{ "type": "bundle", "id": "bundle--58e8a3b2-b0fc-41a9-b89a-4a8b02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--58e8a3b2-b0fc-41a9-b89a-4a8b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "name": "OSINT - The Blockbuster Sequel", "published": "2017-04-08T09:02:14Z", "object_refs": [ "observed-data--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81", "url--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81", "x-misp-attribute--58e8a3d4-01f8-405a-9ea5-478c02de0b81", "indicator--58e8a3ef-149c-4d92-8ae0-4e8a02de0b81", "indicator--58e8a3f0-0444-4f4b-b28b-4f9502de0b81", "indicator--58e8a3f1-72b0-4dc1-a42f-410f02de0b81", "indicator--58e8a3f2-ff8c-4d45-af1d-414102de0b81", "indicator--58e8a3f4-31c8-4111-84a5-4f3002de0b81", "indicator--58e8a3f5-c270-40be-b7d1-46ba02de0b81", "indicator--58e8a3f6-5e2c-4807-a344-4d1802de0b81", "indicator--58e8a3f7-5f08-4120-8087-447902de0b81", "indicator--58e8a3f8-1f3c-437d-b6d8-4d9c02de0b81", "indicator--58e8a3f9-9098-48ce-9326-4d7a02de0b81", "indicator--58e8a3fa-9d24-421f-9147-446802de0b81", "indicator--58e8a3fb-9458-4e66-8137-4f1102de0b81", "indicator--58e8a3fc-af2c-4168-9c2a-478802de0b81", "indicator--58e8a3fd-3e98-44ce-b36e-4af902de0b81", "indicator--58e8a3fe-97a0-4a64-8df7-481e02de0b81", "indicator--58e8a3ff-99a4-4450-9d5b-4d2002de0b81", "indicator--58e8a400-427c-4e8b-96a4-474002de0b81", "indicator--58e8a419-731c-4891-997d-4edf02de0b81", "indicator--58e8a41a-a160-4bb0-9c0f-447802de0b81", "indicator--58e8a41b-c444-4b90-b083-4aa802de0b81", "indicator--58e8a41c-9aa8-4537-9994-4f6102de0b81", "indicator--58e8a41d-d544-4557-8083-47b902de0b81", "indicator--58e8a43b-4d6c-407b-b1f2-401e02de0b81", "indicator--58e8a43c-d3bc-4afd-a297-4f1702de0b81", "indicator--58e8a43d-1f6c-4981-93e7-4ce502de0b81", "indicator--58e8a43e-146c-4457-851c-4a3802de0b81", "indicator--58e8a43f-cbfc-4957-99d7-497902de0b81", "indicator--58e8a440-109c-40c8-ac6b-4fc002de0b81", "indicator--58e8a441-10d8-433b-b0cb-494302de0b81", "indicator--58e8a442-2258-4664-9280-463702de0b81", "indicator--58e8a443-d940-43f7-9898-424e02de0b81", "indicator--58e8a444-d478-4d26-b59e-41b902de0b81", "indicator--58e8a445-848c-48a3-adcd-4bfa02de0b81", "indicator--58e8a446-ad54-44e8-a039-442602de0b81", "indicator--58e8a447-5550-4384-8ad5-425302de0b81", "indicator--58e8a449-b570-4ad5-92da-474202de0b81", "indicator--58e8a44a-06f0-4489-a35b-450302de0b81", "indicator--58e8a44b-55d0-4a1e-9da5-433d02de0b81", "indicator--58e8a44c-8714-424e-b043-427002de0b81", "indicator--58e8a44d-c534-4680-9706-46d602de0b81", "indicator--58e8a44e-fbb0-49dc-9067-425702de0b81", "indicator--58e8a44f-a4c4-47ed-8cd9-4f9e02de0b81", "indicator--58e8a450-bbf8-448b-a034-459302de0b81", "indicator--58e8a452-9ad0-4ce8-9f13-452f02de0b81", "indicator--58e8a453-082c-45f2-8f30-4b5402de0b81", "indicator--58e8a454-4858-49f4-ae93-4f0f02de0b81", "indicator--58e8a455-ec38-4c59-b1ec-44fe02de0b81", "indicator--58e8a47d-dff0-486f-bb29-4f9402de0b81", "indicator--58e8a47e-16ac-4f37-910e-4cbc02de0b81", "indicator--58e8a47f-1334-4e58-8b8b-418402de0b81", "indicator--58e8a480-f058-4880-b65c-45fa02de0b81", "indicator--58e8a481-da18-411d-b544-469002de0b81", "indicator--58e8a482-365c-4e28-a273-448002de0b81", "indicator--58e8a483-c8c0-42e8-978b-4fcd02de0b81", "indicator--58e8a485-49d0-412e-b3c0-44ce02de0b81", "indicator--58e8a486-aab4-42cc-a208-457802de0b81", "indicator--58e8a487-d8ec-4f43-8abd-481202de0b81", "indicator--58e8a488-3518-4276-a7db-4a5102de0b81", "indicator--58e8a489-a968-4b90-8d52-4d8002de0b81", "indicator--58e8a48a-83a0-40fb-97dc-4f2102de0b81", "indicator--58e8a4b1-d3e8-4539-b80e-40d702de0b81", "indicator--58e8a4b2-f458-4a32-a84a-4c6c02de0b81", "indicator--58e8a4c2-e7a0-4e01-af46-4cb002de0b81", "indicator--58e8a4c3-f544-4f85-9e78-45eb02de0b81", "indicator--58e8a643-f524-4272-a28c-489f02de0b81", "indicator--58e8a644-789c-428e-b441-497402de0b81", "observed-data--58e8a645-f25c-4eb6-bdb9-484802de0b81", "url--58e8a645-f25c-4eb6-bdb9-484802de0b81", "indicator--58e8a646-a0a4-43b7-a83b-47c302de0b81", "indicator--58e8a647-d688-4027-adff-446402de0b81", "observed-data--58e8a647-c168-4120-a612-4acb02de0b81", "url--58e8a647-c168-4120-a612-4acb02de0b81", "indicator--58e8a648-27c4-4143-92d2-4b0e02de0b81", "indicator--58e8a649-2834-4857-ace8-416202de0b81", "observed-data--58e8a64b-3a84-4702-add8-457e02de0b81", "url--58e8a64b-3a84-4702-add8-457e02de0b81", "indicator--58e8a64c-aa1c-4670-874e-47ff02de0b81", "indicator--58e8a64d-d290-4125-bf79-4d6f02de0b81", "observed-data--58e8a64d-75b4-479c-8e15-4fcb02de0b81", "url--58e8a64d-75b4-479c-8e15-4fcb02de0b81", "indicator--58e8a64e-3f70-44a5-9007-48ad02de0b81", "indicator--58e8a64f-408c-4fec-810a-459a02de0b81", "observed-data--58e8a650-75f8-4c90-aaf0-423402de0b81", "url--58e8a650-75f8-4c90-aaf0-423402de0b81", "indicator--58e8a651-e038-4dc3-ba0a-446202de0b81", "indicator--58e8a652-1174-4f93-96a3-4ddb02de0b81", "observed-data--58e8a654-1388-40a7-ac90-418502de0b81", "url--58e8a654-1388-40a7-ac90-418502de0b81", "indicator--58e8a655-d5e4-4e1f-b292-411702de0b81", "indicator--58e8a656-a36c-4b49-8037-40c802de0b81", "observed-data--58e8a657-7fbc-4c5b-b2cb-460e02de0b81", "url--58e8a657-7fbc-4c5b-b2cb-460e02de0b81", "indicator--58e8a657-7d24-43c1-9123-49d102de0b81", "indicator--58e8a658-fa98-4155-8038-405802de0b81", "observed-data--58e8a659-d434-44c3-bc37-44ab02de0b81", "url--58e8a659-d434-44c3-bc37-44ab02de0b81", "indicator--58e8a65a-8b60-4d7c-a227-4fcc02de0b81", "indicator--58e8a65b-da3c-4f1a-9996-471802de0b81", "observed-data--58e8a65c-2284-4a2d-a471-404c02de0b81", "url--58e8a65c-2284-4a2d-a471-404c02de0b81", "indicator--58e8a65d-42b0-416b-82c5-4f6902de0b81", "indicator--58e8a65e-62f0-467d-bb96-457c02de0b81", "observed-data--58e8a65f-6c90-4021-bfdb-4d3d02de0b81", "url--58e8a65f-6c90-4021-bfdb-4d3d02de0b81", "indicator--58e8a660-8994-43e6-a244-417802de0b81", "indicator--58e8a660-c848-42c7-a6b7-4a7d02de0b81", "observed-data--58e8a661-332c-45c1-bbca-4f1f02de0b81", "url--58e8a661-332c-45c1-bbca-4f1f02de0b81", "indicator--58e8a662-c00c-46f4-8757-4f6802de0b81", "indicator--58e8a663-67b8-4a9a-baf6-40be02de0b81", "observed-data--58e8a664-5c30-4bcc-9fec-4ad602de0b81", "url--58e8a664-5c30-4bcc-9fec-4ad602de0b81", "indicator--58e8a665-1c3c-4769-8d91-493e02de0b81", "indicator--58e8a666-fe80-4f90-ac1d-41e302de0b81", "observed-data--58e8a667-d238-4e5e-9dc3-478902de0b81", "url--58e8a667-d238-4e5e-9dc3-478902de0b81", "indicator--58e8a668-3714-4a9a-b80c-437c02de0b81", "indicator--58e8a668-8b7c-4175-bff3-44ed02de0b81", "observed-data--58e8a669-1514-4f75-99d7-4b2002de0b81", "url--58e8a669-1514-4f75-99d7-4b2002de0b81", "indicator--58e8a66a-3638-47ed-bf3b-4e4a02de0b81", "indicator--58e8a66c-d324-4686-b3e9-4f3c02de0b81", "observed-data--58e8a66d-d284-4960-92ec-4c6c02de0b81", "url--58e8a66d-d284-4960-92ec-4c6c02de0b81", "indicator--58e8a66e-9178-481f-918f-40b902de0b81", "indicator--58e8a66f-3cfc-47da-aef1-422302de0b81", "observed-data--58e8a670-99a8-4f91-af1a-463602de0b81", "url--58e8a670-99a8-4f91-af1a-463602de0b81", "indicator--58e8a671-0934-4ab3-8f65-485602de0b81", "indicator--58e8a673-1040-4a62-8c51-4ee902de0b81", "observed-data--58e8a674-72b8-4f8a-8eec-4a4202de0b81", "url--58e8a674-72b8-4f8a-8eec-4a4202de0b81", "indicator--58e8a675-7ab8-425a-af39-4d7002de0b81", "indicator--58e8a676-2334-4ff5-aab0-443302de0b81", "observed-data--58e8a677-ef6c-43bf-8f1a-452602de0b81", "url--58e8a677-ef6c-43bf-8f1a-452602de0b81", "indicator--58e8a678-e1e4-42c9-9e85-4fef02de0b81", "indicator--58e8a679-ee78-47d8-8644-408f02de0b81", "observed-data--58e8a67b-38a4-49fe-99bc-49b402de0b81", "url--58e8a67b-38a4-49fe-99bc-49b402de0b81", "indicator--58e8a67c-b7b4-465e-bf98-4a6902de0b81", "indicator--58e8a67d-4410-48d2-85ae-479102de0b81", "observed-data--58e8a67e-70e8-483c-a4a7-43d302de0b81", "url--58e8a67e-70e8-483c-a4a7-43d302de0b81", "indicator--58e8a67f-50a0-4ead-85b5-40b802de0b81", "indicator--58e8a680-5310-4552-8cbb-4f6c02de0b81", "observed-data--58e8a681-dde8-4f18-8afc-4bee02de0b81", "url--58e8a681-dde8-4f18-8afc-4bee02de0b81", "indicator--58e8a682-4a9c-4018-a50a-46b802de0b81", "indicator--58e8a683-75b4-427a-8d12-4e4e02de0b81", "observed-data--58e8a684-4aa8-404c-9e45-46be02de0b81", "url--58e8a684-4aa8-404c-9e45-46be02de0b81", "indicator--58e8a685-3564-435b-8a5d-483b02de0b81", "indicator--58e8a685-8c10-4689-9e64-4b3502de0b81", "observed-data--58e8a686-5770-4612-989f-44f902de0b81", "url--58e8a686-5770-4612-989f-44f902de0b81", "indicator--58e8a687-5dcc-42da-a16a-43a102de0b81", "indicator--58e8a688-393c-4996-8eec-4c4202de0b81", "observed-data--58e8a689-5ad4-4909-9e7e-461a02de0b81", "url--58e8a689-5ad4-4909-9e7e-461a02de0b81", "indicator--58e8a68a-582c-45bd-a0c5-404c02de0b81", "indicator--58e8a68b-5564-43eb-bd9d-4ef502de0b81", "observed-data--58e8a68c-4040-4022-b5ee-4f4002de0b81", "url--58e8a68c-4040-4022-b5ee-4f4002de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"blog-post\"", "misp-galaxy:threat-actor=\"Lazarus Group\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "first_observed": "2017-04-08T08:57:40Z", "last_observed": "2017-04-08T08:57:40Z", "number_observed": 1, "object_refs": [ "url--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81", "value": "http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58e8a3d4-01f8-405a-9ea5-478c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. This report details the activities from a group they named Lazarus, their tools, and the techniques they use to infiltrate computer networks. The Lazarus group is tied to the 2014 attack on Sony Pictures Entertainment and the 2013 DarkSeoul attacks.\r\n\r\nThis recently identified activity is targeting Korean speaking individuals, while the threat actors behind the attack likely speak both Korean and English. This blog will detail the recently discovered samples, their functionality, and their ties to the threat group behind Operation Blockbuster." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3ef-149c-4d92-8ae0-4e8a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.224.82.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f0-0444-4f4b-b28b-4f9502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.67.205.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f1-72b0-4dc1-a42f-410f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.70.113.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f2-ff8c-4d45-af1d-414102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.189.144.145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f4-31c8-4111-84a5-4f3002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.26.11.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f5-c270-40be-b7d1-46ba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.105.242.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f6-5e2c-4807-a344-4d1802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.233.13.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f7-5f08-4120-8087-447902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.233.13.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f8-1f3c-437d-b6d8-4d9c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.236.42.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3f9-9098-48ce-9326-4d7a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.49.171.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3fa-9d24-421f-9147-446802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.103.37.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3fb-9458-4e66-8137-4f1102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.138.17.152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3fc-af2c-4168-9c2a-478802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.161.82.208']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3fd-3e98-44ce-b36e-4af902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.115.75.188']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3fe-97a0-4a64-8df7-481e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.100.180.9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a3ff-99a4-4450-9d5b-4d2002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.78.63.95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a400-427c-4e8b-96a4-474002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 IPv4 Address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.153.49.82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a419-731c-4891-997d-4edf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 Domain", "pattern": "[domain-name:value = 'daedong.or.kr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a41a-a160-4bb0-9c0f-447802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 Domain", "pattern": "[domain-name:value = 'kcnp.or.kr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a41b-c444-4b90-b083-4aa802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 Domain", "pattern": "[domain-name:value = 'kosic.or.kr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a41c-9aa8-4537-9994-4f6102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 Domain", "pattern": "[domain-name:value = 'wstore.lt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a41d-d544-4557-8083-47b902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "C2 Domain", "pattern": "[domain-name:value = 'xkclub.hk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a43b-4d6c-407b-b1f2-401e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '02d74124957b6de4b087a7d12efa01c43558bf6bdaccef9926a022bcffcdcfea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a43c-d3bc-4afd-a297-4f1702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a43d-1f6c-4981-93e7-4ce502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '18579d1cc9810ca0b5230e8671a16f9e65b9c9cdd268db6c3535940c30b12f9e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a43e-146c-4457-851c-4a3802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '19b23f169606bd390581afe1b27c2c8659d736cbfa4c3e58ed83a287049522f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a43f-cbfc-4957-99d7-497902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a440-109c-40c8-ac6b-4fc002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '440dd79e8e5906f0a73b80bf0dc58f186cb289b4edb9e5bc4922d4e197bce10c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a441-10d8-433b-b0cb-494302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '446ce29f6df3ac2692773e0a9b2a973d0013e059543c858554ac8200ba1d09cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a442-2258-4664-9280-463702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a443-d940-43f7-9898-424e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '5c10b34e99b0f0681f79eaba39e3fe60e1a03ec43faf14b28850be80830722cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a444-d478-4d26-b59e-41b902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '644c01322628adf8574d69afe25c4eb2cdc0bfa400e689645c2ab80becbacc33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a445-848c-48a3-adcd-4bfa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a446-ad54-44e8-a039-442602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a447-5550-4384-8ad5-425302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '79fe6576d0a26bd41f1f3a3a7bfeff6b5b7c867d624b004b21fadfdd49e6cb18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a449-b570-4ad5-92da-474202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a44a-06f0-4489-a35b-450302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '8b21e36aa81ace60c797ac8299c8a80f366cb0f3c703465a2b9a6dbf3e65861e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a44b-55d0-4a1e-9da5-433d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = '9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a44c-8714-424e-b043-427002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'd843f31a1fb62ee49939940bf5a998472a9f92b23336affa7bccfa836fe299f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a44d-c534-4680-9706-46d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a44e-fbb0-49dc-9067-425702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a44f-a4c4-47ed-8cd9-4f9e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a450-bbf8-448b-a034-459302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'f365a042fbf57ed2fe3fd75b588c46ae358c14441905df1446e67d348bd902bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a452-9ad0-4ce8-9f13-452f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'f618245e69695f6e985168f5e307fd6dc7e848832bf01c529818cbcfa4089e4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a453-082c-45f2-8f30-4b5402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'fa45603334dae86cc72e356df9aa5e21151bb09ffabf86b8dbf5bf42bd2bbadf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a454-4858-49f4-ae93-4f0f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'fc19a42c423aefb5fdb19b50db52f84e1cbd20af6530e7c7b39435c4c7248cc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a455-ec38-4c59-b1ec-44fe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Additional Related Samples", "pattern": "[file:hashes.SHA256 = 'ff4581d0c73bd526efdd6384bc1fb44b856120bc6bbf0098a1fa0de3efff900d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a47d-dff0-486f-bb29-4f9402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a47e-16ac-4f37-910e-4cbc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a47f-1334-4e58-8b8b-418402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = 'd1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a480-f058-4880-b65c-45fa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a481-da18-411d-b544-469002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = 'dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a482-365c-4e28-a273-448002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = 'f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a483-c8c0-42e8-978b-4fcd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a485-49d0-412e-b3c0-44ce02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a486-aab4-42cc-a208-457802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a487-d8ec-4f43-8abd-481202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a488-3518-4276-a7db-4a5102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '6ccb8a10e253cddd8d4c4b85d19bbb288b56b8174a3f1f2fe1f9151732e1a7da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a489-a968-4b90-8d52-4d8002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a48a-83a0-40fb-97dc-4f2102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Testing Malicious Document", "pattern": "[file:hashes.SHA256 = '9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a4b1-d3e8-4539-b80e-40d702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Initial Payload", "pattern": "[file:hashes.SHA256 = '1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a4b2-f458-4a32-a84a-4c6c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Initial Payload (unpacked)", "pattern": "[file:hashes.SHA256 = '032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a4c2-e7a0-4e01-af46-4cb002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Initial Malicious Document", "pattern": "[file:hashes.SHA256 = 'cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a4c3-f544-4f85-9e78-45eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:57:40.000Z", "modified": "2017-04-08T08:57:40.000Z", "description": "Initial Malicious Document", "pattern": "[file:hashes.SHA256 = 'ff58189452668d8c2829a0e9ba8a98a34482c4f2c5c363dc0671700ba58b7bee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:57:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a643-f524-4272-a28c-489f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:43.000Z", "modified": "2017-04-08T08:58:43.000Z", "description": "Initial Malicious Document - Xchecked via VT: cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b", "pattern": "[file:hashes.SHA1 = 'b2204bb750842e3d9f4da914ad527a33efca7532']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a644-789c-428e-b441-497402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:44.000Z", "modified": "2017-04-08T08:58:44.000Z", "description": "Initial Malicious Document - Xchecked via VT: cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b", "pattern": "[file:hashes.MD5 = 'e656e1e46e3ad644f9701378490880e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a645-f25c-4eb6-bdb9-484802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:45.000Z", "modified": "2017-04-08T08:58:45.000Z", "first_observed": "2017-04-08T08:58:45Z", "last_observed": "2017-04-08T08:58:45Z", "number_observed": 1, "object_refs": [ "url--58e8a645-f25c-4eb6-bdb9-484802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a645-f25c-4eb6-bdb9-484802de0b81", "value": "https://www.virustotal.com/file/cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b/analysis/1491597656/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a646-a0a4-43b7-a83b-47c302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:46.000Z", "modified": "2017-04-08T08:58:46.000Z", "description": "Initial Payload (unpacked) - Xchecked via VT: 032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0", "pattern": "[file:hashes.SHA1 = '55f56b74a65521a3524be9fe3ea8d30505704ab5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a647-d688-4027-adff-446402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:47.000Z", "modified": "2017-04-08T08:58:47.000Z", "description": "Initial Payload (unpacked) - Xchecked via VT: 032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0", "pattern": "[file:hashes.MD5 = 'cab10f19ae0a6deeb7be7bd0b46a0f5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a647-c168-4120-a612-4acb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:47.000Z", "modified": "2017-04-08T08:58:47.000Z", "first_observed": "2017-04-08T08:58:47Z", "last_observed": "2017-04-08T08:58:47Z", "number_observed": 1, "object_refs": [ "url--58e8a647-c168-4120-a612-4acb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a647-c168-4120-a612-4acb02de0b81", "value": "https://www.virustotal.com/file/032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0/analysis/1491640686/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a648-27c4-4143-92d2-4b0e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:48.000Z", "modified": "2017-04-08T08:58:48.000Z", "description": "Initial Payload - Xchecked via VT: 1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65", "pattern": "[file:hashes.SHA1 = 'dcc4e51730c0114f110405e3e42e721384969add']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a649-2834-4857-ace8-416202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:49.000Z", "modified": "2017-04-08T08:58:49.000Z", "description": "Initial Payload - Xchecked via VT: 1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65", "pattern": "[file:hashes.MD5 = 'a4b3404fffc581ab06d50f3f2243cb56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a64b-3a84-4702-add8-457e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:51.000Z", "modified": "2017-04-08T08:58:51.000Z", "first_observed": "2017-04-08T08:58:51Z", "last_observed": "2017-04-08T08:58:51Z", "number_observed": 1, "object_refs": [ "url--58e8a64b-3a84-4702-add8-457e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a64b-3a84-4702-add8-457e02de0b81", "value": "https://www.virustotal.com/file/1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65/analysis/1491597476/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a64c-aa1c-4670-874e-47ff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:52.000Z", "modified": "2017-04-08T08:58:52.000Z", "description": "Testing Malicious Document - Xchecked via VT: 9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff", "pattern": "[file:hashes.SHA1 = '6f23666a209c80d3aa475f1382a065a818346339']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a64d-d290-4125-bf79-4d6f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:53.000Z", "modified": "2017-04-08T08:58:53.000Z", "description": "Testing Malicious Document - Xchecked via VT: 9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff", "pattern": "[file:hashes.MD5 = '01a07e5a28e53a5bc541d178fe229599']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a64d-75b4-479c-8e15-4fcb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:53.000Z", "modified": "2017-04-08T08:58:53.000Z", "first_observed": "2017-04-08T08:58:53Z", "last_observed": "2017-04-08T08:58:53Z", "number_observed": 1, "object_refs": [ "url--58e8a64d-75b4-479c-8e15-4fcb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a64d-75b4-479c-8e15-4fcb02de0b81", "value": "https://www.virustotal.com/file/9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff/analysis/1490008053/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a64e-3f70-44a5-9007-48ad02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:54.000Z", "modified": "2017-04-08T08:58:54.000Z", "description": "Testing Malicious Document - Xchecked via VT: 8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b", "pattern": "[file:hashes.SHA1 = '033bf940b65c1a5247f22be6c8f9c4144ab9ef8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a64f-408c-4fec-810a-459a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:55.000Z", "modified": "2017-04-08T08:58:55.000Z", "description": "Testing Malicious Document - Xchecked via VT: 8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b", "pattern": "[file:hashes.MD5 = '2b78a7f0cd2efb69bdacff9b9c59f9cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a650-75f8-4c90-aaf0-423402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:56.000Z", "modified": "2017-04-08T08:58:56.000Z", "first_observed": "2017-04-08T08:58:56Z", "last_observed": "2017-04-08T08:58:56Z", "number_observed": 1, "object_refs": [ "url--58e8a650-75f8-4c90-aaf0-423402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a650-75f8-4c90-aaf0-423402de0b81", "value": "https://www.virustotal.com/file/8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b/analysis/1490007705/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a651-e038-4dc3-ba0a-446202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:57.000Z", "modified": "2017-04-08T08:58:57.000Z", "description": "Testing Malicious Document - Xchecked via VT: 600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7", "pattern": "[file:hashes.SHA1 = '770f800510bde5c8b051052e43f13fb0d0432883']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a652-1174-4f93-96a3-4ddb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:58:58.000Z", "modified": "2017-04-08T08:58:58.000Z", "description": "Testing Malicious Document - Xchecked via VT: 600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7", "pattern": "[file:hashes.MD5 = 'f450e6c90e9a3a907690fb66f08c8b49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:58:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a654-1388-40a7-ac90-418502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:00.000Z", "modified": "2017-04-08T08:59:00.000Z", "first_observed": "2017-04-08T08:59:00Z", "last_observed": "2017-04-08T08:59:00Z", "number_observed": 1, "object_refs": [ "url--58e8a654-1388-40a7-ac90-418502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a654-1388-40a7-ac90-418502de0b81", "value": "https://www.virustotal.com/file/600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7/analysis/1490009323/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a655-d5e4-4e1f-b292-411702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:01.000Z", "modified": "2017-04-08T08:59:01.000Z", "description": "Testing Malicious Document - Xchecked via VT: 49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af", "pattern": "[file:hashes.SHA1 = '387887243c1436f37bcecb9671de375813e57fd2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a656-a36c-4b49-8037-40c802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:02.000Z", "modified": "2017-04-08T08:59:02.000Z", "description": "Testing Malicious Document - Xchecked via VT: 49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af", "pattern": "[file:hashes.MD5 = '39b32e5fcec968631b6badeaf9bd517c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a657-7fbc-4c5b-b2cb-460e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:03.000Z", "modified": "2017-04-08T08:59:03.000Z", "first_observed": "2017-04-08T08:59:03Z", "last_observed": "2017-04-08T08:59:03Z", "number_observed": 1, "object_refs": [ "url--58e8a657-7fbc-4c5b-b2cb-460e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a657-7fbc-4c5b-b2cb-460e02de0b81", "value": "https://www.virustotal.com/file/49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af/analysis/1490007820/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a657-7d24-43c1-9123-49d102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:03.000Z", "modified": "2017-04-08T08:59:03.000Z", "description": "Testing Malicious Document - Xchecked via VT: 31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443", "pattern": "[file:hashes.SHA1 = '2437d58cbef0ea77e64b12529f8386c93563867e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a658-fa98-4155-8038-405802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:04.000Z", "modified": "2017-04-08T08:59:04.000Z", "description": "Testing Malicious Document - Xchecked via VT: 31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443", "pattern": "[file:hashes.MD5 = '853017d8231acf6aa912fb4a146ffd46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a659-d434-44c3-bc37-44ab02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:05.000Z", "modified": "2017-04-08T08:59:05.000Z", "first_observed": "2017-04-08T08:59:05Z", "last_observed": "2017-04-08T08:59:05Z", "number_observed": 1, "object_refs": [ "url--58e8a659-d434-44c3-bc37-44ab02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a659-d434-44c3-bc37-44ab02de0b81", "value": "https://www.virustotal.com/file/31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443/analysis/1490875689/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a65a-8b60-4d7c-a227-4fcc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:06.000Z", "modified": "2017-04-08T08:59:06.000Z", "description": "Testing Malicious Document - Xchecked via VT: 1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08", "pattern": "[file:hashes.SHA1 = '60fb33e965efb986f3549da6366fd4e27adb9ca5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a65b-da3c-4f1a-9996-471802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:07.000Z", "modified": "2017-04-08T08:59:07.000Z", "description": "Testing Malicious Document - Xchecked via VT: 1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08", "pattern": "[file:hashes.MD5 = '2f9353046222a49317c9db3be4cd1e12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a65c-2284-4a2d-a471-404c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:08.000Z", "modified": "2017-04-08T08:59:08.000Z", "first_observed": "2017-04-08T08:59:08Z", "last_observed": "2017-04-08T08:59:08Z", "number_observed": 1, "object_refs": [ "url--58e8a65c-2284-4a2d-a471-404c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a65c-2284-4a2d-a471-404c02de0b81", "value": "https://www.virustotal.com/file/1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08/analysis/1490007908/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a65d-42b0-416b-82c5-4f6902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:09.000Z", "modified": "2017-04-08T08:59:09.000Z", "description": "Testing Malicious Document - Xchecked via VT: f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2", "pattern": "[file:hashes.SHA1 = '32198a872923cd003ab11c75ed5369c979a7cb64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a65e-62f0-467d-bb96-457c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:10.000Z", "modified": "2017-04-08T08:59:10.000Z", "description": "Testing Malicious Document - Xchecked via VT: f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2", "pattern": "[file:hashes.MD5 = '8f47377f880cef626c30bcd3a68bfed0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a65f-6c90-4021-bfdb-4d3d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:11.000Z", "modified": "2017-04-08T08:59:11.000Z", "first_observed": "2017-04-08T08:59:11Z", "last_observed": "2017-04-08T08:59:11Z", "number_observed": 1, "object_refs": [ "url--58e8a65f-6c90-4021-bfdb-4d3d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a65f-6c90-4021-bfdb-4d3d02de0b81", "value": "https://www.virustotal.com/file/f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2/analysis/1489993311/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a660-8994-43e6-a244-417802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:11.000Z", "modified": "2017-04-08T08:59:11.000Z", "description": "Testing Malicious Document - Xchecked via VT: dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316", "pattern": "[file:hashes.SHA1 = '637bfa81f697cf24aca57523fc28891b5376605d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a660-c848-42c7-a6b7-4a7d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:12.000Z", "modified": "2017-04-08T08:59:12.000Z", "description": "Testing Malicious Document - Xchecked via VT: dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316", "pattern": "[file:hashes.MD5 = '4ae49bc0ddffcf1ab5fa33faae966e98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a661-332c-45c1-bbca-4f1f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:13.000Z", "modified": "2017-04-08T08:59:13.000Z", "first_observed": "2017-04-08T08:59:13Z", "last_observed": "2017-04-08T08:59:13Z", "number_observed": 1, "object_refs": [ "url--58e8a661-332c-45c1-bbca-4f1f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a661-332c-45c1-bbca-4f1f02de0b81", "value": "https://www.virustotal.com/file/dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316/analysis/1489976038/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a662-c00c-46f4-8757-4f6802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:14.000Z", "modified": "2017-04-08T08:59:14.000Z", "description": "Testing Malicious Document - Xchecked via VT: 040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63", "pattern": "[file:hashes.SHA1 = '71786e3d42c7cc8059336f9c50f489fba3c443c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a663-67b8-4a9a-baf6-40be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:15.000Z", "modified": "2017-04-08T08:59:15.000Z", "description": "Testing Malicious Document - Xchecked via VT: 040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63", "pattern": "[file:hashes.MD5 = 'c01a91a26dd90363f0ab90d5163a3c5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a664-5c30-4bcc-9fec-4ad602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:16.000Z", "modified": "2017-04-08T08:59:16.000Z", "first_observed": "2017-04-08T08:59:16Z", "last_observed": "2017-04-08T08:59:16Z", "number_observed": 1, "object_refs": [ "url--58e8a664-5c30-4bcc-9fec-4ad602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a664-5c30-4bcc-9fec-4ad602de0b81", "value": "https://www.virustotal.com/file/040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63/analysis/1490945842/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a665-1c3c-4769-8d91-493e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:17.000Z", "modified": "2017-04-08T08:59:17.000Z", "description": "Testing Malicious Document - Xchecked via VT: d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080", "pattern": "[file:hashes.SHA1 = 'cf403afb93440c56532323e87e40d895b67ef6cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a666-fe80-4f90-ac1d-41e302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:18.000Z", "modified": "2017-04-08T08:59:18.000Z", "description": "Testing Malicious Document - Xchecked via VT: d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080", "pattern": "[file:hashes.MD5 = 'a16dad1248433bbad204ab4705afc47a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a667-d238-4e5e-9dc3-478902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:19.000Z", "modified": "2017-04-08T08:59:19.000Z", "first_observed": "2017-04-08T08:59:19Z", "last_observed": "2017-04-08T08:59:19Z", "number_observed": 1, "object_refs": [ "url--58e8a667-d238-4e5e-9dc3-478902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a667-d238-4e5e-9dc3-478902de0b81", "value": "https://www.virustotal.com/file/d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080/analysis/1491562208/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a668-3714-4a9a-b80c-437c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:20.000Z", "modified": "2017-04-08T08:59:20.000Z", "description": "Testing Malicious Document - Xchecked via VT: 09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723", "pattern": "[file:hashes.SHA1 = '8e06f968126ea7ff4ef1123c07c7452256c2e8fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a668-8b7c-4175-bff3-44ed02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:20.000Z", "modified": "2017-04-08T08:59:20.000Z", "description": "Testing Malicious Document - Xchecked via VT: 09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723", "pattern": "[file:hashes.MD5 = 'cefa6225208e4fd18e326c860398b0ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a669-1514-4f75-99d7-4b2002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:21.000Z", "modified": "2017-04-08T08:59:21.000Z", "first_observed": "2017-04-08T08:59:21Z", "last_observed": "2017-04-08T08:59:21Z", "number_observed": 1, "object_refs": [ "url--58e8a669-1514-4f75-99d7-4b2002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a669-1514-4f75-99d7-4b2002de0b81", "value": "https://www.virustotal.com/file/09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723/analysis/1490007093/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a66a-3638-47ed-bf3b-4e4a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:22.000Z", "modified": "2017-04-08T08:59:22.000Z", "description": "Testing Malicious Document - Xchecked via VT: 90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1", "pattern": "[file:hashes.SHA1 = '786aad5a9df111dbc29d08b068894c17e663ff2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a66c-d324-4686-b3e9-4f3c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:24.000Z", "modified": "2017-04-08T08:59:24.000Z", "description": "Testing Malicious Document - Xchecked via VT: 90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1", "pattern": "[file:hashes.MD5 = 'a24582e2a9162f32d09349953fac52b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a66d-d284-4960-92ec-4c6c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:25.000Z", "modified": "2017-04-08T08:59:25.000Z", "first_observed": "2017-04-08T08:59:25Z", "last_observed": "2017-04-08T08:59:25Z", "number_observed": 1, "object_refs": [ "url--58e8a66d-d284-4960-92ec-4c6c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a66d-d284-4960-92ec-4c6c02de0b81", "value": "https://www.virustotal.com/file/90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1/analysis/1489993815/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a66e-9178-481f-918f-40b902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:26.000Z", "modified": "2017-04-08T08:59:26.000Z", "description": "Additional Related Samples - Xchecked via VT: efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c", "pattern": "[file:hashes.SHA1 = 'd0da8357705856e3527add4f5a8e6ccc6de35d9a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a66f-3cfc-47da-aef1-422302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:27.000Z", "modified": "2017-04-08T08:59:27.000Z", "description": "Additional Related Samples - Xchecked via VT: efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c", "pattern": "[file:hashes.MD5 = 'da6f533bdeea3232d40245a1ded451c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a670-99a8-4f91-af1a-463602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:28.000Z", "modified": "2017-04-08T08:59:28.000Z", "first_observed": "2017-04-08T08:59:28Z", "last_observed": "2017-04-08T08:59:28Z", "number_observed": 1, "object_refs": [ "url--58e8a670-99a8-4f91-af1a-463602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a670-99a8-4f91-af1a-463602de0b81", "value": "https://www.virustotal.com/file/efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c/analysis/1488193010/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a671-0934-4ab3-8f65-485602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:29.000Z", "modified": "2017-04-08T08:59:29.000Z", "description": "Additional Related Samples - Xchecked via VT: dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57", "pattern": "[file:hashes.SHA1 = '74f4470f1c7705eee57dad4f4f31a0677497f4eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a673-1040-4a62-8c51-4ee902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:31.000Z", "modified": "2017-04-08T08:59:31.000Z", "description": "Additional Related Samples - Xchecked via VT: dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57", "pattern": "[file:hashes.MD5 = 'c272af488ff4c4af2941fd83b1484f33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a674-72b8-4f8a-8eec-4a4202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:32.000Z", "modified": "2017-04-08T08:59:32.000Z", "first_observed": "2017-04-08T08:59:32Z", "last_observed": "2017-04-08T08:59:32Z", "number_observed": 1, "object_refs": [ "url--58e8a674-72b8-4f8a-8eec-4a4202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a674-72b8-4f8a-8eec-4a4202de0b81", "value": "https://www.virustotal.com/file/dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57/analysis/1491479445/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a675-7ab8-425a-af39-4d7002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:33.000Z", "modified": "2017-04-08T08:59:33.000Z", "description": "Additional Related Samples - Xchecked via VT: dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212", "pattern": "[file:hashes.SHA1 = '64dd3293e0273b2054a232afc9e7fcdda572e19c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a676-2334-4ff5-aab0-443302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:34.000Z", "modified": "2017-04-08T08:59:34.000Z", "description": "Additional Related Samples - Xchecked via VT: dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212", "pattern": "[file:hashes.MD5 = '35e32397ff614e894d41496670909f9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a677-ef6c-43bf-8f1a-452602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:35.000Z", "modified": "2017-04-08T08:59:35.000Z", "first_observed": "2017-04-08T08:59:35Z", "last_observed": "2017-04-08T08:59:35Z", "number_observed": 1, "object_refs": [ "url--58e8a677-ef6c-43bf-8f1a-452602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a677-ef6c-43bf-8f1a-452602de0b81", "value": "https://www.virustotal.com/file/dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212/analysis/1490951539/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a678-e1e4-42c9-9e85-4fef02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:36.000Z", "modified": "2017-04-08T08:59:36.000Z", "description": "Additional Related Samples - Xchecked via VT: 9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e", "pattern": "[file:hashes.SHA1 = 'fd3991e274f2d8889b749c39f9f85e1f1b998790']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a679-ee78-47d8-8644-408f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:37.000Z", "modified": "2017-04-08T08:59:37.000Z", "description": "Additional Related Samples - Xchecked via VT: 9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e", "pattern": "[file:hashes.MD5 = '75f2972cc953e26f8fc43eb0456fdc7a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a67b-38a4-49fe-99bc-49b402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:39.000Z", "modified": "2017-04-08T08:59:39.000Z", "first_observed": "2017-04-08T08:59:39Z", "last_observed": "2017-04-08T08:59:39Z", "number_observed": 1, "object_refs": [ "url--58e8a67b-38a4-49fe-99bc-49b402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a67b-38a4-49fe-99bc-49b402de0b81", "value": "https://www.virustotal.com/file/9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e/analysis/1490411201/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a67c-b7b4-465e-bf98-4a6902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:40.000Z", "modified": "2017-04-08T08:59:40.000Z", "description": "Additional Related Samples - Xchecked via VT: 8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1", "pattern": "[file:hashes.SHA1 = '596cf05e9a3a7c0b3f279bf6964b353067390c82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a67d-4410-48d2-85ae-479102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:41.000Z", "modified": "2017-04-08T08:59:41.000Z", "description": "Additional Related Samples - Xchecked via VT: 8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1", "pattern": "[file:hashes.MD5 = 'f0e1b26444f21647f25b821d2c46bec4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a67e-70e8-483c-a4a7-43d302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:42.000Z", "modified": "2017-04-08T08:59:42.000Z", "first_observed": "2017-04-08T08:59:42Z", "last_observed": "2017-04-08T08:59:42Z", "number_observed": 1, "object_refs": [ "url--58e8a67e-70e8-483c-a4a7-43d302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a67e-70e8-483c-a4a7-43d302de0b81", "value": "https://www.virustotal.com/file/8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1/analysis/1490271298/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a67f-50a0-4ead-85b5-40b802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:43.000Z", "modified": "2017-04-08T08:59:43.000Z", "description": "Additional Related Samples - Xchecked via VT: 77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976", "pattern": "[file:hashes.SHA1 = '9bd3283af048363d270fceae0bc4292dc50e5309']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a680-5310-4552-8cbb-4f6c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:44.000Z", "modified": "2017-04-08T08:59:44.000Z", "description": "Additional Related Samples - Xchecked via VT: 77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976", "pattern": "[file:hashes.MD5 = '5426af0a8bce2fcc61fcf189e6119fe1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a681-dde8-4f18-8afc-4bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:45.000Z", "modified": "2017-04-08T08:59:45.000Z", "first_observed": "2017-04-08T08:59:45Z", "last_observed": "2017-04-08T08:59:45Z", "number_observed": 1, "object_refs": [ "url--58e8a681-dde8-4f18-8afc-4bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a681-dde8-4f18-8afc-4bee02de0b81", "value": "https://www.virustotal.com/file/77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976/analysis/1488792086/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a682-4a9c-4018-a50a-46b802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:46.000Z", "modified": "2017-04-08T08:59:46.000Z", "description": "Additional Related Samples - Xchecked via VT: 6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad", "pattern": "[file:hashes.SHA1 = '606caa1b754113bb064e015b2bffb3659e373ea8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a683-75b4-427a-8d12-4e4e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:47.000Z", "modified": "2017-04-08T08:59:47.000Z", "description": "Additional Related Samples - Xchecked via VT: 6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad", "pattern": "[file:hashes.MD5 = 'd511fa33bb3c9a238e4b4eae7bae6e84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a684-4aa8-404c-9e45-46be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:48.000Z", "modified": "2017-04-08T08:59:48.000Z", "first_observed": "2017-04-08T08:59:48Z", "last_observed": "2017-04-08T08:59:48Z", "number_observed": 1, "object_refs": [ "url--58e8a684-4aa8-404c-9e45-46be02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a684-4aa8-404c-9e45-46be02de0b81", "value": "https://www.virustotal.com/file/6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad/analysis/1484198463/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a685-3564-435b-8a5d-483b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:49.000Z", "modified": "2017-04-08T08:59:49.000Z", "description": "Additional Related Samples - Xchecked via VT: 557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062", "pattern": "[file:hashes.SHA1 = '4b5efb3708096ab7aa1dd6d747cd6f53873991b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a685-8c10-4689-9e64-4b3502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:49.000Z", "modified": "2017-04-08T08:59:49.000Z", "description": "Additional Related Samples - Xchecked via VT: 557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062", "pattern": "[file:hashes.MD5 = '7717f90967ad67016c8229c2271000ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a686-5770-4612-989f-44f902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:50.000Z", "modified": "2017-04-08T08:59:50.000Z", "first_observed": "2017-04-08T08:59:50Z", "last_observed": "2017-04-08T08:59:50Z", "number_observed": 1, "object_refs": [ "url--58e8a686-5770-4612-989f-44f902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a686-5770-4612-989f-44f902de0b81", "value": "https://www.virustotal.com/file/557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062/analysis/1490951394/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a687-5dcc-42da-a16a-43a102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:51.000Z", "modified": "2017-04-08T08:59:51.000Z", "description": "Additional Related Samples - Xchecked via VT: 1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe", "pattern": "[file:hashes.SHA1 = '44a2d2e9b5d79a047470c4e61c1c4926cac8b656']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a688-393c-4996-8eec-4c4202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:52.000Z", "modified": "2017-04-08T08:59:52.000Z", "description": "Additional Related Samples - Xchecked via VT: 1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe", "pattern": "[file:hashes.MD5 = '3a6b48de605ac9e58ffd83d87db650eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a689-5ad4-4909-9e7e-461a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:53.000Z", "modified": "2017-04-08T08:59:53.000Z", "first_observed": "2017-04-08T08:59:53Z", "last_observed": "2017-04-08T08:59:53Z", "number_observed": 1, "object_refs": [ "url--58e8a689-5ad4-4909-9e7e-461a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a689-5ad4-4909-9e7e-461a02de0b81", "value": "https://www.virustotal.com/file/1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe/analysis/1490007460/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a68a-582c-45bd-a0c5-404c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:54.000Z", "modified": "2017-04-08T08:59:54.000Z", "description": "Additional Related Samples - Xchecked via VT: 0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477", "pattern": "[file:hashes.SHA1 = '6993457347d2bcb3f606bf59eeb58a7bfe375577']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e8a68b-5564-43eb-bd9d-4ef502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:55.000Z", "modified": "2017-04-08T08:59:55.000Z", "description": "Additional Related Samples - Xchecked via VT: 0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477", "pattern": "[file:hashes.MD5 = '1261323be950dcd97c9cf011f2407220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-08T08:59:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58e8a68c-4040-4022-b5ee-4f4002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-08T08:59:56.000Z", "modified": "2017-04-08T08:59:56.000Z", "first_observed": "2017-04-08T08:59:56Z", "last_observed": "2017-04-08T08:59:56Z", "number_observed": 1, "object_refs": [ "url--58e8a68c-4040-4022-b5ee-4f4002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58e8a68c-4040-4022-b5ee-4f4002de0b81", "value": "https://www.virustotal.com/file/0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477/analysis/1485414087/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }