{ "type": "bundle", "id": "bundle--5857cf66-aa18-4681-bff7-08720a950b0c", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2020-12-09T14:14:02.000Z", "modified": "2020-12-09T14:14:02.000Z", "name": "NCSC-NL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5857cf66-aa18-4681-bff7-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2020-12-09T14:14:02.000Z", "modified": "2020-12-09T14:14:02.000Z", "name": "Kaspersky Lab: Spearphishing attack hits industrial companies", "published": "2020-10-10T09:13:39Z", "object_refs": [ "indicator--5857d248-8124-423e-8e90-086e0a950b0c", "indicator--5857d288-8438-4b59-934c-08700a950b0c", "observed-data--5857cf95-b01c-46c9-9b92-08710a950b0c", "url--5857cf95-b01c-46c9-9b92-08710a950b0c", "indicator--5857d10f-935c-4084-acf4-0b7a0a950b0c", "indicator--5857d110-d4fc-43f6-ad3b-0b7a0a950b0c", "indicator--5857d110-ca0c-4e06-ae93-0b7a0a950b0c", "indicator--5857d111-aa30-465e-b2f3-0b7a0a950b0c", "indicator--5857d111-7190-42a3-98fe-0b7a0a950b0c", "indicator--5857d112-9464-4588-86c3-0b7a0a950b0c", "indicator--5857d112-8bf8-43c7-b09f-0b7a0a950b0c", "indicator--5857d113-5934-4fa6-b878-0b7a0a950b0c", "indicator--5857d114-8904-47aa-932b-0b7a0a950b0c", "indicator--5857d114-8ef8-40ff-9627-0b7a0a950b0c", "indicator--5857d115-62c0-422f-be94-0b7a0a950b0c", "indicator--5857d115-6c38-4df6-bcdf-0b7a0a950b0c", "indicator--5857d115-bab8-4c89-884f-0b7a0a950b0c", "indicator--5857d116-af18-40a9-9e54-0b7a0a950b0c", "indicator--5857d116-911c-4332-817e-0b7a0a950b0c", "indicator--5857d117-cb68-43cb-94e6-0b7a0a950b0c", "indicator--5857d117-1760-47d6-ab3f-0b7a0a950b0c", "indicator--5857d118-3988-461a-8f2b-0b7a0a950b0c", "indicator--5857d118-6e14-4421-a3c8-0b7a0a950b0c", "indicator--5857d119-6b70-4184-b43d-0b7a0a950b0c", "indicator--5857d119-bcc8-48d2-9ba5-0b7a0a950b0c", "indicator--5857d11b-fdbc-4409-8dea-0b7a0a950b0c", "indicator--5857d11b-adc0-4be1-bd04-0b7a0a950b0c", "indicator--5857d11c-dc98-4437-b621-0b7a0a950b0c", "indicator--5857d11c-c1ec-42eb-adeb-0b7a0a950b0c", "indicator--5857d11d-4174-4872-8377-0b7a0a950b0c", "indicator--5857d11d-7918-4d00-a762-0b7a0a950b0c", "indicator--5857d11e-e3c4-40f6-8882-0b7a0a950b0c", "indicator--5857d11e-da90-4041-81e4-0b7a0a950b0c", "indicator--5857d11f-48b8-4ed5-9131-0b7a0a950b0c", "indicator--5857d3a4-45fc-4d23-9256-0b840a950b0c", "indicator--5857d3a5-429c-43c2-85df-0b840a950b0c", "indicator--5857d3a5-1530-4003-892e-0b840a950b0c", "indicator--5857d3a6-2d68-4522-b5f2-0b840a950b0c", "indicator--5857d3a6-eb6c-4a10-811c-0b840a950b0c", "indicator--5857d482-b35c-430d-8e4d-08720a950b0c", "indicator--5857d2e2-2e84-455e-afeb-0b250a950b0c", "indicator--5857d2e2-3fd0-4c5f-a4f3-0b250a950b0c", "indicator--5857d2e3-97b8-4ff6-b3ca-0b250a950b0c", "indicator--5857d2e3-7e34-4653-907c-0b250a950b0c", "indicator--5857d2e4-5c54-4760-af56-0b250a950b0c", "indicator--5857d2e4-7f50-473a-b32d-0b250a950b0c", "indicator--5857d41e-5c20-4b1c-8ddc-086e0a950b0c", "indicator--5857d41f-396c-4f4b-ab4f-086e0a950b0c", "observed-data--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "network-traffic--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "observed-data--5857d41e-9210-4484-9230-086e0a950b0c", "network-traffic--5857d41e-9210-4484-9230-086e0a950b0c", "ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c", "observed-data--5857d483-587c-45f8-9582-08720a950b0c", "network-traffic--5857d483-587c-45f8-9582-08720a950b0c", "ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c", "observed-data--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "network-traffic--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "observed-data--5857d41d-1510-4745-8f6c-086e0a950b0c", "network-traffic--5857d41d-1510-4745-8f6c-086e0a950b0c", "ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c", "observed-data--5857d482-4e68-4064-b1c4-08720a950b0c", "network-traffic--5857d482-4e68-4064-b1c4-08720a950b0c", "ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c", "observed-data--5857d11f-5110-4863-83be-0b7a0a950b0c", "file--5857d11f-5110-4863-83be-0b7a0a950b0c", "observed-data--5857d120-6d40-4390-9828-0b7a0a950b0c", "file--5857d120-6d40-4390-9828-0b7a0a950b0c", "observed-data--5857d120-cdb0-4b08-94a3-0b7a0a950b0c", "file--5857d120-cdb0-4b08-94a3-0b7a0a950b0c", "indicator--5857d121-10e8-4fb2-b052-0b7a0a950b0c", "indicator--5857d121-4c7c-4792-bd29-0b7a0a950b0c", "indicator--5857d122-767c-45da-9663-0b7a0a950b0c", "indicator--5857d122-f2dc-45a6-aa0d-0b7a0a950b0c", "indicator--5857d2e5-775c-4012-9ab4-0b250a950b0c", "indicator--5857d2e5-44cc-456b-9af0-0b250a950b0c", "indicator--5857d2e6-8c88-48c1-85cf-0b250a950b0c", "indicator--5857d2e6-5b1c-4435-872a-0b250a950b0c", "indicator--5857d2e7-d25c-4b38-8d27-0b250a950b0c", "indicator--5857d2e7-294c-404a-bca5-0b250a950b0c", "indicator--5857d2e8-2b64-47ab-8687-0b250a950b0c", "observed-data--5857d35e-b72c-4dc4-bdb5-08720a950b0c", "file--5857d35e-b72c-4dc4-bdb5-08720a950b0c", "observed-data--5857d35f-0fb8-4e21-a26b-08720a950b0c", "file--5857d35f-0fb8-4e21-a26b-08720a950b0c", "indicator--5857d35f-6388-440f-9907-08720a950b0c", "indicator--5857d360-951c-49d8-a9fa-08720a950b0c", "indicator--5857d360-fa74-4848-8d27-08720a950b0c", "indicator--5857d361-2e44-423e-8e7d-08720a950b0c", "indicator--5857d361-187c-4598-8b51-08720a950b0c", "indicator--5857d362-dac4-4d70-9aa6-08720a950b0c", "indicator--5857d362-1380-4ed7-860f-08720a950b0c", "indicator--5857d363-e2cc-41fa-b72a-08720a950b0c", "observed-data--5857d363-5740-449c-b1f8-08720a950b0c", "file--5857d363-5740-449c-b1f8-08720a950b0c", "observed-data--5857d3a7-931c-4479-b4f9-0b840a950b0c", "file--5857d3a7-931c-4479-b4f9-0b840a950b0c", "indicator--5857d41f-069c-451d-90c2-086e0a950b0c", "indicator--5857d420-783c-4199-adde-086e0a950b0c", "observed-data--5857d420-00e0-4c95-8bec-086e0a950b0c", "file--5857d420-00e0-4c95-8bec-086e0a950b0c", "indicator--5857d483-31a8-4d0c-a909-08720a950b0c", "observed-data--5857d484-0bec-4bc3-b42c-08720a950b0c", "file--5857d484-0bec-4bc3-b42c-08720a950b0c", "observed-data--5857d484-2b74-4183-8eed-08720a950b0c", "file--5857d484-2b74-4183-8eed-08720a950b0c", "indicator--5857d0e7-059c-48ed-b067-0b7a0a950b0c", "indicator--5857d0e7-dcac-4c47-bf5e-0b7a0a950b0c", "indicator--5857d0e8-adcc-4cd7-8bfd-0b7a0a950b0c", "indicator--5857d0e8-18cc-492b-879b-0b7a0a950b0c", "indicator--5857d0e9-1d94-4efb-bb18-0b7a0a950b0c", "indicator--5857d0e9-d1e8-484a-a56a-0b7a0a950b0c", "indicator--5857d0ea-9a54-4d4e-ae51-0b7a0a950b0c", "indicator--5857d0ea-7b78-4377-900e-0b7a0a950b0c", "indicator--5857d0eb-95f0-4ead-9e31-0b7a0a950b0c", "indicator--5857d0eb-fbd8-42cb-b3c5-0b7a0a950b0c", "indicator--5857d0ec-04ec-40fd-a6b6-0b7a0a950b0c", "indicator--5857d0ec-8a34-4a54-93ef-0b7a0a950b0c", "indicator--5857d0ed-ce34-4d5e-a96e-0b7a0a950b0c", "indicator--5857d0ed-fae8-4165-a0fa-0b7a0a950b0c", "indicator--5857d0ee-1378-4270-99cb-0b7a0a950b0c", "indicator--5857d0ee-ff40-465b-b085-0b7a0a950b0c", "indicator--5857d0ef-bcdc-4e87-85b5-0b7a0a950b0c", "indicator--5857d0f0-5f84-48cd-808e-0b7a0a950b0c", "indicator--5857d0f0-6830-4bf4-a67e-0b7a0a950b0c", "indicator--5857d0f1-71f0-4932-95c5-0b7a0a950b0c", "indicator--5857d0f1-aae8-4244-be2b-0b7a0a950b0c", "indicator--5857d0f1-5d30-4319-8e8f-0b7a0a950b0c", "indicator--5857d0f2-bd38-4e12-b01f-0b7a0a950b0c", "indicator--5857d0f2-4aec-459f-8630-0b7a0a950b0c", "indicator--5857d0f3-a4f8-4c8a-a877-0b7a0a950b0c", "indicator--5857d0f3-a8b4-47c1-a021-0b7a0a950b0c", "indicator--5857d0f4-5dc8-40a9-b2c0-0b7a0a950b0c", "indicator--5857d0f4-a148-40cd-96c2-0b7a0a950b0c", "indicator--5857d0f5-fe88-4c49-8ae5-0b7a0a950b0c", "indicator--5857d0f5-07dc-4c8f-89fa-0b7a0a950b0c", "indicator--5857d0f6-d88c-4f34-ae42-0b7a0a950b0c", "indicator--5857d0f6-e40c-4c2a-9069-0b7a0a950b0c", "indicator--5857d0f7-94e0-4ddc-9813-0b7a0a950b0c", "indicator--5857d0f8-cafc-4ccf-922b-0b7a0a950b0c", "indicator--5857d0f8-3540-4148-a605-0b7a0a950b0c", "indicator--5857d0f9-0414-44aa-b642-0b7a0a950b0c", "indicator--5857d0f9-315c-4d7a-ac30-0b7a0a950b0c", "indicator--5857d0f9-d214-4827-892e-0b7a0a950b0c", "indicator--5857d0fa-b698-42e4-a260-0b7a0a950b0c", "indicator--5857d0fa-52fc-4849-8215-0b7a0a950b0c", "indicator--5857d0fb-5a2c-450a-ae26-0b7a0a950b0c", "indicator--5857d0fb-c2e0-4732-859d-0b7a0a950b0c", "indicator--5857d0fc-f0f0-40d4-9e3d-0b7a0a950b0c", "indicator--5857d0fc-4760-4a91-b675-0b7a0a950b0c", "indicator--5857d0fd-38c4-441e-9ed9-0b7a0a950b0c", "indicator--5857d0fe-b968-446a-9106-0b7a0a950b0c", "indicator--5857d0fe-1d08-492c-a755-0b7a0a950b0c", "indicator--5857d0ff-f768-4a11-8ded-0b7a0a950b0c", "indicator--5857d0ff-f884-4780-9132-0b7a0a950b0c", "indicator--5857d100-67a0-4de5-9f27-0b7a0a950b0c", "indicator--5857d100-992c-491c-bd02-0b7a0a950b0c", "indicator--5857d101-043c-401e-9cdd-0b7a0a950b0c", "indicator--5857d101-cd84-4949-ab3b-0b7a0a950b0c", "indicator--5857d102-6bc8-40f6-ac89-0b7a0a950b0c", "indicator--5857d102-4a1c-45b5-8744-0b7a0a950b0c", "indicator--5857d103-5db4-4398-94d3-0b7a0a950b0c", "indicator--5857d103-5184-4220-9bc1-0b7a0a950b0c", "indicator--5857d104-8034-4d70-a0d6-0b7a0a950b0c", "indicator--5857d104-5a8c-47b6-b160-0b7a0a950b0c", "indicator--5857d105-d92c-40c6-8aaf-0b7a0a950b0c", "indicator--5857d105-7604-4ae5-b412-0b7a0a950b0c", "indicator--5857d106-6f38-46f3-8ef0-0b7a0a950b0c", "indicator--5857d106-8554-477c-9d9a-0b7a0a950b0c", "indicator--5857d107-8070-41c2-b2f6-0b7a0a950b0c", "indicator--5857d107-12c8-4b1a-a3c5-0b7a0a950b0c", "indicator--5857d108-6f80-4cb6-81f3-0b7a0a950b0c", "indicator--5857d108-1b2c-4148-9709-0b7a0a950b0c", "indicator--5857d109-bd9c-4f46-a2af-0b7a0a950b0c", "indicator--5857d109-9250-48e0-9afa-0b7a0a950b0c", "indicator--5857d10a-e834-4864-87ec-0b7a0a950b0c", "indicator--5857d10a-284c-4e58-8628-0b7a0a950b0c", "indicator--5857d10b-aab4-42a7-aaa5-0b7a0a950b0c", "indicator--5857d10c-a4a0-4527-ab0f-0b7a0a950b0c", "indicator--5857d10c-8e60-4718-b975-0b7a0a950b0c", "indicator--5857d10c-e01c-48cd-8381-0b7a0a950b0c", "indicator--5857d10d-e6d0-4405-9018-0b7a0a950b0c", "indicator--5857d10d-c540-4217-b759-0b7a0a950b0c", "indicator--5857d10e-a880-4765-ae11-0b7a0a950b0c", "indicator--5857d10e-e6e0-47ed-b5a8-0b7a0a950b0c", "indicator--5857d10f-eac0-4535-b4de-0b7a0a950b0c", "indicator--5857d2dd-0c30-4808-b728-0b250a950b0c", "indicator--5857d2de-c2f4-4d24-823c-0b250a950b0c", "indicator--5857d2df-75dc-4739-b7c2-0b250a950b0c", "indicator--5857d2df-67fc-47f3-917f-0b250a950b0c", "indicator--5857d2e0-1d84-4cf5-8638-0b250a950b0c", "indicator--5857d2e0-6bf8-4e44-80bd-0b250a950b0c", "indicator--5857d2e1-aab0-4754-b2d5-0b250a950b0c", "indicator--5857d2e1-bd68-4462-86a8-0b250a950b0c", "indicator--5857d359-a7e0-4e84-acf6-08720a950b0c", "indicator--5857d359-78b4-4700-bf9d-08720a950b0c", "indicator--5857d35a-7b28-458f-9a02-08720a950b0c", "indicator--5857d35a-70f4-48d5-aa26-08720a950b0c", "indicator--5857d35b-0398-4ccf-91e8-08720a950b0c", "indicator--5857d35b-ff94-4a78-9c64-08720a950b0c", "indicator--5857d35c-5a6c-4ebb-8d0a-08720a950b0c", "indicator--5857d35c-2de4-4698-82bd-08720a950b0c", "indicator--5857d35d-5010-4d23-aa36-08720a950b0c", "indicator--5857d35d-6f64-449c-9c8c-08720a950b0c", "indicator--5857d3a1-bf14-44b1-a03a-0b840a950b0c", "indicator--5857d3a2-ad2c-4d19-a848-0b840a950b0c", "indicator--5857d3a3-887c-4eca-be1c-0b840a950b0c", "indicator--5857d3a3-f240-4bd8-bcb5-0b840a950b0c", "indicator--5857d3a4-0f78-4f34-8de5-0b840a950b0c", "indicator--5857d41c-97a4-4258-9a56-086e0a950b0c", "indicator--5857d41d-c8e0-485a-96c9-086e0a950b0c", "indicator--5857d47c-c624-43cd-9c39-08720a950b0c", "indicator--5857d47d-c078-4b3a-90c5-08720a950b0c", "indicator--5857d47d-7b40-4cb6-93a5-08720a950b0c", "indicator--5857d47e-14b8-4b69-9c84-08720a950b0c", "indicator--5857d47e-ecc4-4406-a471-08720a950b0c", "indicator--5857d47f-7164-48d5-b4eb-08720a950b0c", "indicator--5857d47f-4060-4409-bc0d-08720a950b0c", "indicator--5857d480-fef4-4a09-8e68-08720a950b0c", "indicator--5857d480-8368-49bc-92af-08720a950b0c", "indicator--5857d481-a8dc-4d33-b52d-08720a950b0c", "indicator--5857d481-0788-48ba-8063-08720a950b0c", "indicator--5857d0d5-97b0-432b-a8ab-0b7a0a950b0c", "indicator--5857d0d5-c9a0-4fde-a750-0b7a0a950b0c", "indicator--5857d0d6-0768-489a-b11a-0b7a0a950b0c", "indicator--5857d0d6-b4c4-44da-a738-0b7a0a950b0c", "indicator--5857d0d7-11d0-4f67-8131-0b7a0a950b0c", "indicator--5857d0d7-4c98-44af-b34f-0b7a0a950b0c", "indicator--5857d0d8-5688-4c13-96f6-0b7a0a950b0c", "indicator--5857d0d8-e7e4-4630-9d96-0b7a0a950b0c", "indicator--5857d0d9-2d3c-40ab-914d-0b7a0a950b0c", "indicator--5857d0d9-14ac-4d46-9b78-0b7a0a950b0c", "indicator--5857d0da-c948-409f-8733-0b7a0a950b0c", "indicator--5857d0da-8450-4a3f-9b17-0b7a0a950b0c", "indicator--5857d0db-0568-4ac7-b8e0-0b7a0a950b0c", "indicator--5857d0db-4390-4ce0-8b5a-0b7a0a950b0c", "indicator--5857d0dc-d1b0-4e75-85b8-0b7a0a950b0c", "indicator--5857d0dc-0ea8-4029-95c7-0b7a0a950b0c", "indicator--5857d0dd-7b90-4b29-a25e-0b7a0a950b0c", "indicator--5857d0dd-3868-4a95-ab01-0b7a0a950b0c", "indicator--5857d0de-ff0c-4043-b450-0b7a0a950b0c", "indicator--5857d0de-3914-451d-8858-0b7a0a950b0c", "indicator--5857d0df-91fc-4c2d-b625-0b7a0a950b0c", "indicator--5857d0df-1744-4479-9652-0b7a0a950b0c", "indicator--5857d0e0-bb6c-43da-b61a-0b7a0a950b0c", "indicator--5857d0e0-0084-4199-b01a-0b7a0a950b0c", "indicator--5857d0e1-0e08-47e6-8df0-0b7a0a950b0c", "indicator--5857d0e1-f074-4a7f-b871-0b7a0a950b0c", "indicator--5857d0e2-efbc-4175-8f45-0b7a0a950b0c", "indicator--5857d0e2-bd98-41f8-bd81-0b7a0a950b0c", "indicator--5857d0e3-d59c-4063-9a92-0b7a0a950b0c", "indicator--5857d0e3-0590-4103-a67c-0b7a0a950b0c", "indicator--5857d0e4-92b8-459c-acf1-0b7a0a950b0c", "indicator--5857d0e4-1d24-424c-baa0-0b7a0a950b0c", "indicator--5857d0e5-e110-4e01-98c1-0b7a0a950b0c", "indicator--5857d0e5-54b0-4fd0-a69e-0b7a0a950b0c", "indicator--5857d0e6-2cdc-4178-b498-0b7a0a950b0c", "indicator--5857d0e6-72a4-4136-807a-0b7a0a950b0c" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ncsc-nl-ndn:feed=\"generic\"", "osint:source-type=\"blog-post\"", "retention:1m", "retention:expired" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d248-8124-423e-8e90-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2020-04-28T13:56:53.000Z", "modified": "2020-04-28T13:56:53.000Z", "description": "Rule to detect VB Packer of FareIT and Zbot samples", "pattern": "[rule VBPacker_FareIT_Zbot\r\n{\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\ndescription = \"Rule to detect VB Packer of FareIT and Zbot samples\"\r\nhash1 = \"0b7f872d098ef8f1dd0e52f6d5c5a92e\"\r\nhash2 = \"0eb12f0c3aa4ec1db178fbbe69a329cf\"\r\nversion = \"1.1\"\r\n\r\nstrings:\r\n$a1 = \"C:\\\\Program Files (x86)\\\\Microsoft Visual Studio\\\\VB98\\\\VB6.OLB\"\r\n\r\n//\"gdi32\" + 0x11 +\"SetViewportOrgEx\"\r\n$a2 = {67 64 69 33 32 00 00 00 11 00 00 00 53 65 74 56 69 65 77 70 6F 72 74 4F 72 67 45 78}\r\n\r\n//OriginalFilename AX.exe\r\n$b1 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 41 00 58 00 2E 00 65 00 78 00 65 00}\r\n//OriginalFilename AS.exe\r\n$b2 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 41 00 53 00 2E 00 65 00 78 00 65 00}\r\n//OriginalFilename Can.exe\r\n$b3 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 43 00 61 00 6E 00 2E 00 65 00 78 00 65 00}\r\n//OriginalFilename usisui.exe\r\n$b5 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 75 00 73 00 69 00 73 00 75 00 69 00 2E 00 65 00 78 00 65 00}\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand (all of ($a*))\r\nand (any of ($b*))\r\n//and (any of ($c*))\r\nand filesize > 250000\r\n}]", "pattern_type": "yara", "pattern_version": "2.1", "valid_from": "2020-04-28T13:56:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d288-8438-4b59-934c-08700a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2020-04-28T13:56:50.000Z", "modified": "2020-04-28T13:56:50.000Z", "description": "Rule to detect MSIL Packer of FareIT, ISR Stealer, Luminosity, HawkEye Keylogger samples", "pattern": "[rule MSILPacker_ FareIT_ISR Stealer_Luminosity_HawkEye\r\n{\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\ndescription = \"Rule to detect MSIL Packer of FareIT, ISR Stealer, Luminosity, HawkEye Keylogger samples\"\r\nhash1 = \"1f9ea55ec924bf927db4fb4f429d49b6\"\r\nhash2 = \"80c4a3d66159877e264b0eab74a791db\"\r\nhash2 = \"e8bfa64826d095ff3699a5e3df205d24\"\r\nversion = \"1.1\"\r\n\r\nstrings:\r\n$a1 = \"set_Key\"\r\n$a2 = \"set_IV\"\r\n$a3 = \"set_ClientSize\"\r\n$a4 = \"set_ControlBox\"\r\n$a5 = \"SetCompatibleTextRenderingDefault\"\r\n$a6 = \"CompilationRelaxationsAttribute\"\r\n$a7 = \"ICryptoTransform\"\r\n$a8 = \"_CorExeMain\"\r\n\r\n$b1 = \"Video card management\"\r\n$b2 = \"Net Extensible Autheticator\"\r\n$b3 = \"NetTcpActivator\"\r\n$b4 = \"nVidia PhysX technology\"\r\n$b5 = \"WdiSytemHost\"\r\n\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand (all of ($a*))\r\nand (any of ($b*))\r\nand filesize > 100000\r\n}]", "pattern_type": "yara", "pattern_version": "2.1", "valid_from": "2020-04-28T13:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857cf95-b01c-46c9-9b92-08710a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:16:21.000Z", "modified": "2016-12-19T12:16:21.000Z", "first_observed": "2016-12-19T12:16:21Z", "last_observed": "2016-12-19T12:16:21Z", "number_observed": 1, "object_refs": [ "url--5857cf95-b01c-46c9-9b92-08710a950b0c" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5857cf95-b01c-46c9-9b92-08710a950b0c", "value": "https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-companies/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10f-935c-4084-acf4-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:39.000Z", "modified": "2016-12-19T12:22:39.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'alreyadbplastics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d110-d4fc-43f6-ad3b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:40.000Z", "modified": "2016-12-19T12:22:40.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'xpweb.win']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d110-ca0c-4e06-ae93-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:40.000Z", "modified": "2016-12-19T12:22:40.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'heinevy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d111-aa30-465e-b2f3-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:41.000Z", "modified": "2016-12-19T12:22:41.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'overseas-operation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d111-7190-42a3-98fe-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:41.000Z", "modified": "2016-12-19T12:22:41.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'metaksen.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d112-9464-4588-86c3-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:42.000Z", "modified": "2016-12-19T12:22:42.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'charlogistics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d112-8bf8-43c7-b09f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:42.000Z", "modified": "2016-12-19T12:22:42.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'btinterment.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d113-5934-4fa6-b878-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:43.000Z", "modified": "2016-12-19T12:22:43.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'kinqnuts-raaphorst.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d114-8904-47aa-932b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:44.000Z", "modified": "2016-12-19T12:22:44.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'watersysterns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d114-8ef8-40ff-9627-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:44.000Z", "modified": "2016-12-19T12:22:44.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'hidroquil-ar.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d115-62c0-422f-be94-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:45.000Z", "modified": "2016-12-19T12:22:45.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'thai-nidhi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d115-6c38-4df6-bcdf-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:45.000Z", "modified": "2016-12-19T12:22:45.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'ms45-hinet.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d115-bab8-4c89-884f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:45.000Z", "modified": "2016-12-19T12:22:45.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'fullone2u.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d116-af18-40a9-9e54-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:46.000Z", "modified": "2016-12-19T12:22:46.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'poolkingsthailand.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d116-911c-4332-817e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:46.000Z", "modified": "2016-12-19T12:22:46.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'soaaxa.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d117-cb68-43cb-94e6-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:47.000Z", "modified": "2016-12-19T12:22:47.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'restarz.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d117-1760-47d6-ab3f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:47.000Z", "modified": "2016-12-19T12:22:47.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'galaxystarshop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d118-3988-461a-8f2b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:48.000Z", "modified": "2016-12-19T12:22:48.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'asappyco.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d118-6e14-4421-a3c8-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:48.000Z", "modified": "2016-12-19T12:22:48.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'gettoworkzz.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d119-6b70-4184-b43d-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:49.000Z", "modified": "2016-12-19T12:22:49.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'yasive.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d119-bcc8-48d2-9ba5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:49.000Z", "modified": "2016-12-19T12:22:49.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'alu-heat.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11b-fdbc-4409-8dea-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:51.000Z", "modified": "2016-12-19T12:22:51.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'sinctruk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11b-adc0-4be1-bd04-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:51.000Z", "modified": "2016-12-19T12:22:51.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'pguy.faith']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11c-dc98-4437-b621-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:52.000Z", "modified": "2016-12-19T12:22:52.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'chunfenqlighting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11c-c1ec-42eb-adeb-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:52.000Z", "modified": "2016-12-19T12:22:52.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'hunterkaysmoves.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11d-4174-4872-8377-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:53.000Z", "modified": "2016-12-19T12:22:53.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'danqote.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11d-7918-4d00-a762-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:53.000Z", "modified": "2016-12-19T12:22:53.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'biblesoceities.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11e-e3c4-40f6-8882-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:54.000Z", "modified": "2016-12-19T12:22:54.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'sympetax.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11e-da90-4041-81e4-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:54.000Z", "modified": "2016-12-19T12:22:54.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'lumibrigth.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d11f-48b8-4ed5-9131-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:55.000Z", "modified": "2016-12-19T12:22:55.000Z", "description": "FareIT/Pony 2.0", "pattern": "[domain-name:value = 'bothela-orsaro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a4-45fc-4d23-9256-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:40.000Z", "modified": "2016-12-19T12:33:40.000Z", "description": "ISR Stealer", "pattern": "[domain-name:value = 'hardworkzone.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a5-429c-43c2-85df-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:41.000Z", "modified": "2016-12-19T12:33:41.000Z", "description": "ISR Stealer", "pattern": "[domain-name:value = 'ivicker.usa.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a5-1530-4003-892e-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:41.000Z", "modified": "2016-12-19T12:33:41.000Z", "description": "ISR Stealer", "pattern": "[domain-name:value = 'limco.usa.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a6-2d68-4522-b5f2-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:42.000Z", "modified": "2016-12-19T12:33:42.000Z", "description": "ISR Stealer", "pattern": "[domain-name:value = 'cs19335.tmweb.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a6-eb6c-4a10-811c-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:42.000Z", "modified": "2016-12-19T12:33:42.000Z", "description": "ISR Stealer", "pattern": "[domain-name:value = 'mirchifunz.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d482-b35c-430d-8e4d-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:22.000Z", "modified": "2016-12-19T12:37:22.000Z", "description": "Zeus Atmos", "pattern": "[domain-name:value = 'hungasidy.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e2-2e84-455e-afeb-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:26.000Z", "modified": "2016-12-19T12:30:26.000Z", "description": "Luminosity RAT", "pattern": "[domain-name:value = 'www.creativeforwardings.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e2-3fd0-4c5f-a4f3-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:26.000Z", "modified": "2016-12-19T12:30:26.000Z", "description": "Luminosity RAT", "pattern": "[domain-name:value = 'shadowwalkersonline.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e3-97b8-4ff6-b3ca-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:27.000Z", "modified": "2016-12-19T12:30:27.000Z", "description": "Luminosity RAT", "pattern": "[domain-name:value = 'owwalkersonline.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e3-7e34-4653-907c-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:27.000Z", "modified": "2016-12-19T12:30:27.000Z", "description": "Luminosity RAT", "pattern": "[domain-name:value = 'www.ballerpushers.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e4-5c54-4760-af56-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:28.000Z", "modified": "2016-12-19T12:30:28.000Z", "description": "Luminosity RAT", "pattern": "[domain-name:value = 'remote.legacyrealestateadvisors.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e4-7f50-473a-b32d-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:28.000Z", "modified": "2016-12-19T12:30:28.000Z", "description": "Luminosity RAT", "pattern": "[domain-name:value = 'alibabadns.legacyrealestateadvisors.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d41e-5c20-4b1c-8ddc-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:35:42.000Z", "modified": "2016-12-19T12:35:42.000Z", "description": "NetWire RAT", "pattern": "[domain-name:value = 'gavingo2135235.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:35:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d41f-396c-4f4b-ab4f-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:35:43.000Z", "modified": "2016-12-19T12:35:43.000Z", "description": "NetWire RAT", "pattern": "[domain-name:value = 'www.spmersclub.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:35:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2019-07-19T07:47:22.000Z", "modified": "2019-07-19T07:47:22.000Z", "first_observed": "2019-07-19T07:47:22Z", "last_observed": "2019-07-19T07:47:22Z", "number_observed": 1, "object_refs": [ "network-traffic--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "dst_ref": "ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c", "value": "66.23.226.40" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d41e-9210-4484-9230-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2019-07-19T07:47:22.000Z", "modified": "2019-07-19T07:47:22.000Z", "first_observed": "2019-07-19T07:47:22Z", "last_observed": "2019-07-19T07:47:22Z", "number_observed": 1, "object_refs": [ "network-traffic--5857d41e-9210-4484-9230-086e0a950b0c", "ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5857d41e-9210-4484-9230-086e0a950b0c", "dst_ref": "ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c", "value": "178.175.138.196" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d483-587c-45f8-9582-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2017-08-17T11:06:39.000Z", "modified": "2017-08-17T11:06:39.000Z", "first_observed": "2017-08-17T11:06:39Z", "last_observed": "2017-08-17T11:06:39Z", "number_observed": 1, "object_refs": [ "network-traffic--5857d483-587c-45f8-9582-08720a950b0c", "ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5857d483-587c-45f8-9582-08720a950b0c", "dst_ref": "ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c", "value": "186.202.127.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2019-07-19T07:47:22.000Z", "modified": "2019-07-19T07:47:22.000Z", "first_observed": "2019-07-19T07:47:22Z", "last_observed": "2019-07-19T07:47:22Z", "number_observed": 1, "object_refs": [ "network-traffic--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "src_ref": "ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c", "value": "66.23.226.40" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d41d-1510-4745-8f6c-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2019-07-19T07:47:22.000Z", "modified": "2019-07-19T07:47:22.000Z", "first_observed": "2019-07-19T07:47:22Z", "last_observed": "2019-07-19T07:47:22Z", "number_observed": 1, "object_refs": [ "network-traffic--5857d41d-1510-4745-8f6c-086e0a950b0c", "ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5857d41d-1510-4745-8f6c-086e0a950b0c", "src_ref": "ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c", "value": "178.175.138.196" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d482-4e68-4064-b1c4-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2017-08-17T11:06:39.000Z", "modified": "2017-08-17T11:06:39.000Z", "first_observed": "2017-08-17T11:06:39Z", "last_observed": "2017-08-17T11:06:39Z", "number_observed": 1, "object_refs": [ "network-traffic--5857d482-4e68-4064-b1c4-08720a950b0c", "ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5857d482-4e68-4064-b1c4-08720a950b0c", "src_ref": "ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c", "value": "186.202.127.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d11f-5110-4863-83be-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:55.000Z", "modified": "2016-12-19T12:22:55.000Z", "first_observed": "2016-12-19T12:22:55Z", "last_observed": "2016-12-19T12:22:55Z", "number_observed": 1, "object_refs": [ "file--5857d11f-5110-4863-83be-0b7a0a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d11f-5110-4863-83be-0b7a0a950b0c", "name": "%APPDATA%\\[A-F0-9]{6}\\[A-F0-9]{6}.exe" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d120-6d40-4390-9828-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:56.000Z", "modified": "2016-12-19T12:22:56.000Z", "first_observed": "2016-12-19T12:22:56Z", "last_observed": "2016-12-19T12:22:56Z", "number_observed": 1, "object_refs": [ "file--5857d120-6d40-4390-9828-0b7a0a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d120-6d40-4390-9828-0b7a0a950b0c", "name": "%APPDATA%\\[A-F0-9]{6}\\[A-F0-9]{6}.hdb" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d120-cdb0-4b08-94a3-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:56.000Z", "modified": "2016-12-19T12:22:56.000Z", "first_observed": "2016-12-19T12:22:56Z", "last_observed": "2016-12-19T12:22:56Z", "number_observed": 1, "object_refs": [ "file--5857d120-cdb0-4b08-94a3-0b7a0a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d120-cdb0-4b08-94a3-0b7a0a950b0c", "name": "%APPDATA%\\[A-F0-9]{6}\\[A-F0-9]{6}.lck" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d121-10e8-4fb2-b052-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:57.000Z", "modified": "2016-12-19T12:22:57.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Ticoapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d121-4c7c-4792-bd29-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:57.000Z", "modified": "2016-12-19T12:22:57.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Escoapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d122-767c-45da-9663-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:58.000Z", "modified": "2016-12-19T12:22:58.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Dulfapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d122-f2dc-45a6-aa0d-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:58.000Z", "modified": "2016-12-19T12:22:58.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Echeapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e5-775c-4012-9ab4-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:29.000Z", "modified": "2016-12-19T12:30:29.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\YiTapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e5-44cc-456b-9af0-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:29.000Z", "modified": "2016-12-19T12:30:29.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\YaPapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e6-8c88-48c1-85cf-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:30.000Z", "modified": "2016-12-19T12:30:30.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Nativeapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e6-5b1c-4435-872a-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:30.000Z", "modified": "2016-12-19T12:30:30.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Nosapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e7-d25c-4b38-8d27-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:31.000Z", "modified": "2016-12-19T12:30:31.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Monorapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e7-294c-404a-bca5-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:31.000Z", "modified": "2016-12-19T12:30:31.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\WinLuapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e8-2b64-47ab-8687-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:32.000Z", "modified": "2016-12-19T12:30:32.000Z", "description": "Luminosity RAT", "pattern": "[file:name = '\\\\%ProgramFiles\\\\%\\\\Client\\\\client.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d35e-b72c-4dc4-bdb5-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d35e-b72c-4dc4-bdb5-08720a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d35e-b72c-4dc4-bdb5-08720a950b0c", "name": "%APPDATA%\\pid.txt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d35f-0fb8-4e21-a26b-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d35f-0fb8-4e21-a26b-08720a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d35f-0fb8-4e21-a26b-08720a950b0c", "name": "%APPDATA%\\pidloc.txt" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35f-6388-440f-9907-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:31.000Z", "modified": "2016-12-19T12:32:31.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\WindowsUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d360-951c-49d8-a9fa-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:32.000Z", "modified": "2016-12-19T12:32:32.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Runesapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d360-fa74-4848-8d27-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:32.000Z", "modified": "2016-12-19T12:32:32.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Coinapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d361-2e44-423e-8e7d-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:33.000Z", "modified": "2016-12-19T12:32:33.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Trumpapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d361-187c-4598-8b51-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:33.000Z", "modified": "2016-12-19T12:32:33.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\doc_23772.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d362-dac4-4d70-9aa6-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:34.000Z", "modified": "2016-12-19T12:32:34.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\holderwb.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d362-1380-4ed7-860f-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:34.000Z", "modified": "2016-12-19T12:32:34.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\vbc.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d363-e2cc-41fa-b72a-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:35.000Z", "modified": "2016-12-19T12:32:35.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\holdermail.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d363-5740-449c-b1f8-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d363-5740-449c-b1f8-08720a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d363-5740-449c-b1f8-08720a950b0c", "name": "%TEMP%\\SysInfo.txt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d3a7-931c-4479-b4f9-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d3a7-931c-4479-b4f9-0b840a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d3a7-931c-4479-b4f9-0b840a950b0c", "name": "%HOMEPATH%\\Desktop\\filename.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d41f-069c-451d-90c2-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:35:43.000Z", "modified": "2016-12-19T12:35:43.000Z", "description": "NetWire RAT", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Chunapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:35:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d420-783c-4199-adde-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:35:44.000Z", "modified": "2016-12-19T12:35:44.000Z", "description": "NetWire RAT", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Install\\\\Host.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:35:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d420-00e0-4c95-8bec-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d420-00e0-4c95-8bec-086e0a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d420-00e0-4c95-8bec-086e0a950b0c", "name": "%APPDATA%\\Install.Identifier" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d483-31a8-4d0c-a909-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:23.000Z", "modified": "2016-12-19T12:37:23.000Z", "description": "Zeus Atmos", "pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Desktop\\\\system.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d484-0bec-4bc3-b42c-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d484-0bec-4bc3-b42c-08720a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d484-0bec-4bc3-b42c-08720a950b0c", "name": "%LocalTEMP%\\filename.exe" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5857d484-2b74-4183-8eed-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:58:33.000Z", "modified": "2016-12-19T12:58:33.000Z", "first_observed": "2016-12-19T12:58:33Z", "last_observed": "2016-12-19T12:58:33Z", "number_observed": 1, "object_refs": [ "file--5857d484-2b74-4183-8eed-08720a950b0c" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5857d484-2b74-4183-8eed-08720a950b0c", "name": "%LocalTEMP%\\system.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e7-059c-48ed-b067-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:59.000Z", "modified": "2016-12-19T12:21:59.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'd1212291e44846ff608711c0f9e07b3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e7-dcac-4c47-bf5e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:59.000Z", "modified": "2016-12-19T12:21:59.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '01712e2261fa051e46c489df533d7bdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e8-adcc-4cd7-8bfd-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:00.000Z", "modified": "2016-12-19T12:22:00.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'd1d8c46271abfe4ea230214567ae6d61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e8-18cc-492b-879b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:00.000Z", "modified": "2016-12-19T12:22:00.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '6dd0b2770a7d7bcdecc5f6eebbde4d7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e9-1d94-4efb-bb18-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:01.000Z", "modified": "2016-12-19T12:22:01.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '51966a70638915dbd7be9f15592cb453']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e9-d1e8-484a-a56a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:01.000Z", "modified": "2016-12-19T12:22:01.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '4258a22f09d39f5201f9deae0abec680']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ea-9a54-4d4e-ae51-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:02.000Z", "modified": "2016-12-19T12:22:02.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '09fcb032b5330ca04cfc536dda6d8948']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ea-7b78-4377-900e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:02.000Z", "modified": "2016-12-19T12:22:02.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '20cbe25bcabdf6557888d5c3353098a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0eb-95f0-4ead-9e31-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:03.000Z", "modified": "2016-12-19T12:22:03.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'f354693b8f497e4e3599517fdffed0a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0eb-fbd8-42cb-b3c5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:03.000Z", "modified": "2016-12-19T12:22:03.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'b96d148f8ef2b2f3ef825342bf0eb651']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ec-04ec-40fd-a6b6-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:04.000Z", "modified": "2016-12-19T12:22:04.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '652e2222f3523296020ae0adaa392036']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ec-8a34-4a54-93ef-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:04.000Z", "modified": "2016-12-19T12:22:04.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '4ea4af607d7ec044bd7e94cf81f2d731']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ed-ce34-4d5e-a96e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:05.000Z", "modified": "2016-12-19T12:22:05.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '4231e1ddf6cd6edc269b65221e983a2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ed-fae8-4165-a0fa-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:05.000Z", "modified": "2016-12-19T12:22:05.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '51a5f21d781c8ab2b081ca3d044bb548']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ee-1378-4270-99cb-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:06.000Z", "modified": "2016-12-19T12:22:06.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'ba4dcb0af37929c7f85d0830e4fb7682']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ee-ff40-465b-b085-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:06.000Z", "modified": "2016-12-19T12:22:06.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'b0a68240b82a8d4ff46a9bb4833c243a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ef-bcdc-4e87-85b5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:07.000Z", "modified": "2016-12-19T12:22:07.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '690090c7b2b1808ea5586dd3394951b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f0-5f84-48cd-808e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:08.000Z", "modified": "2016-12-19T12:22:08.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'ad2e9747132bf556945785f06610dcc8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f0-6830-4bf4-a67e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:08.000Z", "modified": "2016-12-19T12:22:08.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'f1e7507e85804477b46041c4f79a6318']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f1-71f0-4932-95c5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:09.000Z", "modified": "2016-12-19T12:22:09.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '7e5c5279a6b25fc25e822277a0e67893']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f1-aae8-4244-be2b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:09.000Z", "modified": "2016-12-19T12:22:09.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'bced2a9404e662d11e74eb92fe91cff7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f1-5d30-4319-8e8f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:09.000Z", "modified": "2016-12-19T12:22:09.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'e5c4cc287ada4d8f190f7d821fbd55a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f2-bd38-4e12-b01f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:10.000Z", "modified": "2016-12-19T12:22:10.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '4be18082a65cbdb37dc3f76c72ec50bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f2-4aec-459f-8630-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:10.000Z", "modified": "2016-12-19T12:22:10.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'faecf9cfff312dfff977602a696905bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f3-a4f8-4c8a-a877-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:11.000Z", "modified": "2016-12-19T12:22:11.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '139ac7a3ea98a743ab53e5dc9a143d14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f3-a8b4-47c1-a021-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:11.000Z", "modified": "2016-12-19T12:22:11.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'c0632e26efc3b4bdbe8cc4e35cbf2ca2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f4-5dc8-40a9-b2c0-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:12.000Z", "modified": "2016-12-19T12:22:12.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '57beddcde4930bff12554c70ac0d486e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f4-a148-40cd-96c2-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:12.000Z", "modified": "2016-12-19T12:22:12.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'cec324588b4f4f1be7ca72a77a27bcc8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f5-fe88-4c49-8ae5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:13.000Z", "modified": "2016-12-19T12:22:13.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '4a0f4d8d1730e7cfb28ab9ab1dd0c458']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f5-07dc-4c8f-89fa-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:13.000Z", "modified": "2016-12-19T12:22:13.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '1d562105d2b9bbee31b464e11add3314']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f6-d88c-4f34-ae42-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:14.000Z", "modified": "2016-12-19T12:22:14.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'd68e6aa2e3b43db1e932212628d158d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f6-e40c-4c2a-9069-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:14.000Z", "modified": "2016-12-19T12:22:14.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '25d70b4551fb7ab195fe4a20dad19f6d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f7-94e0-4ddc-9813-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:15.000Z", "modified": "2016-12-19T12:22:15.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '060aba7b0dfe98f344a08525794f3a39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f8-cafc-4ccf-922b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:16.000Z", "modified": "2016-12-19T12:22:16.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '3f11280bd0e9992d38f5c474d2031059']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f8-3540-4148-a605-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:16.000Z", "modified": "2016-12-19T12:22:16.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '950675e2eae333debef01953a5e1ef8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f9-0414-44aa-b642-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:17.000Z", "modified": "2016-12-19T12:22:17.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '51b4f43117385d03872644af00393f99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f9-315c-4d7a-ac30-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:17.000Z", "modified": "2016-12-19T12:22:17.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '9d3ef8695eedf3759bf930134198b2d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0f9-d214-4827-892e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:17.000Z", "modified": "2016-12-19T12:22:17.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '9b949ec2e377c101fb6607b7f0f46c69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fa-b698-42e4-a260-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:18.000Z", "modified": "2016-12-19T12:22:18.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '21a3ff76584d0877a7d3d67e22700d84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fa-52fc-4849-8215-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:18.000Z", "modified": "2016-12-19T12:22:18.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '95ff84fc026d94eb29c5766d3f412cb5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fb-5a2c-450a-ae26-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:19.000Z", "modified": "2016-12-19T12:22:19.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '0431fb071b43075967d95dca4e4b74a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fb-c2e0-4732-859d-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:19.000Z", "modified": "2016-12-19T12:22:19.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a53b46d9cdfbe2dcf620852c6ff9e62c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fc-f0f0-40d4-9e3d-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:20.000Z", "modified": "2016-12-19T12:22:20.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '81afa5b79a5e44ad1a5f993e56ea0f19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fc-4760-4a91-b675-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:20.000Z", "modified": "2016-12-19T12:22:20.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'c31f027c91a17e696d3badb647b4776e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fd-38c4-441e-9ed9-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:21.000Z", "modified": "2016-12-19T12:22:21.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '48c196ab809cf170027a36f8ce83b2a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fe-b968-446a-9106-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:22.000Z", "modified": "2016-12-19T12:22:22.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'b3bf838e056efad6c4e2fc34ff907b1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0fe-1d08-492c-a755-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:22.000Z", "modified": "2016-12-19T12:22:22.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'fa460248d72f9c927fbde7e49b3f9064']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ff-f768-4a11-8ded-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:23.000Z", "modified": "2016-12-19T12:22:23.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'dc746f578444fd08b899acab6a9f9480']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0ff-f884-4780-9132-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:23.000Z", "modified": "2016-12-19T12:22:23.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a99a74ac5eccdf92a3d15226ff764437']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d100-67a0-4de5-9f27-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:24.000Z", "modified": "2016-12-19T12:22:24.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '3f7c440d5ae431e2d638037b1522d537']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d100-992c-491c-bd02-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:24.000Z", "modified": "2016-12-19T12:22:24.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '6d5bb65986d89c860434a131cd07af3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d101-043c-401e-9cdd-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:25.000Z", "modified": "2016-12-19T12:22:25.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '5834cfa707d899a6ded4df35fe454663']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d101-cd84-4949-ab3b-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:25.000Z", "modified": "2016-12-19T12:22:25.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'b6ab6bd1952c68e8378e9e88f1d02844']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d102-6bc8-40f6-ac89-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:26.000Z", "modified": "2016-12-19T12:22:26.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'f7e80eef3e16b5902839213542f2433d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d102-4a1c-45b5-8744-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:26.000Z", "modified": "2016-12-19T12:22:26.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a276bbbf4ea6628ee8ac6694aa23b70a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d103-5db4-4398-94d3-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:27.000Z", "modified": "2016-12-19T12:22:27.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '27ede7277a5c482d156bf8cad3d67ecf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d103-5184-4220-9bc1-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:27.000Z", "modified": "2016-12-19T12:22:27.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '7639651850c1f2a333f017a2b7a58c2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d104-8034-4d70-a0d6-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:28.000Z", "modified": "2016-12-19T12:22:28.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '9ab8bd9a64bb4ab9b921958af213209c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d104-5a8c-47b6-b160-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:28.000Z", "modified": "2016-12-19T12:22:28.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'df1ff7cc193e6daabdb54e44d7d376c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d105-d92c-40c6-8aaf-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:29.000Z", "modified": "2016-12-19T12:22:29.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '11b949dafc35aaab4595ed5d5119731f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d105-7604-4ae5-b412-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:29.000Z", "modified": "2016-12-19T12:22:29.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '842f279d81f52a3d21d43367b976eb24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d106-6f38-46f3-8ef0-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:30.000Z", "modified": "2016-12-19T12:22:30.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a0c5cc06f6e5e9fb6da7529a02331972']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d106-8554-477c-9d9a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:30.000Z", "modified": "2016-12-19T12:22:30.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'fe5bf21593ddaf4aae3ac77f1bff02c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d107-8070-41c2-b2f6-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:31.000Z", "modified": "2016-12-19T12:22:31.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'bc4d634d6b5d40a4be72de9b91b9d2d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d107-12c8-4b1a-a3c5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:31.000Z", "modified": "2016-12-19T12:22:31.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '6d021db429a696e5ab237b30a743cec3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d108-6f80-4cb6-81f3-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:32.000Z", "modified": "2016-12-19T12:22:32.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '739d8fb283e2a7a6015f1be1391c33a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d108-1b2c-4148-9709-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:32.000Z", "modified": "2016-12-19T12:22:32.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'cd770d2079332bfffac2b257d5ca88a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d109-bd9c-4f46-a2af-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:33.000Z", "modified": "2016-12-19T12:22:33.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '0eb12f0c3aa4ec1db178fbbe69a329cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d109-9250-48e0-9afa-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:33.000Z", "modified": "2016-12-19T12:22:33.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '10bd1bcf24e12761df2ac8574cd5421e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10a-e834-4864-87ec-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:34.000Z", "modified": "2016-12-19T12:22:34.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '12c02277ede45fdad0cb6e5572555a64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10a-284c-4e58-8628-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:34.000Z", "modified": "2016-12-19T12:22:34.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '13aa570ab9772d1e03e054eb4d5ec895']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10b-aab4-42a7-aaa5-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:35.000Z", "modified": "2016-12-19T12:22:35.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '2a38488d890751f2e7b1a8dc7c212a54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10c-a4a0-4527-ab0f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:36.000Z", "modified": "2016-12-19T12:22:36.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '7fb0c05045f84aa9bb2e27ee490379c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10c-8e60-4718-b975-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:36.000Z", "modified": "2016-12-19T12:22:36.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '8b573ec48dea7caffcd18eea04d73c6d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10c-e01c-48cd-8381-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:36.000Z", "modified": "2016-12-19T12:22:36.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a5bc70e11f4dd1858ab8bbcee699c39b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10d-e6d0-4405-9018-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:37.000Z", "modified": "2016-12-19T12:22:37.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'da6794432858b2bfa8e7e252af5d59d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10d-c540-4217-b759-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:37.000Z", "modified": "2016-12-19T12:22:37.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'ea87cce7ba48805a0082c59c8feab894']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10e-a880-4765-ae11-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:38.000Z", "modified": "2016-12-19T12:22:38.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '0124976c3608a484d929a7bd0d6be7a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10e-e6e0-47ed-b5a8-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:38.000Z", "modified": "2016-12-19T12:22:38.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '05ec671309abebc5e183ccfe98a4cc6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d10f-eac0-4535-b4de-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:22:39.000Z", "modified": "2016-12-19T12:22:39.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '072f11f8bb4d295d1000148939e99577']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:22:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2dd-0c30-4808-b728-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:21.000Z", "modified": "2016-12-19T12:30:21.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = '1f9ea55ec924bf927db4fb4f429d49b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2de-c2f4-4d24-823c-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:22.000Z", "modified": "2016-12-19T12:30:22.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = 'f758f8cd8df5c969181f727bdc300b09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2df-75dc-4739-b7c2-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:23.000Z", "modified": "2016-12-19T12:30:23.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = '09b3e90ba0352189c374ed9f925fd016']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2df-67fc-47f3-917f-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:23.000Z", "modified": "2016-12-19T12:30:23.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = '4e6b187f08037c03887fc0cc7d2d7862']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e0-1d84-4cf5-8638-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:24.000Z", "modified": "2016-12-19T12:30:24.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = '890ce994b735b36bbbb737d4ea86283c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e0-6bf8-4e44-80bd-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:24.000Z", "modified": "2016-12-19T12:30:24.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = '8badfb1cfda4d0b88fa8e765b6162eaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e1-aab0-4754-b2d5-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:25.000Z", "modified": "2016-12-19T12:30:25.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = '95cc32e268174eb70e5d4878c8c481f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d2e1-bd68-4462-86a8-0b250a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:30:25.000Z", "modified": "2016-12-19T12:30:25.000Z", "description": "Luminosity RAT", "pattern": "[file:hashes.MD5 = 'cc6fa7ea140f2af9e821f0b2a3785f3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:30:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d359-a7e0-4e84-acf6-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:25.000Z", "modified": "2016-12-19T12:32:25.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = '59d528ac5530c7dd148fc85ac3e2de5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d359-78b4-4700-bf9d-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:25.000Z", "modified": "2016-12-19T12:32:25.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = '80c4a3d66159877e264b0eab74a791db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35a-7b28-458f-9a02-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:26.000Z", "modified": "2016-12-19T12:32:26.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = '94c4d42987540d6428a79c1ec4498a62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35a-70f4-48d5-aa26-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:26.000Z", "modified": "2016-12-19T12:32:26.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = 'c96ac3ecac9e7f5c72aa452a299ccd4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35b-0398-4ccf-91e8-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:27.000Z", "modified": "2016-12-19T12:32:27.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = 'ca261b901e94148a336b7504612900b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35b-ff94-4a78-9c64-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:27.000Z", "modified": "2016-12-19T12:32:27.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = '5232002e147c9a71de02b1503549ee5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35c-5a6c-4ebb-8d0a-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:28.000Z", "modified": "2016-12-19T12:32:28.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = '8f35879eedef813f7cf363e6b31bb720']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35c-2de4-4698-82bd-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:28.000Z", "modified": "2016-12-19T12:32:28.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = '983ac1b9d8d8f93f6ec2133873e0d765']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35d-5010-4d23-aa36-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:29.000Z", "modified": "2016-12-19T12:32:29.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = 'aa6eb70eb3760839617114e970eec9ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d35d-6f64-449c-9c8c-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:32:29.000Z", "modified": "2016-12-19T12:32:29.000Z", "description": "HawkEye Keylogger/Stealer", "pattern": "[file:hashes.MD5 = 'cc2a4547e94971b25f5c64db863c7007']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:32:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a1-bf14-44b1-a03a-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:37.000Z", "modified": "2016-12-19T12:33:37.000Z", "description": "ISR Stealer", "pattern": "[file:hashes.MD5 = '42de8eeb42766ab89f7ad30e3a95a6dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a2-ad2c-4d19-a848-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:38.000Z", "modified": "2016-12-19T12:33:38.000Z", "description": "ISR Stealer", "pattern": "[file:hashes.MD5 = 'da0bc308da0fdd2bc88c16609de84799']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a3-887c-4eca-be1c-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:39.000Z", "modified": "2016-12-19T12:33:39.000Z", "description": "ISR Stealer", "pattern": "[file:hashes.MD5 = 'e8bfa64826d095ff3699a5e3df205d24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a3-f240-4bd8-bcb5-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:39.000Z", "modified": "2016-12-19T12:33:39.000Z", "description": "ISR Stealer", "pattern": "[file:hashes.MD5 = 'bd32f579daf66fc77d0d39faa0827d49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d3a4-0f78-4f34-8de5-0b840a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:33:40.000Z", "modified": "2016-12-19T12:33:40.000Z", "description": "ISR Stealer", "pattern": "[file:hashes.MD5 = 'baf19d9baa948caa29fa4d47a5b00f39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:33:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d41c-97a4-4258-9a56-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:35:40.000Z", "modified": "2016-12-19T12:35:40.000Z", "description": "NetWire RAT", "pattern": "[file:hashes.MD5 = '362b8ff281b373698823f01ec5de316e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:35:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d41d-c8e0-485a-96c9-086e0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:35:41.000Z", "modified": "2016-12-19T12:35:41.000Z", "description": "NetWire RAT", "pattern": "[file:hashes.MD5 = 'b4161aeec2eee9f16b4f7bf53017b593']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:35:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47c-c624-43cd-9c39-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:16.000Z", "modified": "2016-12-19T12:37:16.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '6ed4cb68167e3413d9987b0f40733ded']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47d-c078-4b3a-90c5-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:17.000Z", "modified": "2016-12-19T12:37:17.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '763eff9455c998456f017d375ebbe334']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47d-7b40-4cb6-93a5-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:17.000Z", "modified": "2016-12-19T12:37:17.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = 'acb19c9d138687d8b77b9a16318f7897']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47e-14b8-4b69-9c84-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:18.000Z", "modified": "2016-12-19T12:37:18.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '0828d80567c200832804ab58b9653f40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47e-ecc4-4406-a471-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:18.000Z", "modified": "2016-12-19T12:37:18.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '1c55c4e93c5b59c5497817c2d75eeb82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47f-7164-48d5-b4eb-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:19.000Z", "modified": "2016-12-19T12:37:19.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '20bca6c0ce7aa1c1eec53bde21162f05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d47f-4060-4409-bc0d-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:19.000Z", "modified": "2016-12-19T12:37:19.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '41875543ce8f9fc1c3c823e783fc3799']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d480-fef4-4a09-8e68-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:20.000Z", "modified": "2016-12-19T12:37:20.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '59ea190027969a9395556a1879b8fa1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d480-8368-49bc-92af-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:20.000Z", "modified": "2016-12-19T12:37:20.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = '926a5b3a83da4947dc45b83a564e5de4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d481-a8dc-4d33-b52d-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:21.000Z", "modified": "2016-12-19T12:37:21.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = 'cb6b3071cf743fa0e62af0e29a269301']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d481-0788-48ba-8063-08720a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:37:21.000Z", "modified": "2016-12-19T12:37:21.000Z", "description": "Zeus Atmos", "pattern": "[file:hashes.MD5 = 'f7f79d8821abd3035a3c77b4d1319334']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:37:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d5-97b0-432b-a8ab-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:41.000Z", "modified": "2016-12-19T12:21:41.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'b26502694ec0f977510045e4805e3c5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d5-c9a0-4fde-a750-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:41.000Z", "modified": "2016-12-19T12:21:41.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '312feecdc77cb3e29151734ec9939cfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d6-0768-489a-b11a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:42.000Z", "modified": "2016-12-19T12:21:42.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '23965eaaece7160f5f4f38a2b2ae557a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d6-b4c4-44da-a738-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:42.000Z", "modified": "2016-12-19T12:21:42.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '36db408c729e4eec4b67593dbe6e21cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d7-11d0-4f67-8131-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:43.000Z", "modified": "2016-12-19T12:21:43.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '94083460473c6ccf96060c3f35bda8f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d7-4c98-44af-b34f-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:43.000Z", "modified": "2016-12-19T12:21:43.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '4e06d7730397f84761222ceb22578e59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d8-5688-4c13-96f6-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:44.000Z", "modified": "2016-12-19T12:21:44.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'fff1ccdebd953a89168fa545cca2d78a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d8-e7e4-4630-9d96-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:44.000Z", "modified": "2016-12-19T12:21:44.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '5497251394bca97e1cbe2008740ead6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d9-2d3c-40ab-914d-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:45.000Z", "modified": "2016-12-19T12:21:45.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'ead4bbedddba4cd1d0b31a82987ffce4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0d9-14ac-4d46-9b78-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:45.000Z", "modified": "2016-12-19T12:21:45.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'd04c3b2fe025c183ffcf85d334b2dfc3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0da-c948-409f-8733-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:46.000Z", "modified": "2016-12-19T12:21:46.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'f402e0747de2f70a43dcb0ef5cb1bb12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0da-8450-4a3f-9b17-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:46.000Z", "modified": "2016-12-19T12:21:46.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '262c692bec80d7d7af77026d03a9277d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0db-0568-4ac7-b8e0-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:47.000Z", "modified": "2016-12-19T12:21:47.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'd0c3b85e2459e85fd0d00b5ac88782d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0db-4390-4ce0-8b5a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:47.000Z", "modified": "2016-12-19T12:21:47.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '0899d80a6e4168e760321009d28b4a25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0dc-d1b0-4e75-85b8-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:48.000Z", "modified": "2016-12-19T12:21:48.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '7ba5b2b942587afad892d14c29186881']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0dc-0ea8-4029-95c7-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:48.000Z", "modified": "2016-12-19T12:21:48.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'f328c9cef3df7dbbafdabe102f2dd489']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0dd-7b90-4b29-a25e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:49.000Z", "modified": "2016-12-19T12:21:49.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '513d4413be0c6756b0aec628fb8f5398']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0dd-3868-4a95-ab01-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:49.000Z", "modified": "2016-12-19T12:21:49.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a1709a3f4952c2928e5f7e4ba552bef6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0de-ff0c-4043-b450-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:50.000Z", "modified": "2016-12-19T12:21:50.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'a598c6964f7f9aef6e6ad21c630e744a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0de-3914-451d-8858-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:50.000Z", "modified": "2016-12-19T12:21:50.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'bcd6efb7ba13404999640cbf4a8300ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0df-91fc-4c2d-b625-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:51.000Z", "modified": "2016-12-19T12:21:51.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '7210fa489bfb83715529f1ec3b55922b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0df-1744-4479-9652-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:51.000Z", "modified": "2016-12-19T12:21:51.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '2cab3363d8bb5601948f528add75c5e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e0-bb6c-43da-b61a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:52.000Z", "modified": "2016-12-19T12:21:52.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'abaaba5109c19f658f9eaf56551c0996']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e0-0084-4199-b01a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:52.000Z", "modified": "2016-12-19T12:21:52.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '53b9d168f0776c99518a8a125459b94c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e1-0e08-47e6-8df0-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:53.000Z", "modified": "2016-12-19T12:21:53.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '1c000371cda75156c5af004ca4b08e08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e1-f074-4a7f-b871-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:53.000Z", "modified": "2016-12-19T12:21:53.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '5c78e6d84ef59b06e918c55d9fd8de8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e2-efbc-4175-8f45-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:54.000Z", "modified": "2016-12-19T12:21:54.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '1e692a3e7f16b8bc9949eba72158a773']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e2-bd98-41f8-bd81-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:54.000Z", "modified": "2016-12-19T12:21:54.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'e9d3d83bec1d897538af8aebffd03ad1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e3-d59c-4063-9a92-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:55.000Z", "modified": "2016-12-19T12:21:55.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'c5674b866e3362bc09dfab0385b44bec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e3-0590-4103-a67c-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:55.000Z", "modified": "2016-12-19T12:21:55.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'dfae40a4e4a1b60322fd180f8cfa1c33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e4-92b8-459c-acf1-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:56.000Z", "modified": "2016-12-19T12:21:56.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '0b7f872d098ef8f1dd0e52f6d5c5a92e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e4-1d24-424c-baa0-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:56.000Z", "modified": "2016-12-19T12:21:56.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = 'e2ab25321e1bb1d56d8bca11fe0cc764']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e5-e110-4e01-98c1-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:57.000Z", "modified": "2016-12-19T12:21:57.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '96f1794733e30fb2df9e5e894f4e1cfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e5-54b0-4fd0-a69e-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:57.000Z", "modified": "2016-12-19T12:21:57.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '63b1d969270cccd998279477a687407c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e6-2cdc-4178-b498-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:58.000Z", "modified": "2016-12-19T12:21:58.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '9e7318168e76fdd5414fe00d8daaf21e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5857d0e6-72a4-4136-807a-0b7a0a950b0c", "created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b", "created": "2016-12-19T12:21:58.000Z", "modified": "2016-12-19T12:21:58.000Z", "description": "FareIT/Pony 2.0", "pattern": "[file:hashes.MD5 = '57da8a2813c9b1cb6598609e10faf1b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-19T12:21:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }