{ "type": "bundle", "id": "bundle--5a5df98f-3ea4-4cd5-b1d5-47d5950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:46:49.000Z", "modified": "2018-01-16T13:46:49.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a5df98f-3ea4-4cd5-b1d5-47d5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:46:49.000Z", "modified": "2018-01-16T13:46:49.000Z", "name": "OSINT Phantom of the Opaera: New KASPERAGENT Malware Campaign by ThreatConnect", "published": "2018-01-16T13:46:55Z", "object_refs": [ "observed-data--5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f", "url--5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f", "observed-data--5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f", "url--5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f", "observed-data--5a5dfa7f-e974-43a9-a4b8-62e5950d210f", "url--5a5dfa7f-e974-43a9-a4b8-62e5950d210f", "observed-data--5a5dfa7f-0d38-4c30-bfc2-62e5950d210f", "url--5a5dfa7f-0d38-4c30-bfc2-62e5950d210f", "observed-data--5a5dfa7f-215c-42ac-8c84-62e5950d210f", "url--5a5dfa7f-215c-42ac-8c84-62e5950d210f", "x-misp-attribute--5a5dfaa7-cb80-4fd8-b424-46c0950d210f", "indicator--5a5dfab6-c328-44c4-b3e4-bff6950d210f", "indicator--5a5dfab6-467c-45d8-adf9-bff6950d210f", "indicator--5a5dfad2-24a0-46cc-9257-46be950d210f", "indicator--5a5dfad2-3e88-469e-ad8e-4917950d210f", "indicator--5a5dfaec-a0b8-44c2-8802-c1be950d210f", "indicator--5a5dfaec-7b28-4d37-89dc-c1be950d210f", "indicator--5a5dfaec-d4c8-4f95-928c-c1be950d210f", "indicator--5a5dfb14-0a08-4f8b-abf7-44a3950d210f", "indicator--5a5dfb15-9e3c-4d8f-9580-4b34950d210f", "indicator--5a5dfb2f-f3f0-40a4-8746-62e5950d210f", "indicator--5a5dfb45-d0f0-4f3c-9010-476e950d210f", "indicator--5a5dfb45-b754-4fc6-9687-4265950d210f", "observed-data--5a5dfb69-23a8-4879-9a3f-4356950d210f", "network-traffic--5a5dfb69-23a8-4879-9a3f-4356950d210f", "ipv4-addr--5a5dfb69-23a8-4879-9a3f-4356950d210f", "indicator--5a5dfb6a-08c0-4d3a-aff7-4c82950d210f", "indicator--5a5dfb6a-90e4-423a-8ffa-4c58950d210f", "indicator--5a5dfb6a-7ad8-4026-94c1-4596950d210f", "indicator--5a5dfb6b-b78c-4f37-a92f-4db9950d210f", "indicator--5a5dfb6b-1070-4ec8-9123-4e38950d210f", "indicator--5a5dfb6c-9bd0-47b2-8f40-44c3950d210f", "indicator--5a5dfb6c-5b5c-40d0-b251-4f33950d210f", "indicator--5a5dfb6d-1038-4ce4-8d79-4e4d950d210f", "indicator--5a5dfb6d-cd94-4687-a84a-44b6950d210f", "indicator--5a5dfb6d-b354-4f56-a4ff-4a5f950d210f", "indicator--5a5dfb6e-f0c0-4718-9153-4f79950d210f", "indicator--5a5dfb6e-2e90-47c2-be61-4411950d210f", "indicator--5a5dfb8e-8ecc-4905-9fac-4347950d210f", "indicator--5a5dfb8f-cbf4-42c3-b2b0-4725950d210f", "indicator--5a5dfb8f-f5e0-4e15-b049-4ae2950d210f", "indicator--5a5e01af-a050-4383-91ca-4711950d210f", "indicator--5a5e01b0-9b30-4098-bfa7-4795950d210f", "indicator--5a5e01b0-2bf0-4137-b3d4-4d9e950d210f", "indicator--5a5e01b0-1adc-461c-8f3b-4d66950d210f", "indicator--5a5e01b1-5120-4c22-ad0c-4994950d210f", "indicator--5a5e01b1-f4d0-48e3-8428-4309950d210f", "indicator--5a5e01b2-da38-4971-9d68-4954950d210f", "indicator--5a5e01b2-e094-41be-a734-406d950d210f", "indicator--5a5e01b3-4240-47b2-b3f1-4b06950d210f", "indicator--5a5e01b3-e060-4ca3-91d5-414f950d210f", "indicator--5a5e01b4-1bc8-4cf7-829d-4867950d210f", "indicator--5a5e01b4-51e0-4f60-8abd-4c21950d210f", "indicator--5a5e01b4-7958-4e69-b9fb-4e1f950d210f", "indicator--5a5e01b5-4f6c-435b-bebd-43d5950d210f", "indicator--5a5e01b5-5af4-4987-b16d-474e950d210f", "indicator--5a5e01b5-60d8-4c8a-8537-4fe7950d210f", "indicator--5a5e01b6-cc68-4c40-9bb0-4d91950d210f", "indicator--5a5e01b6-6de8-4471-8258-4f2c950d210f", "indicator--5a5e01b7-b8b0-4798-8fa8-4728950d210f", "indicator--5a5e01b7-9a40-4d83-b384-4238950d210f", "indicator--5a5e01b7-2c20-4bca-b050-4465950d210f", "indicator--5a5e01d2-7364-4dbb-85e2-4840950d210f", "indicator--5a5e01d3-4cac-485a-b6dc-4ca7950d210f", "indicator--5a5e01d3-ad20-47ac-a406-4641950d210f", "indicator--5a5e01d3-15a4-48d0-a318-43d8950d210f", "indicator--5a5e01d4-5f30-4988-a81c-408c950d210f", "indicator--5a5e01d4-f468-47b9-825b-4a6a950d210f", "indicator--5a5e01d5-3350-4572-81bb-4840950d210f", "indicator--5a5e01d5-aa8c-43a8-985e-4944950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "APT", "type:OSINT", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:13:35.000Z", "modified": "2018-01-16T13:13:35.000Z", "first_observed": "2018-01-16T13:13:35Z", "last_observed": "2018-01-16T13:13:35Z", "number_observed": 1, "object_refs": [ "url--5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f", "value": "https://www.threatconnect.com/blog/kasperagent-malware-campaign/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:13:35.000Z", "modified": "2018-01-16T13:13:35.000Z", "first_observed": "2018-01-16T13:13:35Z", "last_observed": "2018-01-16T13:13:35Z", "number_observed": 1, "object_refs": [ "url--5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f", "value": "https://app.threatconnect.com/auth/campaign/campaign.xhtml?campaign=4219181" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5dfa7f-e974-43a9-a4b8-62e5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:13:35.000Z", "modified": "2018-01-16T13:13:35.000Z", "first_observed": "2018-01-16T13:13:35Z", "last_observed": "2018-01-16T13:13:35Z", "number_observed": 1, "object_refs": [ "url--5a5dfa7f-e974-43a9-a4b8-62e5950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5dfa7f-e974-43a9-a4b8-62e5950d210f", "value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219182" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5dfa7f-0d38-4c30-bfc2-62e5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:13:35.000Z", "modified": "2018-01-16T13:13:35.000Z", "first_observed": "2018-01-16T13:13:35Z", "last_observed": "2018-01-16T13:13:35Z", "number_observed": 1, "object_refs": [ "url--5a5dfa7f-0d38-4c30-bfc2-62e5950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5dfa7f-0d38-4c30-bfc2-62e5950d210f", "value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219191" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5dfa7f-215c-42ac-8c84-62e5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:13:35.000Z", "modified": "2018-01-16T13:13:35.000Z", "first_observed": "2018-01-16T13:13:35Z", "last_observed": "2018-01-16T13:13:35Z", "number_observed": 1, "object_refs": [ "url--5a5dfa7f-215c-42ac-8c84-62e5950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5dfa7f-215c-42ac-8c84-62e5950d210f", "value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219223" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5dfaa7-cb80-4fd8-b424-46c0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:18:43.000Z", "modified": "2018-01-16T13:18:43.000Z", "labels": [ "misp:type=\"pdb\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pdb", "x_misp_value": "%USERPROFILE%\\Documents\\Visual Studio 2008\\Projects\\New folder (2)\\kasper\\Release\\kasper.pdb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfab6-c328-44c4-b3e4-bff6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:14:30.000Z", "modified": "2018-01-16T13:14:30.000Z", "pattern": "[file:hashes.MD5 = '6843ae9eac03f69df301d024bfdefc88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:14:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfab6-467c-45d8-adf9-bff6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:14:30.000Z", "modified": "2018-01-16T13:14:30.000Z", "pattern": "[file:hashes.MD5 = '4fe7561f63a71ca73c26cb95b28eaee8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:14:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfad2-24a0-46cc-9257-46be950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:14:58.000Z", "modified": "2018-01-16T13:14:58.000Z", "pattern": "[domain-name:value = 'treestower.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:14:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfad2-3e88-469e-ad8e-4917950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:14:58.000Z", "modified": "2018-01-16T13:14:58.000Z", "pattern": "[domain-name:value = 'mailsinfo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:14:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfaec-a0b8-44c2-8802-c1be950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:15:24.000Z", "modified": "2018-01-16T13:15:24.000Z", "pattern": "[file:hashes.MD5 = '2de25306a58d8a5b6cbe8d5e2fc5f3c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfaec-7b28-4d37-89dc-c1be950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:15:24.000Z", "modified": "2018-01-16T13:15:24.000Z", "pattern": "[domain-name:value = 'windowsnewupdates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfaec-d4c8-4f95-928c-c1be950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:15:24.000Z", "modified": "2018-01-16T13:15:24.000Z", "pattern": "[file:hashes.MD5 = 'c66f88d2d76d79210d568d7ad7896b45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb14-0a08-4f8b-abf7-44a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:16:04.000Z", "modified": "2018-01-16T13:16:04.000Z", "pattern": "[file:hashes.IMPHASH = '0b4e44256788783634a2b1dadf4f9784']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb15-9e3c-4d8f-9580-4b34950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:16:05.000Z", "modified": "2018-01-16T13:16:05.000Z", "pattern": "[file:hashes.IMPHASH = 'e44f0bd2adfb9cbcabcad314d27accfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:16:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb2f-f3f0-40a4-8746-62e5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:16:31.000Z", "modified": "2018-01-16T13:16:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.110.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:16:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb45-d0f0-4f3c-9010-476e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:16:53.000Z", "modified": "2018-01-16T13:16:53.000Z", "pattern": "[domain-name:value = 'upfile2box.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb45-b754-4fc6-9687-4265950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:16:53.000Z", "modified": "2018-01-16T13:16:53.000Z", "pattern": "[domain-name:value = '7aga.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:16:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5dfb69-23a8-4879-9a3f-4356950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:29.000Z", "modified": "2018-01-16T13:17:29.000Z", "first_observed": "2018-01-16T13:17:29Z", "last_observed": "2018-01-16T13:17:29Z", "number_observed": 1, "object_refs": [ "network-traffic--5a5dfb69-23a8-4879-9a3f-4356950d210f", "ipv4-addr--5a5dfb69-23a8-4879-9a3f-4356950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a5dfb69-23a8-4879-9a3f-4356950d210f", "dst_ref": "ipv4-addr--5a5dfb69-23a8-4879-9a3f-4356950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a5dfb69-23a8-4879-9a3f-4356950d210f", "value": "144.76.107.83" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6a-08c0-4d3a-aff7-4c82950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:30.000Z", "modified": "2018-01-16T13:17:30.000Z", "pattern": "[domain-name:value = 'www.treestower.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6a-90e4-423a-8ffa-4c58950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:30.000Z", "modified": "2018-01-16T13:17:30.000Z", "pattern": "[domain-name:value = 'www.windowsnewupdates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6a-7ad8-4026-94c1-4596950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:30.000Z", "modified": "2018-01-16T13:17:30.000Z", "pattern": "[file:hashes.MD5 = '6e853f78c47dfd4cc726a47b0098d1b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6b-b78c-4f37-a92f-4db9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:31.000Z", "modified": "2018-01-16T13:17:31.000Z", "pattern": "[file:hashes.MD5 = '6843ae9eac03f69df301d024bfdefc88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6b-1070-4ec8-9123-4e38950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:31.000Z", "modified": "2018-01-16T13:17:31.000Z", "pattern": "[file:hashes.MD5 = '4fe7561f63a71ca73c26cb95b28eaee8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6c-9bd0-47b2-8f40-44c3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:32.000Z", "modified": "2018-01-16T13:17:32.000Z", "pattern": "[file:hashes.MD5 = 'bf587707b44e46208a53817a4718d384']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6c-5b5c-40d0-b251-4f33950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:32.000Z", "modified": "2018-01-16T13:17:32.000Z", "pattern": "[file:hashes.MD5 = '2de25306a58d8a5b6cbe8d5e2fc5f3c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6d-1038-4ce4-8d79-4e4d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:33.000Z", "modified": "2018-01-16T13:17:33.000Z", "pattern": "[url:value = 'http://www.windowsnewupdates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6d-cd94-4687-a84a-44b6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:33.000Z", "modified": "2018-01-16T13:17:33.000Z", "pattern": "[url:value = 'http://www.windowsnewupdates.com/dad5/sign.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6d-b354-4f56-a4ff-4a5f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:33.000Z", "modified": "2018-01-16T13:17:33.000Z", "pattern": "[url:value = 'http://www.treestower.com/images/17457790_12836.jpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6e-f0c0-4718-9153-4f79950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:34.000Z", "modified": "2018-01-16T13:17:34.000Z", "pattern": "[url:value = 'http://www.windowsnewupdates.com/dad5/addCity.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb6e-2e90-47c2-be61-4411950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:17:34.000Z", "modified": "2018-01-16T13:17:34.000Z", "pattern": "[url:value = 'http://www.windowsnewupdates.com/dad5/town.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:17:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb8e-8ecc-4905-9fac-4347950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:18:06.000Z", "modified": "2018-01-16T13:18:06.000Z", "pattern": "[file:hashes.MD5 = '339261a97e4cb123f15c77cb916c0ed2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:18:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb8f-cbf4-42c3-b2b0-4725950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:18:07.000Z", "modified": "2018-01-16T13:18:07.000Z", "pattern": "[file:hashes.MD5 = '48f39fe48f6fdae46dda189a904b5ad2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:18:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dfb8f-f5e0-4e15-b049-4ae2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:18:07.000Z", "modified": "2018-01-16T13:18:07.000Z", "pattern": "[file:hashes.MD5 = 'f6ac341729d42893a06db8d55aaaabae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:18:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01af-a050-4383-91ca-4711950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:15.000Z", "modified": "2018-01-16T13:44:15.000Z", "pattern": "[file:hashes.MD5 = '53135d1b2488ce356a9dfbbfa717dd8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b0-9b30-4098-bfa7-4795950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:16.000Z", "modified": "2018-01-16T13:44:16.000Z", "pattern": "[file:hashes.MD5 = '30bfc2f4776451fb04fe272e372db82f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b0-2bf0-4137-b3d4-4d9e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:16.000Z", "modified": "2018-01-16T13:44:16.000Z", "pattern": "[file:hashes.MD5 = '0734f5ff152d851a4c0655d06cc43530']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b0-1adc-461c-8f3b-4d66950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:16.000Z", "modified": "2018-01-16T13:44:16.000Z", "pattern": "[file:hashes.MD5 = 'a3fc6b4fed7c1d5ffd242ed39a9f6c8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b1-5120-4c22-ad0c-4994950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:17.000Z", "modified": "2018-01-16T13:44:17.000Z", "pattern": "[file:hashes.MD5 = 'fbf143b2d34c43bf50d713054f5b6035']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b1-f4d0-48e3-8428-4309950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:17.000Z", "modified": "2018-01-16T13:44:17.000Z", "pattern": "[file:hashes.MD5 = '568b97515f969b14bc727e8961fd65c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b2-da38-4971-9d68-4954950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:18.000Z", "modified": "2018-01-16T13:44:18.000Z", "pattern": "[file:hashes.MD5 = '135d87dc18f703238eca6e360dd6e050']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b2-e094-41be-a734-406d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:18.000Z", "modified": "2018-01-16T13:44:18.000Z", "pattern": "[file:hashes.MD5 = '73148c69c283eb85517419c4b7e60c46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b3-4240-47b2-b3f1-4b06950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:19.000Z", "modified": "2018-01-16T13:44:19.000Z", "pattern": "[file:hashes.MD5 = '96cc23b77c36cec0c34ade9b740b7b87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b3-e060-4ca3-91d5-414f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:19.000Z", "modified": "2018-01-16T13:44:19.000Z", "pattern": "[file:hashes.MD5 = '32747103d34b6e773f81e24091d8e80d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b4-1bc8-4cf7-829d-4867950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:20.000Z", "modified": "2018-01-16T13:44:20.000Z", "pattern": "[file:hashes.MD5 = '8ff090029aaf77c16d4a24fef6393264']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b4-51e0-4f60-8abd-4c21950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:20.000Z", "modified": "2018-01-16T13:44:20.000Z", "pattern": "[file:hashes.MD5 = '7ed9addc8ee29425551e673f4a8d7f2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b4-7958-4e69-b9fb-4e1f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:20.000Z", "modified": "2018-01-16T13:44:20.000Z", "pattern": "[file:hashes.MD5 = '85349063104b084ffb24d09d4c6e4bd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b5-4f6c-435b-bebd-43d5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:21.000Z", "modified": "2018-01-16T13:44:21.000Z", "pattern": "[file:hashes.MD5 = 'ae6afaf92e7cf3689ca74b6350f0a9fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b5-5af4-4987-b16d-474e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:21.000Z", "modified": "2018-01-16T13:44:21.000Z", "pattern": "[file:hashes.MD5 = 'e673c6e1d6c546c5c4abb8124ffe505b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b5-60d8-4c8a-8537-4fe7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:21.000Z", "modified": "2018-01-16T13:44:21.000Z", "pattern": "[file:hashes.MD5 = '34d04aaa2c2b2455c9f988f2de5fab04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b6-cc68-4c40-9bb0-4d91950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:22.000Z", "modified": "2018-01-16T13:44:22.000Z", "pattern": "[file:hashes.MD5 = 'b8fb0f329654ec91cc6931667c4a3e39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b6-6de8-4471-8258-4f2c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:22.000Z", "modified": "2018-01-16T13:44:22.000Z", "pattern": "[file:hashes.MD5 = 'd8fad23d13d5247484ce129cee85cc5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b7-b8b0-4798-8fa8-4728950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:23.000Z", "modified": "2018-01-16T13:44:23.000Z", "pattern": "[file:hashes.MD5 = 'a9caa2009bc2b4cd078f193d0c5a80b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b7-9a40-4d83-b384-4238950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:23.000Z", "modified": "2018-01-16T13:44:23.000Z", "pattern": "[file:hashes.MD5 = '9afcf5029f67230514d366d212d375a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01b7-2c20-4bca-b050-4465950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:23.000Z", "modified": "2018-01-16T13:44:23.000Z", "pattern": "[file:hashes.MD5 = '0e2aa5771dc87ca50d04efe5826aaf5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d2-7364-4dbb-85e2-4840950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:50.000Z", "modified": "2018-01-16T13:44:50.000Z", "pattern": "[file:hashes.MD5 = '6bb42841c16ab82e3acc63c7a6d87801']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d3-4cac-485a-b6dc-4ca7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:51.000Z", "modified": "2018-01-16T13:44:51.000Z", "pattern": "[file:hashes.MD5 = 'a8fc19b2c8efe81b09813292d31ec1eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d3-ad20-47ac-a406-4641950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:51.000Z", "modified": "2018-01-16T13:44:51.000Z", "pattern": "[file:hashes.MD5 = '980b1125805ccc351f3abde4fce133e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d3-15a4-48d0-a318-43d8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:51.000Z", "modified": "2018-01-16T13:44:51.000Z", "pattern": "[file:hashes.MD5 = '016eb6d8dad949c95bc2929f80d174b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d4-5f30-4988-a81c-408c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:52.000Z", "modified": "2018-01-16T13:44:52.000Z", "pattern": "[file:hashes.MD5 = '200c6f2b28dc75d8454dedd85b23bc56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d4-f468-47b9-825b-4a6a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:52.000Z", "modified": "2018-01-16T13:44:52.000Z", "pattern": "[file:hashes.MD5 = '5d44e3a13d8c976d30178688e8535ec5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d5-3350-4572-81bb-4840950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:53.000Z", "modified": "2018-01-16T13:44:53.000Z", "pattern": "[file:hashes.MD5 = 'cd27b0a11e6eb4006d7be41df850b9ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5e01d5-aa8c-43a8-985e-4944950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T13:44:53.000Z", "modified": "2018-01-16T13:44:53.000Z", "pattern": "[file:hashes.MD5 = '8adcc9e5e9137612418b6042f028640e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T13:44:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }