{ "type": "bundle", "id": "bundle--5797537b-6d80-4d28-ab2a-4d8a950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:29:00.000Z", "modified": "2016-07-26T12:29:00.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5797537b-6d80-4d28-ab2a-4d8a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:29:00.000Z", "modified": "2016-07-26T12:29:00.000Z", "name": "OSINT - Patchwork cyberespionage group expands targets from governments to wide range of industries", "published": "2016-07-26T12:37:10Z", "object_refs": [ "x-misp-attribute--5797545e-48c4-4130-963a-452b950d210f", "observed-data--5797546b-bc80-4eb2-9610-4608950d210f", "url--5797546b-bc80-4eb2-9610-4608950d210f", "indicator--57975487-55f4-4f19-9708-4f0f950d210f", "indicator--57975488-80cc-487c-8601-4039950d210f", "indicator--57975488-1184-4a33-9efa-4217950d210f", "indicator--57975488-13dc-4105-a595-4d90950d210f", "indicator--57975488-79c8-4733-94f5-4dac950d210f", "indicator--57975489-c954-4314-aaf3-4b0a950d210f", "indicator--57975489-1298-4c90-8d6b-4d23950d210f", "indicator--57975489-b4e4-4ccb-9df7-4678950d210f", "indicator--57975489-d574-43d5-b0cc-45e0950d210f", "indicator--57975489-1b10-498f-abde-4f4f950d210f", "indicator--5797548a-e408-4c05-85cf-4ce9950d210f", "indicator--5797548a-ec98-4902-b3a3-450f950d210f", "indicator--5797548a-eb9c-47fc-9d02-4295950d210f", "indicator--5797548a-f4e0-401e-8c1c-4d27950d210f", "indicator--5797548b-90c0-4765-9180-43a4950d210f", "indicator--5797548b-2114-426f-acc5-4a35950d210f", "indicator--5797548b-49dc-4677-8f01-43d0950d210f", "indicator--5797548b-d3a8-4737-8d88-4f2f950d210f", "indicator--5797548b-5664-4229-8207-40f0950d210f", "indicator--5797548c-b6b4-49d3-9578-4ce1950d210f", "indicator--5797548c-97d8-41aa-a48d-4e3e950d210f", "indicator--579754b0-2d60-4fe7-9b65-47b7950d210f", "indicator--579754b0-bd24-485a-ac9a-4dcf950d210f", "indicator--579754b1-1404-4402-929e-406f950d210f", "indicator--579754b1-80f8-43c8-8a81-4823950d210f", "indicator--579754b1-1320-4c86-a327-4dff950d210f", "indicator--579754b1-1ad4-4ecd-b2b9-4aa0950d210f", "indicator--579754b1-cc2c-453e-b03a-42e1950d210f", "indicator--579754b2-f8ac-4e35-bfd9-44e9950d210f", "indicator--579754b2-636c-4fcb-81bc-4100950d210f", "indicator--579754b2-f9ac-4534-8463-4ce6950d210f", "indicator--579754b2-f880-4580-831f-43cd950d210f", "indicator--579754b3-9718-44dc-98c2-4abf950d210f", "indicator--579754b3-fb10-47ef-ab33-47cb950d210f", "indicator--579754b3-a724-41f5-9bf7-4503950d210f", "indicator--579754b3-54ec-4599-a1b7-4ef8950d210f", "indicator--579754b3-fd88-46cc-9d02-4d11950d210f", "indicator--579754b3-b1cc-4d29-86ad-4a44950d210f", "indicator--579754b4-5ea0-40b6-9cdc-411f950d210f", "indicator--579754b4-0858-4899-8bbe-4f5f950d210f", "indicator--579754b4-cfb8-4815-8b90-4016950d210f", "indicator--579754b4-3b54-432e-b090-459f950d210f", "indicator--579754b4-f750-4210-bc24-45c8950d210f", "indicator--579754b5-6f04-4abf-9639-473e950d210f", "indicator--579754b5-c370-47c2-b672-4d89950d210f", "indicator--579754b5-e3c4-4a8f-a7b8-46df950d210f", "indicator--579754b5-69fc-4154-897a-47a9950d210f", "indicator--579754b5-ed8c-42bd-86e8-47c5950d210f", "indicator--579754b6-5460-4ef7-a6f4-4dd5950d210f", "indicator--579754b6-0118-4d82-ba1e-49db950d210f", "indicator--579754b6-3ffc-45bd-8b8a-4344950d210f", "indicator--579754b6-797c-4fbd-91b8-4057950d210f", "indicator--579754b6-1e1c-43fa-8b42-4ca5950d210f", "indicator--579754b7-50d0-4d62-ac9c-4f14950d210f", "indicator--579754b7-c928-4998-a79e-4656950d210f", "indicator--579754b7-2f7c-467f-981d-4a13950d210f", "indicator--57975522-8fec-4fcf-b790-4706950d210f", "indicator--57975522-78e4-4b54-bec3-4e31950d210f", "indicator--57975522-7a64-4c5f-abd5-4f70950d210f", "indicator--57975523-6350-4969-b6f0-4365950d210f", "indicator--57975523-b260-4521-aacc-43cf950d210f", "indicator--57975524-c948-489f-bb6b-45e7950d210f", "indicator--5797553e-6cbc-4c5e-a603-4450950d210f", "x-misp-attribute--5797553e-1cfc-4120-9569-42a3950d210f", "indicator--5797553f-0dd4-43d4-915c-4b92950d210f", "indicator--5797553f-9bc4-4955-8bd0-4741950d210f", "indicator--5797553f-dbd4-4e64-b7d8-42b3950d210f", "indicator--5797553f-9e30-42e2-9ab6-49d5950d210f", "indicator--57975540-f9f0-4e3c-b3e5-49e5950d210f", "indicator--57975540-936c-4984-aa17-4fe2950d210f", "indicator--57975540-46b8-4c36-bd7b-44ee950d210f", "indicator--57975540-92dc-4936-95fc-4c0b950d210f", "indicator--57975540-284c-4836-9ae1-4477950d210f", "indicator--57975541-f388-482a-8f7c-4a8b950d210f", "indicator--57975541-0034-456e-a724-4682950d210f", "indicator--579755bb-6b1c-452d-a99d-46d9950d210f", "indicator--579755bb-d34c-4ea5-b16f-4054950d210f", "indicator--579755bb-ebf0-4a6b-acd2-41c2950d210f", "indicator--579755bb-b370-42d7-982c-462e950d210f", "indicator--579755bc-f610-4f11-ac9f-446d950d210f", "indicator--579755bc-19b8-46b0-acff-4853950d210f", "indicator--579755bc-a5a4-4cca-a4bc-4bcd950d210f", "indicator--579755bc-1070-44a2-a90e-4a1f950d210f", "indicator--579755bc-51dc-4d84-b24e-4cc4950d210f", "indicator--579755bd-5984-48c1-b927-4c8c950d210f", "indicator--579755bd-69b8-489b-8feb-4b2a950d210f", "indicator--579755bd-71dc-48e6-ba41-41f0950d210f", "indicator--579755bd-fec0-4c03-bb7b-4f68950d210f", "indicator--579755be-7e90-42e7-a6d5-4636950d210f", "indicator--579755be-e658-4d2a-b859-4f19950d210f", "indicator--579755be-8bd0-4350-ac3e-41d9950d210f", "indicator--57975612-65b0-4380-b001-462902de0b81", "indicator--57975612-425c-48cd-8b21-4efe02de0b81", "observed-data--57975613-f958-4d4a-ab36-46ae02de0b81", "url--57975613-f958-4d4a-ab36-46ae02de0b81", "indicator--57975613-b504-4b7d-a762-4b6102de0b81", "indicator--57975613-5a9c-42ee-9f80-4deb02de0b81", "observed-data--57975613-c2e0-43fb-b3c3-4e8602de0b81", "url--57975613-c2e0-43fb-b3c3-4e8602de0b81", "indicator--57975613-95bc-4ccc-a774-4eaa02de0b81", "indicator--57975614-81f4-4181-b51c-47fb02de0b81", "observed-data--57975614-8080-45c1-b7fe-428b02de0b81", "url--57975614-8080-45c1-b7fe-428b02de0b81", "indicator--57975614-afe4-4a8a-86b1-4c3e02de0b81", "indicator--57975614-bc0c-4000-90c0-4afa02de0b81", "observed-data--57975615-1430-4a30-8e24-4e4702de0b81", "url--57975615-1430-4a30-8e24-4e4702de0b81", "indicator--57975615-0140-4dd2-8102-421402de0b81", "indicator--57975615-d198-418b-b3bd-46ae02de0b81", "observed-data--57975615-849c-411d-8a60-4e7f02de0b81", "url--57975615-849c-411d-8a60-4e7f02de0b81", "indicator--57975615-cb30-494b-9f14-499402de0b81", "indicator--57975616-9c80-4a73-85e1-4aac02de0b81", "observed-data--57975616-61bc-4a41-89b4-405402de0b81", "url--57975616-61bc-4a41-89b4-405402de0b81", "indicator--57975616-8828-497c-a363-4cf102de0b81", "indicator--57975616-7c9c-438d-99ef-4bda02de0b81", "observed-data--57975617-11d4-4822-952a-4c8b02de0b81", "url--57975617-11d4-4822-952a-4c8b02de0b81", "indicator--57975617-c5c0-4363-af59-439f02de0b81", "indicator--57975617-4c60-4cfe-a93b-454902de0b81", "observed-data--57975617-7150-4f06-88d6-4c8402de0b81", "url--57975617-7150-4f06-88d6-4c8402de0b81", "indicator--57975617-7704-4e28-a60f-4f5802de0b81", "indicator--57975618-e68c-4d7f-9fb2-4c6e02de0b81", "observed-data--57975618-9258-47a9-a454-48a602de0b81", "url--57975618-9258-47a9-a454-48a602de0b81", "indicator--57975618-36f4-4f47-8b24-403b02de0b81", "indicator--57975618-cd48-4abe-a930-4fa702de0b81", "observed-data--57975618-e028-4a85-b372-46ff02de0b81", "url--57975618-e028-4a85-b372-46ff02de0b81", "indicator--57975619-2f38-410e-9bc8-47b502de0b81", "indicator--57975619-4d90-4f30-a0a5-41cd02de0b81", "observed-data--57975619-b630-46a2-b7d5-4eeb02de0b81", "url--57975619-b630-46a2-b7d5-4eeb02de0b81", "indicator--57975619-9734-4819-92b7-40bb02de0b81", "indicator--57975619-fee8-47c0-b4c7-444302de0b81", "observed-data--57975619-cb00-47d2-a913-474902de0b81", "url--57975619-cb00-47d2-a913-474902de0b81", "indicator--5797561a-ecb4-4e39-b4b0-497502de0b81", "indicator--5797561a-f660-4183-beaa-434a02de0b81", "observed-data--5797561a-4384-4105-9709-41d202de0b81", "url--5797561a-4384-4105-9709-41d202de0b81", "indicator--5797561a-bcd4-4f5a-9a0f-4e2e02de0b81", "indicator--5797561a-949c-47da-a5d4-45ef02de0b81", "observed-data--5797561b-bf64-435a-aa1d-44fc02de0b81", "url--5797561b-bf64-435a-aa1d-44fc02de0b81", "indicator--5797561b-df04-4922-8bf7-47db02de0b81", "indicator--5797561b-18e8-42ef-9990-4c6202de0b81", "observed-data--5797561b-fd14-472d-b2e1-4a9c02de0b81", "url--5797561b-fd14-472d-b2e1-4a9c02de0b81", "indicator--5797561b-0854-458e-a43f-429202de0b81", "indicator--5797561c-1de4-433b-b56c-4c3f02de0b81", "observed-data--5797561c-4704-4043-80bd-47d602de0b81", "url--5797561c-4704-4043-80bd-47d602de0b81", "indicator--5797561c-e7c4-4aa8-8a6c-45dd02de0b81", "indicator--5797561c-34c0-462c-9791-430f02de0b81", "observed-data--5797561d-e710-4d6d-9f37-44e102de0b81", "url--5797561d-e710-4d6d-9f37-44e102de0b81", "indicator--5797561d-7a90-4124-ac02-4e3702de0b81", "indicator--5797561d-1ea8-4a01-ad56-4b8002de0b81", "observed-data--5797561d-56f0-4f79-b213-402602de0b81", "url--5797561d-56f0-4f79-b213-402602de0b81", "indicator--5797561d-bb88-478f-88a7-464c02de0b81", "indicator--5797561e-34ac-44d6-b0f6-4ca602de0b81", "observed-data--5797561e-3688-4a88-af66-496a02de0b81", "url--5797561e-3688-4a88-af66-496a02de0b81", "indicator--5797561e-a138-4529-9288-473702de0b81", "indicator--5797561e-a3a8-4bb9-a6fc-4e0402de0b81", "observed-data--5797561e-9ad0-44b0-aa61-414402de0b81", "url--5797561e-9ad0-44b0-aa61-414402de0b81", "indicator--5797561f-00f4-42c4-8cf4-4aeb02de0b81", "indicator--5797561f-8fb8-4712-b7e7-4bbb02de0b81", "observed-data--5797561f-5084-4c7d-a0e4-458102de0b81", "url--5797561f-5084-4c7d-a0e4-458102de0b81", "indicator--5797561f-2d6c-40eb-84af-42b702de0b81", "indicator--5797561f-0360-4cc5-9264-496e02de0b81", "observed-data--5797561f-ee14-4d1e-b137-405e02de0b81", "url--5797561f-ee14-4d1e-b137-405e02de0b81", "indicator--57975620-fd00-49e6-be32-406502de0b81", "indicator--57975620-15f4-4d07-acf4-4ecb02de0b81", "observed-data--57975620-1794-4b83-9444-4f8002de0b81", "url--57975620-1794-4b83-9444-4f8002de0b81", "indicator--57975620-152c-4372-86de-495302de0b81", "indicator--57975620-1088-4e9e-be82-4ef702de0b81", "observed-data--57975621-2824-43fa-a90f-4b6f02de0b81", "url--57975621-2824-43fa-a90f-4b6f02de0b81", "indicator--57975621-5ef8-41ce-a4f6-4abb02de0b81", "indicator--57975621-cbe0-43f2-b50c-414802de0b81", "observed-data--57975621-3f9c-4cf2-b5cb-4dd502de0b81", "url--57975621-3f9c-4cf2-b5cb-4dd502de0b81", "indicator--57975621-64c0-4e87-b699-445502de0b81", "indicator--57975622-7924-40d4-b886-48e402de0b81", "observed-data--57975622-e57c-462c-af76-4be302de0b81", "url--57975622-e57c-462c-af76-4be302de0b81", "indicator--57975622-687c-4cf6-8637-435b02de0b81", "indicator--57975622-9068-4870-ab8c-4d8a02de0b81", "observed-data--57975622-3090-4fa5-a399-4ca602de0b81", "url--57975622-3090-4fa5-a399-4ca602de0b81", "indicator--57975623-9840-4ac9-a0d4-487702de0b81", "indicator--57975623-b670-4b49-aaf2-483502de0b81", "observed-data--57975623-4d64-41f7-a1db-48fe02de0b81", "url--57975623-4d64-41f7-a1db-48fe02de0b81", "indicator--57975623-24dc-467c-ba30-436702de0b81", "indicator--57975623-c8c0-4beb-bde6-4f0d02de0b81", "observed-data--57975624-d77c-4f01-8711-433302de0b81", "url--57975624-d77c-4f01-8711-433302de0b81", "indicator--57975624-dcc4-408e-b4e3-43b002de0b81", "indicator--57975624-aa64-4ab1-ac4e-4b9e02de0b81", "observed-data--57975624-16e4-49aa-9a7a-434702de0b81", "url--57975624-16e4-49aa-9a7a-434702de0b81", "indicator--57975624-ce20-42f4-8932-458102de0b81", "indicator--57975625-937c-40da-bbf0-45ea02de0b81", "observed-data--57975625-7024-4664-b88b-45a002de0b81", "url--57975625-7024-4664-b88b-45a002de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5797545e-48c4-4130-963a-452b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:15:26.000Z", "modified": "2016-07-26T12:15:26.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "The Patchwork attack group has been targeting more than just government-associated organizations. Our research into the group found that it\u00e2\u20ac\u2122s been attacking a broad range of industries, including aviation, broadcasting, and finance, to drop back door Trojans.\r\n\r\nSymantec Security Response has been actively monitoring Patchwork, also known as Dropping Elephant, which uses Chinese-themed content as bait to compromise its targets\u00e2\u20ac\u2122 networks. Two security companies, Cymmetria and Kaspersky, each recently released reports on the campaign, most of which are in line with our observations." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797546b-bc80-4eb2-9610-4608950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:15:39.000Z", "modified": "2016-07-26T12:15:39.000Z", "first_observed": "2016-07-26T12:15:39Z", "last_observed": "2016-07-26T12:15:39Z", "number_observed": 1, "object_refs": [ "url--5797546b-bc80-4eb2-9610-4608950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797546b-bc80-4eb2-9610-4608950d210f", "value": "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975487-55f4-4f19-9708-4f0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:07.000Z", "modified": "2016-07-26T12:16:07.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'chinastrats.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975488-80cc-487c-8601-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:08.000Z", "modified": "2016-07-26T12:16:08.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'epg-cn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975488-1184-4a33-9efa-4217950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:08.000Z", "modified": "2016-07-26T12:16:08.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'extremebolt.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975488-13dc-4105-a595-4d90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:08.000Z", "modified": "2016-07-26T12:16:08.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'info81.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975488-79c8-4733-94f5-4dac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:08.000Z", "modified": "2016-07-26T12:16:08.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'lujunxinxi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975489-c954-4314-aaf3-4b0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:09.000Z", "modified": "2016-07-26T12:16:09.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'militaryworkerscn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975489-1298-4c90-8d6b-4d23950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:09.000Z", "modified": "2016-07-26T12:16:09.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'milresearchcn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975489-b4e4-4ccb-9df7-4678950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:09.000Z", "modified": "2016-07-26T12:16:09.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'modgovcn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975489-d574-43d5-b0cc-45e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:09.000Z", "modified": "2016-07-26T12:16:09.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'newsnstat.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975489-1b10-498f-abde-4f4f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:09.000Z", "modified": "2016-07-26T12:16:09.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'nudtcn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548a-e408-4c05-85cf-4ce9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:10.000Z", "modified": "2016-07-26T12:16:10.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'socialfreakzz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548a-ec98-4902-b3a3-450f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:10.000Z", "modified": "2016-07-26T12:16:10.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = '81-cn.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548a-eb9c-47fc-9d02-4295950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:10.000Z", "modified": "2016-07-26T12:16:10.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'cnmilit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548a-f4e0-401e-8c1c-4d27950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:10.000Z", "modified": "2016-07-26T12:16:10.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'nduformation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548b-90c0-4765-9180-43a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:11.000Z", "modified": "2016-07-26T12:16:11.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'expatchina.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548b-2114-426f-acc5-4a35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:11.000Z", "modified": "2016-07-26T12:16:11.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'climaxcn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548b-49dc-4677-8f01-43d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:11.000Z", "modified": "2016-07-26T12:16:11.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'miltechcn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548b-d3a8-4737-8d88-4f2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:11.000Z", "modified": "2016-07-26T12:16:11.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'miltechweb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548b-5664-4229-8207-40f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:11.000Z", "modified": "2016-07-26T12:16:11.000Z", "description": "Suspected domains and IP addresses", "pattern": "[domain-name:value = 'securematrixx.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548c-b6b4-49d3-9578-4ce1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:12.000Z", "modified": "2016-07-26T12:16:12.000Z", "description": "Suspected domains and IP addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.166.163.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797548c-97d8-41aa-a48d-4e3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:12.000Z", "modified": "2016-07-26T12:16:12.000Z", "description": "Suspected domains and IP addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.129.13.110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b0-2d60-4fe7-9b65-47b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:48.000Z", "modified": "2016-07-26T12:16:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '0bbff4654d0c4551c58376e6a99dfda0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b0-bd24-485a-ac9a-4dcf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:48.000Z", "modified": "2016-07-26T12:16:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '1de10c5bc704d3eaf4f0cfa5ddd63f2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b1-1404-4402-929e-406f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:49.000Z", "modified": "2016-07-26T12:16:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'MilitaryReforms2.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b1-80f8-43c8-8a81-4823950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:49.000Z", "modified": "2016-07-26T12:16:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '2ba26a9cc1af4479e99dcc6a0e7d5d67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b1-1320-4c86-a327-4dff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:49.000Z", "modified": "2016-07-26T12:16:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = '2016_China_Military_PowerReport.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b1-1ad4-4ecd-b2b9-4aa0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:49.000Z", "modified": "2016-07-26T12:16:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '375f240df2718fc3e0137e109eef57ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b1-cc2c-453e-b03a-42e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:49.000Z", "modified": "2016-07-26T12:16:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'PLA_UAV_DEPLOYMENT.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b2-f8ac-4e35-bfd9-44e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:50.000Z", "modified": "2016-07-26T12:16:50.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '38e71afcdd6236ac3ad24bda393a81c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b2-636c-4fcb-81bc-4100950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:50.000Z", "modified": "2016-07-26T12:16:50.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'militarizationofsouthchinasea_1.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b2-f9ac-4534-8463-4ce6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:50.000Z", "modified": "2016-07-26T12:16:50.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '3e9d1526addf2ca6b09e2fdb5fd4978f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b2-f880-4580-831f-43cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:50.000Z", "modified": "2016-07-26T12:16:50.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'How_to_easily_clean_an_infected_computer.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b3-9718-44dc-98c2-4abf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:51.000Z", "modified": "2016-07-26T12:16:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '475c29ed9373e2c04b7c3df6766761eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b3-fb10-47ef-ab33-47cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:51.000Z", "modified": "2016-07-26T12:16:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'PLA_Forthcoming_Revolution_in_Doctrinal_Affairs.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b3-a724-41f5-9bf7-4503950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:51.000Z", "modified": "2016-07-26T12:16:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '4dbb8ad1776af25a5832e92b12d4bfff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b3-54ec-4599-a1b7-4ef8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:51.000Z", "modified": "2016-07-26T12:16:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'maritime_dispute.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b3-fd88-46cc-9d02-4d11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:51.000Z", "modified": "2016-07-26T12:16:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'Clingendael_Report_South_China_Sea.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b3-b1cc-4d29-86ad-4a44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:51.000Z", "modified": "2016-07-26T12:16:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '543d402a56406c93b68622a7e392728d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b4-5ea0-40b6-9cdc-411f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:52.000Z", "modified": "2016-07-26T12:16:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '551e244aa85b92fe470ed2eac9d8808a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b4-0858-4899-8bbe-4f5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:52.000Z", "modified": "2016-07-26T12:16:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'Assessing_PLA_Organisational_Reforms.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b4-cfb8-4815-8b90-4016950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:52.000Z", "modified": "2016-07-26T12:16:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '6877e60f141793287169125a08e36941']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b4-3b54-432e-b090-459f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:52.000Z", "modified": "2016-07-26T12:16:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '6d8534597ae05d2151d848d2e6427f9e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b4-f750-4210-bc24-45c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:52.000Z", "modified": "2016-07-26T12:16:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'cn-lshc-hospital-operations-excellence.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b5-6f04-4abf-9639-473e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:53.000Z", "modified": "2016-07-26T12:16:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '74fea3e542add0f301756581d1f16126']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b5-c370-47c2-b672-4d89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:53.000Z", "modified": "2016-07-26T12:16:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'Clingendael_Report_South_China_Sea_20160517Downloaded.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b5-e3c4-4a8f-a7b8-46df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:53.000Z", "modified": "2016-07-26T12:16:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '812a856288a03787d85d2cb9c1e1b3ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b5-69fc-4154-897a-47a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:53.000Z", "modified": "2016-07-26T12:16:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '8f7b1f320823893e159f6ebfb8ce3e78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b5-ed8c-42bd-86e8-47c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:53.000Z", "modified": "2016-07-26T12:16:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'b163e3906b3521a407910aeefd055f03']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b6-5460-4ef7-a6f4-4dd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:54.000Z", "modified": "2016-07-26T12:16:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'china_security_report_2016.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b6-0118-4d82-ba1e-49db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:54.000Z", "modified": "2016-07-26T12:16:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'd456bbf44d73b1f0f2d1119f16993e93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b6-3ffc-45bd-8b8a-4344950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:54.000Z", "modified": "2016-07-26T12:16:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'e7b4511cba3bba6983c43c9f9014a49d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b6-797c-4fbd-91b8-4057950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:54.000Z", "modified": "2016-07-26T12:16:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'netflix2.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b6-1e1c-43fa-8b42-4ca5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:54.000Z", "modified": "2016-07-26T12:16:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'ebfa776a91de20674a4ae55294d85087']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b7-50d0-4d62-ac9c-4f14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:55.000Z", "modified": "2016-07-26T12:16:55.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'Chinese_Influence_Faces_2.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b7-c928-4998-a79e-4656950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:55.000Z", "modified": "2016-07-26T12:16:55.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'eefcef704b1a7bea6e92dc8711cfd35e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579754b7-2f7c-467f-981d-4a13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:16:55.000Z", "modified": "2016-07-26T12:16:55.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'Top_Five_AF.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:16:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975522-8fec-4fcf-b790-4706950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:26:52.000Z", "modified": "2016-07-26T12:26:52.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'China_Vietnam_Military_Clash.doc' AND file:hashes.MD5 = '3d852dea971ced1481169d8f66542dc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:26:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975522-78e4-4b54-bec3-4e31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:27:23.000Z", "modified": "2016-07-26T12:27:23.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'Cyber_Crime_bill.doc' AND file:hashes.MD5 = '4ff89d5341ac36eb9bed79e7afe04cb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:27:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975522-7a64-4c5f-abd5-4f70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:27:38.000Z", "modified": "2016-07-26T12:27:38.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'china_report_EN_web_2016_A01.doc' AND file:hashes.MD5 = '7012f07e82092ab2daede774b9000d64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:27:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975523-6350-4969-b6f0-4365950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:28:44.000Z", "modified": "2016-07-26T12:28:44.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'Cyber_Crime_bill.doc' AND file:hashes.MD5 = '735f0fbe44b70e184665aed8d1b2c117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:28:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975523-b260-4521-aacc-43cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:29:00.000Z", "modified": "2016-07-26T12:29:00.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc' AND file:hashes.MD5 = 'e5685462d8a2825e124193de9fa269d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:29:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975524-c948-489f-bb6b-45e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:27:10.000Z", "modified": "2016-07-26T12:27:10.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'Job_offers.doc' AND file:hashes.MD5 = 'f5c81526acbd830da2f533ae93deb1e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797553e-6cbc-4c5e-a603-4450950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:10.000Z", "modified": "2016-07-26T12:19:10.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = '2099fcd4a81817171649cb38dac0fb2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5797553e-1cfc-4120-9569-42a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:46.000Z", "modified": "2016-07-26T12:19:46.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan.Mdropper" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797553f-0dd4-43d4-915c-4b92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:11.000Z", "modified": "2016-07-26T12:19:11.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = '3d852dea971ced1481169d8f66542dc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797553f-9bc4-4955-8bd0-4741950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:25:28.000Z", "modified": "2016-07-26T12:25:28.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'China_Vietnam_Military_Clash.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:25:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797553f-dbd4-4e64-b7d8-42b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:11.000Z", "modified": "2016-07-26T12:19:11.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = '4ff89d5341ac36eb9bed79e7afe04cb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797553f-9e30-42e2-9ab6-49d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:25:58.000Z", "modified": "2016-07-26T12:25:58.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'Cyber_Crime_bill.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:25:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975540-f9f0-4e3c-b3e5-49e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:12.000Z", "modified": "2016-07-26T12:19:12.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = '7012f07e82092ab2daede774b9000d64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975540-936c-4984-aa17-4fe2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:26:15.000Z", "modified": "2016-07-26T12:26:15.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'china_report_EN_web_2016_A01.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:26:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975540-46b8-4c36-bd7b-44ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:12.000Z", "modified": "2016-07-26T12:19:12.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = '735f0fbe44b70e184665aed8d1b2c117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975540-92dc-4936-95fc-4c0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:12.000Z", "modified": "2016-07-26T12:19:12.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = '7796ae46da0049057abd5cfb9798e494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975540-284c-4836-9ae1-4477950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:12.000Z", "modified": "2016-07-26T12:19:12.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = 'e5685462d8a2825e124193de9fa269d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975541-f388-482a-8f7c-4a8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:26:36.000Z", "modified": "2016-07-26T12:26:36.000Z", "description": "Malicious rich text files associated with this campaign", "pattern": "[file:name = 'PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:26:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975541-0034-456e-a724-4682950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:19:13.000Z", "modified": "2016-07-26T12:19:13.000Z", "description": "Malicious PowerPoint slides associated with this campaign", "pattern": "[file:hashes.MD5 = 'f5c81526acbd830da2f533ae93deb1e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:19:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bb-6b1c-452d-a99d-46d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:15.000Z", "modified": "2016-07-26T12:21:15.000Z", "description": "Backdoor.Steladok", "pattern": "[file:hashes.MD5 = '0f09e24a8d57fb8b1a8cc51c07ebbe3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bb-d34c-4ea5-b16f-4054950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:15.000Z", "modified": "2016-07-26T12:21:15.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = '233a71ea802af564dd1ab38e62236633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bb-ebf0-4a6b-acd2-41c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:15.000Z", "modified": "2016-07-26T12:21:15.000Z", "description": "Backdoor.Steladok", "pattern": "[file:hashes.MD5 = '2c0efa57eeffed228eb09ee97df1445a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bb-b370-42d7-982c-462e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:15.000Z", "modified": "2016-07-26T12:21:15.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = '3ac28869c83d20f9b18ebbd9ea3a9155']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bc-f610-4f11-ac9f-446d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:16.000Z", "modified": "2016-07-26T12:21:16.000Z", "description": "Trojan.Gen.2", "pattern": "[file:hashes.MD5 = '465de3db14158005ede000f7c0f16efe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bc-19b8-46b0-acff-4853950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:16.000Z", "modified": "2016-07-26T12:21:16.000Z", "description": "Trojan.Gen.2", "pattern": "[file:hashes.MD5 = '4fca01f852410ea1413a876df339a36d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bc-a5a4-4cca-a4bc-4bcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:16.000Z", "modified": "2016-07-26T12:21:16.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = '61e0f4ecb3d7c56ea06b8f609fd2bf13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bc-1070-44a2-a90e-4a1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:16.000Z", "modified": "2016-07-26T12:21:16.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = '6b335a77203b566d92c726b939b8d8c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bc-51dc-4d84-b24e-4cc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:16.000Z", "modified": "2016-07-26T12:21:16.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = 'a4fb5a6765cb8a30a8393d608c39d9f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bd-5984-48c1-b927-4c8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:17.000Z", "modified": "2016-07-26T12:21:17.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = 'b594a4d3f7183c3af155375f81ad6c3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bd-69b8-489b-8feb-4b2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:17.000Z", "modified": "2016-07-26T12:21:17.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = 'b7433c57a7111457506f85bdf6592d18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bd-71dc-48e6-ba41-41f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:17.000Z", "modified": "2016-07-26T12:21:17.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = 'c575f9b40cf6e6141f0ee40c8a544fb8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755bd-fec0-4c03-bb7b-4f68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:17.000Z", "modified": "2016-07-26T12:21:17.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = 'd8102a24ca00ef3db7d942912765441e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755be-7e90-42e7-a6d5-4636950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:18.000Z", "modified": "2016-07-26T12:21:18.000Z", "description": "Backdoor.Steladok", "pattern": "[file:hashes.MD5 = 'f47484e6705e52a115a3684832296b39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755be-e658-4d2a-b859-4f19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:18.000Z", "modified": "2016-07-26T12:21:18.000Z", "description": "Backodor.Enfourks", "pattern": "[file:hashes.MD5 = 'f7ce9894c1c99ce64455155377446d9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579755be-8bd0-4350-ac3e-41d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:21:18.000Z", "modified": "2016-07-26T12:21:18.000Z", "description": "infostealer", "pattern": "[file:hashes.MD5 = 'ffab6174860af9a7c3b37a7f1fb8f381']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:21:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975612-65b0-4380-b001-462902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:42.000Z", "modified": "2016-07-26T12:22:42.000Z", "description": "Backdoor.Steladok - Xchecked via VT: f47484e6705e52a115a3684832296b39", "pattern": "[file:hashes.SHA256 = 'e0d32df8cc527f8a183550456e3ec5bac6d4aa86576605bb1b770648b1c101b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975612-425c-48cd-8b21-4efe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:42.000Z", "modified": "2016-07-26T12:22:42.000Z", "description": "Backdoor.Steladok - Xchecked via VT: f47484e6705e52a115a3684832296b39", "pattern": "[file:hashes.SHA1 = 'b362d1d91ed93eebb03d240553153f2148209d3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975613-f958-4d4a-ab36-46ae02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:43.000Z", "modified": "2016-07-26T12:22:43.000Z", "first_observed": "2016-07-26T12:22:43Z", "last_observed": "2016-07-26T12:22:43Z", "number_observed": 1, "object_refs": [ "url--57975613-f958-4d4a-ab36-46ae02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975613-f958-4d4a-ab36-46ae02de0b81", "value": "https://www.virustotal.com/file/e0d32df8cc527f8a183550456e3ec5bac6d4aa86576605bb1b770648b1c101b5/analysis/1469513487/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975613-b504-4b7d-a762-4b6102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:43.000Z", "modified": "2016-07-26T12:22:43.000Z", "description": "Backodor.Enfourks - Xchecked via VT: d8102a24ca00ef3db7d942912765441e", "pattern": "[file:hashes.SHA256 = '56bad93d98a01a820555357beb03a691f523ebb289b9c821ad85ee65137d29f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975613-5a9c-42ee-9f80-4deb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:43.000Z", "modified": "2016-07-26T12:22:43.000Z", "description": "Backodor.Enfourks - Xchecked via VT: d8102a24ca00ef3db7d942912765441e", "pattern": "[file:hashes.SHA1 = '83a5074c677a96f1c9f67b758e5e399e401dde41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975613-c2e0-43fb-b3c3-4e8602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:43.000Z", "modified": "2016-07-26T12:22:43.000Z", "first_observed": "2016-07-26T12:22:43Z", "last_observed": "2016-07-26T12:22:43Z", "number_observed": 1, "object_refs": [ "url--57975613-c2e0-43fb-b3c3-4e8602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975613-c2e0-43fb-b3c3-4e8602de0b81", "value": "https://www.virustotal.com/file/56bad93d98a01a820555357beb03a691f523ebb289b9c821ad85ee65137d29f9/analysis/1469513480/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975613-95bc-4ccc-a774-4eaa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:43.000Z", "modified": "2016-07-26T12:22:43.000Z", "description": "Backodor.Enfourks - Xchecked via VT: c575f9b40cf6e6141f0ee40c8a544fb8", "pattern": "[file:hashes.SHA256 = 'f65eeb136e23d06b54b15834ad15d4bcd2cd51af9e8c134da32da02bdcb68996']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975614-81f4-4181-b51c-47fb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:44.000Z", "modified": "2016-07-26T12:22:44.000Z", "description": "Backodor.Enfourks - Xchecked via VT: c575f9b40cf6e6141f0ee40c8a544fb8", "pattern": "[file:hashes.SHA1 = 'd09ed8c4b5ad43fb4a6d13a96c2cd083b8795692']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975614-8080-45c1-b7fe-428b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:44.000Z", "modified": "2016-07-26T12:22:44.000Z", "first_observed": "2016-07-26T12:22:44Z", "last_observed": "2016-07-26T12:22:44Z", "number_observed": 1, "object_refs": [ "url--57975614-8080-45c1-b7fe-428b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975614-8080-45c1-b7fe-428b02de0b81", "value": "https://www.virustotal.com/file/f65eeb136e23d06b54b15834ad15d4bcd2cd51af9e8c134da32da02bdcb68996/analysis/1469513481/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975614-afe4-4a8a-86b1-4c3e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:44.000Z", "modified": "2016-07-26T12:22:44.000Z", "description": "Backodor.Enfourks - Xchecked via VT: b7433c57a7111457506f85bdf6592d18", "pattern": "[file:hashes.SHA256 = '1da99f69735d203a3d52ff1bb2ede75fe69601259efa6c5a080024ddf9276297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975614-bc0c-4000-90c0-4afa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:44.000Z", "modified": "2016-07-26T12:22:44.000Z", "description": "Backodor.Enfourks - Xchecked via VT: b7433c57a7111457506f85bdf6592d18", "pattern": "[file:hashes.SHA1 = 'e0970cd442808dd54cfe3427acee4e1bee0aea17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975615-1430-4a30-8e24-4e4702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:45.000Z", "modified": "2016-07-26T12:22:45.000Z", "first_observed": "2016-07-26T12:22:45Z", "last_observed": "2016-07-26T12:22:45Z", "number_observed": 1, "object_refs": [ "url--57975615-1430-4a30-8e24-4e4702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975615-1430-4a30-8e24-4e4702de0b81", "value": "https://www.virustotal.com/file/1da99f69735d203a3d52ff1bb2ede75fe69601259efa6c5a080024ddf9276297/analysis/1468241922/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975615-0140-4dd2-8102-421402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:45.000Z", "modified": "2016-07-26T12:22:45.000Z", "description": "Backodor.Enfourks - Xchecked via VT: b594a4d3f7183c3af155375f81ad6c3d", "pattern": "[file:hashes.SHA256 = '49d08ff05bbe4a77e748dc8903b9d976a9b2176054ddfaf684c5699e84204f30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975615-d198-418b-b3bd-46ae02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:45.000Z", "modified": "2016-07-26T12:22:45.000Z", "description": "Backodor.Enfourks - Xchecked via VT: b594a4d3f7183c3af155375f81ad6c3d", "pattern": "[file:hashes.SHA1 = '67d9965c91e96f516de76591e6be651b344095a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975615-849c-411d-8a60-4e7f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:45.000Z", "modified": "2016-07-26T12:22:45.000Z", "first_observed": "2016-07-26T12:22:45Z", "last_observed": "2016-07-26T12:22:45Z", "number_observed": 1, "object_refs": [ "url--57975615-849c-411d-8a60-4e7f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975615-849c-411d-8a60-4e7f02de0b81", "value": "https://www.virustotal.com/file/49d08ff05bbe4a77e748dc8903b9d976a9b2176054ddfaf684c5699e84204f30/analysis/1469513481/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975615-cb30-494b-9f14-499402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:45.000Z", "modified": "2016-07-26T12:22:45.000Z", "description": "Backodor.Enfourks - Xchecked via VT: a4fb5a6765cb8a30a8393d608c39d9f7", "pattern": "[file:hashes.SHA256 = 'f5e4d5d5fde978968dce4db4120ecbb68898d5fdf55860e61058d91db29b7d91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975616-9c80-4a73-85e1-4aac02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:46.000Z", "modified": "2016-07-26T12:22:46.000Z", "description": "Backodor.Enfourks - Xchecked via VT: a4fb5a6765cb8a30a8393d608c39d9f7", "pattern": "[file:hashes.SHA1 = '8daa2f782e8af92747cfce5d9323653050dbd498']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975616-61bc-4a41-89b4-405402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:46.000Z", "modified": "2016-07-26T12:22:46.000Z", "first_observed": "2016-07-26T12:22:46Z", "last_observed": "2016-07-26T12:22:46Z", "number_observed": 1, "object_refs": [ "url--57975616-61bc-4a41-89b4-405402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975616-61bc-4a41-89b4-405402de0b81", "value": "https://www.virustotal.com/file/f5e4d5d5fde978968dce4db4120ecbb68898d5fdf55860e61058d91db29b7d91/analysis/1469513481/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975616-8828-497c-a363-4cf102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:46.000Z", "modified": "2016-07-26T12:22:46.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: f5c81526acbd830da2f533ae93deb1e1", "pattern": "[file:hashes.SHA256 = '79293f3cfa2af27b9d5d2d7afa1d3febb8a02f7480491b0a8afb6eea0d10faab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975616-7c9c-438d-99ef-4bda02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:46.000Z", "modified": "2016-07-26T12:22:46.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: f5c81526acbd830da2f533ae93deb1e1", "pattern": "[file:hashes.SHA1 = 'f7d9e0c7714578eb29716c1d2f49ef0defbf112a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975617-11d4-4822-952a-4c8b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:46.000Z", "modified": "2016-07-26T12:22:46.000Z", "first_observed": "2016-07-26T12:22:46Z", "last_observed": "2016-07-26T12:22:46Z", "number_observed": 1, "object_refs": [ "url--57975617-11d4-4822-952a-4c8b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975617-11d4-4822-952a-4c8b02de0b81", "value": "https://www.virustotal.com/file/79293f3cfa2af27b9d5d2d7afa1d3febb8a02f7480491b0a8afb6eea0d10faab/analysis/1464792591/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975617-c5c0-4363-af59-439f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:47.000Z", "modified": "2016-07-26T12:22:47.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7796ae46da0049057abd5cfb9798e494", "pattern": "[file:hashes.SHA256 = '53429895e699445a717e75ce3539c5b0b3be42b375f518d5c7759bd1c8b48291']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975617-4c60-4cfe-a93b-454902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:47.000Z", "modified": "2016-07-26T12:22:47.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7796ae46da0049057abd5cfb9798e494", "pattern": "[file:hashes.SHA1 = '478a41f254bb7b85e8ae5ac53757fc220e3ab91c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975617-7150-4f06-88d6-4c8402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:47.000Z", "modified": "2016-07-26T12:22:47.000Z", "first_observed": "2016-07-26T12:22:47Z", "last_observed": "2016-07-26T12:22:47Z", "number_observed": 1, "object_refs": [ "url--57975617-7150-4f06-88d6-4c8402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975617-7150-4f06-88d6-4c8402de0b81", "value": "https://www.virustotal.com/file/53429895e699445a717e75ce3539c5b0b3be42b375f518d5c7759bd1c8b48291/analysis/1469513478/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975617-7704-4e28-a60f-4f5802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:47.000Z", "modified": "2016-07-26T12:22:47.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 735f0fbe44b70e184665aed8d1b2c117", "pattern": "[file:hashes.SHA256 = '34cdfc67942060ba30c1b9ac1db9bd042f0f8e487b805b8a3e1935b4d2508db6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975618-e68c-4d7f-9fb2-4c6e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:48.000Z", "modified": "2016-07-26T12:22:48.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 735f0fbe44b70e184665aed8d1b2c117", "pattern": "[file:hashes.SHA1 = '11064dcef86ac1d94c170b24215854efb8aad542']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975618-9258-47a9-a454-48a602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:48.000Z", "modified": "2016-07-26T12:22:48.000Z", "first_observed": "2016-07-26T12:22:48Z", "last_observed": "2016-07-26T12:22:48Z", "number_observed": 1, "object_refs": [ "url--57975618-9258-47a9-a454-48a602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975618-9258-47a9-a454-48a602de0b81", "value": "https://www.virustotal.com/file/34cdfc67942060ba30c1b9ac1db9bd042f0f8e487b805b8a3e1935b4d2508db6/analysis/1469513478/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975618-36f4-4f47-8b24-403b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:48.000Z", "modified": "2016-07-26T12:22:48.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7012f07e82092ab2daede774b9000d64", "pattern": "[file:hashes.SHA256 = 'ebd4f62bb85f6de1111cbd613d2d4288728732edda9eb427fe9f51bd1f2d6db2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975618-cd48-4abe-a930-4fa702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:48.000Z", "modified": "2016-07-26T12:22:48.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7012f07e82092ab2daede774b9000d64", "pattern": "[file:hashes.SHA1 = '1e39ff194c72c74c893b7fd9f9d0e7205c5da115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975618-e028-4a85-b372-46ff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:48.000Z", "modified": "2016-07-26T12:22:48.000Z", "first_observed": "2016-07-26T12:22:48Z", "last_observed": "2016-07-26T12:22:48Z", "number_observed": 1, "object_refs": [ "url--57975618-e028-4a85-b372-46ff02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975618-e028-4a85-b372-46ff02de0b81", "value": "https://www.virustotal.com/file/ebd4f62bb85f6de1111cbd613d2d4288728732edda9eb427fe9f51bd1f2d6db2/analysis/1469513485/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975619-2f38-410e-9bc8-47b502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:49.000Z", "modified": "2016-07-26T12:22:49.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 4ff89d5341ac36eb9bed79e7afe04cb3", "pattern": "[file:hashes.SHA256 = '20785552d82d461f5b4e480dcf51180e3f7b5d3e7286720f861e7ccfe8a2b067']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975619-4d90-4f30-a0a5-41cd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:49.000Z", "modified": "2016-07-26T12:22:49.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 4ff89d5341ac36eb9bed79e7afe04cb3", "pattern": "[file:hashes.SHA1 = '9034c8bfac8385a29f979b1601896c6edb0113b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975619-b630-46a2-b7d5-4eeb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:49.000Z", "modified": "2016-07-26T12:22:49.000Z", "first_observed": "2016-07-26T12:22:49Z", "last_observed": "2016-07-26T12:22:49Z", "number_observed": 1, "object_refs": [ "url--57975619-b630-46a2-b7d5-4eeb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975619-b630-46a2-b7d5-4eeb02de0b81", "value": "https://www.virustotal.com/file/20785552d82d461f5b4e480dcf51180e3f7b5d3e7286720f861e7ccfe8a2b067/analysis/1469513477/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975619-9734-4819-92b7-40bb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:49.000Z", "modified": "2016-07-26T12:22:49.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 3d852dea971ced1481169d8f66542dc5", "pattern": "[file:hashes.SHA256 = '0f245244a86a8b36292bc8b0a12b982e2ea366f36256223f8f9bcba37f335fc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975619-fee8-47c0-b4c7-444302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:49.000Z", "modified": "2016-07-26T12:22:49.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 3d852dea971ced1481169d8f66542dc5", "pattern": "[file:hashes.SHA1 = '5de78801847fe63ce66cf23f3ff3d25a28e2c6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975619-cb00-47d2-a913-474902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:49.000Z", "modified": "2016-07-26T12:22:49.000Z", "first_observed": "2016-07-26T12:22:49Z", "last_observed": "2016-07-26T12:22:49Z", "number_observed": 1, "object_refs": [ "url--57975619-cb00-47d2-a913-474902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975619-cb00-47d2-a913-474902de0b81", "value": "https://www.virustotal.com/file/0f245244a86a8b36292bc8b0a12b982e2ea366f36256223f8f9bcba37f335fc9/analysis/1469513489/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561a-ecb4-4e39-b4b0-497502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:50.000Z", "modified": "2016-07-26T12:22:50.000Z", "description": "Backdoor.Steladok - Xchecked via VT: 0f09e24a8d57fb8b1a8cc51c07ebbe3f", "pattern": "[file:hashes.SHA256 = '5b7fdc320e108e58045f210360c0f9486beab37860df605da01deddca9950f1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561a-f660-4183-beaa-434a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:50.000Z", "modified": "2016-07-26T12:22:50.000Z", "description": "Backdoor.Steladok - Xchecked via VT: 0f09e24a8d57fb8b1a8cc51c07ebbe3f", "pattern": "[file:hashes.SHA1 = '3b2af1a6dbec193a647d97c4bfaf21f562c27258']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561a-4384-4105-9709-41d202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:50.000Z", "modified": "2016-07-26T12:22:50.000Z", "first_observed": "2016-07-26T12:22:50Z", "last_observed": "2016-07-26T12:22:50Z", "number_observed": 1, "object_refs": [ "url--5797561a-4384-4105-9709-41d202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561a-4384-4105-9709-41d202de0b81", "value": "https://www.virustotal.com/file/5b7fdc320e108e58045f210360c0f9486beab37860df605da01deddca9950f1d/analysis/1469513486/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561a-bcd4-4f5a-9a0f-4e2e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:50.000Z", "modified": "2016-07-26T12:22:50.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 2099fcd4a81817171649cb38dac0fb2a", "pattern": "[file:hashes.SHA256 = 'e9a930f839dbf4a7bdb72278d14fb8d18f5d56a492e4f9aa60b7b79777d3b2b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561a-949c-47da-a5d4-45ef02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:50.000Z", "modified": "2016-07-26T12:22:50.000Z", "description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 2099fcd4a81817171649cb38dac0fb2a", "pattern": "[file:hashes.SHA1 = '9cdbb41f83854ea4827c83ad9809ed0210566fbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561b-bf64-435a-aa1d-44fc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:51.000Z", "modified": "2016-07-26T12:22:51.000Z", "first_observed": "2016-07-26T12:22:51Z", "last_observed": "2016-07-26T12:22:51Z", "number_observed": 1, "object_refs": [ "url--5797561b-bf64-435a-aa1d-44fc02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561b-bf64-435a-aa1d-44fc02de0b81", "value": "https://www.virustotal.com/file/e9a930f839dbf4a7bdb72278d14fb8d18f5d56a492e4f9aa60b7b79777d3b2b7/analysis/1462697573/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561b-df04-4922-8bf7-47db02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:51.000Z", "modified": "2016-07-26T12:22:51.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: ebfa776a91de20674a4ae55294d85087", "pattern": "[file:hashes.SHA256 = 'db9ecff4368cf87406a0d64ccffd0df72ab875526acf1d1fe0957c9bacacbdeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561b-18e8-42ef-9990-4c6202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:51.000Z", "modified": "2016-07-26T12:22:51.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: ebfa776a91de20674a4ae55294d85087", "pattern": "[file:hashes.SHA1 = 'f3c9c62869c87fe177a69271b9e7f2b5aabcd66c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561b-fd14-472d-b2e1-4a9c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:51.000Z", "modified": "2016-07-26T12:22:51.000Z", "first_observed": "2016-07-26T12:22:51Z", "last_observed": "2016-07-26T12:22:51Z", "number_observed": 1, "object_refs": [ "url--5797561b-fd14-472d-b2e1-4a9c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561b-fd14-472d-b2e1-4a9c02de0b81", "value": "https://www.virustotal.com/file/db9ecff4368cf87406a0d64ccffd0df72ab875526acf1d1fe0957c9bacacbdeb/analysis/1469513478/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561b-0854-458e-a43f-429202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:51.000Z", "modified": "2016-07-26T12:22:51.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: e7b4511cba3bba6983c43c9f9014a49d", "pattern": "[file:hashes.SHA256 = '2f6ed134adf8d29dd9e25b8f8f863389742dd5ff6d9104329c2fecb66b9e1604']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561c-1de4-433b-b56c-4c3f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:52.000Z", "modified": "2016-07-26T12:22:52.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: e7b4511cba3bba6983c43c9f9014a49d", "pattern": "[file:hashes.SHA1 = '3081aa58cc3d14e557f49f7b3ce4247b0935c6b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561c-4704-4043-80bd-47d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:52.000Z", "modified": "2016-07-26T12:22:52.000Z", "first_observed": "2016-07-26T12:22:52Z", "last_observed": "2016-07-26T12:22:52Z", "number_observed": 1, "object_refs": [ "url--5797561c-4704-4043-80bd-47d602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561c-4704-4043-80bd-47d602de0b81", "value": "https://www.virustotal.com/file/2f6ed134adf8d29dd9e25b8f8f863389742dd5ff6d9104329c2fecb66b9e1604/analysis/1469513485/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561c-e7c4-4aa8-8a6c-45dd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:52.000Z", "modified": "2016-07-26T12:22:52.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: d456bbf44d73b1f0f2d1119f16993e93", "pattern": "[file:hashes.SHA256 = '77c234943878d1e16d508f439b3e4bc2eab17eb68df9a297940dfd58ae0c7300']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561c-34c0-462c-9791-430f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:52.000Z", "modified": "2016-07-26T12:22:52.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: d456bbf44d73b1f0f2d1119f16993e93", "pattern": "[file:hashes.SHA1 = 'c1c723b0d162569224327d888dd9c8096918e49a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561d-e710-4d6d-9f37-44e102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:53.000Z", "modified": "2016-07-26T12:22:53.000Z", "first_observed": "2016-07-26T12:22:53Z", "last_observed": "2016-07-26T12:22:53Z", "number_observed": 1, "object_refs": [ "url--5797561d-e710-4d6d-9f37-44e102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561d-e710-4d6d-9f37-44e102de0b81", "value": "https://www.virustotal.com/file/77c234943878d1e16d508f439b3e4bc2eab17eb68df9a297940dfd58ae0c7300/analysis/1469513484/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561d-7a90-4124-ac02-4e3702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:53.000Z", "modified": "2016-07-26T12:22:53.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: b163e3906b3521a407910aeefd055f03", "pattern": "[file:hashes.SHA256 = '8b486336c770a5fd006b4d56c11d58a3a878ff8978c8c97470eec9819f975a60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561d-1ea8-4a01-ad56-4b8002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:53.000Z", "modified": "2016-07-26T12:22:53.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: b163e3906b3521a407910aeefd055f03", "pattern": "[file:hashes.SHA1 = 'cfb33642b702bb4da43aa6842aa657f1ec89b1f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561d-56f0-4f79-b213-402602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:53.000Z", "modified": "2016-07-26T12:22:53.000Z", "first_observed": "2016-07-26T12:22:53Z", "last_observed": "2016-07-26T12:22:53Z", "number_observed": 1, "object_refs": [ "url--5797561d-56f0-4f79-b213-402602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561d-56f0-4f79-b213-402602de0b81", "value": "https://www.virustotal.com/file/8b486336c770a5fd006b4d56c11d58a3a878ff8978c8c97470eec9819f975a60/analysis/1464771776/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561d-bb88-478f-88a7-464c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:53.000Z", "modified": "2016-07-26T12:22:53.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 8f7b1f320823893e159f6ebfb8ce3e78", "pattern": "[file:hashes.SHA256 = 'ea1f4678e075a3fa4a096dcdf06fa91f1758365525ce47bc5ec580c63f0b917b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561e-34ac-44d6-b0f6-4ca602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:54.000Z", "modified": "2016-07-26T12:22:54.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 8f7b1f320823893e159f6ebfb8ce3e78", "pattern": "[file:hashes.SHA1 = '6624b1735b83e5529bd4e25f156f14e352081db7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561e-3688-4a88-af66-496a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:54.000Z", "modified": "2016-07-26T12:22:54.000Z", "first_observed": "2016-07-26T12:22:54Z", "last_observed": "2016-07-26T12:22:54Z", "number_observed": 1, "object_refs": [ "url--5797561e-3688-4a88-af66-496a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561e-3688-4a88-af66-496a02de0b81", "value": "https://www.virustotal.com/file/ea1f4678e075a3fa4a096dcdf06fa91f1758365525ce47bc5ec580c63f0b917b/analysis/1469513476/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561e-a138-4529-9288-473702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:54.000Z", "modified": "2016-07-26T12:22:54.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 812a856288a03787d85d2cb9c1e1b3ba", "pattern": "[file:hashes.SHA256 = 'd20ac3fc362e022c7d09ff6808172fd0dce4e90aee4890455723f638ebff78bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561e-a3a8-4bb9-a6fc-4e0402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:54.000Z", "modified": "2016-07-26T12:22:54.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 812a856288a03787d85d2cb9c1e1b3ba", "pattern": "[file:hashes.SHA1 = '406c74e8eb89fa7b712a535dd38c79c1afd0c6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561e-9ad0-44b0-aa61-414402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:54.000Z", "modified": "2016-07-26T12:22:54.000Z", "first_observed": "2016-07-26T12:22:54Z", "last_observed": "2016-07-26T12:22:54Z", "number_observed": 1, "object_refs": [ "url--5797561e-9ad0-44b0-aa61-414402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561e-9ad0-44b0-aa61-414402de0b81", "value": "https://www.virustotal.com/file/d20ac3fc362e022c7d09ff6808172fd0dce4e90aee4890455723f638ebff78bf/analysis/1469513484/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561f-00f4-42c4-8cf4-4aeb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:55.000Z", "modified": "2016-07-26T12:22:55.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 74fea3e542add0f301756581d1f16126", "pattern": "[file:hashes.SHA256 = '67d89c788f6c06ef6f8d8d40687b8a2cd611d3990443df58129428bd7b1c7ecf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561f-8fb8-4712-b7e7-4bbb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:55.000Z", "modified": "2016-07-26T12:22:55.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 74fea3e542add0f301756581d1f16126", "pattern": "[file:hashes.SHA1 = 'd42a7c41968d937b766d93992ae64d816a8a3f6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561f-5084-4c7d-a0e4-458102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:55.000Z", "modified": "2016-07-26T12:22:55.000Z", "first_observed": "2016-07-26T12:22:55Z", "last_observed": "2016-07-26T12:22:55Z", "number_observed": 1, "object_refs": [ "url--5797561f-5084-4c7d-a0e4-458102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561f-5084-4c7d-a0e4-458102de0b81", "value": "https://www.virustotal.com/file/67d89c788f6c06ef6f8d8d40687b8a2cd611d3990443df58129428bd7b1c7ecf/analysis/1469513476/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561f-2d6c-40eb-84af-42b702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:55.000Z", "modified": "2016-07-26T12:22:55.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 6877e60f141793287169125a08e36941", "pattern": "[file:hashes.SHA256 = '6f46cdc5d3af821b84c31d2c221e79f2d75c1750d39227aacf0cc5fd059a687d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5797561f-0360-4cc5-9264-496e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:55.000Z", "modified": "2016-07-26T12:22:55.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 6877e60f141793287169125a08e36941", "pattern": "[file:hashes.SHA1 = '7ee94c8279ee4282041a242985922dedd9b184b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5797561f-ee14-4d1e-b137-405e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:55.000Z", "modified": "2016-07-26T12:22:55.000Z", "first_observed": "2016-07-26T12:22:55Z", "last_observed": "2016-07-26T12:22:55Z", "number_observed": 1, "object_refs": [ "url--5797561f-ee14-4d1e-b137-405e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5797561f-ee14-4d1e-b137-405e02de0b81", "value": "https://www.virustotal.com/file/6f46cdc5d3af821b84c31d2c221e79f2d75c1750d39227aacf0cc5fd059a687d/analysis/1465118345/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975620-fd00-49e6-be32-406502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:56.000Z", "modified": "2016-07-26T12:22:56.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 543d402a56406c93b68622a7e392728d", "pattern": "[file:hashes.SHA256 = 'a042affc1c30c55b22245fd5e84ba9c78c55b1c1ae1d32d941b63d3f68173a8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975620-15f4-4d07-acf4-4ecb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:56.000Z", "modified": "2016-07-26T12:22:56.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 543d402a56406c93b68622a7e392728d", "pattern": "[file:hashes.SHA1 = 'e89483ada29bdb4128b5faeac1f3d632711d552d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975620-1794-4b83-9444-4f8002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:56.000Z", "modified": "2016-07-26T12:22:56.000Z", "first_observed": "2016-07-26T12:22:56Z", "last_observed": "2016-07-26T12:22:56Z", "number_observed": 1, "object_refs": [ "url--57975620-1794-4b83-9444-4f8002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975620-1794-4b83-9444-4f8002de0b81", "value": "https://www.virustotal.com/file/a042affc1c30c55b22245fd5e84ba9c78c55b1c1ae1d32d941b63d3f68173a8a/analysis/1469513482/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975620-152c-4372-86de-495302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:56.000Z", "modified": "2016-07-26T12:22:56.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 4dbb8ad1776af25a5832e92b12d4bfff", "pattern": "[file:hashes.SHA256 = '037e92c575949a3570ba5097ee058a96deb1be72d521bb18905c9c33d856a100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975620-1088-4e9e-be82-4ef702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:56.000Z", "modified": "2016-07-26T12:22:56.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 4dbb8ad1776af25a5832e92b12d4bfff", "pattern": "[file:hashes.SHA1 = '1ce0ad3556f5866f309e04084d9a230f9f2ce158']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975621-2824-43fa-a90f-4b6f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:57.000Z", "modified": "2016-07-26T12:22:57.000Z", "first_observed": "2016-07-26T12:22:57Z", "last_observed": "2016-07-26T12:22:57Z", "number_observed": 1, "object_refs": [ "url--57975621-2824-43fa-a90f-4b6f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975621-2824-43fa-a90f-4b6f02de0b81", "value": "https://www.virustotal.com/file/037e92c575949a3570ba5097ee058a96deb1be72d521bb18905c9c33d856a100/analysis/1469513482/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975621-5ef8-41ce-a4f6-4abb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:57.000Z", "modified": "2016-07-26T12:22:57.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 475c29ed9373e2c04b7c3df6766761eb", "pattern": "[file:hashes.SHA256 = 'e48c5d26028815956956144c9c7ff71676e4e77297e9e60666babd18925dcee3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975621-cbe0-43f2-b50c-414802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:57.000Z", "modified": "2016-07-26T12:22:57.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 475c29ed9373e2c04b7c3df6766761eb", "pattern": "[file:hashes.SHA1 = '1e226c4ca9cb3dd4ccebaa21c890ba5b83f4b8ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975621-3f9c-4cf2-b5cb-4dd502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:57.000Z", "modified": "2016-07-26T12:22:57.000Z", "first_observed": "2016-07-26T12:22:57Z", "last_observed": "2016-07-26T12:22:57Z", "number_observed": 1, "object_refs": [ "url--57975621-3f9c-4cf2-b5cb-4dd502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975621-3f9c-4cf2-b5cb-4dd502de0b81", "value": "https://www.virustotal.com/file/e48c5d26028815956956144c9c7ff71676e4e77297e9e60666babd18925dcee3/analysis/1469513482/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975621-64c0-4e87-b699-445502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:57.000Z", "modified": "2016-07-26T12:22:57.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 3e9d1526addf2ca6b09e2fdb5fd4978f", "pattern": "[file:hashes.SHA256 = '6fa84f3aaba12557129a59501d71f3a9a690e099ae8e3a4a9ec3c4a25c37a493']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975622-7924-40d4-b886-48e402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:58.000Z", "modified": "2016-07-26T12:22:58.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 3e9d1526addf2ca6b09e2fdb5fd4978f", "pattern": "[file:hashes.SHA1 = '7d957898fc4323d83ce6b325d403ad62f85463f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975622-e57c-462c-af76-4be302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:58.000Z", "modified": "2016-07-26T12:22:58.000Z", "first_observed": "2016-07-26T12:22:58Z", "last_observed": "2016-07-26T12:22:58Z", "number_observed": 1, "object_refs": [ "url--57975622-e57c-462c-af76-4be302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975622-e57c-462c-af76-4be302de0b81", "value": "https://www.virustotal.com/file/6fa84f3aaba12557129a59501d71f3a9a690e099ae8e3a4a9ec3c4a25c37a493/analysis/1469513474/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975622-687c-4cf6-8637-435b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:58.000Z", "modified": "2016-07-26T12:22:58.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 38e71afcdd6236ac3ad24bda393a81c6", "pattern": "[file:hashes.SHA256 = '53a30dfd90bd1208dcfe534ccd0b798d629aa989ccaeae952384cfe9ecb17369']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975622-9068-4870-ab8c-4d8a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:58.000Z", "modified": "2016-07-26T12:22:58.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 38e71afcdd6236ac3ad24bda393a81c6", "pattern": "[file:hashes.SHA1 = '5d61d614731beeb520f767fcbb5afe151341238a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975622-3090-4fa5-a399-4ca602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:58.000Z", "modified": "2016-07-26T12:22:58.000Z", "first_observed": "2016-07-26T12:22:58Z", "last_observed": "2016-07-26T12:22:58Z", "number_observed": 1, "object_refs": [ "url--57975622-3090-4fa5-a399-4ca602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975622-3090-4fa5-a399-4ca602de0b81", "value": "https://www.virustotal.com/file/53a30dfd90bd1208dcfe534ccd0b798d629aa989ccaeae952384cfe9ecb17369/analysis/1469513474/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975623-9840-4ac9-a0d4-487702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:59.000Z", "modified": "2016-07-26T12:22:59.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 375f240df2718fc3e0137e109eef57ee", "pattern": "[file:hashes.SHA256 = '8f2340f45861dbc36f8138f5be25ea9109368a31b2d577631f96ff9fff65b26a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975623-b670-4b49-aaf2-483502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:59.000Z", "modified": "2016-07-26T12:22:59.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 375f240df2718fc3e0137e109eef57ee", "pattern": "[file:hashes.SHA1 = 'c9dddd6d4858234e1be971c7f66193ea907ac8d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975623-4d64-41f7-a1db-48fe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:59.000Z", "modified": "2016-07-26T12:22:59.000Z", "first_observed": "2016-07-26T12:22:59Z", "last_observed": "2016-07-26T12:22:59Z", "number_observed": 1, "object_refs": [ "url--57975623-4d64-41f7-a1db-48fe02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975623-4d64-41f7-a1db-48fe02de0b81", "value": "https://www.virustotal.com/file/8f2340f45861dbc36f8138f5be25ea9109368a31b2d577631f96ff9fff65b26a/analysis/1469513475/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975623-24dc-467c-ba30-436702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:59.000Z", "modified": "2016-07-26T12:22:59.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 2ba26a9cc1af4479e99dcc6a0e7d5d67", "pattern": "[file:hashes.SHA256 = '962ce88813913c907d16b30a1c9f54e6d7281d9c901aa0e11bf6deb9b5ff659a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975623-c8c0-4beb-bde6-4f0d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:22:59.000Z", "modified": "2016-07-26T12:22:59.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 2ba26a9cc1af4479e99dcc6a0e7d5d67", "pattern": "[file:hashes.SHA1 = 'dcccd7a9886e147ecf01718047e1f911323ca8c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975624-d77c-4f01-8711-433302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:00.000Z", "modified": "2016-07-26T12:23:00.000Z", "first_observed": "2016-07-26T12:23:00Z", "last_observed": "2016-07-26T12:23:00Z", "number_observed": 1, "object_refs": [ "url--57975624-d77c-4f01-8711-433302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975624-d77c-4f01-8711-433302de0b81", "value": "https://www.virustotal.com/file/962ce88813913c907d16b30a1c9f54e6d7281d9c901aa0e11bf6deb9b5ff659a/analysis/1465070384/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975624-dcc4-408e-b4e3-43b002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:00.000Z", "modified": "2016-07-26T12:23:00.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1de10c5bc704d3eaf4f0cfa5ddd63f2d", "pattern": "[file:hashes.SHA256 = '09d7cd078a46a33750b002594eb7340af55a1cefe5f4451a8bdfcd6af97449bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:23:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975624-aa64-4ab1-ac4e-4b9e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:00.000Z", "modified": "2016-07-26T12:23:00.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 1de10c5bc704d3eaf4f0cfa5ddd63f2d", "pattern": "[file:hashes.SHA1 = '926162aadd5208b0764c0351074709ecf02bc7b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:23:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975624-16e4-49aa-9a7a-434702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:00.000Z", "modified": "2016-07-26T12:23:00.000Z", "first_observed": "2016-07-26T12:23:00Z", "last_observed": "2016-07-26T12:23:00Z", "number_observed": 1, "object_refs": [ "url--57975624-16e4-49aa-9a7a-434702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975624-16e4-49aa-9a7a-434702de0b81", "value": "https://www.virustotal.com/file/09d7cd078a46a33750b002594eb7340af55a1cefe5f4451a8bdfcd6af97449bf/analysis/1469513475/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975624-ce20-42f4-8932-458102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:00.000Z", "modified": "2016-07-26T12:23:00.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 0bbff4654d0c4551c58376e6a99dfda0", "pattern": "[file:hashes.SHA256 = 'f671bd2a4f5a4df475c6860bbc8198bcce0e2cf229a596ea169b38cb318a012b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:23:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57975625-937c-40da-bbf0-45ea02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:01.000Z", "modified": "2016-07-26T12:23:01.000Z", "description": "Imported via the Freetext Import Tool - Xchecked via VT: 0bbff4654d0c4551c58376e6a99dfda0", "pattern": "[file:hashes.SHA1 = '4a575bfe63262d53a765de254f534e830d03f638']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-26T12:23:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57975625-7024-4664-b88b-45a002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-26T12:23:01.000Z", "modified": "2016-07-26T12:23:01.000Z", "first_observed": "2016-07-26T12:23:01Z", "last_observed": "2016-07-26T12:23:01Z", "number_observed": 1, "object_refs": [ "url--57975625-7024-4664-b88b-45a002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57975625-7024-4664-b88b-45a002de0b81", "value": "https://www.virustotal.com/file/f671bd2a4f5a4df475c6860bbc8198bcce0e2cf229a596ea169b38cb318a012b/analysis/1468316763/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }