{ "type": "bundle", "id": "bundle--553ea363-7aa4-426b-8f54-ad70950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-02-04T21:23:19.000Z", "modified": "2018-02-04T21:23:19.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--553ea363-7aa4-426b-8f54-ad70950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-02-04T21:23:19.000Z", "modified": "2018-02-04T21:23:19.000Z", "name": "OSINT Attacks against Israeli & Palestinian interests by PwC", "published": "2018-02-04T21:23:44Z", "object_refs": [ "observed-data--553ea3e2-9adc-4432-b00b-ba7f950d210b", "url--553ea3e2-9adc-4432-b00b-ba7f950d210b", "indicator--553ea3fc-c4a4-4b75-a18f-5c47950d210b", "indicator--553ea4d0-c458-4826-a414-f38d950d210b", "indicator--553ea4d0-9d08-4aab-880c-f38d950d210b", "indicator--553ea4d0-f5f8-45a5-ab07-f38d950d210b", "indicator--553ea4d0-9e28-4402-8ff5-f38d950d210b", "indicator--553ea4d0-79d4-4e9a-958d-f38d950d210b", "indicator--553ea4d0-d928-489f-a732-f38d950d210b", "indicator--553ea501-72f4-4d3b-98c4-ba7f950d210b", "indicator--553ea501-1dcc-4f72-9c81-ba7f950d210b", "indicator--553ea501-3c3c-471a-a77a-ba7f950d210b", "indicator--553ea501-aa08-4dca-bb1e-ba7f950d210b", "indicator--553ea501-fd98-4bc9-8e8b-ba7f950d210b", "indicator--553ea502-892c-4052-a59a-ba7f950d210b", "indicator--553ea502-cd08-4911-8ac1-ba7f950d210b", "indicator--553ea502-1cc0-426e-baa7-ba7f950d210b", "indicator--553ea502-a180-48a0-8f41-ba7f950d210b", "indicator--553ea502-e1d8-4fb1-8563-ba7f950d210b", "indicator--553ea502-31e4-419a-ac77-ba7f950d210b", "indicator--553ea502-03c8-44d2-9ae9-ba7f950d210b", "indicator--553ea502-d2b4-4126-9e14-ba7f950d210b", "indicator--553ea502-47b4-41f6-9ff5-ba7f950d210b", "indicator--553ea503-b0c8-41b8-9796-ba7f950d210b", "indicator--553ea503-0b48-4cc0-8338-ba7f950d210b", "indicator--553ea503-60c0-4dfb-b454-ba7f950d210b", "indicator--553ea503-7b94-42a9-a8b1-ba7f950d210b", "indicator--553ea503-27c8-4b7c-813e-ba7f950d210b", "indicator--553ea503-17fc-45d2-9e68-ba7f950d210b", "indicator--553ea503-8774-40eb-a148-ba7f950d210b", "indicator--553ea503-8764-4007-996a-ba7f950d210b", "indicator--553ea504-dd68-4ced-a258-ba7f950d210b", "indicator--553ea504-4424-4719-95ee-ba7f950d210b", "indicator--553ea504-a148-492d-bc71-ba7f950d210b", "indicator--553ea5a6-cf94-4fec-b254-f38d950d210b", "indicator--553ea5a6-a648-4baa-a14b-f38d950d210b", "indicator--553ea5a6-100c-4a1f-90a0-f38d950d210b", "indicator--553ea5af-75ec-4da4-a9f3-7df3950d210b", "indicator--553ea5b0-5ec0-439a-a136-7df3950d210b", "indicator--553ea5b0-1f80-471e-a215-7df3950d210b", "indicator--553ea5b0-1df4-4954-a9d7-7df3950d210b", "indicator--553ea5b0-d1e4-4528-ad67-7df3950d210b", "indicator--553ea5b0-6a6c-4de7-916c-7df3950d210b", "indicator--553ea5b0-2748-47ba-8a3d-7df3950d210b", "indicator--553ea5b0-cbe8-4e49-9754-7df3950d210b", "indicator--553ea5b0-e890-4d0d-8da7-7df3950d210b", "indicator--553ea5b1-bd38-4152-995d-7df3950d210b", "indicator--553ea5b1-4a9c-40f4-b633-7df3950d210b", "indicator--553ea5b1-4770-487a-a2c2-7df3950d210b", "indicator--553ea5b1-1b24-44a5-b4d7-7df3950d210b", "indicator--553ea5b1-ff54-4d56-9f0d-7df3950d210b", "indicator--553ea5b1-2aa0-44eb-a0b8-7df3950d210b", "indicator--553ea5b1-a00c-4d40-953b-7df3950d210b", "indicator--553ea5b1-6898-456d-9d88-7df3950d210b", "indicator--553ea5b2-2d68-4aac-993d-7df3950d210b", "indicator--553ea5b2-bce0-45e2-879f-7df3950d210b", "indicator--553ea5b2-0c54-48ce-b636-7df3950d210b", "indicator--553ea5b2-828c-403e-8831-7df3950d210b", "indicator--553ea5b2-3928-4247-86fd-7df3950d210b", "indicator--553ea5b2-da54-47ca-9cc0-7df3950d210b", "indicator--553ea5b2-b9d8-4001-b6b5-7df3950d210b", "indicator--553ea5b2-636c-4895-ab17-7df3950d210b", "indicator--553ea5b3-2500-4957-9bf5-7df3950d210b", "indicator--553ea5b3-cfd4-49c4-8a27-7df3950d210b", "indicator--553ea5b3-2680-4ef8-abfa-7df3950d210b", "indicator--553ea5b3-5980-4491-b72c-7df3950d210b", "indicator--553ea5b3-3a8c-4000-bd10-7df3950d210b", "indicator--553ea5b3-6df4-439a-b3fb-7df3950d210b", "indicator--553ea5b3-07fc-4556-8e61-7df3950d210b", "indicator--553ea5f1-4f74-4b2e-8aef-069f950d210b", "indicator--553ea5f1-60a8-4e91-8a5e-069f950d210b", "indicator--553ea5f1-dfcc-4832-ab96-069f950d210b", "indicator--553ea5f1-e7a8-45d5-ad9c-069f950d210b", "indicator--553ea5f1-e79c-4df8-afa5-069f950d210b", "indicator--553ea5f1-5370-4b69-b208-069f950d210b", "indicator--553ea5f1-21b4-4d4f-99a0-069f950d210b", "indicator--553ea5f1-ff3c-4991-bce3-069f950d210b", "indicator--553ea5f2-38b4-45e5-af77-069f950d210b", "indicator--553ea5f2-da38-44ad-8510-069f950d210b", "indicator--553ea60d-1f7c-4bf6-8aa7-f38d950d210b", "indicator--553ea69e-bdd8-410b-98f2-7df4950d210b", "indicator--553ea69e-f448-4133-952a-7df4950d210b", "indicator--553ea69e-3fe0-4239-81ac-7df4950d210b", "observed-data--553ea6e9-68bc-4fea-8b0d-ad6d950d210b", "url--553ea6e9-68bc-4fea-8b0d-ad6d950d210b", "indicator--56c65b66-31cc-44b3-87d8-599d950d210f", "indicator--56c65b68-1028-4690-ad05-4bd6950d210f", "indicator--56c65b6a-fa68-4335-b1b2-599f950d210f", "indicator--56c65b6c-6984-41f1-80f7-599d950d210f", "indicator--56c65b6d-eb60-41d2-b66e-5ca1950d210f", "indicator--56c65b6f-0fe8-462a-921d-59a4950d210f", "indicator--56c65b71-0c60-46ca-bc16-c650950d210f", "indicator--56c65b73-aac4-4165-8338-59a2950d210f", "indicator--56c65b75-278c-421b-9ac1-48b5950d210f", "indicator--56c65b76-8798-4e2a-8e18-c652950d210f", "indicator--56c65b78-c284-4c46-85d8-c654950d210f", "indicator--56c65b7a-41b0-4394-8896-401d950d210f", "indicator--56c65b7b-b638-45c6-8805-457c950d210f", "indicator--56c65b7e-2340-4582-8742-4ef7950d210f", "indicator--56c65b7f-b440-49df-8790-c651950d210f", "indicator--56c65b81-9f28-4766-9da8-599f950d210f", "indicator--56c65b83-088c-4a6c-b26e-4eb5950d210f", "indicator--56c65b85-3fd0-446d-b27e-599e950d210f", "indicator--56c65b87-3bf0-4bf8-9b1b-59a1950d210f", "indicator--56c65b88-8ec8-4223-8876-5f51950d210f", "indicator--56c65b8a-e6e8-4d6d-a440-5ca1950d210f", "indicator--56c65b67-02cc-4e07-ab72-c652950d210f", "indicator--56c65b68-8d98-45bb-a12e-4ad8950d210f", "indicator--56c65b6a-7dfc-4cbf-b4eb-5f51950d210f", "indicator--56c65b6c-7518-408a-9df8-599c950d210f", "indicator--56c65b6e-f1ec-4cd4-8003-408b950d210f", "indicator--56c65b70-3e28-4f7e-8aec-c654950d210f", "indicator--56c65b72-2fc4-4f2f-b527-c653950d210f", "indicator--56c65b73-da4c-4630-bc08-59a1950d210f", "indicator--56c65b75-0c00-400e-ad78-4c81950d210f", "indicator--56c65b77-c504-4b7f-b510-599e950d210f", "indicator--56c65b79-cbd0-4b99-97e9-c651950d210f", "indicator--56c65b7a-43c8-4f09-99c6-59a1950d210f", "indicator--56c65b7c-f558-467f-beaf-c654950d210f", "indicator--56c65b7e-d13c-447d-847d-c653950d210f", "indicator--56c65b80-145c-4b6a-9286-4696950d210f", "indicator--56c65b82-bae8-48d4-83c2-c651950d210f", "indicator--56c65b84-d4ac-4702-8e6c-599d950d210f", "indicator--56c65b86-df2c-4d5a-afb9-59a2950d210f", "indicator--56c65b87-b28c-451d-865b-599c950d210f", "indicator--56c65b89-c7ec-4143-9e7e-c652950d210f", "indicator--56c65b8b-dab0-4b90-a6d3-47d7950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--553ea3e2-9adc-4432-b00b-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:02:26.000Z", "modified": "2015-04-27T21:02:26.000Z", "first_observed": "2015-04-27T21:02:26Z", "last_observed": "2015-04-27T21:02:26Z", "number_observed": 1, "object_refs": [ "url--553ea3e2-9adc-4432-b00b-ba7f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--553ea3e2-9adc-4432-b00b-ba7f950d210b", "value": "http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea3fc-c4a4-4b75-a18f-5c47950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:02:52.000Z", "modified": "2015-04-27T21:02:52.000Z", "pattern": "[file:hashes.SHA256 = 'ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:02:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea4d0-c458-4826-a414-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:06:24.000Z", "modified": "2015-04-27T21:06:24.000Z", "pattern": "[domain-name:value = 'rotter2.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:06:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea4d0-9d08-4aab-880c-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:06:24.000Z", "modified": "2015-04-27T21:06:24.000Z", "pattern": "[domain-name:value = 'haartezenglish.strangled.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:06:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea4d0-f5f8-45a5-ab07-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:06:24.000Z", "modified": "2015-04-27T21:06:24.000Z", "pattern": "[domain-name:value = 'wallanews.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:06:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea4d0-9e28-4402-8ff5-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:06:24.000Z", "modified": "2015-04-27T21:06:24.000Z", "pattern": "[domain-name:value = 'ynet.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:06:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea4d0-79d4-4e9a-958d-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:06:24.000Z", "modified": "2015-04-27T21:06:24.000Z", "pattern": "[domain-name:value = 'safar.selfip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:06:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea4d0-d928-489f-a732-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:06:24.000Z", "modified": "2015-04-27T21:06:24.000Z", "pattern": "[domain-name:value = 'depka.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:06:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea501-72f4-4d3b-98c4-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:13.000Z", "modified": "2015-04-27T21:07:13.000Z", "pattern": "[file:hashes.SHA256 = '8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea501-1dcc-4f72-9c81-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:13.000Z", "modified": "2015-04-27T21:07:13.000Z", "pattern": "[file:hashes.SHA256 = 'bfe727f2f238f11eb989e5b76efd24ad2b41df3cf7dabf7077dfaace834e7f03']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea501-3c3c-471a-a77a-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:13.000Z", "modified": "2015-04-27T21:07:13.000Z", "pattern": "[file:hashes.SHA256 = 'dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea501-aa08-4dca-bb1e-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:13.000Z", "modified": "2015-04-27T21:07:13.000Z", "pattern": "[file:hashes.SHA256 = '2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea501-fd98-4bc9-8e8b-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:13.000Z", "modified": "2015-04-27T21:07:13.000Z", "pattern": "[file:hashes.SHA256 = 'f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-892c-4052-a59a-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = '1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-cd08-4911-8ac1-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = '95b2f926ae173ab45d6dac4039f0b91eb24699e6d11b621bbcebd860752e5d5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-1cc0-426e-baa7-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = 'da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-a180-48a0-8f41-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = 'a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-e1d8-4fb1-8563-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = '2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-31e4-419a-ac77-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = 'e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-03c8-44d2-9ae9-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = 'c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-d2b4-4126-9e14-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = '047e8d542e2fcdf0f4dd45e2b19848771d01abc90d161d05242b79c52cdd248d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea502-47b4-41f6-9ff5-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:14.000Z", "modified": "2015-04-27T21:07:14.000Z", "pattern": "[file:hashes.SHA256 = '25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-b0c8-41b8-9796-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = 'b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-0b48-4cc0-8338-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = 'de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-60c0-4dfb-b454-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = 'f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-7b94-42a9-a8b1-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = '14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-27c8-4b7c-813e-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = '488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-17fc-45d2-9e68-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = 'b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-8774-40eb-a148-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = '324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea503-8764-4007-996a-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:15.000Z", "modified": "2015-04-27T21:07:15.000Z", "pattern": "[file:hashes.SHA256 = 'd6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea504-dd68-4ced-a258-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:16.000Z", "modified": "2015-04-27T21:07:16.000Z", "pattern": "[file:hashes.SHA256 = '88e7a7e815565b92af81761ae7b9153b7507677df3d3b77e8ce68787ad1826d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea504-4424-4719-95ee-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:16.000Z", "modified": "2015-04-27T21:07:16.000Z", "pattern": "[file:hashes.SHA256 = 'f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea504-a148-492d-bc71-ba7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:07:16.000Z", "modified": "2015-04-27T21:07:16.000Z", "pattern": "[file:hashes.SHA256 = 'bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5a6-cf94-4fec-b254-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:09:58.000Z", "modified": "2015-04-27T21:09:58.000Z", "pattern": "[domain-name:value = 'cbbnews.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:09:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5a6-a648-4baa-a14b-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:09:58.000Z", "modified": "2015-04-27T21:09:58.000Z", "pattern": "[domain-name:value = 'chromeupdt.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:09:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5a6-100c-4a1f-90a0-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:09:58.000Z", "modified": "2015-04-27T21:09:58.000Z", "pattern": "[domain-name:value = 'store-legal.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:09:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5af-75ec-4da4-a9f3-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:07.000Z", "modified": "2015-04-27T21:10:07.000Z", "pattern": "[domain-name:value = 'ajaxo.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-5ec0-439a-a136-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'backjadwer.bounceme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-1f80-471e-a215-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'bandao.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-1df4-4954-a9d7-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'deapka.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-d1e4-4528-ad67-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'download.likescandy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-6a6c-4de7-916c-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'downloadlog.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-2748-47ba-8a3d-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'downloadmyhost.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-cbe8-4e49-9754-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'downloadskype.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b0-e890-4d0d-8da7-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:08.000Z", "modified": "2015-04-27T21:10:08.000Z", "pattern": "[domain-name:value = 'duntat.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-bd38-4152-995d-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'fastbingcom.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-4a9c-40f4-b633-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'gaonsmom.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-4770-487a-a2c2-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'haartezenglish.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-1b24-44a5-b4d7-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'help2014.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-ff54-4d56-9f0d-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'kaliob.selfip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-2aa0-44eb-a0b8-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'kaswer12.strangled.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-a00c-4d40-953b-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'kaswer13.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b1-6898-456d-9d88-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:09.000Z", "modified": "2015-04-27T21:10:09.000Z", "pattern": "[domain-name:value = 'kolabdown.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-2d68-4aac-993d-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'lilian.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-bce0-45e2-879f-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'nazer.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-0c54-48ce-b636-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'noredirecto.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-828c-403e-8831-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'orango.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-3928-4247-86fd-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'redirectlnk.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-da54-47ca-9cc0-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'rotter2.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-b9d8-4001-b6b5-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'safara.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b2-636c-4895-ab17-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:10.000Z", "modified": "2015-04-27T21:10:10.000Z", "pattern": "[domain-name:value = 'safari.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-2500-4957-9bf5-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'tango.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-cfd4-49c4-8a27-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'thenewupdate.chickenkiller.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-2680-4ef8-abfa-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'thenewupdatee.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-5980-4491-b72c-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'totoman.no-ip.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-3a8c-4000-bd10-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'wallanews.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-6df4-439a-b3fb-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'webfile.myq-see.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5b3-07fc-4556-8e61-7df3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:10:11.000Z", "modified": "2015-04-27T21:10:11.000Z", "pattern": "[domain-name:value = 'ynet.ignorelist.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-4f74-4b2e-8aef-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.33.168.150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-60a8-4e91-8a5e-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.45.193.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-dfcc-4832-ab96-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.62.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-e7a8-45d5-ad9c-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-e79c-4df8-afa5-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-5370-4b69-b208-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.253.246.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-21b4-4d4f-99a0-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.122.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f1-ff3c-4991-bce3-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:13.000Z", "modified": "2015-04-27T21:11:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f2-38b4-45e5-af77-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:14.000Z", "modified": "2015-04-27T21:11:14.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.168.129.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea5f2-da38-44ad-8510-069f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:11:14.000Z", "modified": "2015-04-27T21:11:14.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.122.9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-27T21:11:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea60d-1f7c-4bf6-8aa7-f38d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-02-04T21:23:18.000Z", "modified": "2018-02-04T21:23:18.000Z", "pattern": "[rule DownExecute_A {\r\nmeta:\r\n author = \"PwC Cyber Threat Operations :: @tlansec\"\r\n date = \"2015-04\"\r\n reference = \"http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html\"\r\n description = \"Malware is often wrapped/protected, best to run on memory\"\r\n \r\nstrings:\r\n $winver1 = \"win 8.1\"\r\n $winver2 = \"win Server 2012 R2\"\r\n $winver3 = \"win Srv 2012\"\r\n $winver4 = \"win srv 2008 R2\"\r\n $winver5 = \"win srv 2008\"\r\n $winver6 = \"win vsta\"\r\n $winver7 = \"win srv 2003 R2\"\r\n $winver8 = \"win hm srv\"\r\n $winver9 = \"win Strg srv 2003\"\r\n $winver10 = \"win srv 2003\"\r\n $winver11 = \"win XP prof x64 edt\"\r\n $winver12 = \"win XP\"\r\n $winver13 = \"win 2000\"\r\n \r\n $pdb1 = \"D:\\\\Acms\\\\2\\\\docs\\\\Visual Studio 2013\\\\Projects\\\\DownloadExcute\\\\DownloadExcute\\\\Release\\\\DownExecute.pdb\"\r\n $pdb2 = \"d:\\\\acms\\\\2\\\\docs\\\\visual studio 2013\\\\projects\\\\downloadexcute\\\\downloadexcute\\\\downexecute\\\\json\\\\rapidjson\\\\writer.h\"\r\n $pdb3 = \":\\\\acms\\\\2\\\\docs\\\\visual studio 2013\\\\projects\\\\downloadexcute\\\\downloadexcute\\\\downexecute\\\\json\\\\rapidjson\\\\internal/stack.h\"\r\n $pdb4 = \"\\\\downloadexcute\\\\downexecute\\\\\"\r\n \r\n $magic1 = \" any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute URI (/dw/gtk)\"; flow:established,to_server; urilen:7; content:\"/dw/gtk\"; http_uri; depth:7; content:\"GET\" ; http_method; content:!\"User-Agent:\"; http_header; content:!\"Referer:\"; http_header; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999901; rev:2015200401;)]", "pattern_type": "snort", "pattern_version": "2.1", "valid_from": "2015-04-27T21:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea69e-f448-4133-952a-7df4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:14:06.000Z", "modified": "2015-04-27T21:14:06.000Z", "pattern": "[alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute URI (/dw/setup)\"; flow:established,to_server; urilen:>8; content:\"/dw/setup\"; http_uri; depth:9; content:\"POST\" ; http_method; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999902; rev:2015200401;)]", "pattern_type": "snort", "pattern_version": "2.1", "valid_from": "2015-04-27T21:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553ea69e-3fe0-4239-81ac-7df4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:14:06.000Z", "modified": "2015-04-27T21:14:06.000Z", "pattern": "[alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute Headers\"; flow:established,to_server; urilen:>7; content:\"Accept */*\"; http_client_body; content:\"Content-Type: multipart/form-data\\; boundary=------------------------\"; http_header; content: \"ci_session=\"; http_cookie; depth:11; content: \"POST\"; http_method; content:!\"Referer:\"; http_header; content:!\"User-Agent:\"; http_header; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999903; rev:2015200401;)]", "pattern_type": "snort", "pattern_version": "2.1", "valid_from": "2015-04-27T21:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--553ea6e9-68bc-4fea-8b0d-ad6d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-27T21:15:21.000Z", "modified": "2015-04-27T21:15:21.000Z", "first_observed": "2015-04-27T21:15:21Z", "last_observed": "2015-04-27T21:15:21Z", "number_observed": 1, "object_refs": [ "url--553ea6e9-68bc-4fea-8b0d-ad6d950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--553ea6e9-68bc-4fea-8b0d-ad6d950d210b", "value": "https://malwr.com/analysis/N2I1YmExMjNkMmM3NGQwMThlNjg5YmI4OGY3Mjc3ZmI" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b66-31cc-44b3-87d8-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:42.000Z", "modified": "2016-02-19T00:01:42.000Z", "description": "Automatically added (via ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9)", "pattern": "[file:hashes.MD5 = '360200d659519c5d398b05804975ebbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b68-1028-4690-ad05-4bd6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:44.000Z", "modified": "2016-02-19T00:01:44.000Z", "description": "Automatically added (via 8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9)", "pattern": "[file:hashes.MD5 = '89ff2642d8c6b0b49a009a36380495a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6a-fa68-4335-b1b2-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:46.000Z", "modified": "2016-02-19T00:01:46.000Z", "description": "Automatically added (via dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08)", "pattern": "[file:hashes.MD5 = 'e540076f48d7069bacb6d607f2d389d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6c-6984-41f1-80f7-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:48.000Z", "modified": "2016-02-19T00:01:48.000Z", "description": "Automatically added (via 2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3)", "pattern": "[file:hashes.MD5 = '77d43f0b32e30a3de6879610666f1b39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6d-eb60-41d2-b66e-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:49.000Z", "modified": "2016-02-19T00:01:49.000Z", "description": "Automatically added (via 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9)", "pattern": "[file:hashes.MD5 = 'ec05a45ebd201a83974229a79979a672']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6f-0fe8-462a-921d-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:51.000Z", "modified": "2016-02-19T00:01:51.000Z", "description": "Automatically added (via da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c)", "pattern": "[file:hashes.MD5 = 'cb008f71eb83e68b9f601533910b6cc8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b71-0c60-46ca-bc16-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:53.000Z", "modified": "2016-02-19T00:01:53.000Z", "description": "Automatically added (via a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4)", "pattern": "[file:hashes.MD5 = 'bc42a09888de8b311f2e9ab0fc966c8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b73-aac4-4165-8338-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:55.000Z", "modified": "2016-02-19T00:01:55.000Z", "description": "Automatically added (via 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f)", "pattern": "[file:hashes.MD5 = '23108c347282ff101a2104bcf54204a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b75-278c-421b-9ac1-48b5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:57.000Z", "modified": "2016-02-19T00:01:57.000Z", "description": "Automatically added (via e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f)", "pattern": "[file:hashes.MD5 = '02305cc3da69cf8d5cd2f6f5ea0ec0e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b76-8798-4e2a-8e18-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:58.000Z", "modified": "2016-02-19T00:01:58.000Z", "description": "Automatically added (via c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68)", "pattern": "[file:hashes.MD5 = '9c85c9400f941c4f2c8a1833fbc9283f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b78-c284-4c46-85d8-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:00.000Z", "modified": "2016-02-19T00:02:00.000Z", "description": "Automatically added (via 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff)", "pattern": "[file:hashes.MD5 = '27d3105273529cfca93f73865ee43a40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7a-41b0-4394-8896-401d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:02.000Z", "modified": "2016-02-19T00:02:02.000Z", "description": "Automatically added (via b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187)", "pattern": "[file:hashes.MD5 = 'b7b01ee8548d4097f528ae4280834667']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7b-b638-45c6-8805-457c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:03.000Z", "modified": "2016-02-19T00:02:03.000Z", "description": "Automatically added (via de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c)", "pattern": "[file:hashes.MD5 = '53754fc20891b33d600f57a6e5975a41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7e-2340-4582-8742-4ef7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:06.000Z", "modified": "2016-02-19T00:02:06.000Z", "description": "Automatically added (via f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404)", "pattern": "[file:hashes.MD5 = 'c7063f0178ea48e02f54769c0da275b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7f-b440-49df-8790-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:07.000Z", "modified": "2016-02-19T00:02:07.000Z", "description": "Automatically added (via 14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b)", "pattern": "[file:hashes.MD5 = '699067ce203ab9893943905e5b76f106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b81-9f28-4766-9da8-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:09.000Z", "modified": "2016-02-19T00:02:09.000Z", "description": "Automatically added (via 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff)", "pattern": "[file:hashes.MD5 = 'b0f49c2c29d3966125dd322a504799c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b83-088c-4a6c-b26e-4eb5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:11.000Z", "modified": "2016-02-19T00:02:11.000Z", "description": "Automatically added (via b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada)", "pattern": "[file:hashes.MD5 = '3dcb43a83a53a965b40de316c1593bca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b85-3fd0-446d-b27e-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:13.000Z", "modified": "2016-02-19T00:02:13.000Z", "description": "Automatically added (via 324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded)", "pattern": "[file:hashes.MD5 = '5e43b6ca1fa9536f31e09d9a418ac8c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b87-3bf0-4bf8-9b1b-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:15.000Z", "modified": "2016-02-19T00:02:15.000Z", "description": "Automatically added (via d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277)", "pattern": "[file:hashes.MD5 = '18d2222b56a499946e107721e5057a71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b88-8ec8-4223-8876-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:16.000Z", "modified": "2016-02-19T00:02:16.000Z", "description": "Automatically added (via f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee)", "pattern": "[file:hashes.MD5 = '6203dde9fad9da6f9a85d609397105f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b8a-e6e8-4d6d-a440-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:18.000Z", "modified": "2016-02-19T00:02:18.000Z", "description": "Automatically added (via bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b)", "pattern": "[file:hashes.MD5 = '7f684863780310a718254ff0f7f28ed2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b67-02cc-4e07-ab72-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:43.000Z", "modified": "2016-02-19T00:01:43.000Z", "description": "Automatically added (via ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9)", "pattern": "[file:hashes.SHA1 = '53c0008d517ca133be44f172f44c4b129d8e4c7a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b68-8d98-45bb-a12e-4ad8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:44.000Z", "modified": "2016-02-19T00:01:44.000Z", "description": "Automatically added (via 8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9)", "pattern": "[file:hashes.SHA1 = '89e71644f5da253f5c22b86eb5914be20fb9b067']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6a-7dfc-4cbf-b4eb-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:46.000Z", "modified": "2016-02-19T00:01:46.000Z", "description": "Automatically added (via dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08)", "pattern": "[file:hashes.SHA1 = '893723d32824802f95e77c81779c09dac0752b1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6c-7518-408a-9df8-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:48.000Z", "modified": "2016-02-19T00:01:48.000Z", "description": "Automatically added (via 2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3)", "pattern": "[file:hashes.SHA1 = 'e25d458c398b591bb6c6e6c8a3cfff17db2ea090']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b6e-f1ec-4cd4-8003-408b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:50.000Z", "modified": "2016-02-19T00:01:50.000Z", "description": "Automatically added (via 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9)", "pattern": "[file:hashes.SHA1 = 'b5ec494f4f82bffbe6d8ddcaa927aabebe2fbd9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b70-3e28-4f7e-8aec-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:52.000Z", "modified": "2016-02-19T00:01:52.000Z", "description": "Automatically added (via da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c)", "pattern": "[file:hashes.SHA1 = 'ce92d1c03fc8fc965134b9163fe450794580f120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b72-2fc4-4f2f-b527-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:54.000Z", "modified": "2016-02-19T00:01:54.000Z", "description": "Automatically added (via a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4)", "pattern": "[file:hashes.SHA1 = 'a0d914ee2a550f50f4d550863a23f724aab0f3ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b73-da4c-4630-bc08-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:55.000Z", "modified": "2016-02-19T00:01:55.000Z", "description": "Automatically added (via 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f)", "pattern": "[file:hashes.SHA1 = '278ab45a4c27ec3ba63dff735feccf0ef91132ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b75-0c00-400e-ad78-4c81950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:57.000Z", "modified": "2016-02-19T00:01:57.000Z", "description": "Automatically added (via e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f)", "pattern": "[file:hashes.SHA1 = '49ec769c344a9dfbe3c40b0d4511be328c91d983']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b77-c504-4b7f-b510-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:01:59.000Z", "modified": "2016-02-19T00:01:59.000Z", "description": "Automatically added (via c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68)", "pattern": "[file:hashes.SHA1 = '6293a9dc5b161fe3c26db6bdecc9cba15fdbe50e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b79-cbd0-4b99-97e9-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:01.000Z", "modified": "2016-02-19T00:02:01.000Z", "description": "Automatically added (via 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff)", "pattern": "[file:hashes.SHA1 = '5f0adbe4946e65ca32356e9dc68b6ccc5ef8b01a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7a-43c8-4f09-99c6-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:02.000Z", "modified": "2016-02-19T00:02:02.000Z", "description": "Automatically added (via b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187)", "pattern": "[file:hashes.SHA1 = 'cd195f91a78e478f3b7bef77d4a7f93bccc36f20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7c-f558-467f-beaf-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:04.000Z", "modified": "2016-02-19T00:02:04.000Z", "description": "Automatically added (via de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c)", "pattern": "[file:hashes.SHA1 = '830be8a5fefd30f2b2697f2c0dded59d9646d017']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b7e-d13c-447d-847d-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:06.000Z", "modified": "2016-02-19T00:02:06.000Z", "description": "Automatically added (via f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404)", "pattern": "[file:hashes.SHA1 = '89e37cb4324379165a3780bb57a2195ce67937ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b80-145c-4b6a-9286-4696950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:08.000Z", "modified": "2016-02-19T00:02:08.000Z", "description": "Automatically added (via 14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b)", "pattern": "[file:hashes.SHA1 = 'cd2565d041bbb3563b605978f4603da78e98e4a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b82-bae8-48d4-83c2-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:10.000Z", "modified": "2016-02-19T00:02:10.000Z", "description": "Automatically added (via 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff)", "pattern": "[file:hashes.SHA1 = '498edcff006dbf86b36cea721c0541ac86e06d66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b84-d4ac-4702-8e6c-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:12.000Z", "modified": "2016-02-19T00:02:12.000Z", "description": "Automatically added (via b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada)", "pattern": "[file:hashes.SHA1 = 'b95e8757b6935745dab2f6f943c73de3fe7b6d0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b86-df2c-4d5a-afb9-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:14.000Z", "modified": "2016-02-19T00:02:14.000Z", "description": "Automatically added (via 324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded)", "pattern": "[file:hashes.SHA1 = '0700d5b49f9a7f530874355e7c998407c8d21fc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b87-b28c-451d-865b-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:15.000Z", "modified": "2016-02-19T00:02:15.000Z", "description": "Automatically added (via d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277)", "pattern": "[file:hashes.SHA1 = 'c31d298a16a00f9d079afbb9f7f6d711bc96fdeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b89-c7ec-4143-9e7e-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:17.000Z", "modified": "2016-02-19T00:02:17.000Z", "description": "Automatically added (via f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee)", "pattern": "[file:hashes.SHA1 = '3ab9230f3e8e4af499040f2d88b9dda5fedbb888']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65b8b-dab0-4b90-a6d3-47d7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:02:19.000Z", "modified": "2016-02-19T00:02:19.000Z", "description": "Automatically added (via bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b)", "pattern": "[file:hashes.SHA1 = '1088706ce7d3c623896c6fed3090eacdca832263']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:02:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }