c-454902de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:21.000Z", "modified": "2016-07-26T12:08:21.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: adddf1abce1f71578fa862bbdcd1478d", "pattern": "[file:hashes.SHA1 = '7b4c22a8a1984041f66d060651e9557e74a0b089']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:08:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--579752b5-8cb8-4edc-9c06-486d02de0b81", "created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9", "created": "2016-07-26T12:08:21.000Z", "modified": "2016-07-26T12:08:21.000Z", "first_observed": "2016-07-26T12:08:21Z", "last_observed": "2016-07-26T12:08:21Z", "number_observed": 1, "object_refs": [ "url--579752b5-8cb8-4edc-9c06-486d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--579752b5-8cb8-4edc-9c06-486d02de0b81", "value": "https://www.virustotal.com/file/cfd52e29044229fcbf1c3eee35601bb6df2d64943c56a24b6dd93384feaf857e/analysis/1467811893/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }