{ "type": "bundle", "id": "bundle--58497a8d-4fb8-4155-a101-4a51950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:27:59.000Z", "modified": "2016-12-08T15:27:59.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--58497a8d-4fb8-4155-a101-4a51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:27:59.000Z", "modified": "2016-12-08T15:27:59.000Z", "name": "OSINT - Astrum Drops", "published": "2016-12-08T15:30:23Z", "object_refs": [ "indicator--58497b55-3bbc-43ef-b30c-7bb3950d210f", "indicator--58497b55-e514-4520-a2d9-7bb3950d210f", "indicator--58497b56-1310-4f62-9591-7bb3950d210f", "indicator--58497b56-f5d0-4af2-8c11-7bb3950d210f", "indicator--58497b56-9290-4dc9-9471-7bb3950d210f", "indicator--58497b56-88e4-4e49-91f8-7bb3950d210f", "indicator--58497b56-25b8-4311-a555-7bb3950d210f", "indicator--58497b57-56e8-49d0-ae5a-7bb3950d210f", "indicator--58497b57-98ec-4776-8978-7bb3950d210f", "indicator--58497b57-5c84-4f58-a8a5-7bb3950d210f", "indicator--58497b57-43bc-4853-ac19-7bb3950d210f", "indicator--58497b58-0c70-4b50-b04e-7bb3950d210f", "indicator--58497b58-d470-4748-8d12-7bb3950d210f", "indicator--58497b58-c9f8-4416-aa2c-7bb3950d210f", "indicator--58497b58-f41c-4e35-b142-7bb3950d210f", "indicator--58497b59-614c-4173-88cf-7bb3950d210f", "indicator--58497b59-adb4-49ac-9c11-7bb3950d210f", "indicator--58497b59-94b0-45d8-a1d2-7bb3950d210f", "indicator--58497b59-4ad4-4b98-8032-7bb3950d210f", "indicator--58497b59-ba0c-49f1-b5d5-7bb3950d210f", "indicator--58497b5a-1dc4-40b2-9c78-7bb3950d210f", "indicator--58497b5a-dcec-4401-a220-7bb3950d210f", "indicator--58497b5a-cc8c-4711-a47c-7bb3950d210f", "indicator--58497b5a-b834-4715-b88a-7bb3950d210f", "indicator--58497b5b-527c-4ebd-af55-7bb3950d210f", "indicator--58497b5b-0074-4977-a46c-7bb3950d210f", "indicator--58497b5b-6020-4810-9e46-7bb3950d210f", "indicator--58497b5b-31bc-4f47-a14c-7bb3950d210f", "indicator--58497b5b-58bc-48b9-bb6a-7bb3950d210f", "indicator--58497b5c-5210-46a9-93b7-7bb3950d210f", "indicator--58497b5c-b534-42c2-b86a-7bb3950d210f", "indicator--58497b5c-7590-4a96-b46c-7bb3950d210f", "indicator--58497b5c-cfa4-44b1-bfba-7bb3950d210f", "indicator--58497b5d-7b64-4be5-bb37-7bb3950d210f", "indicator--58497b5d-c2f4-46cb-9cbf-7bb3950d210f", "indicator--58497b5d-0c88-44a1-bbec-7bb3950d210f", "indicator--58497b5d-5c00-42ad-bf39-7bb3950d210f", "indicator--58497b5d-ef3c-4db5-bc08-7bb3950d210f", "indicator--58497b5e-cbe8-455b-9ef6-7bb3950d210f", "indicator--58497b5e-2708-4703-8b17-7bb3950d210f", "indicator--58497b5e-1114-4ec5-a7e4-7bb3950d210f", "indicator--58497b5e-331c-47be-adf2-7bb3950d210f", "indicator--58497b5f-f068-4533-818a-7bb3950d210f", "indicator--58497b5f-ef3c-48b7-a2b5-7bb3950d210f", "indicator--58497b5f-4550-4720-be86-7bb3950d210f", "indicator--58497b5f-39a8-45f8-92c6-7bb3950d210f", "indicator--58497b60-fa9c-49c9-bd64-7bb3950d210f", "indicator--58497b60-8b48-4122-894d-7bb3950d210f", "indicator--58497b60-7554-4498-af70-7bb3950d210f", "indicator--58497b60-0734-4c2a-9c30-7bb3950d210f", "observed-data--58497b78-fbc0-433e-ad26-4c63950d210f", "url--58497b78-fbc0-433e-ad26-4c63950d210f", "observed-data--58497bff-3618-47a3-bb79-432602de0b81", "url--58497bff-3618-47a3-bb79-432602de0b81", "indicator--58497bff-a148-42d0-96ce-4a4002de0b81", "observed-data--58497bff-5c18-4591-8754-4ac302de0b81", "url--58497bff-5c18-4591-8754-4ac302de0b81", "observed-data--58497c00-d978-4056-bb9a-444d02de0b81", "url--58497c00-d978-4056-bb9a-444d02de0b81", "observed-data--58497c01-7e28-488c-8361-414402de0b81", "url--58497c01-7e28-488c-8361-414402de0b81", "observed-data--58497c01-ad80-417a-95eb-4d8002de0b81", "url--58497c01-ad80-417a-95eb-4d8002de0b81", "observed-data--58497c02-0f90-4ac8-851f-4bad02de0b81", "url--58497c02-0f90-4ac8-851f-4bad02de0b81", "observed-data--58497c02-9344-452a-9a0e-4cfa02de0b81", "url--58497c02-9344-452a-9a0e-4cfa02de0b81", "observed-data--58497c03-4bc4-487a-88a1-484602de0b81", "url--58497c03-4bc4-487a-88a1-484602de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b55-3bbc-43ef-b30c-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:09.000Z", "modified": "2016-12-08T15:25:09.000Z", "description": "175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf", "pattern": "[file:hashes.MD5 = '175760baa2bbca3fbdc4d8f30c993b89']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b55-e514-4520-a2d9-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:09.000Z", "modified": "2016-12-08T15:25:09.000Z", "description": "175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf", "pattern": "[file:hashes.SHA1 = 'ae35c375086970b7a20242eaa377e36f20b2e766']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b56-1310-4f62-9591-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:10.000Z", "modified": "2016-12-08T15:25:10.000Z", "description": "175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf", "pattern": "[file:hashes.SHA256 = 'cb9fbb444a6a0b8fd1984db02f9523f9914df2b0747fecc7a1076beee364eb99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b56-f5d0-4af2-8c11-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:10.000Z", "modified": "2016-12-08T15:25:10.000Z", "description": "6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf", "pattern": "[file:hashes.MD5 = '6229795fa30ee413d1aaeb1619a89b8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b56-9290-4dc9-9471-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:10.000Z", "modified": "2016-12-08T15:25:10.000Z", "description": "6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf", "pattern": "[file:hashes.SHA1 = '2197c2632fb0f59ffffba2f26bcd6f12412793bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b56-88e4-4e49-91f8-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:10.000Z", "modified": "2016-12-08T15:25:10.000Z", "description": "6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf", "pattern": "[file:hashes.SHA256 = '70406966f853345efe978ecf6e5f15233aab11296cd71d7adfaee664f33ab6a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b56-25b8-4311-a555-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:10.000Z", "modified": "2016-12-08T15:25:10.000Z", "description": "9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf", "pattern": "[file:hashes.MD5 = '9072591fd08526efe69572294a5a0c63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b57-56e8-49d0-ae5a-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:11.000Z", "modified": "2016-12-08T15:25:11.000Z", "description": "9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf", "pattern": "[file:hashes.SHA1 = 'bab7a711f30e97caae04add267ddec743eea33cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b57-98ec-4776-8978-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:11.000Z", "modified": "2016-12-08T15:25:11.000Z", "description": "9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf", "pattern": "[file:hashes.SHA256 = 'd8c1ea29e6d5bc1ffbd735749237a7e03cd900fb94c94e2f6f18881479b67922']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b57-5c84-4f58-a8a5-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:11.000Z", "modified": "2016-12-08T15:25:11.000Z", "description": "a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf", "pattern": "[file:hashes.MD5 = 'a2fc4c3fbd4efd2c24d26b8ede001a10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b57-43bc-4853-ac19-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:11.000Z", "modified": "2016-12-08T15:25:11.000Z", "description": "a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf", "pattern": "[file:hashes.SHA1 = 'ea839998a9eb52c7c420bf9ca69c90807784ebfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b58-0c70-4b50-b04e-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:12.000Z", "modified": "2016-12-08T15:25:12.000Z", "description": "a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf", "pattern": "[file:hashes.SHA256 = 'b88cc172abb47f4a62706a474527bc14a768e8f72f63ae5383320e849b4d3e50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b58-d470-4748-8d12-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:12.000Z", "modified": "2016-12-08T15:25:12.000Z", "description": "a0144df5caa43684f733634d7937fe25_gootkit.kaf", "pattern": "[file:hashes.SHA1 = '231dc8c84a65804a69be351e52892bb7bf1532d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b58-c9f8-4416-aa2c-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:12.000Z", "modified": "2016-12-08T15:25:12.000Z", "description": "a0144df5caa43684f733634d7937fe25_gootkit.kaf", "pattern": "[file:hashes.SHA256 = 'c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b58-f41c-4e35-b142-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:12.000Z", "modified": "2016-12-08T15:25:12.000Z", "description": "b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf", "pattern": "[file:hashes.MD5 = 'b2eead90d9cc54752b027e9a9f32741c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b59-614c-4173-88cf-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:13.000Z", "modified": "2016-12-08T15:25:13.000Z", "description": "b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf", "pattern": "[file:hashes.SHA1 = 'bf8b2208d242bab61bde878053b2be7a116904eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b59-adb4-49ac-9c11-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:13.000Z", "modified": "2016-12-08T15:25:13.000Z", "description": "b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf", "pattern": "[file:hashes.SHA256 = '672f56545491108a5e710b727ee6268d7d9ff83612a573c716b02618e26a370f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b59-94b0-45d8-a1d2-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:13.000Z", "modified": "2016-12-08T15:25:13.000Z", "description": "e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf", "pattern": "[file:hashes.MD5 = 'e96f2bfb9527e08fc5f82500ef96e487']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b59-4ad4-4b98-8032-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:13.000Z", "modified": "2016-12-08T15:25:13.000Z", "description": "e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf", "pattern": "[file:hashes.SHA1 = '281373b455c9d400e1e56e25e7dcd7cd174a7d65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b59-ba0c-49f1-b5d5-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:13.000Z", "modified": "2016-12-08T15:25:13.000Z", "description": "e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf", "pattern": "[file:hashes.SHA256 = '70a4b312ceec1eb2c259913451c93c138465f3d70c74d0a61eb4c48c5aba0b51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5a-1dc4-40b2-9c78-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:14.000Z", "modified": "2016-12-08T15:25:14.000Z", "description": "ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf", "pattern": "[file:hashes.MD5 = 'ecd1ad7ea3950f29a9afbc000d2b9b1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5a-dcec-4401-a220-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:14.000Z", "modified": "2016-12-08T15:25:14.000Z", "description": "ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf", "pattern": "[file:hashes.SHA1 = 'e9f0c59a2090e681e5d4b5166e6d60f9fb9db772']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5a-cc8c-4711-a47c-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:14.000Z", "modified": "2016-12-08T15:25:14.000Z", "description": "ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf", "pattern": "[file:hashes.SHA256 = '61b8655dfdb553d8fbd5afab7997e247da4b1e9dfc1bbb2474750617bcca5e0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5a-b834-4715-b88a-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:14.000Z", "modified": "2016-12-08T15:25:14.000Z", "description": "f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf", "pattern": "[file:hashes.MD5 = 'f12cdb36588d661a0cd1c63808df3f20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5b-527c-4ebd-af55-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:15.000Z", "modified": "2016-12-08T15:25:15.000Z", "description": "f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf", "pattern": "[file:hashes.SHA1 = '50dc8a7e5df13f94dadbe48d81d136b82b19b131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5b-0074-4977-a46c-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:15.000Z", "modified": "2016-12-08T15:25:15.000Z", "description": "f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf", "pattern": "[file:hashes.SHA256 = '57adba8dea8bd0eb8dab7a2e77a52823b60b6062df64c77af0f5bfd7eafb542c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5b-6020-4810-9e46-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:15.000Z", "modified": "2016-12-08T15:25:15.000Z", "description": "f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf", "pattern": "[file:hashes.MD5 = 'f9243ae7005815ff3e3fbe43505e22b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5b-31bc-4f47-a14c-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:15.000Z", "modified": "2016-12-08T15:25:15.000Z", "description": "f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf", "pattern": "[file:hashes.SHA1 = 'bcfde94dcb4be8be69ca706c703de170956ffe0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5b-58bc-48b9-bb6a-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:15.000Z", "modified": "2016-12-08T15:25:15.000Z", "description": "f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf", "pattern": "[file:hashes.SHA256 = 'be1652dbe9bb2fe035e29c8d341f7b54137e47f4d3d5b8a6f70ca7525a27f4c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5c-5210-46a9-93b7-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:16.000Z", "modified": "2016-12-08T15:25:16.000Z", "description": "fa495110b05f2bb572e46214a681e3f3_zloader.kaf", "pattern": "[file:hashes.MD5 = 'fa495110b05f2bb572e46214a681e3f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5c-b534-42c2-b86a-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:16.000Z", "modified": "2016-12-08T15:25:16.000Z", "description": "fa495110b05f2bb572e46214a681e3f3_zloader.kaf", "pattern": "[file:hashes.SHA1 = 'e2da4e94a5ace245c0c0acde2660d342f6c00454']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5c-7590-4a96-b46c-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:16.000Z", "modified": "2016-12-08T15:25:16.000Z", "description": "fa495110b05f2bb572e46214a681e3f3_zloader.kaf", "pattern": "[file:hashes.SHA256 = 'f5abbc55f71a4df294a9dde70e41617e32a64e4ccf6a0c6baf7f4306ef0070b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5c-cfa4-44b1-bfba-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:16.000Z", "modified": "2016-12-08T15:25:16.000Z", "description": "0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf", "pattern": "[file:hashes.MD5 = '0b9e17cec5939bf3ea26bece55949b44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5d-7b64-4be5-bb37-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:17.000Z", "modified": "2016-12-08T15:25:17.000Z", "description": "0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf", "pattern": "[file:hashes.SHA1 = 'e471707419f31a876484df03f2fe84cdac230a8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5d-c2f4-46cb-9cbf-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:17.000Z", "modified": "2016-12-08T15:25:17.000Z", "description": "0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf", "pattern": "[file:hashes.SHA256 = 'f029a658e6b63e48d791310ffda403f0eb36f8a5108b14a87b85b5be01e18b86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5d-0c88-44a1-bbec-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:17.000Z", "modified": "2016-12-08T15:25:17.000Z", "description": "0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf", "pattern": "[file:hashes.MD5 = '0f048d74e11515a4eeee5a28e5eb93d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5d-5c00-42ad-bf39-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:17.000Z", "modified": "2016-12-08T15:25:17.000Z", "description": "0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf", "pattern": "[file:hashes.SHA1 = 'b2e4e5c38be5380558d2ada30c3e30b015cf5b16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5d-ef3c-4db5-bc08-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:17.000Z", "modified": "2016-12-08T15:25:17.000Z", "description": "0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf", "pattern": "[file:hashes.SHA256 = '8d58eb6316855492b689242d852908a9e9005bb950910fa7f3e1be6d8fe70895']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5e-cbe8-455b-9ef6-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:18.000Z", "modified": "2016-12-08T15:25:18.000Z", "description": "1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf", "pattern": "[file:hashes.MD5 = '1a03106ce5f67f2928d31dfea0f99d63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5e-2708-4703-8b17-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:18.000Z", "modified": "2016-12-08T15:25:18.000Z", "description": "1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf", "pattern": "[file:hashes.SHA1 = '5eba3d5c01e404c965e4d51e34e7904b3686c488']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5e-1114-4ec5-a7e4-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:18.000Z", "modified": "2016-12-08T15:25:18.000Z", "description": "1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf", "pattern": "[file:hashes.SHA256 = 'da781eb4c3d0bcfa77fa06ec0c0f1d40f1152580744e4d8cdfbf99de82c3f32e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5e-331c-47be-adf2-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:18.000Z", "modified": "2016-12-08T15:25:18.000Z", "description": "7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf", "pattern": "[file:hashes.MD5 = '7a85085f54f4e10a10a3270ccce67cc3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5f-f068-4533-818a-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:19.000Z", "modified": "2016-12-08T15:25:19.000Z", "description": "7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf", "pattern": "[file:hashes.SHA1 = '6f155e576bbe80703cf48246c2bea1e35e06acf5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5f-ef3c-48b7-a2b5-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:19.000Z", "modified": "2016-12-08T15:25:19.000Z", "description": "7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf", "pattern": "[file:hashes.SHA256 = 'd5a492253d0a336a620b8447780ec8efee720f1b9575fb77d2d29b01fbf18ca9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5f-4550-4720-be86-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:19.000Z", "modified": "2016-12-08T15:25:19.000Z", "description": "97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf", "pattern": "[file:hashes.MD5 = '97b764282ad33dc7fc19f5dbd7a3649a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b5f-39a8-45f8-92c6-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:19.000Z", "modified": "2016-12-08T15:25:19.000Z", "description": "97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf", "pattern": "[file:hashes.SHA1 = 'bfbfa097560e84760201c90d8e4da6a7896c0067']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b60-fa9c-49c9-bd64-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:20.000Z", "modified": "2016-12-08T15:25:20.000Z", "description": "97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf", "pattern": "[file:hashes.SHA256 = '1d8acc610c84233ecd91a373efa450e0719078c50d17eb927b465d4675d02e7f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b60-8b48-4122-894d-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:20.000Z", "modified": "2016-12-08T15:25:20.000Z", "description": "3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf", "pattern": "[file:hashes.MD5 = '3129c8b9ccf91f3349262c12be21d5ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b60-7554-4498-af70-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:20.000Z", "modified": "2016-12-08T15:25:20.000Z", "description": "3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf", "pattern": "[file:hashes.SHA1 = 'd7688d0af073ad89051ca87d8ba31b18ea4f55e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497b60-0734-4c2a-9c30-7bb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:20.000Z", "modified": "2016-12-08T15:25:20.000Z", "description": "3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf", "pattern": "[file:hashes.SHA256 = '9ae69049018ddb938b454e55ffe75daa2e8a446d226ab3193ea0011870a5e445']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:25:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497b78-fbc0-433e-ad26-4c63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:25:44.000Z", "modified": "2016-12-08T15:25:44.000Z", "first_observed": "2016-12-08T15:25:44Z", "last_observed": "2016-12-08T15:25:44Z", "number_observed": 1, "object_refs": [ "url--58497b78-fbc0-433e-ad26-4c63950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497b78-fbc0-433e-ad26-4c63950d210f", "value": "https://github.com/Kafeine/public/blob/master/Astrum_drop_2016-12-07.md" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497bff-3618-47a3-bb79-432602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:27:59.000Z", "modified": "2016-12-08T15:27:59.000Z", "first_observed": "2016-12-08T15:27:59Z", "last_observed": "2016-12-08T15:27:59Z", "number_observed": 1, "object_refs": [ "url--58497bff-3618-47a3-bb79-432602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497bff-3618-47a3-bb79-432602de0b81", "value": "https://www.virustotal.com/file/d8c1ea29e6d5bc1ffbd735749237a7e03cd900fb94c94e2f6f18881479b67922/analysis/1481015797/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58497bff-a148-42d0-96ce-4a4002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:27:59.000Z", "modified": "2016-12-08T15:27:59.000Z", "description": "a0144df5caa43684f733634d7937fe25_gootkit.kaf - Xchecked via VT: c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f", "pattern": "[file:hashes.MD5 = 'a0144df5caa43684f733634d7937fe25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-08T15:27:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497bff-5c18-4591-8754-4ac302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:27:59.000Z", "modified": "2016-12-08T15:27:59.000Z", "first_observed": "2016-12-08T15:27:59Z", "last_observed": "2016-12-08T15:27:59Z", "number_observed": 1, "object_refs": [ "url--58497bff-5c18-4591-8754-4ac302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497bff-5c18-4591-8754-4ac302de0b81", "value": "https://www.virustotal.com/file/c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f/analysis/1480426462/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497c00-d978-4056-bb9a-444d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:28:00.000Z", "modified": "2016-12-08T15:28:00.000Z", "first_observed": "2016-12-08T15:28:00Z", "last_observed": "2016-12-08T15:28:00Z", "number_observed": 1, "object_refs": [ "url--58497c00-d978-4056-bb9a-444d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497c00-d978-4056-bb9a-444d02de0b81", "value": "https://www.virustotal.com/file/70a4b312ceec1eb2c259913451c93c138465f3d70c74d0a61eb4c48c5aba0b51/analysis/1479586398/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497c01-7e28-488c-8361-414402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:28:01.000Z", "modified": "2016-12-08T15:28:01.000Z", "first_observed": "2016-12-08T15:28:01Z", "last_observed": "2016-12-08T15:28:01Z", "number_observed": 1, "object_refs": [ "url--58497c01-7e28-488c-8361-414402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497c01-7e28-488c-8361-414402de0b81", "value": "https://www.virustotal.com/file/61b8655dfdb553d8fbd5afab7997e247da4b1e9dfc1bbb2474750617bcca5e0f/analysis/1480979088/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497c01-ad80-417a-95eb-4d8002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:28:01.000Z", "modified": "2016-12-08T15:28:01.000Z", "first_observed": "2016-12-08T15:28:01Z", "last_observed": "2016-12-08T15:28:01Z", "number_observed": 1, "object_refs": [ "url--58497c01-ad80-417a-95eb-4d8002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497c01-ad80-417a-95eb-4d8002de0b81", "value": "https://www.virustotal.com/file/57adba8dea8bd0eb8dab7a2e77a52823b60b6062df64c77af0f5bfd7eafb542c/analysis/1475653336/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497c02-0f90-4ac8-851f-4bad02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:28:02.000Z", "modified": "2016-12-08T15:28:02.000Z", "first_observed": "2016-12-08T15:28:02Z", "last_observed": "2016-12-08T15:28:02Z", "number_observed": 1, "object_refs": [ "url--58497c02-0f90-4ac8-851f-4bad02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497c02-0f90-4ac8-851f-4bad02de0b81", "value": "https://www.virustotal.com/file/be1652dbe9bb2fe035e29c8d341f7b54137e47f4d3d5b8a6f70ca7525a27f4c7/analysis/1476781773/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497c02-9344-452a-9a0e-4cfa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:28:02.000Z", "modified": "2016-12-08T15:28:02.000Z", "first_observed": "2016-12-08T15:28:02Z", "last_observed": "2016-12-08T15:28:02Z", "number_observed": 1, "object_refs": [ "url--58497c02-9344-452a-9a0e-4cfa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497c02-9344-452a-9a0e-4cfa02de0b81", "value": "https://www.virustotal.com/file/f029a658e6b63e48d791310ffda403f0eb36f8a5108b14a87b85b5be01e18b86/analysis/1477316139/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58497c03-4bc4-487a-88a1-484602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-08T15:28:03.000Z", "modified": "2016-12-08T15:28:03.000Z", "first_observed": "2016-12-08T15:28:03Z", "last_observed": "2016-12-08T15:28:03Z", "number_observed": 1, "object_refs": [ "url--58497c03-4bc4-487a-88a1-484602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58497c03-4bc4-487a-88a1-484602de0b81", "value": "https://www.virustotal.com/file/9ae69049018ddb938b454e55ffe75daa2e8a446d226ab3193ea0011870a5e445/analysis/1479993485/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }