{ "type": "bundle", "id": "bundle--5526b0e5-e2a4-45cd-abee-a5f5950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:47.000Z", "modified": "2015-04-09T17:13:47.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5526b0e5-e2a4-45cd-abee-a5f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:47.000Z", "modified": "2015-04-09T17:13:47.000Z", "name": "OSINT Analysis of KRIPTOVOR: Infostealer+Ransomware by FireEye", "published": "2015-04-10T06:39:58Z", "object_refs": [ "observed-data--5526b0fd-4e90-4565-9a70-60dc950d210b", "url--5526b0fd-4e90-4565-9a70-60dc950d210b", "x-misp-attribute--5526b107-6928-4793-99d0-74b2950d210b", "indicator--5526b16e-bf3c-4f90-8e99-961d950d210b", "indicator--5526b19e-99c0-4ecc-a9ac-877c950d210b", "indicator--5526b19e-1cc8-4cba-9195-877c950d210b", "indicator--5526b19e-c460-4b9f-a8e7-877c950d210b", "indicator--5526b19e-5314-4d5a-a072-877c950d210b", "indicator--5526b19e-61c4-4fef-8516-877c950d210b", "indicator--5526b19e-cf84-4eaa-9e92-877c950d210b", "indicator--5526b19e-da94-4de0-8910-877c950d210b", "indicator--5526b19f-1e4c-40b5-9a3a-877c950d210b", "indicator--5526b19f-e268-4c3e-9c40-877c950d210b", "indicator--5526b19f-c900-4838-ae15-877c950d210b", "indicator--5526b19f-1b60-496e-bff5-877c950d210b", "indicator--5526b19f-b60c-4721-85a3-877c950d210b", "indicator--5526b19f-e9fc-4d68-ae5a-877c950d210b", "indicator--5526b19f-d568-4a20-a4cd-877c950d210b", "indicator--5526b19f-0848-42dc-b577-877c950d210b", "indicator--5526b19f-b9f8-4467-a0f0-877c950d210b", "indicator--5526b1a0-330c-4590-9434-877c950d210b", "indicator--5526b1a0-fc50-49ab-bf54-877c950d210b", "indicator--5526b1a0-6994-40cf-b2fc-877c950d210b", "indicator--5526b1a0-efc4-4a8f-8633-877c950d210b", "indicator--5526b1a0-7d7c-4f45-8eac-877c950d210b", "indicator--5526b1a0-d3d4-4091-a814-877c950d210b", "indicator--5526b1a0-ea94-4a2b-94a8-877c950d210b", "indicator--5526b1a0-e1f8-4725-942f-877c950d210b", "indicator--5526b1a0-1290-44e6-bca2-877c950d210b", "indicator--5526b1a1-b134-45a1-9e81-877c950d210b", "indicator--5526b1a1-5884-4cd3-aa60-877c950d210b", "indicator--5526b1a1-6b80-42ad-901c-877c950d210b", "indicator--5526b1a1-76d0-4387-a378-877c950d210b", "indicator--5526b1b0-f038-422f-90c2-82e1950d210b", "indicator--5526b1b1-2dcc-4926-9bd4-82e1950d210b", "indicator--5526b1b1-ca14-4ec4-9dbd-82e1950d210b", "indicator--5526b1b1-85f4-4057-ab0a-82e1950d210b", "indicator--5526b1b1-48dc-483d-8619-82e1950d210b", "indicator--5526b1b1-0144-42e6-b8f7-82e1950d210b", "indicator--5526b1b1-38f0-4ec7-8915-82e1950d210b", "indicator--5526b1b1-9848-445b-b9fe-82e1950d210b", "indicator--5526b1b1-0798-4dd2-a1e0-82e1950d210b", "indicator--5526b1b1-7364-4dca-98ae-82e1950d210b", "indicator--5526b1b2-8128-44e9-8020-82e1950d210b", "indicator--5526b1b2-7e10-4022-85da-82e1950d210b", "indicator--5526b1b2-5cb4-4fe0-a8b8-82e1950d210b", "indicator--5526b1b2-0100-4891-864e-82e1950d210b", "indicator--5526b1b2-8024-4eff-a69d-82e1950d210b", "indicator--5526b1b2-a274-4799-8170-82e1950d210b", "indicator--5526b1b2-4e08-4967-bfc8-82e1950d210b", "indicator--5526b1b2-a068-4dbf-a86a-82e1950d210b", "indicator--5526b1b2-30ec-494f-8456-82e1950d210b", "indicator--5526b1b3-c130-4001-90a5-82e1950d210b", "indicator--5526b1b3-5d08-4200-bc28-82e1950d210b", "indicator--5526b1b3-f3c4-4b68-84c6-82e1950d210b", "indicator--5526b1b3-4d98-4b4a-bfcc-82e1950d210b", "indicator--5526b1b3-e080-46f8-9b3a-82e1950d210b", "indicator--5526b1b3-a37c-4c6d-b2c7-82e1950d210b", "indicator--5526b1b3-6ccc-4882-8e82-82e1950d210b", "indicator--5526b1b3-9aac-4daa-af65-82e1950d210b", "indicator--5526b1b3-fd10-4834-b9a9-82e1950d210b", "indicator--5526b1d1-d6dc-4280-86a5-baee950d210b", "indicator--5526b1d1-a360-471a-a221-baee950d210b", "indicator--5526b1ea-2c2c-465f-855a-60dc950d210b", "indicator--5526b1ea-a9c4-480a-8f0a-60dc950d210b", "indicator--5526b210-4760-4a62-8195-5bf3950d210b", "indicator--5526b210-97cc-4c22-87d1-5bf3950d210b", "indicator--5526b210-4740-4b85-b7af-5bf3950d210b", "indicator--5526b210-4470-4eaf-a8b4-5bf3950d210b", "indicator--5526b211-5530-4eb3-84cd-5bf3950d210b", "indicator--5526b22a-4560-4244-b2af-8de1950d210b", "indicator--5526b247-0c28-42ad-bbd0-82e1950d210b", "indicator--5526b247-3168-497e-b1ef-82e1950d210b", "indicator--5526b248-1d5c-45f0-bfe0-82e1950d210b", "indicator--5526b248-df7c-4b87-9216-82e1950d210b", "indicator--5526b248-9f64-4197-ace9-82e1950d210b", "indicator--5526b248-fc50-42f0-af10-82e1950d210b", "indicator--5526b248-0e6c-4f3c-8beb-82e1950d210b", "indicator--5526b2a0-fea8-46fc-915a-baee950d210b", "indicator--5526b2a0-3824-4f46-9012-baee950d210b", "indicator--5526b2a0-f8e4-416a-a3e0-baee950d210b", "indicator--5526b2a0-57e8-4141-a0cb-baee950d210b", "indicator--5526b2a0-da68-4fc7-a901-baee950d210b", "indicator--5526b2a0-6fa8-495a-9cac-baee950d210b", "indicator--5526b2a0-2d24-49b8-90b5-baee950d210b", "indicator--5526b2a0-bac0-40cb-9618-baee950d210b", "indicator--5526b2a0-7ec8-4f41-bfd7-baee950d210b", "indicator--5526b2a1-2798-4ebf-a9ce-baee950d210b", "indicator--5526b2a1-2574-4bb9-be21-baee950d210b", "indicator--5526b2a1-4680-49ad-a6f6-baee950d210b", "indicator--5526b2a1-a6fc-4fd5-ab5f-baee950d210b", "indicator--5526b2a1-4540-4d26-b8df-baee950d210b", "x-misp-attribute--5526b34b-04a4-439f-8c49-60dc950d210b", "x-misp-attribute--5526b34c-da70-47dd-b2ab-60dc950d210b", "x-misp-attribute--5526b34c-7108-4689-b265-60dc950d210b", "x-misp-attribute--5526b34c-2d68-49f9-99ac-60dc950d210b", "x-misp-attribute--5526b34c-290c-438e-9427-60dc950d210b", "x-misp-attribute--5526b34c-1514-4da2-ae0e-60dc950d210b", "x-misp-attribute--5526b34c-4b20-4f04-b8ee-60dc950d210b", "x-misp-attribute--5526b34c-e5c4-446d-b71a-60dc950d210b", "x-misp-attribute--5526b34c-e348-4824-8219-60dc950d210b", "x-misp-attribute--5526b34c-cc68-4de7-9a14-60dc950d210b", "x-misp-attribute--5526b34d-fc40-452a-826a-60dc950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5526b0fd-4e90-4565-9a70-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:03:57.000Z", "modified": "2015-04-09T17:03:57.000Z", "first_observed": "2015-04-09T17:03:57Z", "last_observed": "2015-04-09T17:03:57Z", "number_observed": 1, "object_refs": [ "url--5526b0fd-4e90-4565-9a70-60dc950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5526b0fd-4e90-4565-9a70-60dc950d210b", "value": "https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b107-6928-4793-99d0-74b2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:04:07.000Z", "modified": "2015-04-09T17:04:07.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Kriptovor" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b16e-bf3c-4f90-8e99-961d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:05:50.000Z", "modified": "2015-04-09T17:05:50.000Z", "pattern": "[file:hashes.MD5 = '488ba9382c9ee260bbca1ef03e843981']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:05:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-99c0-4ecc-a9ac-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '19266c9182e8232ff286ff2f276000c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-1cc8-4cba-9195-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '2191510667defe7f386fc1c889e5b731']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-c460-4b9f-a8e7-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '23afbf34eb2cbe2043a69233c6d1301b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-5314-4d5a-a072-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '28dae07573fecee2b28137205f8d9a98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-61c4-4fef-8516-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '2ea06433f5ae3bffa5896100d5361458']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-cf84-4eaa-9e92-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '39391e022ce89784eb46fed43c8aa341']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19e-da94-4de0-8910-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:38.000Z", "modified": "2015-04-09T17:06:38.000Z", "pattern": "[file:hashes.MD5 = '4add1925e46ed6576861f62ebb016185']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-1e4c-40b5-9a3a-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '68dfcb48d99a0735fdf477b869eac9df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-e268-4c3e-9c40-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '6e618523c3eb5c286149c020fd6afadd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-c900-4838-ae15-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '79b4c9f1b81b26853ea74adf4559d5f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-1b60-496e-bff5-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '7da180d0e49ee2b892c25bc93865b250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-b60c-4721-85a3-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '890c9bb8b257636a6e2081acdfdd6e3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-e9fc-4d68-ae5a-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '89fd244336cdb8fab0527609ca738afb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-d568-4a20-a4cd-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '8dbb0f6470af1876af0b00d8eb6c0bd3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-0848-42dc-b577-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '90a75836352c7662cb63dbc566f8e2de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b19f-b9f8-4467-a0f0-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:39.000Z", "modified": "2015-04-09T17:06:39.000Z", "pattern": "[file:hashes.MD5 = '90f1572e1bfe9f41bbdbd4774411aeb9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-330c-4590-9434-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'a08b44d7f569c36e33cd9042ba7e5b42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-fc50-49ab-bf54-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'a46db27f911d928d359e7a1b8fdee0e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-6994-40cf-b2fc-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'a5d87890fa20020e6fdb1d7408c8a1ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-efc4-4a8f-8633-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'af6d27b47ae5a39db78972be5cbd3fa0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-7d7c-4f45-8eac-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'b62fe0f712e6d60fbcaa1ad97ffef952']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-d3d4-4091-a814-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'd2aa056f1cb2b24e1ab4bb43169d8029']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-ea94-4a2b-94a8-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'd44247b3e8d0d40a5b128c66af3de0ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-e1f8-4725-942f-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'd830c65be2ffc18ea16ba936bd3b9e61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a0-1290-44e6-bca2-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:40.000Z", "modified": "2015-04-09T17:06:40.000Z", "pattern": "[file:hashes.MD5 = 'dcadfe8c1da9616b69b1101e7980f263']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a1-b134-45a1-9e81-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:41.000Z", "modified": "2015-04-09T17:06:41.000Z", "pattern": "[file:hashes.MD5 = 'dceaf98d6aa90d42fc89f78cc3153689']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a1-5884-4cd3-aa60-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:41.000Z", "modified": "2015-04-09T17:06:41.000Z", "pattern": "[file:hashes.MD5 = 'e5765ebfdbe441e444d30ae804f9e01b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a1-6b80-42ad-901c-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:41.000Z", "modified": "2015-04-09T17:06:41.000Z", "pattern": "[file:hashes.MD5 = 'e5a65138290f1f972a29fdab52990eb9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1a1-76d0-4387-a378-877c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:41.000Z", "modified": "2015-04-09T17:06:41.000Z", "pattern": "[file:hashes.MD5 = 'fdd4f8ba09da78e1ff2957305d71563f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b0-f038-422f-90c2-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:56.000Z", "modified": "2015-04-09T17:06:56.000Z", "pattern": "[file:hashes.MD5 = '029ffc5ddf1e3c4181fe2fa74faaf923']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-2dcc-4926-9bd4-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '0c99625be98b89a5eb25ec512d02bbb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-ca14-4ec4-9dbd-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '11bd9b1da90e0ffa2701ce83573057a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-85f4-4057-ab0a-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '16ef21dc28880a9bf4cd466618bcc2b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-48dc-483d-8619-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '2771174563606448a10cb0b5062825a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-0144-42e6-b8f7-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '2bcc3a2178cf01aece6284ef0932181b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-38f0-4ec7-8915-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '2f7e5cf944eeb5ac2254a5cf40198248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-9848-445b-b9fe-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '3860c6a9b06f6bbd0063367dbe8be3e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-0798-4dd2-a1e0-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '522dd6d774e7f53108e73a5f3935ba20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b1-7364-4dca-98ae-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:57.000Z", "modified": "2015-04-09T17:06:57.000Z", "pattern": "[file:hashes.MD5 = '59b3597c3bbb8b389c02cce660431b75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-8128-44e9-8020-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = '74fa97a2308f3e33fc6ad1e504057ed1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-7e10-4022-85da-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = '7bb86f70896668026b6d4b5367286d6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-5cb4-4fe0-a8b8-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = '7c1a50f254d1f3adbd8ccf288999ffe7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-0100-4891-864e-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = 'a0a616b10019f1205a33462ab383c64b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-8024-4eff-a69d-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = 'a289ee37d8f17ef34dbf3751c3736162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-a274-4799-8170-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = 'b98abbf8d47113dd53216bcfd0356175']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-4e08-4967-bfc8-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = 'b9cd15b5508608cd05dfa26b6a7c9acb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-a068-4dbf-a86a-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = 'bddf850fe166ae3c2b0d142eb635b031']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b2-30ec-494f-8456-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:58.000Z", "modified": "2015-04-09T17:06:58.000Z", "pattern": "[file:hashes.MD5 = 'c1d844f9234edace188b4fcbd71f3393']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-c130-4001-90a5-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'c3ab87f85ca07a7d026d3cbd54029bbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-5d08-4200-bc28-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'd400ff2788705fc520fe8b6ada8d7b5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-f3c4-4b68-84c6-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'd42851d1a6b657506a71e4029e377a45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-4d98-4b4a-bfcc-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'db4c2df5984e143abbfae023ee932ff8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-e080-46f8-9b3a-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'e426309faa42e406e5c0691bf5005781']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-a37c-4c6d-b2c7-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'ec673988e825ee278d2637e6d7b04fad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-6ccc-4882-8e82-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'f3ec248bbaab9b806941be521c92ebf7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-9aac-4daa-af65-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'f4b011f3b4b4f8a0ec39c34edfe0cbe4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1b3-fd10-4834-b9a9-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:06:59.000Z", "modified": "2015-04-09T17:06:59.000Z", "pattern": "[file:hashes.MD5 = 'fccb80162484b146619b4a9d9d0f6df9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:06:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1d1-d6dc-4280-86a5-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:07:29.000Z", "modified": "2015-04-09T17:07:29.000Z", "description": "RAR files", "pattern": "[file:hashes.MD5 = '30a42d0fc3a805a356972aae7359c381']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:07:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1d1-a360-471a-a221-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:07:29.000Z", "modified": "2015-04-09T17:07:29.000Z", "description": "RAR files", "pattern": "[file:hashes.MD5 = '98c3c1a643dada6d29b3cde71154535b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:07:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1ea-2c2c-465f-855a-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:07:54.000Z", "modified": "2015-04-09T17:07:54.000Z", "description": "Trojan & Ransomware", "pattern": "[file:hashes.MD5 = '00e3b69b18bfad7980c1621256ee10fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:07:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b1ea-a9c4-480a-8f0a-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:07:54.000Z", "modified": "2015-04-09T17:07:54.000Z", "description": "Trojan & Ransomware", "pattern": "[file:hashes.MD5 = '29fe76f31482a42ba72f4015812184a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:07:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b210-4760-4a62-8195-5bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:08:32.000Z", "modified": "2015-04-09T17:08:32.000Z", "pattern": "[domain-name:value = 'plantsroyal.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b210-97cc-4c22-87d1-5bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:08:32.000Z", "modified": "2015-04-09T17:08:32.000Z", "pattern": "[domain-name:value = 'ripola.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b210-4740-4b85-b7af-5bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:08:32.000Z", "modified": "2015-04-09T17:08:32.000Z", "pattern": "[domain-name:value = 'valanoice.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b210-4470-4eaf-a8b4-5bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:08:32.000Z", "modified": "2015-04-09T17:08:32.000Z", "pattern": "[domain-name:value = 'adorephoto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b211-5530-4eb3-84cd-5bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:08:33.000Z", "modified": "2015-04-09T17:08:33.000Z", "pattern": "[domain-name:value = 'jackropely.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b22a-4560-4244-b2af-8de1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:08:58.000Z", "modified": "2015-04-09T17:08:58.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.96.147.86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b247-0c28-42ad-bbd0-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:27.000Z", "modified": "2015-04-09T17:09:27.000Z", "pattern": "[mutex:name = 'cramator']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b247-3168-497e-b1ef-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:27.000Z", "modified": "2015-04-09T17:09:27.000Z", "pattern": "[mutex:name = 'rocs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b248-1d5c-45f0-bfe0-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:28.000Z", "modified": "2015-04-09T17:09:28.000Z", "pattern": "[mutex:name = 'galaxy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b248-df7c-4b87-9216-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:28.000Z", "modified": "2015-04-09T17:09:28.000Z", "pattern": "[mutex:name = 'pilsner']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b248-9f64-4197-ace9-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:28.000Z", "modified": "2015-04-09T17:09:28.000Z", "pattern": "[mutex:name = 'palder']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b248-fc50-42f0-af10-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:28.000Z", "modified": "2015-04-09T17:09:28.000Z", "pattern": "[mutex:name = 'letorna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b248-0e6c-4f3c-8beb-82e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:09:28.000Z", "modified": "2015-04-09T17:09:28.000Z", "pattern": "[mutex:name = 'gordon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-fea8-46fc-915a-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://jackropely.org/talker/monopolker.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-3824-4f46-9012-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://jackropely.org/talker/tirony.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-f8e4-416a-a3e0-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://plantsroyal.org/css/dina.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-57e8-4141-a0cb-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://plantsroyal.org/css/dissa.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-da68-4fc7-a901-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://plantsroyal.org/css/papalore.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-6fa8-495a-9cac-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://plantsroyal.org/css/parken.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-2d24-49b8-90b5-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://plantsroyal.org/css/pibody.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-bac0-40cb-9618-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://plantsroyal.org/css/salomon.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a0-7ec8-4f41-bfd7-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:56.000Z", "modified": "2015-04-09T17:10:56.000Z", "pattern": "[url:value = 'http://ripola.net/data/darling.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a1-2798-4ebf-a9ce-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:57.000Z", "modified": "2015-04-09T17:10:57.000Z", "pattern": "[url:value = 'http://ripola.net/rist/ristan/poper.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a1-2574-4bb9-be21-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:57.000Z", "modified": "2015-04-09T17:10:57.000Z", "pattern": "[url:value = 'http://valanoice..org/talker/monopolker.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a1-4680-49ad-a6f6-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:57.000Z", "modified": "2015-04-09T17:10:57.000Z", "pattern": "[url:value = 'http://valanoice.org/corton/paltor.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a1-a6fc-4fd5-ab5f-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:57.000Z", "modified": "2015-04-09T17:10:57.000Z", "pattern": "[url:value = 'http://valanoice.org/dallas/rocket.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5526b2a1-4540-4d26-b8df-baee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:10:57.000Z", "modified": "2015-04-09T17:10:57.000Z", "pattern": "[url:value = 'http://valanoice.org/talker/simma.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-09T17:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34b-04a4-439f-8c49-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:47.000Z", "modified": "2015-04-09T17:13:47.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "6443rFtget22" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-da70-47dd-b2ab-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "7Gthfy67Tge" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-7108-4689-b265-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "7Qr4r3fgTr5e4" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-2d68-49f9-99ac-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "Hygtrfegt564tgrhjfy" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-290c-438e-9427-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "IjhT6tGhrg" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-1514-4da2-ae0e-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "Ijhy6tGtyrh3" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-4b20-4f04-b8ee-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "j9888UjfjuthjJ" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-e5c4-446d-b71a-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "u6673764Yhgr" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-e348-4824-8219-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "u6673764Yhgrt7" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34c-cc68-4de7-9a14-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:48.000Z", "modified": "2015-04-09T17:13:48.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "u76yHytg65rtgeqd" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5526b34d-fc40-452a-826a-60dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-09T17:13:49.000Z", "modified": "2015-04-09T17:13:49.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password for RAR file", "x_misp_type": "text", "x_misp_value": "Ujht6yTgrt63" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }