{
    "type": "bundle",
    "id": "bundle--55fa6843-4594-454d-bc79-4b0c950d210b",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:46.000Z",
            "modified": "2016-03-08T00:26:46.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--55fa6843-4594-454d-bc79-4b0c950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:46.000Z",
            "modified": "2016-03-08T00:26:46.000Z",
            "name": "OSINT - THE DUKES 7 years of Russian cyberespionage",
            "published": "2015-09-17T09:50:51Z",
            "object_refs": [
                "observed-data--55fa69ca-02a4-4a5f-9a0d-8489950d210b",
                "url--55fa69ca-02a4-4a5f-9a0d-8489950d210b",
                "observed-data--55fa69ca-53b0-4cd9-b0ce-8489950d210b",
                "url--55fa69ca-53b0-4cd9-b0ce-8489950d210b",
                "x-misp-attribute--55fa6d01-8460-45a4-ba0b-819a950d210b",
                "x-misp-attribute--55fa6ece-41d8-41d8-add9-8bdd950d210b",
                "x-misp-attribute--55fa6ece-edc4-4e10-b5be-8bdd950d210b",
                "x-misp-attribute--55fa6ecf-eeb0-4055-85c2-8bdd950d210b",
                "x-misp-attribute--55fa6ecf-6558-4db9-a027-8bdd950d210b",
                "x-misp-attribute--55fa6ecf-c224-4762-82ed-8bdd950d210b",
                "x-misp-attribute--55fa6ed0-c7c8-4deb-8fce-8bdd950d210b",
                "x-misp-attribute--55fa6ed0-6b60-4229-aecb-8bdd950d210b",
                "x-misp-attribute--55fa6ed0-1d10-4afa-894a-8bdd950d210b",
                "x-misp-attribute--55fa6ed1-9d70-4366-9cf6-8bdd950d210b",
                "indicator--55fa6ef8-39ac-49ff-add0-b81b950d210b",
                "indicator--55fa6ef9-0de8-441a-9138-b81b950d210b",
                "indicator--55fa6ef9-7158-4866-89b4-b81b950d210b",
                "indicator--55fa6efa-1d88-4790-8706-b81b950d210b",
                "indicator--55fa6efa-d46c-4ec1-b0e8-b81b950d210b",
                "indicator--55fa6efa-71e8-463d-80dd-b81b950d210b",
                "indicator--55fa6efb-1ee8-45c1-8151-b81b950d210b",
                "indicator--55fa6efb-4f34-4abb-9c74-b81b950d210b",
                "indicator--55fa6efb-0754-4d69-a13d-b81b950d210b",
                "indicator--55fa6efc-174c-4bde-9c58-b81b950d210b",
                "indicator--55fa6efc-5fa8-4046-84be-b81b950d210b",
                "indicator--55fa6efc-1394-46ee-bef4-b81b950d210b",
                "indicator--55fa6efd-8f04-4532-97a3-b81b950d210b",
                "indicator--55fa6efd-4f04-4090-8c63-b81b950d210b",
                "indicator--55fa6efd-d3f8-4eb9-b066-b81b950d210b",
                "indicator--55fa6efe-3bd4-4603-be8b-b81b950d210b",
                "indicator--55fa6efe-04dc-43cf-81fc-b81b950d210b",
                "indicator--55fa6efe-0438-400f-9933-b81b950d210b",
                "indicator--55fa6eff-d9d0-4a6e-b60f-b81b950d210b",
                "indicator--55fa6eff-6458-4291-a3ba-b81b950d210b",
                "indicator--55fa6eff-97c0-4993-8166-b81b950d210b",
                "indicator--55fa6f00-c598-4251-864d-b81b950d210b",
                "indicator--55fa6f00-3e78-44d5-9443-b81b950d210b",
                "indicator--55fa6f00-e6d4-4f12-8aba-b81b950d210b",
                "indicator--55fa6f01-87cc-40d1-908c-b81b950d210b",
                "indicator--55fa6f2e-0a48-4e30-a80c-8489950d210b",
                "indicator--55fa6f2e-94ec-4787-b887-8489950d210b",
                "observed-data--55fa6f2f-5ff8-402e-a7b6-8489950d210b",
                "url--55fa6f2f-5ff8-402e-a7b6-8489950d210b",
                "indicator--55fa6f2f-b27c-4763-aa93-8489950d210b",
                "indicator--55fa6f2f-7608-4467-a15e-8489950d210b",
                "observed-data--55fa6f30-4bf0-4e72-954b-8489950d210b",
                "url--55fa6f30-4bf0-4e72-954b-8489950d210b",
                "indicator--55fa6f30-4290-4977-8bb8-8489950d210b",
                "indicator--55fa6f30-7de4-47b0-b2d3-8489950d210b",
                "observed-data--55fa6f31-7bc8-46ed-8c8c-8489950d210b",
                "url--55fa6f31-7bc8-46ed-8c8c-8489950d210b",
                "indicator--55fa6f31-9904-4c08-938a-8489950d210b",
                "indicator--55fa6f31-a924-40d9-8170-8489950d210b",
                "observed-data--55fa6f32-da2c-44db-a225-8489950d210b",
                "url--55fa6f32-da2c-44db-a225-8489950d210b",
                "indicator--55fa6f32-15a0-4df3-8360-8489950d210b",
                "indicator--55fa6f32-b17c-4a6c-b212-8489950d210b",
                "observed-data--55fa6f33-fd70-48ae-91f0-8489950d210b",
                "url--55fa6f33-fd70-48ae-91f0-8489950d210b",
                "indicator--55fa6f33-c2f4-42e9-a70d-8489950d210b",
                "indicator--55fa6f33-0f00-4db0-abba-8489950d210b",
                "observed-data--55fa6f34-a278-4d4c-b41e-8489950d210b",
                "url--55fa6f34-a278-4d4c-b41e-8489950d210b",
                "indicator--55fa6f34-2bb8-4a31-9eb1-8489950d210b",
                "indicator--55fa6f34-6c74-4a28-a34e-8489950d210b",
                "observed-data--55fa6f35-10e4-4785-a60d-8489950d210b",
                "url--55fa6f35-10e4-4785-a60d-8489950d210b",
                "indicator--55fa6f35-f664-45aa-8e17-8489950d210b",
                "indicator--55fa6f35-f624-4968-a88e-8489950d210b",
                "observed-data--55fa6f36-3a24-4d88-9dae-8489950d210b",
                "url--55fa6f36-3a24-4d88-9dae-8489950d210b",
                "indicator--55fa6f36-6c48-49b4-bf7b-8489950d210b",
                "indicator--55fa6f36-5f18-4dd9-84d5-8489950d210b",
                "observed-data--55fa6f37-04e4-46f7-ba8f-8489950d210b",
                "url--55fa6f37-04e4-46f7-ba8f-8489950d210b",
                "indicator--55fa6f37-5afc-491f-901f-8489950d210b",
                "indicator--55fa6f37-2394-49a9-862e-8489950d210b",
                "observed-data--55fa6f38-598c-4e4f-9818-8489950d210b",
                "url--55fa6f38-598c-4e4f-9818-8489950d210b",
                "indicator--55fa6f38-dd30-4d48-9327-8489950d210b",
                "indicator--55fa6f39-9730-4e80-a68c-8489950d210b",
                "observed-data--55fa6f39-31cc-407c-ab2f-8489950d210b",
                "url--55fa6f39-31cc-407c-ab2f-8489950d210b",
                "indicator--55fa6f39-e364-4abc-98f4-8489950d210b",
                "indicator--55fa6f3a-8894-4638-8010-8489950d210b",
                "observed-data--55fa6f3a-910c-424c-ac3e-8489950d210b",
                "url--55fa6f3a-910c-424c-ac3e-8489950d210b",
                "indicator--55fa6f3a-0d40-4d76-896b-8489950d210b",
                "indicator--55fa6f3b-5bf8-4675-a2b4-8489950d210b",
                "observed-data--55fa6f3b-60d4-4bbb-8c5c-8489950d210b",
                "url--55fa6f3b-60d4-4bbb-8c5c-8489950d210b",
                "indicator--55fa6f3b-924c-4d04-8b2c-8489950d210b",
                "indicator--55fa6f3c-5900-450b-8996-8489950d210b",
                "observed-data--55fa6f3c-d88c-4b94-b1bc-8489950d210b",
                "url--55fa6f3c-d88c-4b94-b1bc-8489950d210b",
                "indicator--55fa6f3c-ed3c-4f55-834c-8489950d210b",
                "indicator--55fa6f3d-4098-4ccd-ab3d-8489950d210b",
                "observed-data--55fa6f3d-be54-4487-a19d-8489950d210b",
                "url--55fa6f3d-be54-4487-a19d-8489950d210b",
                "indicator--55fa6f3d-a6ec-411c-90a9-8489950d210b",
                "indicator--55fa6f3e-3ec0-4486-a40d-8489950d210b",
                "observed-data--55fa6f3e-99cc-414c-b3bf-8489950d210b",
                "url--55fa6f3e-99cc-414c-b3bf-8489950d210b",
                "indicator--55fa6f3e-f568-4156-9b8f-8489950d210b",
                "indicator--55fa6f3f-070c-42a7-83ff-8489950d210b",
                "observed-data--55fa6f3f-442c-49fe-9e71-8489950d210b",
                "url--55fa6f3f-442c-49fe-9e71-8489950d210b",
                "indicator--55fa6f3f-7f20-4255-b884-8489950d210b",
                "indicator--55fa6f40-bdf8-4fc4-9f18-8489950d210b",
                "observed-data--55fa6f40-ec3c-4fb0-922e-8489950d210b",
                "url--55fa6f40-ec3c-4fb0-922e-8489950d210b",
                "indicator--55fa6f40-792c-470a-9b4e-8489950d210b",
                "indicator--55fa6f41-002c-4a8b-9e72-8489950d210b",
                "observed-data--55fa6f41-07cc-4ada-8f6c-8489950d210b",
                "url--55fa6f41-07cc-4ada-8f6c-8489950d210b",
                "indicator--55fa6f41-f320-4c80-8baa-8489950d210b",
                "indicator--55fa6f42-1590-4cda-b4a7-8489950d210b",
                "observed-data--55fa6f42-6a64-4de6-b088-8489950d210b",
                "url--55fa6f42-6a64-4de6-b088-8489950d210b",
                "indicator--55fa6f42-cc78-464c-82cd-8489950d210b",
                "indicator--55fa6f43-5f60-42ba-9594-8489950d210b",
                "observed-data--55fa6f43-4f2c-4f9f-bc20-8489950d210b",
                "url--55fa6f43-4f2c-4f9f-bc20-8489950d210b",
                "indicator--55fa6f43-41f4-4cd0-bd55-8489950d210b",
                "indicator--55fa6f44-11c4-45ec-9cc5-8489950d210b",
                "observed-data--55fa6f44-6854-4c4d-b345-8489950d210b",
                "url--55fa6f44-6854-4c4d-b345-8489950d210b",
                "indicator--55fa6f44-301c-474a-a1bb-8489950d210b",
                "indicator--55fa6f45-c800-4cbd-949e-8489950d210b",
                "observed-data--55fa6f45-ed80-4ec2-bf8f-8489950d210b",
                "url--55fa6f45-ed80-4ec2-bf8f-8489950d210b",
                "indicator--55fa6f45-f8c0-4c74-ba60-8489950d210b",
                "indicator--55fa6f46-e72c-44db-ae54-8489950d210b",
                "observed-data--55fa6f46-0028-4857-abb3-8489950d210b",
                "url--55fa6f46-0028-4857-abb3-8489950d210b",
                "indicator--55fa6f46-12a0-4662-9896-8489950d210b",
                "indicator--55fa6f47-4ba4-440d-a8a2-8489950d210b",
                "observed-data--55fa6f47-f590-4040-ab10-8489950d210b",
                "url--55fa6f47-f590-4040-ab10-8489950d210b",
                "indicator--55fa6f71-e0d0-443a-b4ac-ca4f950d210b",
                "indicator--55fa6f71-cab8-4af3-93b4-ca4f950d210b",
                "indicator--55fa6f94-2b78-4bd1-93c3-ca50950d210b",
                "indicator--55fa6f95-b164-4d4a-9d09-ca50950d210b",
                "indicator--55fa6f95-7b30-4bb6-b08e-ca50950d210b",
                "indicator--55fa6f95-f064-4433-b7a7-ca50950d210b",
                "indicator--55fa6f96-4800-4663-aaf5-ca50950d210b",
                "indicator--55fa6fb2-9c08-40c4-893b-ccd8950d210b",
                "indicator--55fa6fb2-36b4-493d-8d0b-ccd8950d210b",
                "indicator--55fa6fb2-b670-45b6-9c02-ccd8950d210b",
                "indicator--55fa6fb3-cadc-4664-8196-ccd8950d210b",
                "indicator--55fa6fb3-de70-48af-9e94-ccd8950d210b",
                "indicator--55fa6fb3-41a0-41ec-9492-ccd8950d210b",
                "indicator--55fa6fb4-76f0-4320-ae1e-ccd8950d210b",
                "indicator--55fa6fb4-5bf4-4541-b154-ccd8950d210b",
                "indicator--55fa6fb5-f914-4a03-998d-ccd8950d210b",
                "indicator--55fa6fb5-433c-42a1-87ed-ccd8950d210b",
                "indicator--55fa6fb5-61c0-4464-8fe3-ccd8950d210b",
                "indicator--55fa6fb6-4c3c-47ee-9546-ccd8950d210b",
                "indicator--55fa6fb6-3348-4eb3-b29f-ccd8950d210b",
                "indicator--55fa6fb6-0af4-4dec-be1d-ccd8950d210b",
                "indicator--55fa6fb7-b068-4953-bfd0-ccd8950d210b",
                "indicator--55fa6fb7-582c-4a69-b242-ccd8950d210b",
                "indicator--55fa6fb7-3a90-47cb-8046-ccd8950d210b",
                "indicator--55fa6fb8-1d3c-41f4-b83e-ccd8950d210b",
                "indicator--55fa6fb8-405c-426d-9223-ccd8950d210b",
                "indicator--55fa6fb8-dbbc-4a7b-8641-ccd8950d210b",
                "indicator--55fa6fb9-0a7c-4f38-8349-ccd8950d210b",
                "indicator--55fa6fb9-e290-47f7-919c-ccd8950d210b",
                "indicator--55fa6fb9-ab5c-4651-a280-ccd8950d210b",
                "indicator--55fa6fba-c0b4-4b4c-9907-ccd8950d210b",
                "indicator--55fa6fba-d434-4266-9e2f-ccd8950d210b",
                "indicator--55fa6fba-af10-4dfe-b1b3-ccd8950d210b",
                "indicator--55fa6fbb-0850-475a-9d0b-ccd8950d210b",
                "indicator--55fa6fbb-acf4-4d0e-aaed-ccd8950d210b",
                "indicator--55fa6fbc-36f0-4510-9b6e-ccd8950d210b",
                "indicator--55fa6fbc-65c4-4bbb-8862-ccd8950d210b",
                "indicator--55fa6fbc-fe80-4581-a96b-ccd8950d210b",
                "indicator--55fa6fbd-dc58-470f-bbb2-ccd8950d210b",
                "indicator--55fa6fbd-065c-43e8-8792-ccd8950d210b",
                "indicator--55fa6fbd-b420-4f61-ac8d-ccd8950d210b",
                "indicator--55fa6fbe-fd44-4932-9521-ccd8950d210b",
                "indicator--55fa6fbe-b800-43ea-9a5a-ccd8950d210b",
                "indicator--55fa6fbe-3f38-4ea8-8232-ccd8950d210b",
                "indicator--55fa6fbf-0f80-47f0-a775-ccd8950d210b",
                "indicator--55fa6fbf-1ed4-4993-b523-ccd8950d210b",
                "indicator--55fa6fbf-5bd0-4bc7-80db-ccd8950d210b",
                "indicator--55fa6fc0-f7a4-4b6d-a837-ccd8950d210b",
                "indicator--55fa6fc0-f5f4-4ec6-86e0-ccd8950d210b",
                "indicator--55fa6fc0-7e70-46f4-bf64-ccd8950d210b",
                "indicator--55fa6fc1-0dc4-4b25-a4dc-ccd8950d210b",
                "indicator--55fa6fc1-59fc-4bf6-92a1-ccd8950d210b",
                "indicator--55fa6fec-8e74-4b0f-b844-c35d950d210b",
                "indicator--55fa6fec-6a74-4a2b-953e-c35d950d210b",
                "indicator--55fa6fec-8cc0-4c67-a82d-c35d950d210b",
                "indicator--55fa6fed-d468-48b5-93b1-c35d950d210b",
                "indicator--55fa6fed-55b0-4a9c-8515-c35d950d210b",
                "indicator--55fa6fed-1cf0-4125-961b-c35d950d210b",
                "indicator--55fa6fee-3c94-4d25-92e2-c35d950d210b",
                "indicator--55fa6fee-1498-47cd-a522-c35d950d210b",
                "indicator--55fa6fee-4d0c-4971-802c-c35d950d210b",
                "indicator--55fa6fef-4954-430c-a13d-c35d950d210b",
                "indicator--55fa6fef-5ddc-478e-b706-c35d950d210b",
                "indicator--55fa6fef-b62c-4f51-b39f-c35d950d210b",
                "indicator--55fa6ff0-b464-4b37-9674-c35d950d210b",
                "indicator--55fa6ff0-a180-4432-a974-c35d950d210b",
                "indicator--55fa6ff1-2118-47d3-92a4-c35d950d210b",
                "indicator--55fa6ff1-cb40-4c91-95b4-c35d950d210b",
                "indicator--55fa6ff1-5fb8-4ce2-9aa2-c35d950d210b",
                "indicator--55fa6ff2-a99c-47a8-bff4-c35d950d210b",
                "indicator--55fa6ff2-6c6c-4305-9f4e-c35d950d210b",
                "indicator--55fa6ff2-e82c-47c6-8e6d-c35d950d210b",
                "indicator--55fa6ff3-cacc-4d01-8096-c35d950d210b",
                "indicator--55fa6ff3-a848-4303-8231-c35d950d210b",
                "indicator--55fa6ff3-bf8c-4bf6-b356-c35d950d210b",
                "indicator--55fa6ff4-0f74-4b11-91f9-c35d950d210b",
                "indicator--55fa6ff4-58dc-45ec-b418-c35d950d210b",
                "indicator--55fa6ff4-51b8-4d36-a5bb-c35d950d210b",
                "indicator--55fa6ff5-f2b8-44f6-a6ec-c35d950d210b",
                "indicator--55fa6ff5-e848-469f-b838-c35d950d210b",
                "indicator--55fa6ff5-50c0-434c-bdd5-c35d950d210b",
                "indicator--55fa6ff6-5528-4063-9157-c35d950d210b",
                "indicator--55fa6ff6-9ce0-42ba-8d8b-c35d950d210b",
                "indicator--55fa6ff6-8958-451c-93ef-c35d950d210b",
                "indicator--55fa6ff7-0828-49eb-a908-c35d950d210b",
                "indicator--55fa6ff7-4684-4f33-9146-c35d950d210b",
                "indicator--55fa6ff7-5010-46ed-93f5-c35d950d210b",
                "indicator--55fa6ff8-8aa0-4f1c-ac33-c35d950d210b",
                "indicator--55fa6ff8-0730-4cbd-a4ff-c35d950d210b",
                "indicator--55fa7022-10dc-4d1a-b3ae-ca50950d210b",
                "indicator--55fa7023-11a8-4c19-912c-ca50950d210b",
                "indicator--55fa7023-5674-4a87-af5a-ca50950d210b",
                "indicator--55fa7023-fbe0-490a-ae8e-ca50950d210b",
                "indicator--55fa7024-5314-465c-9e89-ca50950d210b",
                "indicator--55fa7024-7d78-4f77-9672-ca50950d210b",
                "indicator--55fa7024-6728-4573-bd83-ca50950d210b",
                "indicator--55fa7025-57f8-4e71-afb4-ca50950d210b",
                "indicator--55fa7025-d2b0-4500-9a7f-ca50950d210b",
                "indicator--55fa7056-986c-4d7a-b110-ca65950d210b",
                "indicator--55fa7056-bf28-4ed2-853b-ca65950d210b",
                "indicator--55fa7057-faf0-4125-8d50-ca65950d210b",
                "indicator--55fa7057-72cc-4401-93e8-ca65950d210b",
                "indicator--55fa7057-78e0-45e7-85c9-ca65950d210b",
                "indicator--55fa7058-5a34-4b62-9abc-ca65950d210b",
                "indicator--55fa7058-49ec-41e8-9cbd-ca65950d210b",
                "indicator--55fa7058-33c0-4c07-b9ba-ca65950d210b",
                "indicator--55fa7059-797c-4f1f-9eb1-ca65950d210b",
                "indicator--55fa7059-4840-418e-b35a-ca65950d210b",
                "indicator--55fa7059-862c-4204-b8ac-ca65950d210b",
                "indicator--55fa705a-0980-4677-a1d1-ca65950d210b",
                "indicator--55fa705a-0d10-490d-b5fc-ca65950d210b",
                "indicator--55fa705a-97c0-494e-a5da-ca65950d210b",
                "indicator--55fa705b-f554-4074-8c89-ca65950d210b",
                "indicator--55fa705b-ac9c-4765-81ae-ca65950d210b",
                "indicator--55fa705c-e984-4de7-82b4-ca65950d210b",
                "indicator--55fa705c-37e8-4cbe-8530-ca65950d210b",
                "indicator--55fa705c-59dc-47c8-a9c1-ca65950d210b",
                "indicator--55fa705d-a59c-4382-97e0-ca65950d210b",
                "indicator--55fa705d-df40-407b-97f5-ca65950d210b",
                "indicator--55fa705d-2f00-484a-9811-ca65950d210b",
                "indicator--55fa705e-0394-44a0-9680-ca65950d210b",
                "indicator--55fa705e-88f0-4117-86f2-ca65950d210b",
                "indicator--55fa705e-1808-412a-9c56-ca65950d210b",
                "indicator--55fa705f-cbb4-4d06-aed5-ca65950d210b",
                "indicator--55fa705f-6248-4732-921c-ca65950d210b",
                "indicator--55fa705f-8b34-45cb-a696-ca65950d210b",
                "indicator--55fa7060-dba0-48a0-81ed-ca65950d210b",
                "indicator--55fa7060-1c08-4756-8869-ca65950d210b",
                "indicator--55fa7060-382c-43d5-bc4d-ca65950d210b",
                "indicator--55fa7061-f000-4d72-aebd-ca65950d210b",
                "indicator--55fa7061-7b00-4c16-9bd4-ca65950d210b",
                "indicator--55fa7061-2e04-4a80-968e-ca65950d210b",
                "indicator--55fa7062-97d0-4d5b-afa2-ca65950d210b",
                "indicator--55fa7062-fc44-422f-88aa-ca65950d210b",
                "indicator--55fa7063-b2bc-4540-87e5-ca65950d210b",
                "indicator--55fa7063-aa30-4ade-a04d-ca65950d210b",
                "indicator--55fa7063-3fc4-4fc0-a180-ca65950d210b",
                "indicator--55fa7064-3ba8-4f8a-aeb0-ca65950d210b",
                "indicator--55fa7064-e974-4cd8-b41c-ca65950d210b",
                "indicator--55fa7064-659c-4a06-b2c5-ca65950d210b",
                "indicator--55fa7065-e6bc-45ae-af69-ca65950d210b",
                "indicator--55fa7065-83d4-4768-baf3-ca65950d210b",
                "indicator--55fa7065-8334-44e6-8098-ca65950d210b",
                "indicator--55fa7066-57ac-42b2-803d-ca65950d210b",
                "indicator--55fa7066-c870-4ca2-989c-ca65950d210b",
                "indicator--55fa7066-f728-4d1a-a089-ca65950d210b",
                "indicator--55fa7067-d1d8-4464-876f-ca65950d210b",
                "indicator--55fa7067-eef4-4d12-8af6-ca65950d210b",
                "indicator--55fa7067-a650-40e0-aeba-ca65950d210b",
                "indicator--55fa7068-d5a0-4cea-80f3-ca65950d210b",
                "indicator--55fa7068-e54c-4421-962d-ca65950d210b",
                "indicator--55fa7069-de9c-404a-9d4b-ca65950d210b",
                "indicator--55fa7069-d6d8-43db-9d96-ca65950d210b",
                "indicator--55fa7069-c098-462a-90c0-ca65950d210b",
                "indicator--55fa708b-4c08-4bc4-a6dc-ca50950d210b",
                "indicator--55fa708c-e974-4132-960e-ca50950d210b",
                "indicator--55fa708c-46fc-4d9f-9756-ca50950d210b",
                "indicator--55fa708c-0ecc-4dd3-9d6a-ca50950d210b",
                "indicator--55fa708d-64fc-4744-a6f8-ca50950d210b",
                "indicator--55fa708d-f824-479d-af1d-ca50950d210b",
                "indicator--55fa708e-dc90-43bf-bd46-ca50950d210b",
                "indicator--55fa708e-4914-42e7-ba5a-ca50950d210b",
                "indicator--55fa708e-3240-41ea-a684-ca50950d210b",
                "indicator--55fa708f-fba0-4823-94b5-ca50950d210b",
                "indicator--55fa708f-9538-4fa1-995c-ca50950d210b",
                "indicator--55fa708f-a37c-42cf-bdba-ca50950d210b",
                "indicator--55fa7090-3740-4439-8a66-ca50950d210b",
                "indicator--55fa7090-c500-4c81-a7a5-ca50950d210b",
                "indicator--55fa7090-32cc-4f41-a9d8-ca50950d210b",
                "indicator--55fa7091-bb5c-4fe0-9798-ca50950d210b",
                "indicator--55fa7091-4688-4b81-8d5d-ca50950d210b",
                "indicator--55fa7091-4f54-458b-ba10-ca50950d210b",
                "indicator--55fa7092-ebec-4c18-9ad2-ca50950d210b",
                "indicator--55fa7092-8cec-49be-89a8-ca50950d210b",
                "indicator--55fa7093-536c-41b4-9474-ca50950d210b",
                "indicator--55fa7093-eb4c-4d15-bd56-ca50950d210b",
                "indicator--55fa7093-1520-4520-9d2e-ca50950d210b",
                "indicator--55fa7094-59e0-4c13-a836-ca50950d210b",
                "indicator--55fa7094-f224-4125-88a8-ca50950d210b",
                "indicator--55fa7094-eea4-4e3c-a576-ca50950d210b",
                "indicator--55fa7095-74a8-46fa-9333-ca50950d210b",
                "indicator--55fa7095-df68-4df4-94ce-ca50950d210b",
                "indicator--55fa7095-a1f0-4a36-a447-ca50950d210b",
                "indicator--55fa7096-fb50-4c2c-ba4d-ca50950d210b",
                "indicator--55fa7096-4bfc-4ce8-9cef-ca50950d210b",
                "indicator--55fa7096-2dd4-4bf0-9659-ca50950d210b",
                "indicator--55fa7097-d024-4686-8805-ca50950d210b",
                "indicator--55fa7097-9c1c-4814-af67-ca50950d210b",
                "indicator--55fa7098-e3e0-4f8e-ae3b-ca50950d210b",
                "indicator--55fa7098-2e44-4eb0-885a-ca50950d210b",
                "indicator--55fa7098-6510-4fea-9dea-ca50950d210b",
                "indicator--55fa7099-076c-45cd-8841-ca50950d210b",
                "indicator--55fa7099-b84c-4e1e-ad63-ca50950d210b",
                "indicator--55fa7099-b7bc-4d3f-852d-ca50950d210b",
                "indicator--55fa709a-09f0-4d31-8208-ca50950d210b",
                "indicator--55fa7118-8904-4294-9891-c8bd950d210b",
                "indicator--55fa7119-eedc-45ea-b35f-c8bd950d210b",
                "indicator--55fa7119-41b4-47d7-a260-c8bd950d210b",
                "indicator--55fa711a-9ddc-4835-8f62-c8bd950d210b",
                "indicator--55fa711a-7460-4de7-9397-c8bd950d210b",
                "indicator--55fa711a-c944-4760-bdb8-c8bd950d210b",
                "indicator--55fa711b-7fec-414f-853d-c8bd950d210b",
                "indicator--55fa711b-eb84-4345-85b1-c8bd950d210b",
                "indicator--55fa711b-470c-4e0b-9a6d-c8bd950d210b",
                "indicator--55fa711c-fcec-4e2f-8a9e-c8bd950d210b",
                "indicator--55fa711c-a8b8-466a-964e-c8bd950d210b",
                "indicator--55fa711c-5b30-454d-b91c-c8bd950d210b",
                "indicator--55fa711d-0550-4817-9b51-c8bd950d210b",
                "indicator--55fa711d-862c-494d-8ef1-c8bd950d210b",
                "indicator--55fa711d-e3c4-4add-9f70-c8bd950d210b",
                "indicator--55fa711e-4dc8-4402-ad21-c8bd950d210b",
                "indicator--55fa711e-e1ac-45e2-9262-c8bd950d210b",
                "indicator--55fa711f-ce84-472f-a2cc-c8bd950d210b",
                "indicator--55fa711f-8c1c-4f94-b20c-c8bd950d210b",
                "indicator--55fa711f-8fe0-4ab1-b3d4-c8bd950d210b",
                "indicator--55fa7120-313c-445f-b836-c8bd950d210b",
                "indicator--55fa7120-1b70-4354-a7a5-c8bd950d210b",
                "indicator--55fa7120-eb48-4c2e-afed-c8bd950d210b",
                "indicator--55fa7121-7248-4dab-9596-c8bd950d210b",
                "indicator--55fa7121-4754-42d5-bba8-c8bd950d210b",
                "indicator--55fa7121-d0d8-40e2-9125-c8bd950d210b",
                "indicator--55fa7122-579c-4312-920c-c8bd950d210b",
                "indicator--55fa7122-6ee8-491a-a9ae-c8bd950d210b",
                "indicator--55fa7133-aab8-4f61-8df5-cea8950d210b",
                "indicator--55fa7133-03fc-46dc-9d88-cea8950d210b",
                "indicator--55fa7133-5024-4a03-a854-cea8950d210b",
                "indicator--55fa7134-64fc-4b22-a2e2-cea8950d210b",
                "indicator--55fa7134-bcf0-4262-af42-cea8950d210b",
                "indicator--55fa7134-dc24-4009-8d5c-cea8950d210b",
                "indicator--55fa7135-9908-4dd1-8a61-cea8950d210b",
                "indicator--55fa7135-419c-45f3-822e-cea8950d210b",
                "indicator--55fa7135-02d8-4d86-989d-cea8950d210b",
                "indicator--55fa7136-38d8-4a43-bc9d-cea8950d210b",
                "indicator--55fa7136-0ac8-45c5-9830-cea8950d210b",
                "indicator--55fa7137-c850-4275-929e-cea8950d210b",
                "indicator--55fa7137-8f9c-4879-884f-cea8950d210b",
                "indicator--55fa7137-4898-4979-b777-cea8950d210b",
                "indicator--55fa7138-04c4-4f0a-b0cf-cea8950d210b",
                "indicator--55fa7138-8b28-47fb-add1-cea8950d210b",
                "indicator--55fa7138-9cc0-45b8-9905-cea8950d210b",
                "indicator--55fa7139-4b58-4f18-93b2-cea8950d210b",
                "indicator--55fa7139-1e88-4a3f-8629-cea8950d210b",
                "indicator--55fa7139-8b5c-4d66-b82b-cea8950d210b",
                "indicator--55fa713a-9998-43dc-859e-cea8950d210b",
                "indicator--55fa713a-1c0c-41b3-aac1-cea8950d210b",
                "indicator--55fa713a-77cc-4f59-aeba-cea8950d210b",
                "indicator--55fa7154-f5fc-480b-b0f4-d125950d210b",
                "indicator--55fa7154-4268-40d3-902d-d125950d210b",
                "indicator--55fa7154-df9c-4c24-a91a-d125950d210b",
                "indicator--55fa7176-9b08-4603-8adc-d2a6950d210b",
                "observed-data--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
                "network-traffic--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
                "ipv4-addr--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
                "observed-data--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
                "network-traffic--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
                "ipv4-addr--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
                "observed-data--55fa719a-dc34-4ab7-a672-d2b5950d210b",
                "network-traffic--55fa719a-dc34-4ab7-a672-d2b5950d210b",
                "ipv4-addr--55fa719a-dc34-4ab7-a672-d2b5950d210b",
                "observed-data--55fa719a-b760-4993-a45d-d2b5950d210b",
                "network-traffic--55fa719a-b760-4993-a45d-d2b5950d210b",
                "ipv4-addr--55fa719a-b760-4993-a45d-d2b5950d210b",
                "observed-data--55fa719b-2ab8-451e-81b9-d2b5950d210b",
                "network-traffic--55fa719b-2ab8-451e-81b9-d2b5950d210b",
                "ipv4-addr--55fa719b-2ab8-451e-81b9-d2b5950d210b",
                "observed-data--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
                "network-traffic--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
                "ipv4-addr--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
                "observed-data--55fa719b-bb70-4bf7-88da-d2b5950d210b",
                "network-traffic--55fa719b-bb70-4bf7-88da-d2b5950d210b",
                "ipv4-addr--55fa719b-bb70-4bf7-88da-d2b5950d210b",
                "observed-data--55fa719c-6b70-4902-b58a-d2b5950d210b",
                "network-traffic--55fa719c-6b70-4902-b58a-d2b5950d210b",
                "ipv4-addr--55fa719c-6b70-4902-b58a-d2b5950d210b",
                "observed-data--55fa719c-2480-4dd1-bc15-d2b5950d210b",
                "network-traffic--55fa719c-2480-4dd1-bc15-d2b5950d210b",
                "ipv4-addr--55fa719c-2480-4dd1-bc15-d2b5950d210b",
                "observed-data--55fa719c-0f64-4695-ab0a-d2b5950d210b",
                "network-traffic--55fa719c-0f64-4695-ab0a-d2b5950d210b",
                "ipv4-addr--55fa719c-0f64-4695-ab0a-d2b5950d210b",
                "observed-data--55fa719d-7310-4d68-b0e7-d2b5950d210b",
                "network-traffic--55fa719d-7310-4d68-b0e7-d2b5950d210b",
                "ipv4-addr--55fa719d-7310-4d68-b0e7-d2b5950d210b",
                "observed-data--55fa719d-81d0-45fd-8c19-d2b5950d210b",
                "network-traffic--55fa719d-81d0-45fd-8c19-d2b5950d210b",
                "ipv4-addr--55fa719d-81d0-45fd-8c19-d2b5950d210b",
                "observed-data--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
                "network-traffic--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
                "ipv4-addr--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
                "observed-data--55fa719e-22bc-4395-8cfa-d2b5950d210b",
                "network-traffic--55fa719e-22bc-4395-8cfa-d2b5950d210b",
                "ipv4-addr--55fa719e-22bc-4395-8cfa-d2b5950d210b",
                "observed-data--55fa719e-6d20-42f2-95a1-d2b5950d210b",
                "network-traffic--55fa719e-6d20-42f2-95a1-d2b5950d210b",
                "ipv4-addr--55fa719e-6d20-42f2-95a1-d2b5950d210b",
                "observed-data--55fa719f-7984-4527-b41d-d2b5950d210b",
                "network-traffic--55fa719f-7984-4527-b41d-d2b5950d210b",
                "ipv4-addr--55fa719f-7984-4527-b41d-d2b5950d210b",
                "observed-data--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
                "network-traffic--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
                "ipv4-addr--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
                "observed-data--55fa719f-faf4-424c-ad39-d2b5950d210b",
                "network-traffic--55fa719f-faf4-424c-ad39-d2b5950d210b",
                "ipv4-addr--55fa719f-faf4-424c-ad39-d2b5950d210b",
                "observed-data--55fa71a0-d830-4629-840d-d2b5950d210b",
                "network-traffic--55fa71a0-d830-4629-840d-d2b5950d210b",
                "ipv4-addr--55fa71a0-d830-4629-840d-d2b5950d210b",
                "observed-data--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
                "network-traffic--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
                "ipv4-addr--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
                "observed-data--55fa71a0-724c-4b2a-b205-d2b5950d210b",
                "network-traffic--55fa71a0-724c-4b2a-b205-d2b5950d210b",
                "ipv4-addr--55fa71a0-724c-4b2a-b205-d2b5950d210b",
                "observed-data--55fa71a1-2894-4346-b45f-d2b5950d210b",
                "network-traffic--55fa71a1-2894-4346-b45f-d2b5950d210b",
                "ipv4-addr--55fa71a1-2894-4346-b45f-d2b5950d210b",
                "observed-data--55fa71a1-f250-444b-a914-d2b5950d210b",
                "network-traffic--55fa71a1-f250-444b-a914-d2b5950d210b",
                "ipv4-addr--55fa71a1-f250-444b-a914-d2b5950d210b",
                "observed-data--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
                "network-traffic--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
                "ipv4-addr--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
                "observed-data--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
                "network-traffic--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
                "ipv4-addr--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
                "observed-data--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
                "network-traffic--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
                "ipv4-addr--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
                "observed-data--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
                "network-traffic--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
                "ipv4-addr--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
                "observed-data--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
                "network-traffic--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
                "ipv4-addr--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
                "observed-data--55fa71a3-c110-46d7-a628-d2b5950d210b",
                "network-traffic--55fa71a3-c110-46d7-a628-d2b5950d210b",
                "ipv4-addr--55fa71a3-c110-46d7-a628-d2b5950d210b",
                "observed-data--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
                "network-traffic--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
                "ipv4-addr--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
                "observed-data--55fa71c7-244c-4ae1-86ec-8489950d210b",
                "domain-name--55fa71c7-244c-4ae1-86ec-8489950d210b",
                "observed-data--55fa71c8-8adc-4d3f-b780-8489950d210b",
                "domain-name--55fa71c8-8adc-4d3f-b780-8489950d210b",
                "observed-data--55fa71c8-fc28-4bce-8085-8489950d210b",
                "domain-name--55fa71c8-fc28-4bce-8085-8489950d210b",
                "observed-data--55fa71c9-f104-4572-9010-8489950d210b",
                "domain-name--55fa71c9-f104-4572-9010-8489950d210b",
                "observed-data--55fa71c9-31c4-49ac-a110-8489950d210b",
                "domain-name--55fa71c9-31c4-49ac-a110-8489950d210b",
                "observed-data--55fa71c9-8220-40da-9bf0-8489950d210b",
                "domain-name--55fa71c9-8220-40da-9bf0-8489950d210b",
                "observed-data--55fa71ca-c108-4126-bf02-8489950d210b",
                "domain-name--55fa71ca-c108-4126-bf02-8489950d210b",
                "observed-data--55fa71ca-c330-4905-9e2a-8489950d210b",
                "domain-name--55fa71ca-c330-4905-9e2a-8489950d210b",
                "observed-data--55fa71ca-91c4-44f3-a58e-8489950d210b",
                "domain-name--55fa71ca-91c4-44f3-a58e-8489950d210b",
                "observed-data--55fa71cb-4540-40ff-8e89-8489950d210b",
                "domain-name--55fa71cb-4540-40ff-8e89-8489950d210b",
                "observed-data--55fa71cb-6298-4a37-a9d6-8489950d210b",
                "domain-name--55fa71cb-6298-4a37-a9d6-8489950d210b",
                "observed-data--55fa71cb-b994-49b3-935f-8489950d210b",
                "domain-name--55fa71cb-b994-49b3-935f-8489950d210b",
                "observed-data--55fa71cc-f540-4f5d-99e3-8489950d210b",
                "domain-name--55fa71cc-f540-4f5d-99e3-8489950d210b",
                "observed-data--55fa71cc-0a5c-49f3-ad1d-8489950d210b",
                "domain-name--55fa71cc-0a5c-49f3-ad1d-8489950d210b",
                "observed-data--55fa71cc-db84-45fa-8c82-8489950d210b",
                "domain-name--55fa71cc-db84-45fa-8c82-8489950d210b",
                "observed-data--55fa71cd-d170-43c1-920f-8489950d210b",
                "domain-name--55fa71cd-d170-43c1-920f-8489950d210b",
                "observed-data--55fa71cd-40b8-4c01-bacb-8489950d210b",
                "domain-name--55fa71cd-40b8-4c01-bacb-8489950d210b",
                "observed-data--55fa71cd-6e80-47ce-89bd-8489950d210b",
                "domain-name--55fa71cd-6e80-47ce-89bd-8489950d210b",
                "x-misp-attribute--55fa71e1-3d18-4f0b-a5ea-d2c4950d210b",
                "x-misp-attribute--55fa71e1-0298-4d01-a40b-d2c4950d210b",
                "x-misp-attribute--55fa71e2-21dc-4849-ac4e-d2c4950d210b",
                "x-misp-attribute--55fa71e2-4078-4bde-a1ce-d2c4950d210b",
                "x-misp-attribute--55fa71e2-81ec-44e3-ab98-d2c4950d210b",
                "x-misp-attribute--55fa71e3-6fbc-48ad-897f-d2c4950d210b",
                "x-misp-attribute--55fa71e3-d650-4eaa-94a4-d2c4950d210b",
                "x-misp-attribute--55fa71e4-29d8-4831-9f5b-d2c4950d210b",
                "x-misp-attribute--55fa71e4-dfcc-4789-ab64-d2c4950d210b",
                "x-misp-attribute--55fa71e4-4fa0-4387-a5f8-d2c4950d210b",
                "x-misp-attribute--55fa71e5-3bb4-4f10-92e1-d2c4950d210b",
                "x-misp-attribute--55fa71e5-6ac0-429c-b0a4-d2c4950d210b",
                "x-misp-attribute--55fa71e5-a1cc-4ef7-8728-d2c4950d210b",
                "x-misp-attribute--55fa71e6-6d10-418d-95bc-d2c4950d210b",
                "x-misp-attribute--55fa71e6-3df8-42bf-abce-d2c4950d210b",
                "x-misp-attribute--55fa71e6-9b04-41d1-950c-d2c4950d210b",
                "x-misp-attribute--55fa71e7-6f7c-4a82-8488-d2c4950d210b",
                "x-misp-attribute--55fa71e7-0bb0-4182-a8ac-d2c4950d210b",
                "x-misp-attribute--55fa71e7-bf04-4f38-873e-d2c4950d210b",
                "x-misp-attribute--55fa71e8-d980-46b8-85a5-d2c4950d210b",
                "x-misp-attribute--55fa71e8-ff94-447f-b502-d2c4950d210b",
                "x-misp-attribute--55fa71e8-8750-468e-8cdb-d2c4950d210b",
                "x-misp-attribute--55fa71e9-c508-4795-bce5-d2c4950d210b",
                "x-misp-attribute--55fa71e9-45e8-47be-adf7-d2c4950d210b",
                "x-misp-attribute--55fa71e9-0718-4ea6-8579-d2c4950d210b",
                "x-misp-attribute--55fa71ea-df88-4d7a-bc16-d2c4950d210b",
                "x-misp-attribute--55fa71ea-8ab4-4820-bc05-d2c4950d210b",
                "x-misp-attribute--55fa71eb-7d50-4a8d-84f5-d2c4950d210b",
                "x-misp-attribute--55fa71eb-4e60-4414-8bff-d2c4950d210b",
                "x-misp-attribute--55fa71eb-a67c-41ee-87db-d2c4950d210b",
                "x-misp-attribute--55fa71ec-ce90-4330-abc6-d2c4950d210b",
                "x-misp-attribute--55fa71ec-40b4-4170-b237-d2c4950d210b",
                "x-misp-attribute--55fa71ec-2d00-4ddc-afc2-d2c4950d210b",
                "x-misp-attribute--55fa71ed-f6b0-478b-a745-d2c4950d210b",
                "x-misp-attribute--55fa71ed-4dbc-405f-8078-d2c4950d210b",
                "indicator--55fa7314-0e48-49a6-87b9-d2c4950d210b",
                "indicator--55fa7314-53d8-4e65-a813-d2c4950d210b",
                "observed-data--55fa7315-5468-4071-9fb9-d2c4950d210b",
                "url--55fa7315-5468-4071-9fb9-d2c4950d210b",
                "indicator--55fa7315-f89c-466e-820b-d2c4950d210b",
                "indicator--55fa7315-31e4-404e-8fc6-d2c4950d210b",
                "observed-data--55fa7316-2e6c-4201-bc28-d2c4950d210b",
                "url--55fa7316-2e6c-4201-bc28-d2c4950d210b",
                "indicator--55fa7316-4140-43bf-bfae-d2c4950d210b",
                "indicator--55fa7317-7f9c-4b94-87a3-d2c4950d210b",
                "observed-data--55fa7317-0e30-40f1-9a40-d2c4950d210b",
                "url--55fa7317-0e30-40f1-9a40-d2c4950d210b",
                "indicator--55fa7317-2284-4ef0-80df-d2c4950d210b",
                "indicator--55fa7318-56b8-4b80-b7e9-d2c4950d210b",
                "observed-data--55fa7318-3e80-4578-833e-d2c4950d210b",
                "url--55fa7318-3e80-4578-833e-d2c4950d210b",
                "indicator--55fa7318-c100-4e25-8c35-d2c4950d210b",
                "indicator--55fa7319-da1c-429f-986a-d2c4950d210b",
                "observed-data--55fa7319-bae4-4d76-aa4e-d2c4950d210b",
                "url--55fa7319-bae4-4d76-aa4e-d2c4950d210b",
                "indicator--55fa7319-526c-4e2a-b137-d2c4950d210b",
                "indicator--55fa731a-2048-4181-9cee-d2c4950d210b",
                "observed-data--55fa731a-fac4-4e8b-895d-d2c4950d210b",
                "url--55fa731a-fac4-4e8b-895d-d2c4950d210b",
                "indicator--55fa731a-6408-4fc1-9e9d-d2c4950d210b",
                "indicator--55fa731b-663c-4e13-8607-d2c4950d210b",
                "observed-data--55fa731b-d418-42ca-acc4-d2c4950d210b",
                "url--55fa731b-d418-42ca-acc4-d2c4950d210b",
                "indicator--55fa731b-7748-47a6-97e0-d2c4950d210b",
                "indicator--55fa731c-f18c-4bb2-a667-d2c4950d210b",
                "observed-data--55fa731c-5610-4b96-a7fa-d2c4950d210b",
                "url--55fa731c-5610-4b96-a7fa-d2c4950d210b",
                "indicator--55fa731c-d37c-40cc-8407-d2c4950d210b",
                "indicator--55fa731d-842c-4a05-a96f-d2c4950d210b",
                "observed-data--55fa731d-9ed4-4352-bcf8-d2c4950d210b",
                "url--55fa731d-9ed4-4352-bcf8-d2c4950d210b",
                "indicator--55fa731d-c06c-48f5-b893-d2c4950d210b",
                "indicator--55fa731e-c830-48f6-95ca-d2c4950d210b",
                "observed-data--55fa731e-b620-40f9-9479-d2c4950d210b",
                "url--55fa731e-b620-40f9-9479-d2c4950d210b",
                "indicator--55fa731e-e398-488f-84f4-d2c4950d210b",
                "indicator--55fa731f-b750-4da5-9c45-d2c4950d210b",
                "observed-data--55fa731f-e754-42f4-943e-d2c4950d210b",
                "url--55fa731f-e754-42f4-943e-d2c4950d210b",
                "indicator--55fa731f-cefc-499b-a4fe-d2c4950d210b",
                "indicator--55fa7320-ba64-440a-bc82-d2c4950d210b",
                "observed-data--55fa7320-6218-4b5e-abe8-d2c4950d210b",
                "url--55fa7320-6218-4b5e-abe8-d2c4950d210b",
                "indicator--55fa7321-2940-41c0-b333-d2c4950d210b",
                "indicator--55fa7321-d668-45e7-8264-d2c4950d210b",
                "observed-data--55fa7321-4658-4b05-ae72-d2c4950d210b",
                "url--55fa7321-4658-4b05-ae72-d2c4950d210b",
                "indicator--55fa7322-386c-4ee2-904e-d2c4950d210b",
                "indicator--55fa7322-75c8-4e58-ac07-d2c4950d210b",
                "observed-data--55fa7322-843c-469a-8ad8-d2c4950d210b",
                "url--55fa7322-843c-469a-8ad8-d2c4950d210b",
                "indicator--55fa7323-9bd0-47c8-8b73-d2c4950d210b",
                "indicator--55fa7323-d418-4305-906f-d2c4950d210b",
                "observed-data--55fa7323-5160-4157-8e24-d2c4950d210b",
                "url--55fa7323-5160-4157-8e24-d2c4950d210b",
                "indicator--55fa7324-1c58-4618-90ad-d2c4950d210b",
                "indicator--55fa7324-38e4-44d6-851a-d2c4950d210b",
                "observed-data--55fa7324-b9a0-4bc8-972f-d2c4950d210b",
                "url--55fa7324-b9a0-4bc8-972f-d2c4950d210b",
                "indicator--55fa7325-10a4-476c-940b-d2c4950d210b",
                "indicator--55fa7325-0698-4b6c-9a0c-d2c4950d210b",
                "observed-data--55fa7325-5c10-47ec-ab5b-d2c4950d210b",
                "url--55fa7325-5c10-47ec-ab5b-d2c4950d210b",
                "indicator--55fa7326-de44-4055-a752-d2c4950d210b",
                "indicator--55fa7326-2720-477c-a879-d2c4950d210b",
                "observed-data--55fa7326-0a4c-47d4-bd0b-d2c4950d210b",
                "url--55fa7326-0a4c-47d4-bd0b-d2c4950d210b",
                "indicator--55fa7327-47d0-4b1c-a9a1-d2c4950d210b",
                "indicator--55fa7327-40e4-4e10-9743-d2c4950d210b",
                "observed-data--55fa7327-7998-46c0-9bc2-d2c4950d210b",
                "url--55fa7327-7998-46c0-9bc2-d2c4950d210b",
                "indicator--55fa7328-95b0-45c3-8055-d2c4950d210b",
                "indicator--55fa7328-b6bc-40a8-835f-d2c4950d210b",
                "observed-data--55fa7328-1320-4458-9c4c-d2c4950d210b",
                "url--55fa7328-1320-4458-9c4c-d2c4950d210b",
                "indicator--55fa7329-5a44-4d43-9376-d2c4950d210b",
                "indicator--55fa7329-1c84-491b-909a-d2c4950d210b",
                "observed-data--55fa732a-10d4-4781-aa4c-d2c4950d210b",
                "url--55fa732a-10d4-4781-aa4c-d2c4950d210b",
                "indicator--55fa732a-01c4-42c1-bb54-d2c4950d210b",
                "indicator--55fa732a-66f8-4ab7-9986-d2c4950d210b",
                "observed-data--55fa732b-1cb8-4eb0-bba8-d2c4950d210b",
                "url--55fa732b-1cb8-4eb0-bba8-d2c4950d210b",
                "indicator--55fa732b-1a84-482c-9f81-d2c4950d210b",
                "indicator--55fa732b-c8fc-4304-b0e2-d2c4950d210b",
                "observed-data--55fa732c-b938-4f3c-b1e8-d2c4950d210b",
                "url--55fa732c-b938-4f3c-b1e8-d2c4950d210b",
                "indicator--55fa732c-3958-400c-bce4-d2c4950d210b",
                "indicator--55fa732c-0510-41a3-aacd-d2c4950d210b",
                "observed-data--55fa732d-bee4-4e39-bc99-d2c4950d210b",
                "url--55fa732d-bee4-4e39-bc99-d2c4950d210b",
                "indicator--55fa732d-57e8-4403-8d6e-d2c4950d210b",
                "indicator--55fa732d-735c-45fe-bf8e-d2c4950d210b",
                "observed-data--55fa732e-8b64-4e63-b691-d2c4950d210b",
                "url--55fa732e-8b64-4e63-b691-d2c4950d210b",
                "indicator--55fa732e-2748-4d24-b414-d2c4950d210b",
                "indicator--55fa732e-17e0-4e2f-8e67-d2c4950d210b",
                "observed-data--55fa732f-1ca8-468a-8caa-d2c4950d210b",
                "url--55fa732f-1ca8-468a-8caa-d2c4950d210b",
                "indicator--55fa732f-ea14-4345-9e15-d2c4950d210b",
                "indicator--55fa732f-dd48-4753-ac79-d2c4950d210b",
                "observed-data--55fa7330-9fd0-44d4-bbb6-d2c4950d210b",
                "url--55fa7330-9fd0-44d4-bbb6-d2c4950d210b",
                "indicator--55fa7330-2950-4b1b-85e7-d2c4950d210b",
                "indicator--55fa7330-c214-4d74-9a4c-d2c4950d210b",
                "observed-data--55fa7331-a1e8-4ca2-90b3-d2c4950d210b",
                "url--55fa7331-a1e8-4ca2-90b3-d2c4950d210b",
                "indicator--55fa7331-6cb4-4fb2-aeff-d2c4950d210b",
                "indicator--55fa7331-f598-41cd-aace-d2c4950d210b",
                "observed-data--55fa7332-f904-4404-94fc-d2c4950d210b",
                "url--55fa7332-f904-4404-94fc-d2c4950d210b",
                "indicator--55fa7332-4e50-46c2-b6c3-d2c4950d210b",
                "indicator--55fa7332-b9d8-44ec-8898-d2c4950d210b",
                "observed-data--55fa7333-3214-43ce-9a3e-d2c4950d210b",
                "url--55fa7333-3214-43ce-9a3e-d2c4950d210b",
                "indicator--55fa7333-8a50-43fb-900c-d2c4950d210b",
                "indicator--55fa7333-1c9c-4f07-be59-d2c4950d210b",
                "observed-data--55fa7334-b940-4a00-91f1-d2c4950d210b",
                "url--55fa7334-b940-4a00-91f1-d2c4950d210b",
                "indicator--55fa7334-6b60-40f7-a6d0-d2c4950d210b",
                "indicator--55fa7335-788c-4e91-a406-d2c4950d210b",
                "observed-data--55fa7335-4a7c-492a-b184-d2c4950d210b",
                "url--55fa7335-4a7c-492a-b184-d2c4950d210b",
                "indicator--55fa7335-09ec-4b9d-b1af-d2c4950d210b",
                "indicator--55fa7336-eaec-46b8-8cab-d2c4950d210b",
                "observed-data--55fa7336-5568-4889-8e29-d2c4950d210b",
                "url--55fa7336-5568-4889-8e29-d2c4950d210b",
                "indicator--55fa7336-5300-4ee5-9966-d2c4950d210b",
                "indicator--55fa7337-5744-4ff5-bc2b-d2c4950d210b",
                "observed-data--55fa7337-36c4-4c8b-b28a-d2c4950d210b",
                "url--55fa7337-36c4-4c8b-b28a-d2c4950d210b",
                "indicator--55fa7337-3164-4479-9f29-d2c4950d210b",
                "indicator--55fa7338-1ec8-4830-a081-d2c4950d210b",
                "observed-data--55fa7338-e3a0-4993-83b0-d2c4950d210b",
                "url--55fa7338-e3a0-4993-83b0-d2c4950d210b",
                "indicator--55fa7338-8118-4f2b-950b-d2c4950d210b",
                "indicator--55fa7339-45d4-4b17-ad6b-d2c4950d210b",
                "observed-data--55fa7339-843c-48c6-9321-d2c4950d210b",
                "url--55fa7339-843c-48c6-9321-d2c4950d210b",
                "indicator--55fa7339-21f4-4456-b480-d2c4950d210b",
                "indicator--55fa733a-4a38-4906-8d7b-d2c4950d210b",
                "observed-data--55fa733a-1544-4255-b26a-d2c4950d210b",
                "url--55fa733a-1544-4255-b26a-d2c4950d210b",
                "indicator--55fa733a-ffc0-483a-af27-d2c4950d210b",
                "indicator--55fa733b-9b08-4dff-8a28-d2c4950d210b",
                "observed-data--55fa733b-b8e4-47e8-a13b-d2c4950d210b",
                "url--55fa733b-b8e4-47e8-a13b-d2c4950d210b",
                "indicator--55fa733b-c9e0-4e7f-90c1-d2c4950d210b",
                "indicator--55fa733c-9a14-4a84-a5f6-d2c4950d210b",
                "observed-data--55fa733c-9b34-461a-9ea2-d2c4950d210b",
                "url--55fa733c-9b34-461a-9ea2-d2c4950d210b",
                "indicator--55fa733c-12a4-457a-9552-d2c4950d210b",
                "indicator--55fa733d-3f34-42b7-a57b-d2c4950d210b",
                "observed-data--55fa733d-0508-4191-8c87-d2c4950d210b",
                "url--55fa733d-0508-4191-8c87-d2c4950d210b",
                "indicator--55fa733d-e8bc-4a84-8fe6-d2c4950d210b",
                "indicator--55fa733e-2558-4765-b1ed-d2c4950d210b",
                "observed-data--55fa733e-7ab4-4bc7-9323-d2c4950d210b",
                "url--55fa733e-7ab4-4bc7-9323-d2c4950d210b",
                "indicator--55fa733f-2c84-4263-a2c4-d2c4950d210b",
                "indicator--55fa733f-f094-4afd-9826-d2c4950d210b",
                "observed-data--55fa733f-30a0-4ee4-a831-d2c4950d210b",
                "url--55fa733f-30a0-4ee4-a831-d2c4950d210b",
                "indicator--55fa7340-5a54-474d-9858-d2c4950d210b",
                "indicator--55fa7340-b5bc-4e96-965e-d2c4950d210b",
                "observed-data--55fa7340-7cd0-4e59-bb27-d2c4950d210b",
                "url--55fa7340-7cd0-4e59-bb27-d2c4950d210b",
                "indicator--55fa7341-89fc-444a-901a-d2c4950d210b",
                "indicator--55fa7341-8180-48dd-b0d9-d2c4950d210b",
                "observed-data--55fa7341-983c-4394-b1d0-d2c4950d210b",
                "url--55fa7341-983c-4394-b1d0-d2c4950d210b",
                "indicator--55fa7342-aafc-4580-8a7a-d2c4950d210b",
                "indicator--55fa7342-f6f8-4e98-837d-d2c4950d210b",
                "observed-data--55fa7342-c3e8-46a1-87b9-d2c4950d210b",
                "url--55fa7342-c3e8-46a1-87b9-d2c4950d210b",
                "indicator--55fa7343-2aa8-4849-ab1f-d2c4950d210b",
                "indicator--55fa7343-578c-48d8-9014-d2c4950d210b",
                "observed-data--55fa7343-bab8-4a9e-b56b-d2c4950d210b",
                "url--55fa7343-bab8-4a9e-b56b-d2c4950d210b",
                "indicator--55fa7344-3d4c-40aa-86b3-d2c4950d210b",
                "indicator--55fa7344-8df4-45c0-8c99-d2c4950d210b",
                "observed-data--55fa7344-0104-4144-bb79-d2c4950d210b",
                "url--55fa7344-0104-4144-bb79-d2c4950d210b",
                "indicator--55fa7345-7ff0-4aca-a007-d2c4950d210b",
                "indicator--55fa7345-d9dc-499f-a905-d2c4950d210b",
                "observed-data--55fa7345-32a4-41b0-a736-d2c4950d210b",
                "url--55fa7345-32a4-41b0-a736-d2c4950d210b",
                "indicator--55fa7346-3a74-4b02-aa8b-d2c4950d210b",
                "indicator--55fa7346-2ec4-4b61-a07b-d2c4950d210b",
                "observed-data--55fa7346-2454-47a6-bdb9-d2c4950d210b",
                "url--55fa7346-2454-47a6-bdb9-d2c4950d210b",
                "indicator--55fa7347-46c8-421a-841b-d2c4950d210b",
                "indicator--55fa7347-f5a4-4aa6-8a8f-d2c4950d210b",
                "observed-data--55fa7347-a9a4-4b3d-b301-d2c4950d210b",
                "url--55fa7347-a9a4-4b3d-b301-d2c4950d210b",
                "indicator--55fa7348-6330-4e58-89a6-d2c4950d210b",
                "indicator--55fa7348-abf4-4e7b-8c6f-d2c4950d210b",
                "observed-data--55fa7349-aaf4-4039-bb21-d2c4950d210b",
                "url--55fa7349-aaf4-4039-bb21-d2c4950d210b",
                "indicator--55fa7349-ce14-4d0c-911b-d2c4950d210b",
                "indicator--55fa7349-a1d4-4f2e-bdca-d2c4950d210b",
                "observed-data--55fa734a-0b88-4522-ac66-d2c4950d210b",
                "url--55fa734a-0b88-4522-ac66-d2c4950d210b",
                "indicator--55fa734a-f168-4f1e-9f49-d2c4950d210b",
                "indicator--55fa734a-dc40-4a56-959c-d2c4950d210b",
                "observed-data--55fa734b-0068-4d81-b27d-d2c4950d210b",
                "url--55fa734b-0068-4d81-b27d-d2c4950d210b",
                "indicator--55fa734b-da08-44a0-a243-d2c4950d210b",
                "indicator--55fa734b-740c-46e3-85de-d2c4950d210b",
                "observed-data--55fa734c-db6c-4f7d-a37f-d2c4950d210b",
                "url--55fa734c-db6c-4f7d-a37f-d2c4950d210b",
                "indicator--55fa734c-37bc-4581-97c5-d2c4950d210b",
                "indicator--55fa734c-2c8c-42ab-829f-d2c4950d210b",
                "observed-data--55fa734d-c454-4bf0-b91f-d2c4950d210b",
                "url--55fa734d-c454-4bf0-b91f-d2c4950d210b",
                "indicator--55fa734d-89dc-4c49-82e4-d2c4950d210b",
                "indicator--55fa734d-debc-4d21-80d6-d2c4950d210b",
                "observed-data--55fa734e-f618-4591-aa1d-d2c4950d210b",
                "url--55fa734e-f618-4591-aa1d-d2c4950d210b",
                "indicator--55fa734e-26a8-4783-8bce-d2c4950d210b",
                "indicator--55fa734e-a37c-41e9-bb92-d2c4950d210b",
                "observed-data--55fa734f-74f4-4cb9-9d55-d2c4950d210b",
                "url--55fa734f-74f4-4cb9-9d55-d2c4950d210b",
                "indicator--55fa734f-8360-49bf-bf36-d2c4950d210b",
                "indicator--55fa734f-b6f0-4b4d-8745-d2c4950d210b",
                "observed-data--55fa7350-ea20-4ea6-a31f-d2c4950d210b",
                "url--55fa7350-ea20-4ea6-a31f-d2c4950d210b",
                "indicator--55fa7350-4c7c-4049-9b62-d2c4950d210b",
                "indicator--55fa7350-36c0-4444-93ff-d2c4950d210b",
                "observed-data--55fa7351-e2cc-4cc2-a825-d2c4950d210b",
                "url--55fa7351-e2cc-4cc2-a825-d2c4950d210b",
                "indicator--55fa7351-729c-48de-8a04-d2c4950d210b",
                "indicator--55fa7352-24f0-4b4c-a1eb-d2c4950d210b",
                "observed-data--55fa7352-17d4-4cba-8fce-d2c4950d210b",
                "url--55fa7352-17d4-4cba-8fce-d2c4950d210b",
                "indicator--55fa7352-9f68-4dd0-b0c4-d2c4950d210b",
                "indicator--55fa7353-383c-42c6-a5e2-d2c4950d210b",
                "observed-data--55fa7353-7254-4497-aebb-d2c4950d210b",
                "url--55fa7353-7254-4497-aebb-d2c4950d210b",
                "indicator--55fa7353-2f00-431d-8022-d2c4950d210b",
                "indicator--55fa7354-7cf8-4e4b-aa29-d2c4950d210b",
                "observed-data--55fa7354-7d40-457e-8519-d2c4950d210b",
                "url--55fa7354-7d40-457e-8519-d2c4950d210b",
                "indicator--55fa7354-63bc-49fa-8352-d2c4950d210b",
                "indicator--55fa7355-aa30-47ea-9a86-d2c4950d210b",
                "observed-data--55fa7355-0738-4d65-8b42-d2c4950d210b",
                "url--55fa7355-0738-4d65-8b42-d2c4950d210b",
                "indicator--55fa7355-549c-4eec-b051-d2c4950d210b",
                "indicator--55fa7356-b390-4f0d-b33b-d2c4950d210b",
                "observed-data--55fa7356-9e30-44ea-b830-d2c4950d210b",
                "url--55fa7356-9e30-44ea-b830-d2c4950d210b",
                "indicator--55fa7356-d11c-4aa0-afa0-d2c4950d210b",
                "indicator--55fa7357-cde0-44f0-80dd-d2c4950d210b",
                "observed-data--55fa7357-46e4-4cf8-8e85-d2c4950d210b",
                "url--55fa7357-46e4-4cf8-8e85-d2c4950d210b",
                "indicator--55fa7357-5c98-4616-b09c-d2c4950d210b",
                "indicator--55fa7358-b6f8-4630-ad4a-d2c4950d210b",
                "observed-data--55fa7358-c690-447c-909c-d2c4950d210b",
                "url--55fa7358-c690-447c-909c-d2c4950d210b",
                "indicator--55fa7358-a960-4139-8f4d-d2c4950d210b",
                "indicator--55fa7359-1524-47ae-b584-d2c4950d210b",
                "observed-data--55fa7359-6db4-422c-8fd7-d2c4950d210b",
                "url--55fa7359-6db4-422c-8fd7-d2c4950d210b",
                "indicator--55fa7359-62d0-454d-aae8-d2c4950d210b",
                "indicator--55fa735a-2f10-466d-bac7-d2c4950d210b",
                "observed-data--55fa735a-7e78-485c-b2e5-d2c4950d210b",
                "url--55fa735a-7e78-485c-b2e5-d2c4950d210b",
                "indicator--55fa735a-cde0-4066-8cf3-d2c4950d210b",
                "indicator--55fa735b-cb34-457b-9660-d2c4950d210b",
                "observed-data--55fa735b-2818-4672-ad8f-d2c4950d210b",
                "url--55fa735b-2818-4672-ad8f-d2c4950d210b",
                "indicator--55fa735c-be10-40b3-881d-d2c4950d210b",
                "indicator--55fa735c-f83c-4624-a273-d2c4950d210b",
                "observed-data--55fa735c-e128-4a6f-8b54-d2c4950d210b",
                "url--55fa735c-e128-4a6f-8b54-d2c4950d210b",
                "indicator--55fa735d-5c24-424e-af5c-d2c4950d210b",
                "indicator--55fa735d-2500-4df5-8e0e-d2c4950d210b",
                "observed-data--55fa735d-886c-4bc8-829d-d2c4950d210b",
                "url--55fa735d-886c-4bc8-829d-d2c4950d210b",
                "indicator--55fa735e-8d9c-4e79-8c0e-d2c4950d210b",
                "indicator--55fa735e-46bc-41f9-92a3-d2c4950d210b",
                "observed-data--55fa735e-f7e8-4d12-8f9b-d2c4950d210b",
                "url--55fa735e-f7e8-4d12-8f9b-d2c4950d210b",
                "indicator--55fa735f-1510-4a03-bf1d-d2c4950d210b",
                "indicator--55fa735f-2978-4272-baea-d2c4950d210b",
                "observed-data--55fa735f-c388-4073-9b25-d2c4950d210b",
                "url--55fa735f-c388-4073-9b25-d2c4950d210b",
                "indicator--55fa7360-2514-43cd-9dfd-d2c4950d210b",
                "indicator--55fa7360-6854-4525-80d8-d2c4950d210b",
                "observed-data--55fa7360-cd94-4a41-bc49-d2c4950d210b",
                "url--55fa7360-cd94-4a41-bc49-d2c4950d210b",
                "indicator--55fa7361-c8f0-44e0-b02a-d2c4950d210b",
                "indicator--55fa7361-ed68-44fc-88f4-d2c4950d210b",
                "observed-data--55fa7361-2e20-4565-b91b-d2c4950d210b",
                "url--55fa7361-2e20-4565-b91b-d2c4950d210b",
                "indicator--55fa7362-6a9c-4e52-9d8c-d2c4950d210b",
                "indicator--55fa7362-bfe4-43a2-99f8-d2c4950d210b",
                "observed-data--55fa7362-60dc-4a12-b87c-d2c4950d210b",
                "url--55fa7362-60dc-4a12-b87c-d2c4950d210b",
                "indicator--55fa7363-ac40-4996-8e64-d2c4950d210b",
                "indicator--55fa7363-8d10-4640-ba6e-d2c4950d210b",
                "observed-data--55fa7363-2cb0-4e84-9b97-d2c4950d210b",
                "url--55fa7363-2cb0-4e84-9b97-d2c4950d210b",
                "indicator--55fa7364-4d24-42af-aac6-d2c4950d210b",
                "indicator--55fa7364-90d4-4bbe-a3ed-d2c4950d210b",
                "observed-data--55fa7364-c978-431e-8049-d2c4950d210b",
                "url--55fa7364-c978-431e-8049-d2c4950d210b",
                "indicator--55fa7365-4a20-455b-81f1-d2c4950d210b",
                "indicator--55fa7365-324c-4269-8f0a-d2c4950d210b",
                "observed-data--55fa7366-35dc-4255-a703-d2c4950d210b",
                "url--55fa7366-35dc-4255-a703-d2c4950d210b",
                "indicator--55fa7366-5f6c-414a-a538-d2c4950d210b",
                "indicator--55fa7366-32a4-4c07-8592-d2c4950d210b",
                "observed-data--55fa7367-9554-4d1b-93de-d2c4950d210b",
                "url--55fa7367-9554-4d1b-93de-d2c4950d210b",
                "indicator--55fa7367-c020-4ee2-a3e9-d2c4950d210b",
                "indicator--55fa7367-c800-4ee9-8ad7-d2c4950d210b",
                "observed-data--55fa7368-d2c4-47c6-ae41-d2c4950d210b",
                "url--55fa7368-d2c4-47c6-ae41-d2c4950d210b",
                "indicator--55fa7368-2e9c-4123-b91c-d2c4950d210b",
                "indicator--55fa7368-ce3c-43de-b73d-d2c4950d210b",
                "observed-data--55fa7369-2528-4e18-95bd-d2c4950d210b",
                "url--55fa7369-2528-4e18-95bd-d2c4950d210b",
                "indicator--55fa7369-0cfc-472d-a828-d2c4950d210b",
                "indicator--55fa7369-27b4-479e-b311-d2c4950d210b",
                "observed-data--55fa736a-50f8-4fdd-88b0-d2c4950d210b",
                "url--55fa736a-50f8-4fdd-88b0-d2c4950d210b",
                "indicator--55fa736a-adf8-4881-be4d-d2c4950d210b",
                "indicator--55fa736a-97c4-4a70-a10d-d2c4950d210b",
                "observed-data--55fa736b-8e08-4737-bb46-d2c4950d210b",
                "url--55fa736b-8e08-4737-bb46-d2c4950d210b",
                "indicator--55fa736b-a274-48c8-b512-d2c4950d210b",
                "indicator--55fa736b-af98-4c31-86db-d2c4950d210b",
                "observed-data--55fa736c-8dc8-4256-9452-d2c4950d210b",
                "url--55fa736c-8dc8-4256-9452-d2c4950d210b",
                "indicator--55fa736c-ffd0-4d95-a5a3-d2c4950d210b",
                "indicator--55fa736c-a7ec-468d-acbd-d2c4950d210b",
                "observed-data--55fa736d-f504-498a-8b73-d2c4950d210b",
                "url--55fa736d-f504-498a-8b73-d2c4950d210b",
                "indicator--55fa736d-89e4-4784-98ef-d2c4950d210b",
                "indicator--55fa736d-2adc-4205-9734-d2c4950d210b",
                "observed-data--55fa736e-a070-4948-84ab-d2c4950d210b",
                "url--55fa736e-a070-4948-84ab-d2c4950d210b",
                "indicator--55fa736e-d1ec-4c8c-b26e-d2c4950d210b",
                "indicator--55fa736e-021c-431b-b987-d2c4950d210b",
                "observed-data--55fa736f-8470-4156-af93-d2c4950d210b",
                "url--55fa736f-8470-4156-af93-d2c4950d210b",
                "indicator--55fa736f-0d4c-44dd-999d-d2c4950d210b",
                "indicator--55fa7370-cd4c-43e9-9f57-d2c4950d210b",
                "observed-data--55fa7370-fbb4-494c-8e01-d2c4950d210b",
                "url--55fa7370-fbb4-494c-8e01-d2c4950d210b",
                "indicator--55fa7370-6a90-40ec-bab2-d2c4950d210b",
                "indicator--55fa7371-d4c4-4cb1-9e83-d2c4950d210b",
                "observed-data--55fa7371-98f8-41bb-a79e-d2c4950d210b",
                "url--55fa7371-98f8-41bb-a79e-d2c4950d210b",
                "indicator--55fa7371-fc98-4687-a99d-d2c4950d210b",
                "indicator--55fa7372-3d0c-4209-b075-d2c4950d210b",
                "observed-data--55fa7372-6660-437e-8e43-d2c4950d210b",
                "url--55fa7372-6660-437e-8e43-d2c4950d210b",
                "indicator--55fa7372-7fd8-4be2-8d0f-d2c4950d210b",
                "indicator--55fa7373-4ee8-469e-a665-d2c4950d210b",
                "observed-data--55fa7373-5938-4f63-aeb7-d2c4950d210b",
                "url--55fa7373-5938-4f63-aeb7-d2c4950d210b",
                "indicator--55fa7373-99d4-42bd-8893-d2c4950d210b",
                "indicator--55fa7374-b1a8-43a9-878f-d2c4950d210b",
                "observed-data--55fa7374-4bb0-4761-96c9-d2c4950d210b",
                "url--55fa7374-4bb0-4761-96c9-d2c4950d210b",
                "indicator--55fa7374-ed90-4aee-af65-d2c4950d210b",
                "indicator--55fa7375-1e68-4a99-8eeb-d2c4950d210b",
                "observed-data--55fa7375-6bb0-4bf0-b6f2-d2c4950d210b",
                "url--55fa7375-6bb0-4bf0-b6f2-d2c4950d210b",
                "indicator--55fa7375-ce74-484a-9ea7-d2c4950d210b",
                "indicator--55fa7376-b154-4e3d-9fd1-d2c4950d210b",
                "observed-data--55fa7376-0830-4685-8aad-d2c4950d210b",
                "url--55fa7376-0830-4685-8aad-d2c4950d210b",
                "indicator--55fa7376-d518-4e52-8c1a-d2c4950d210b",
                "indicator--55fa7377-9104-409c-9a4e-d2c4950d210b",
                "observed-data--55fa7377-6d5c-4d1e-83ea-d2c4950d210b",
                "url--55fa7377-6d5c-4d1e-83ea-d2c4950d210b",
                "indicator--55fa7377-8e6c-484c-935c-d2c4950d210b",
                "indicator--55fa7378-6e88-4b51-bd83-d2c4950d210b",
                "observed-data--55fa7378-2380-41da-bfb4-d2c4950d210b",
                "url--55fa7378-2380-41da-bfb4-d2c4950d210b",
                "indicator--55fa7378-6bc4-4522-91b0-d2c4950d210b",
                "indicator--55fa7379-b4b4-4941-aec5-d2c4950d210b",
                "observed-data--55fa7379-88ec-449a-854e-d2c4950d210b",
                "url--55fa7379-88ec-449a-854e-d2c4950d210b",
                "indicator--55fa7379-36f8-4ca0-93f9-d2c4950d210b",
                "indicator--55fa737a-7184-4f5a-81fb-d2c4950d210b",
                "observed-data--55fa737a-651c-461b-9cc9-d2c4950d210b",
                "url--55fa737a-651c-461b-9cc9-d2c4950d210b",
                "indicator--55fa737b-81d8-4f77-97f2-d2c4950d210b",
                "indicator--55fa737b-9684-440a-9c87-d2c4950d210b",
                "observed-data--55fa737b-1eac-469b-8535-d2c4950d210b",
                "url--55fa737b-1eac-469b-8535-d2c4950d210b",
                "indicator--55fa737c-ff88-43e9-96a2-d2c4950d210b",
                "indicator--55fa737c-8f24-43f8-8725-d2c4950d210b",
                "observed-data--55fa737c-3898-4656-b763-d2c4950d210b",
                "url--55fa737c-3898-4656-b763-d2c4950d210b",
                "indicator--55fa737d-a5bc-404e-ae57-d2c4950d210b",
                "indicator--55fa737d-7848-41c4-a658-d2c4950d210b",
                "observed-data--55fa737d-3814-4549-8760-d2c4950d210b",
                "url--55fa737d-3814-4549-8760-d2c4950d210b",
                "indicator--55fa737e-7898-417b-aa90-d2c4950d210b",
                "indicator--55fa737e-c4e0-4346-9096-d2c4950d210b",
                "observed-data--55fa737e-5bbc-41cf-9c60-d2c4950d210b",
                "url--55fa737e-5bbc-41cf-9c60-d2c4950d210b",
                "indicator--55fa737f-078c-4651-aeea-d2c4950d210b",
                "indicator--55fa737f-fcf4-4a02-b561-d2c4950d210b",
                "observed-data--55fa737f-7ba8-48b0-8b74-d2c4950d210b",
                "url--55fa737f-7ba8-48b0-8b74-d2c4950d210b",
                "indicator--55fa7380-eac8-410d-a20f-d2c4950d210b",
                "indicator--55fa7380-59b0-4894-b370-d2c4950d210b",
                "observed-data--55fa7380-db78-4859-b584-d2c4950d210b",
                "url--55fa7380-db78-4859-b584-d2c4950d210b",
                "indicator--55fa7381-5244-4d19-8fca-d2c4950d210b",
                "indicator--55fa7381-4b7c-4fe9-9488-d2c4950d210b",
                "observed-data--55fa7381-f8f8-4c70-9f2d-d2c4950d210b",
                "url--55fa7381-f8f8-4c70-9f2d-d2c4950d210b",
                "indicator--55fa7382-0d5c-45d8-b951-d2c4950d210b",
                "indicator--55fa7382-3e4c-492b-9989-d2c4950d210b",
                "observed-data--55fa7382-d87c-4bee-9bc2-d2c4950d210b",
                "url--55fa7382-d87c-4bee-9bc2-d2c4950d210b",
                "indicator--55fa7383-6e00-47c8-9863-d2c4950d210b",
                "indicator--55fa7383-76c4-4770-b941-d2c4950d210b",
                "observed-data--55fa7384-a9a4-4e5e-a32b-d2c4950d210b",
                "url--55fa7384-a9a4-4e5e-a32b-d2c4950d210b",
                "indicator--55fa7384-9ebc-4da5-8d7a-d2c4950d210b",
                "indicator--55fa7384-7fd8-4c2b-923a-d2c4950d210b",
                "observed-data--55fa7385-87fc-4d2c-9fc3-d2c4950d210b",
                "url--55fa7385-87fc-4d2c-9fc3-d2c4950d210b",
                "indicator--55fa7385-b4d8-421e-be8c-d2c4950d210b",
                "indicator--55fa7385-122c-4e85-bad9-d2c4950d210b",
                "observed-data--55fa7386-69e4-4554-bf5b-d2c4950d210b",
                "url--55fa7386-69e4-4554-bf5b-d2c4950d210b",
                "indicator--55fa7386-3d44-4224-af90-d2c4950d210b",
                "indicator--55fa7386-e880-4b91-9e68-d2c4950d210b",
                "observed-data--55fa7387-5e84-421c-8bbe-d2c4950d210b",
                "url--55fa7387-5e84-421c-8bbe-d2c4950d210b",
                "indicator--55fa7387-0c64-4f92-9618-d2c4950d210b",
                "indicator--55fa7387-5670-418f-89e6-d2c4950d210b",
                "observed-data--55fa7388-497c-42b2-8ad0-d2c4950d210b",
                "url--55fa7388-497c-42b2-8ad0-d2c4950d210b",
                "indicator--55fa7388-a3e8-4917-8114-d2c4950d210b",
                "indicator--55fa7388-17e4-42ee-8b14-d2c4950d210b",
                "observed-data--55fa7389-516c-4480-ab05-d2c4950d210b",
                "url--55fa7389-516c-4480-ab05-d2c4950d210b",
                "indicator--55fa7389-0ea4-415f-9a26-d2c4950d210b",
                "indicator--55fa7389-93d0-40b4-95b2-d2c4950d210b",
                "observed-data--55fa738a-0408-40f4-b72f-d2c4950d210b",
                "url--55fa738a-0408-40f4-b72f-d2c4950d210b",
                "indicator--55fa738a-a054-40ea-8cea-d2c4950d210b",
                "indicator--55fa738a-43f8-414a-b34b-d2c4950d210b",
                "observed-data--55fa738b-64c8-411a-a7e4-d2c4950d210b",
                "url--55fa738b-64c8-411a-a7e4-d2c4950d210b",
                "indicator--55fa738b-5654-4317-b13a-d2c4950d210b",
                "indicator--55fa738b-c054-4706-adcc-d2c4950d210b",
                "observed-data--55fa738c-5d70-480b-a096-d2c4950d210b",
                "url--55fa738c-5d70-480b-a096-d2c4950d210b",
                "indicator--55fa738c-26c4-4599-a333-d2c4950d210b",
                "indicator--55fa738d-9548-4f97-8041-d2c4950d210b",
                "observed-data--55fa738d-803c-4563-8490-d2c4950d210b",
                "url--55fa738d-803c-4563-8490-d2c4950d210b",
                "indicator--55fa738d-8688-49e7-9cfa-d2c4950d210b",
                "indicator--55fa738e-5de8-40e8-bc00-d2c4950d210b",
                "observed-data--55fa738e-6a60-4f17-ba1e-d2c4950d210b",
                "url--55fa738e-6a60-4f17-ba1e-d2c4950d210b",
                "indicator--55fa738e-9018-4efb-9217-d2c4950d210b",
                "indicator--55fa738f-fb54-4c6f-99ae-d2c4950d210b",
                "observed-data--55fa738f-6928-4a1d-a762-d2c4950d210b",
                "url--55fa738f-6928-4a1d-a762-d2c4950d210b",
                "indicator--55fa738f-a070-48e6-8a6b-d2c4950d210b",
                "indicator--55fa7390-16c8-4790-ac80-d2c4950d210b",
                "observed-data--55fa7390-8444-418e-9636-d2c4950d210b",
                "url--55fa7390-8444-418e-9636-d2c4950d210b",
                "indicator--55fa7390-8ec0-4f00-9d45-d2c4950d210b",
                "indicator--55fa7391-60b8-4de9-aa3b-d2c4950d210b",
                "observed-data--55fa7391-bd28-4bcd-b5fa-d2c4950d210b",
                "url--55fa7391-bd28-4bcd-b5fa-d2c4950d210b",
                "indicator--55fa7391-4818-43f9-a2f8-d2c4950d210b",
                "indicator--55fa7392-315c-4102-abb0-d2c4950d210b",
                "observed-data--55fa7392-04f8-49ad-b3b8-d2c4950d210b",
                "url--55fa7392-04f8-49ad-b3b8-d2c4950d210b",
                "indicator--55fa7392-7bcc-4484-b643-d2c4950d210b",
                "indicator--55fa7393-0ec8-45a1-a2c9-d2c4950d210b",
                "observed-data--55fa7393-8b14-49a8-abbb-d2c4950d210b",
                "url--55fa7393-8b14-49a8-abbb-d2c4950d210b",
                "indicator--55fa7393-c864-45e0-a33c-d2c4950d210b",
                "indicator--55fa7394-9ef8-4dec-9b44-d2c4950d210b",
                "observed-data--55fa7394-d8ec-404b-9780-d2c4950d210b",
                "url--55fa7394-d8ec-404b-9780-d2c4950d210b",
                "indicator--55fa7395-1e9c-406f-bdaa-d2c4950d210b",
                "indicator--55fa7395-1e5c-4735-8ae3-d2c4950d210b",
                "observed-data--55fa7395-86c4-4029-9a10-d2c4950d210b",
                "url--55fa7395-86c4-4029-9a10-d2c4950d210b",
                "indicator--55fa7396-8490-40ef-a96a-d2c4950d210b",
                "indicator--55fa7396-889c-4e39-b5a6-d2c4950d210b",
                "observed-data--55fa7396-dd84-4d11-9962-d2c4950d210b",
                "url--55fa7396-dd84-4d11-9962-d2c4950d210b",
                "indicator--55fa7397-b608-4aa7-aeb1-d2c4950d210b",
                "indicator--55fa7397-3614-4688-bf50-d2c4950d210b",
                "observed-data--55fa7397-38ec-4765-ad52-d2c4950d210b",
                "url--55fa7397-38ec-4765-ad52-d2c4950d210b",
                "indicator--55fa7398-c2e8-435a-8a90-d2c4950d210b",
                "indicator--55fa7398-6d38-460c-a308-d2c4950d210b",
                "observed-data--55fa7398-f584-4113-bb6e-d2c4950d210b",
                "url--55fa7398-f584-4113-bb6e-d2c4950d210b",
                "indicator--55fa7399-8b08-460c-98c9-d2c4950d210b",
                "indicator--55fa7399-9c70-4bd2-bfbc-d2c4950d210b",
                "observed-data--55fa7399-7a64-44c9-a373-d2c4950d210b",
                "url--55fa7399-7a64-44c9-a373-d2c4950d210b",
                "indicator--55fa739a-53c4-4eea-887f-d2c4950d210b",
                "indicator--55fa739a-c418-482d-aba1-d2c4950d210b",
                "observed-data--55fa739a-4614-4e09-94f7-d2c4950d210b",
                "url--55fa739a-4614-4e09-94f7-d2c4950d210b",
                "indicator--55fa739b-1bd4-495a-9b24-d2c4950d210b",
                "indicator--55fa739b-9ce0-4bb8-99e2-d2c4950d210b",
                "observed-data--55fa739b-db30-454d-988b-d2c4950d210b",
                "url--55fa739b-db30-454d-988b-d2c4950d210b",
                "indicator--55fa739c-ede8-4e97-9e78-d2c4950d210b",
                "indicator--55fa739c-c06c-4e97-b58a-d2c4950d210b",
                "observed-data--55fa739c-365c-469f-927b-d2c4950d210b",
                "url--55fa739c-365c-469f-927b-d2c4950d210b",
                "indicator--55fa739d-fd84-49cc-99a5-d2c4950d210b",
                "indicator--55fa739d-4ebc-4046-9816-d2c4950d210b",
                "observed-data--55fa739e-0fc4-4e8e-bd19-d2c4950d210b",
                "url--55fa739e-0fc4-4e8e-bd19-d2c4950d210b",
                "indicator--55fa739e-7824-4d81-b173-d2c4950d210b",
                "indicator--55fa739e-451c-4afc-870f-d2c4950d210b",
                "observed-data--55fa739f-ad68-4bec-a7e3-d2c4950d210b",
                "url--55fa739f-ad68-4bec-a7e3-d2c4950d210b",
                "indicator--55fa739f-ce38-4278-8747-d2c4950d210b",
                "indicator--55fa739f-f284-4523-817b-d2c4950d210b",
                "observed-data--55fa73a0-20f8-4827-9be3-d2c4950d210b",
                "url--55fa73a0-20f8-4827-9be3-d2c4950d210b",
                "indicator--55fa73a0-674c-479c-a7a9-d2c4950d210b",
                "indicator--55fa73a0-9378-412a-b298-d2c4950d210b",
                "observed-data--55fa73a1-fa64-4171-8d32-d2c4950d210b",
                "url--55fa73a1-fa64-4171-8d32-d2c4950d210b",
                "indicator--55fa73a1-1a0c-4dd8-bda1-d2c4950d210b",
                "indicator--55fa73a1-ed84-4bda-a875-d2c4950d210b",
                "observed-data--55fa73a2-8390-4094-b482-d2c4950d210b",
                "url--55fa73a2-8390-4094-b482-d2c4950d210b",
                "indicator--55fa73a2-e7d8-4314-b895-d2c4950d210b",
                "indicator--55fa73a2-0500-4731-9347-d2c4950d210b",
                "observed-data--55fa73a3-7c74-466e-b8c6-d2c4950d210b",
                "url--55fa73a3-7c74-466e-b8c6-d2c4950d210b",
                "indicator--55fa73a3-66f8-42e6-a8a1-d2c4950d210b",
                "indicator--55fa73a3-efe8-456f-b5bf-d2c4950d210b",
                "observed-data--55fa73a4-ac84-406a-b947-d2c4950d210b",
                "url--55fa73a4-ac84-406a-b947-d2c4950d210b",
                "indicator--55fa73a4-3c9c-4a38-9906-d2c4950d210b",
                "indicator--55fa73a4-e384-4c37-9c4c-d2c4950d210b",
                "observed-data--55fa73a5-ccd4-4c3b-804a-d2c4950d210b",
                "url--55fa73a5-ccd4-4c3b-804a-d2c4950d210b",
                "indicator--55fa73a5-0420-4acc-9548-d2c4950d210b",
                "indicator--55fa73a5-8400-4cbc-9021-d2c4950d210b",
                "observed-data--55fa73a6-71dc-418d-9b0d-d2c4950d210b",
                "url--55fa73a6-71dc-418d-9b0d-d2c4950d210b",
                "indicator--55fa73a6-42c0-4031-8506-d2c4950d210b",
                "indicator--55fa73a7-54b0-4608-a71c-d2c4950d210b",
                "observed-data--55fa73a7-1fc8-41f3-94cd-d2c4950d210b",
                "url--55fa73a7-1fc8-41f3-94cd-d2c4950d210b",
                "indicator--55fa73a7-11b8-4398-84ab-d2c4950d210b",
                "indicator--55fa73a8-dcf4-4e6e-abaf-d2c4950d210b",
                "observed-data--55fa73a8-7320-4237-9489-d2c4950d210b",
                "url--55fa73a8-7320-4237-9489-d2c4950d210b",
                "indicator--55fa73a8-1034-4179-9ef2-d2c4950d210b",
                "indicator--55fa73a9-9df8-4939-bcff-d2c4950d210b",
                "observed-data--55fa73a9-ecd8-4048-bef1-d2c4950d210b",
                "url--55fa73a9-ecd8-4048-bef1-d2c4950d210b",
                "indicator--55fa73a9-f0e8-4aa1-b071-d2c4950d210b",
                "indicator--55fa73aa-9b24-4eb5-b020-d2c4950d210b",
                "observed-data--55fa73aa-0128-48d7-9830-d2c4950d210b",
                "url--55fa73aa-0128-48d7-9830-d2c4950d210b",
                "indicator--55fa73aa-2b1c-4c29-a424-d2c4950d210b",
                "indicator--55fa73ab-22bc-4ecf-bae3-d2c4950d210b",
                "observed-data--55fa73ab-a440-430a-9537-d2c4950d210b",
                "url--55fa73ab-a440-430a-9537-d2c4950d210b",
                "indicator--55fa73ab-d25c-4bcf-9b4d-d2c4950d210b",
                "indicator--55fa73ac-cdd0-49e4-b1e8-d2c4950d210b",
                "observed-data--55fa73ac-3458-4a9f-b605-d2c4950d210b",
                "url--55fa73ac-3458-4a9f-b605-d2c4950d210b",
                "indicator--55fa73ac-cac8-4956-a583-d2c4950d210b",
                "indicator--55fa73ad-2358-4660-b5d3-d2c4950d210b",
                "observed-data--55fa73ad-8aa4-4d19-8cec-d2c4950d210b",
                "url--55fa73ad-8aa4-4d19-8cec-d2c4950d210b",
                "indicator--55fa73ad-d8bc-48bd-b149-d2c4950d210b",
                "indicator--55fa73ae-7f1c-43a8-a4ae-d2c4950d210b",
                "observed-data--55fa73ae-9ca0-4472-abdf-d2c4950d210b",
                "url--55fa73ae-9ca0-4472-abdf-d2c4950d210b",
                "indicator--55fa73ae-a444-43e9-aaac-d2c4950d210b",
                "indicator--55fa73af-d0cc-4f4c-9488-d2c4950d210b",
                "observed-data--55fa73af-48ec-44dd-9f11-d2c4950d210b",
                "url--55fa73af-48ec-44dd-9f11-d2c4950d210b",
                "indicator--55fa73b0-8404-4265-a1d0-d2c4950d210b",
                "indicator--55fa73b0-b108-4be4-98e3-d2c4950d210b",
                "observed-data--55fa73b0-95a8-4fbb-8651-d2c4950d210b",
                "url--55fa73b0-95a8-4fbb-8651-d2c4950d210b",
                "indicator--55fa73b1-c134-4a30-84e3-d2c4950d210b",
                "indicator--55fa73b1-c798-4e16-8b39-d2c4950d210b",
                "observed-data--55fa73b1-44e0-476c-a852-d2c4950d210b",
                "url--55fa73b1-44e0-476c-a852-d2c4950d210b",
                "indicator--55fa73b2-349c-466f-aad9-d2c4950d210b",
                "indicator--55fa73b2-bf54-49b6-8112-d2c4950d210b",
                "observed-data--55fa73b2-6128-4066-9171-d2c4950d210b",
                "url--55fa73b2-6128-4066-9171-d2c4950d210b",
                "indicator--55fa73b3-1e20-4f12-a1bb-d2c4950d210b",
                "indicator--55fa73b3-10b4-41a9-aab8-d2c4950d210b",
                "observed-data--55fa73b3-46d4-47e7-ae7f-d2c4950d210b",
                "url--55fa73b3-46d4-47e7-ae7f-d2c4950d210b",
                "indicator--55fa73b4-25bc-4a8a-8a25-d2c4950d210b",
                "indicator--55fa73b4-8bc0-4484-aa13-d2c4950d210b",
                "observed-data--55fa73b4-76ec-4e61-a9c1-d2c4950d210b",
                "url--55fa73b4-76ec-4e61-a9c1-d2c4950d210b",
                "indicator--55fa73b5-00dc-4849-926b-d2c4950d210b",
                "indicator--55fa73b5-c634-41fd-8be4-d2c4950d210b",
                "observed-data--55fa73b5-38fc-4f3d-8ad5-d2c4950d210b",
                "url--55fa73b5-38fc-4f3d-8ad5-d2c4950d210b",
                "indicator--55fa73b6-251c-4379-9a23-d2c4950d210b",
                "indicator--55fa73b6-9e24-443d-92a5-d2c4950d210b",
                "observed-data--55fa73b6-e604-4870-a54a-d2c4950d210b",
                "url--55fa73b6-e604-4870-a54a-d2c4950d210b",
                "indicator--55fa73b7-ca80-44e0-9c3e-d2c4950d210b",
                "indicator--55fa73b7-cbac-4f7c-94c2-d2c4950d210b",
                "observed-data--55fa73b8-e90c-4872-bffe-d2c4950d210b",
                "url--55fa73b8-e90c-4872-bffe-d2c4950d210b",
                "indicator--55fa73b8-8734-43ff-89d0-d2c4950d210b",
                "indicator--55fa73b8-18ec-4dd8-86fa-d2c4950d210b",
                "observed-data--55fa73b9-eee8-4b1d-a087-d2c4950d210b",
                "url--55fa73b9-eee8-4b1d-a087-d2c4950d210b",
                "indicator--55fa73b9-7864-44d5-b83f-d2c4950d210b",
                "indicator--55fa73b9-7d94-4719-94a4-d2c4950d210b",
                "observed-data--55fa73ba-e218-4d18-a96a-d2c4950d210b",
                "url--55fa73ba-e218-4d18-a96a-d2c4950d210b",
                "indicator--55fa73ba-b0e4-40d4-b559-d2c4950d210b",
                "indicator--55fa73ba-7200-4863-9377-d2c4950d210b",
                "observed-data--55fa73bb-6a78-4af3-ae49-d2c4950d210b",
                "url--55fa73bb-6a78-4af3-ae49-d2c4950d210b",
                "indicator--55fa73bb-d2c4-4e53-864a-d2c4950d210b",
                "indicator--55fa73bb-1c98-49b1-95a5-d2c4950d210b",
                "observed-data--55fa73bc-1d14-48dc-9111-d2c4950d210b",
                "url--55fa73bc-1d14-48dc-9111-d2c4950d210b",
                "indicator--55fa73bc-1534-4b77-bb4e-d2c4950d210b",
                "indicator--55fa73bc-209c-4fed-8697-d2c4950d210b",
                "observed-data--55fa73bd-8008-41cc-95d8-d2c4950d210b",
                "url--55fa73bd-8008-41cc-95d8-d2c4950d210b",
                "indicator--55fa73bd-00d0-4e58-bcc1-d2c4950d210b",
                "indicator--55fa73bd-85a8-4a63-a482-d2c4950d210b",
                "observed-data--55fa73be-c73c-4aa0-ad88-d2c4950d210b",
                "url--55fa73be-c73c-4aa0-ad88-d2c4950d210b",
                "indicator--55fa73be-2ac0-48dc-a9d3-d2c4950d210b",
                "indicator--55fa73be-59fc-4828-9e72-d2c4950d210b",
                "observed-data--55fa73bf-4440-4c71-b043-d2c4950d210b",
                "url--55fa73bf-4440-4c71-b043-d2c4950d210b",
                "indicator--55fa73bf-a574-4d39-bf3e-d2c4950d210b",
                "indicator--55fa73c0-8b74-420b-818b-d2c4950d210b",
                "observed-data--55fa73c0-9a5c-462a-9fab-d2c4950d210b",
                "url--55fa73c0-9a5c-462a-9fab-d2c4950d210b",
                "indicator--55fa73c0-18b8-4c0d-ab60-d2c4950d210b",
                "indicator--55fa73c1-35b0-4381-a305-d2c4950d210b",
                "observed-data--55fa73c1-4f8c-4418-9cc7-d2c4950d210b",
                "url--55fa73c1-4f8c-4418-9cc7-d2c4950d210b",
                "indicator--55fa73c1-a244-4fe0-8ecb-d2c4950d210b",
                "indicator--55fa73c2-43b4-44d0-98c5-d2c4950d210b",
                "observed-data--55fa73c2-49ac-4acc-abd3-d2c4950d210b",
                "url--55fa73c2-49ac-4acc-abd3-d2c4950d210b",
                "indicator--55fa73c2-ffdc-4ffb-8c9f-d2c4950d210b",
                "indicator--55fa73c3-180c-419a-a5da-d2c4950d210b",
                "observed-data--55fa73c3-de74-4c86-86d4-d2c4950d210b",
                "url--55fa73c3-de74-4c86-86d4-d2c4950d210b",
                "indicator--55fa73c3-6628-422a-b427-d2c4950d210b",
                "indicator--55fa73c4-7e20-42af-8083-d2c4950d210b",
                "observed-data--55fa73c4-5a84-4380-a363-d2c4950d210b",
                "url--55fa73c4-5a84-4380-a363-d2c4950d210b",
                "indicator--55fa73c4-313c-412f-a868-d2c4950d210b",
                "indicator--55fa73c5-9e08-4c03-b0a4-d2c4950d210b",
                "observed-data--55fa73c5-1b64-43cf-b1b6-d2c4950d210b",
                "url--55fa73c5-1b64-43cf-b1b6-d2c4950d210b",
                "indicator--55fa73c5-95d8-4a8d-8c73-d2c4950d210b",
                "indicator--55fa73c6-86c0-46fc-ae0a-d2c4950d210b",
                "observed-data--55fa73c6-2ee4-43e4-8260-d2c4950d210b",
                "url--55fa73c6-2ee4-43e4-8260-d2c4950d210b",
                "indicator--55fa73c6-3f7c-4f84-a9be-d2c4950d210b",
                "indicator--55fa73c7-0ff8-4170-b9c1-d2c4950d210b",
                "observed-data--55fa73c7-4104-4f30-b8af-d2c4950d210b",
                "url--55fa73c7-4104-4f30-b8af-d2c4950d210b",
                "indicator--55fa73c7-9eec-45a5-b492-d2c4950d210b",
                "indicator--55fa73c8-1118-44c1-900c-d2c4950d210b",
                "observed-data--55fa73c8-ccf4-4488-b99b-d2c4950d210b",
                "url--55fa73c8-ccf4-4488-b99b-d2c4950d210b",
                "indicator--55fa73c8-327c-4beb-8a87-d2c4950d210b",
                "indicator--55fa73c9-0910-4029-bb80-d2c4950d210b",
                "observed-data--55fa73c9-ac74-48f5-9b9e-d2c4950d210b",
                "url--55fa73c9-ac74-48f5-9b9e-d2c4950d210b",
                "indicator--55fa73ca-c4ac-4f9b-b8d1-d2c4950d210b",
                "indicator--55fa73ca-c7cc-4280-9339-d2c4950d210b",
                "observed-data--55fa73ca-33cc-4fc8-999e-d2c4950d210b",
                "url--55fa73ca-33cc-4fc8-999e-d2c4950d210b",
                "indicator--55fa73cb-90b4-4809-a454-d2c4950d210b",
                "indicator--55fa73cb-fe38-4fa7-aa06-d2c4950d210b",
                "observed-data--55fa73cb-8d6c-4edd-97d9-d2c4950d210b",
                "url--55fa73cb-8d6c-4edd-97d9-d2c4950d210b",
                "indicator--55fa73cc-0608-4058-9098-d2c4950d210b",
                "indicator--55fa73cc-6e8c-41c4-94be-d2c4950d210b",
                "observed-data--55fa73cc-8b50-4d63-8eff-d2c4950d210b",
                "url--55fa73cc-8b50-4d63-8eff-d2c4950d210b",
                "indicator--55fa73cd-3d60-4d8b-be3f-d2c4950d210b",
                "indicator--55fa73cd-9130-453f-8037-d2c4950d210b",
                "observed-data--55fa73cd-bdcc-4e51-8f90-d2c4950d210b",
                "url--55fa73cd-bdcc-4e51-8f90-d2c4950d210b",
                "indicator--55fa73ce-cd30-4981-91f7-d2c4950d210b",
                "indicator--55fa73ce-2cf8-4312-bcd6-d2c4950d210b",
                "observed-data--55fa73ce-1f14-47c5-9dfd-d2c4950d210b",
                "url--55fa73ce-1f14-47c5-9dfd-d2c4950d210b",
                "indicator--55fa73cf-009c-460e-9755-d2c4950d210b",
                "indicator--55fa73cf-0684-43dc-94c0-d2c4950d210b",
                "observed-data--55fa73cf-cc54-444c-99da-d2c4950d210b",
                "url--55fa73cf-cc54-444c-99da-d2c4950d210b",
                "indicator--55fa73d0-dbe0-495d-a784-d2c4950d210b",
                "indicator--55fa73d0-4cc8-4f3c-8c0e-d2c4950d210b",
                "observed-data--55fa73d0-2884-4466-be6a-d2c4950d210b",
                "url--55fa73d0-2884-4466-be6a-d2c4950d210b",
                "indicator--55fa73d1-b198-4cde-b6e4-d2c4950d210b",
                "indicator--55fa73d1-9d94-4c2f-88b6-d2c4950d210b",
                "observed-data--55fa73d2-a27c-419e-8af2-d2c4950d210b",
                "url--55fa73d2-a27c-419e-8af2-d2c4950d210b",
                "indicator--55fa73d2-acac-4eb4-9753-d2c4950d210b",
                "indicator--55fa73d2-30a8-4782-b617-d2c4950d210b",
                "observed-data--55fa73d3-e858-409c-82aa-d2c4950d210b",
                "url--55fa73d3-e858-409c-82aa-d2c4950d210b",
                "indicator--55fa73d3-bf60-4edf-a2e0-d2c4950d210b",
                "indicator--55fa73d3-14e0-43ac-90e3-d2c4950d210b",
                "observed-data--55fa73d4-97cc-4562-8829-d2c4950d210b",
                "url--55fa73d4-97cc-4562-8829-d2c4950d210b",
                "indicator--55fa73d4-4a78-41fa-829d-d2c4950d210b",
                "indicator--55fa73d4-20c0-441d-98b8-d2c4950d210b",
                "observed-data--55fa73d5-4f34-4969-8520-d2c4950d210b",
                "url--55fa73d5-4f34-4969-8520-d2c4950d210b",
                "indicator--55fa73d5-bb2c-4e7b-b0d1-d2c4950d210b",
                "indicator--55fa73d5-eb0c-4d33-9cf2-d2c4950d210b",
                "observed-data--55fa73d6-07c8-46a7-be18-d2c4950d210b",
                "url--55fa73d6-07c8-46a7-be18-d2c4950d210b",
                "indicator--55fa73d6-b178-466e-afd4-d2c4950d210b",
                "indicator--55fa73d6-0af4-4517-9950-d2c4950d210b",
                "observed-data--55fa73d7-0918-4081-9bea-d2c4950d210b",
                "url--55fa73d7-0918-4081-9bea-d2c4950d210b",
                "indicator--55fa73d7-4ff4-4483-a4d3-d2c4950d210b",
                "indicator--55fa73d7-2ef8-4b1d-bc01-d2c4950d210b",
                "observed-data--55fa73d8-45a0-41eb-97a6-d2c4950d210b",
                "url--55fa73d8-45a0-41eb-97a6-d2c4950d210b",
                "indicator--55fa73d8-127c-4d5f-bc50-d2c4950d210b",
                "indicator--55fa73d8-cde8-4dc7-9666-d2c4950d210b",
                "observed-data--55fa73d9-7c74-4cef-a784-d2c4950d210b",
                "url--55fa73d9-7c74-4cef-a784-d2c4950d210b",
                "indicator--55fa73d9-bc84-4c4e-abbe-d2c4950d210b",
                "indicator--55fa73d9-5470-455e-b9d0-d2c4950d210b",
                "observed-data--55fa73da-afe8-4a98-a5dd-d2c4950d210b",
                "url--55fa73da-afe8-4a98-a5dd-d2c4950d210b",
                "indicator--55fa73da-d720-40d1-b378-d2c4950d210b",
                "indicator--55fa73da-87bc-434d-88c7-d2c4950d210b",
                "observed-data--55fa73db-c0d8-4a6e-9f9c-d2c4950d210b",
                "url--55fa73db-c0d8-4a6e-9f9c-d2c4950d210b",
                "indicator--55fa73db-1c94-4e63-bb2a-d2c4950d210b",
                "indicator--55fa73dc-6be0-445a-86b3-d2c4950d210b",
                "observed-data--55fa73dc-6e70-400d-9d93-d2c4950d210b",
                "url--55fa73dc-6e70-400d-9d93-d2c4950d210b",
                "indicator--55fa73dc-b54c-4b10-99a0-d2c4950d210b",
                "indicator--55fa73dd-588c-425f-a6f0-d2c4950d210b",
                "observed-data--55fa73dd-08e4-4430-bc83-d2c4950d210b",
                "url--55fa73dd-08e4-4430-bc83-d2c4950d210b",
                "indicator--55fa73dd-b5cc-4dad-b9ea-d2c4950d210b",
                "indicator--55fa73de-94fc-4dfb-bcd3-d2c4950d210b",
                "observed-data--55fa73de-0b0c-4f53-b988-d2c4950d210b",
                "url--55fa73de-0b0c-4f53-b988-d2c4950d210b",
                "indicator--55fa73de-6210-48c1-bbfb-d2c4950d210b",
                "indicator--55fa73df-e394-4b0d-b662-d2c4950d210b",
                "observed-data--55fa73df-a67c-4f2a-b742-d2c4950d210b",
                "url--55fa73df-a67c-4f2a-b742-d2c4950d210b",
                "indicator--55fa73df-9d84-4aff-8443-d2c4950d210b",
                "indicator--55fa73e0-8c4c-4300-861b-d2c4950d210b",
                "observed-data--55fa73e0-7850-4042-bb0b-d2c4950d210b",
                "url--55fa73e0-7850-4042-bb0b-d2c4950d210b",
                "indicator--55fa73e0-23b4-497d-8f4f-d2c4950d210b",
                "indicator--55fa73e1-0534-4caa-8334-d2c4950d210b",
                "observed-data--55fa73e1-a0a4-44aa-ac82-d2c4950d210b",
                "url--55fa73e1-a0a4-44aa-ac82-d2c4950d210b",
                "indicator--55fa73e1-c770-40d7-a89f-d2c4950d210b",
                "indicator--55fa73e2-24f0-4b9e-8cde-d2c4950d210b",
                "observed-data--55fa73e2-aa1c-4f25-9bd1-d2c4950d210b",
                "url--55fa73e2-aa1c-4f25-9bd1-d2c4950d210b",
                "indicator--55fa73e2-77e0-487f-ad86-d2c4950d210b",
                "indicator--55fa73e3-da5c-4b5c-9545-d2c4950d210b",
                "observed-data--55fa73e3-3330-4558-b032-d2c4950d210b",
                "url--55fa73e3-3330-4558-b032-d2c4950d210b",
                "indicator--55fa73e4-dbcc-40ea-acc4-d2c4950d210b",
                "indicator--55fa73e4-fcb8-48a0-b881-d2c4950d210b",
                "observed-data--55fa73e4-e1a0-455c-9e9f-d2c4950d210b",
                "url--55fa73e4-e1a0-455c-9e9f-d2c4950d210b",
                "indicator--55fa73e5-b070-4b43-bc95-d2c4950d210b",
                "indicator--55fa73e5-cfdc-479b-9ceb-d2c4950d210b",
                "observed-data--55fa73e5-f91c-4d79-9ff8-d2c4950d210b",
                "url--55fa73e5-f91c-4d79-9ff8-d2c4950d210b",
                "indicator--55fa73e6-0114-4589-adc3-d2c4950d210b",
                "indicator--55fa73e6-13b8-40bc-908a-d2c4950d210b",
                "observed-data--55fa73e6-07a4-4ba2-8d88-d2c4950d210b",
                "url--55fa73e6-07a4-4ba2-8d88-d2c4950d210b",
                "indicator--55fa73e7-7e1c-450a-a555-d2c4950d210b",
                "indicator--55fa73e7-428c-459b-be3c-d2c4950d210b",
                "observed-data--55fa73e7-337c-499b-8c75-d2c4950d210b",
                "url--55fa73e7-337c-499b-8c75-d2c4950d210b",
                "indicator--55fa73e8-3278-4df3-92d9-d2c4950d210b",
                "indicator--55fa73e8-e558-4401-a6be-d2c4950d210b",
                "observed-data--55fa73e8-6c0c-4ff3-86a7-d2c4950d210b",
                "url--55fa73e8-6c0c-4ff3-86a7-d2c4950d210b",
                "indicator--55fa73e9-3484-4527-9b53-d2c4950d210b",
                "indicator--55fa73e9-9efc-4478-892c-d2c4950d210b",
                "observed-data--55fa73e9-0014-4738-b906-d2c4950d210b",
                "url--55fa73e9-0014-4738-b906-d2c4950d210b",
                "indicator--55fa73ea-2940-4997-83b4-d2c4950d210b",
                "indicator--55fa73ea-a7d0-4e84-85fb-d2c4950d210b",
                "observed-data--55fa73ea-c160-4a4d-a418-d2c4950d210b",
                "url--55fa73ea-c160-4a4d-a418-d2c4950d210b",
                "indicator--55fa73eb-a4b8-4a98-be0a-d2c4950d210b",
                "indicator--55fa73eb-7dfc-479f-99e3-d2c4950d210b",
                "observed-data--55fa73eb-e124-46dc-b0a9-d2c4950d210b",
                "url--55fa73eb-e124-46dc-b0a9-d2c4950d210b",
                "indicator--55fa73ec-b998-45fd-8e2f-d2c4950d210b",
                "indicator--55fa73ec-27ec-404b-88fc-d2c4950d210b",
                "observed-data--55fa73ed-2eac-4c60-9caf-d2c4950d210b",
                "url--55fa73ed-2eac-4c60-9caf-d2c4950d210b",
                "indicator--55fa73ed-3338-48dd-9ef7-d2c4950d210b",
                "indicator--55fa73ed-bfd4-46ed-8fda-d2c4950d210b",
                "observed-data--55fa73ee-43bc-4a80-ac49-d2c4950d210b",
                "url--55fa73ee-43bc-4a80-ac49-d2c4950d210b",
                "indicator--55fa73ee-4bac-4829-8e86-d2c4950d210b",
                "indicator--55fa73ee-998c-4894-97cc-d2c4950d210b",
                "observed-data--55fa73ef-5378-4fc8-bb81-d2c4950d210b",
                "url--55fa73ef-5378-4fc8-bb81-d2c4950d210b",
                "indicator--55fa73ef-44a4-4835-8847-d2c4950d210b",
                "indicator--55fa73ef-f5e0-4717-b43b-d2c4950d210b",
                "observed-data--55fa73f0-f8d4-4a57-a137-d2c4950d210b",
                "url--55fa73f0-f8d4-4a57-a137-d2c4950d210b",
                "indicator--55fa73f0-3438-4a12-98a0-d2c4950d210b",
                "indicator--55fa73f0-adac-4eee-a667-d2c4950d210b",
                "observed-data--55fa73f1-85cc-4c12-8857-d2c4950d210b",
                "url--55fa73f1-85cc-4c12-8857-d2c4950d210b",
                "indicator--55fa73f1-7b00-4ff4-90d2-d2c4950d210b",
                "indicator--55fa73f1-1384-4c74-9d1c-d2c4950d210b",
                "observed-data--55fa73f2-ed94-443f-88a0-d2c4950d210b",
                "url--55fa73f2-ed94-443f-88a0-d2c4950d210b",
                "indicator--55fa73f2-6d00-4895-9d84-d2c4950d210b",
                "indicator--55fa73f2-2d14-4189-89ba-d2c4950d210b",
                "observed-data--55fa73f3-d448-4b4d-b654-d2c4950d210b",
                "url--55fa73f3-d448-4b4d-b654-d2c4950d210b",
                "indicator--55fa73f3-8488-46db-a0f0-d2c4950d210b",
                "indicator--55fa73f3-cab4-448b-a3ed-d2c4950d210b",
                "observed-data--55fa73f4-4c2c-4624-bf01-d2c4950d210b",
                "url--55fa73f4-4c2c-4624-bf01-d2c4950d210b",
                "indicator--55fa73f4-9e6c-46df-8b86-d2c4950d210b",
                "indicator--55fa73f4-9740-4d25-a732-d2c4950d210b",
                "observed-data--55fa73f5-3628-4935-918a-d2c4950d210b",
                "url--55fa73f5-3628-4935-918a-d2c4950d210b",
                "indicator--55fa73f5-56b4-4c59-91e7-d2c4950d210b",
                "indicator--55fa73f5-24a4-4a88-b89f-d2c4950d210b",
                "observed-data--55fa73f6-3f90-484f-acf0-d2c4950d210b",
                "url--55fa73f6-3f90-484f-acf0-d2c4950d210b",
                "indicator--55fa73f6-d66c-4760-be16-d2c4950d210b",
                "indicator--55fa73f7-6904-46e6-b8e3-d2c4950d210b",
                "observed-data--55fa73f7-f878-4cbc-8cca-d2c4950d210b",
                "url--55fa73f7-f878-4cbc-8cca-d2c4950d210b",
                "indicator--55fa73f7-0434-4dcc-a712-d2c4950d210b",
                "indicator--55fa73f8-ba90-4d2b-8c0f-d2c4950d210b",
                "observed-data--55fa73f8-d8a0-4558-8e28-d2c4950d210b",
                "url--55fa73f8-d8a0-4558-8e28-d2c4950d210b",
                "indicator--55fa73f8-1b34-454e-bba1-d2c4950d210b",
                "indicator--55fa73f9-2ff8-4235-aae9-d2c4950d210b",
                "observed-data--55fa73f9-ee88-400a-9fbd-d2c4950d210b",
                "url--55fa73f9-ee88-400a-9fbd-d2c4950d210b",
                "indicator--55fa73f9-c17c-4771-a57a-d2c4950d210b",
                "indicator--55fa73fa-21b8-499a-b43f-d2c4950d210b",
                "observed-data--55fa73fa-f7dc-43fa-afbd-d2c4950d210b",
                "url--55fa73fa-f7dc-43fa-afbd-d2c4950d210b",
                "indicator--55fa73fa-03d8-4fbd-9044-d2c4950d210b",
                "indicator--55fa73fb-9d64-4543-a7fb-d2c4950d210b",
                "observed-data--55fa73fb-c3fc-4ab9-9816-d2c4950d210b",
                "url--55fa73fb-c3fc-4ab9-9816-d2c4950d210b",
                "indicator--55fa73fb-099c-4de1-8295-d2c4950d210b",
                "indicator--55fa73fc-a4c0-4a3f-a947-d2c4950d210b",
                "observed-data--55fa73fc-607c-45e0-bd26-d2c4950d210b",
                "url--55fa73fc-607c-45e0-bd26-d2c4950d210b",
                "indicator--55fa73fc-55f4-4b44-8341-d2c4950d210b",
                "indicator--55fa73fd-1008-47e1-97b6-d2c4950d210b",
                "observed-data--55fa73fd-e838-4945-8a13-d2c4950d210b",
                "url--55fa73fd-e838-4945-8a13-d2c4950d210b",
                "indicator--55fa73fd-9334-4f8c-837e-d2c4950d210b",
                "indicator--55fa73fe-02ac-49b3-a557-d2c4950d210b",
                "observed-data--55fa73fe-ae9c-47d1-bb6d-d2c4950d210b",
                "url--55fa73fe-ae9c-47d1-bb6d-d2c4950d210b",
                "indicator--55fa73fe-495c-4b3f-8f66-d2c4950d210b",
                "indicator--55fa73ff-e674-4928-8c6c-d2c4950d210b",
                "observed-data--55fa73ff-f8a8-48e1-b67d-d2c4950d210b",
                "url--55fa73ff-f8a8-48e1-b67d-d2c4950d210b",
                "indicator--55fa7400-dcc0-409a-87ee-d2c4950d210b",
                "indicator--55fa7400-732c-4b72-b78f-d2c4950d210b",
                "observed-data--55fa7400-b4e4-4284-931c-d2c4950d210b",
                "url--55fa7400-b4e4-4284-931c-d2c4950d210b",
                "indicator--55fa7401-a170-41ea-9564-d2c4950d210b",
                "indicator--55fa7401-ec0c-4beb-874f-d2c4950d210b",
                "observed-data--55fa7401-3c98-420e-9989-d2c4950d210b",
                "url--55fa7401-3c98-420e-9989-d2c4950d210b",
                "indicator--55fa7402-4914-411f-a7ee-d2c4950d210b",
                "indicator--55fa7402-e9d8-4583-bc0c-d2c4950d210b",
                "observed-data--55fa7402-7530-4620-9514-d2c4950d210b",
                "url--55fa7402-7530-4620-9514-d2c4950d210b",
                "indicator--55fa7403-4d5c-4295-a7b1-d2c4950d210b",
                "indicator--55fa7403-7610-4bdf-bbf2-d2c4950d210b",
                "observed-data--55fa7403-ff6c-49aa-8b3b-d2c4950d210b",
                "url--55fa7403-ff6c-49aa-8b3b-d2c4950d210b",
                "indicator--55fa7404-88b0-4e75-a65a-d2c4950d210b",
                "indicator--55fa7404-e390-42eb-ac83-d2c4950d210b",
                "observed-data--55fa7404-45b0-4100-a28a-d2c4950d210b",
                "url--55fa7404-45b0-4100-a28a-d2c4950d210b",
                "indicator--55fa7405-de30-4222-9515-d2c4950d210b",
                "indicator--55fa7405-49dc-4539-b315-d2c4950d210b",
                "observed-data--55fa7405-37ec-41b6-8605-d2c4950d210b",
                "url--55fa7405-37ec-41b6-8605-d2c4950d210b",
                "indicator--55fa7406-256c-45a6-b5d6-d2c4950d210b",
                "indicator--55fa7406-4618-4d8b-980c-d2c4950d210b",
                "observed-data--55fa7406-5afc-4450-97cd-d2c4950d210b",
                "url--55fa7406-5afc-4450-97cd-d2c4950d210b",
                "indicator--55fa7407-d720-44f6-a60e-d2c4950d210b",
                "indicator--55fa7407-78bc-4615-a25d-d2c4950d210b",
                "observed-data--55fa7407-4820-4a39-9551-d2c4950d210b",
                "url--55fa7407-4820-4a39-9551-d2c4950d210b",
                "indicator--55fa7408-f530-470f-a718-d2c4950d210b",
                "indicator--55fa7408-e484-4817-bddd-d2c4950d210b",
                "observed-data--55fa7409-71ec-4db2-b6f6-d2c4950d210b",
                "url--55fa7409-71ec-4db2-b6f6-d2c4950d210b",
                "indicator--55fa7409-95e8-40b1-853e-d2c4950d210b",
                "indicator--55fa7409-7eb8-47c3-908b-d2c4950d210b",
                "observed-data--55fa740a-ed7c-4ddf-9deb-d2c4950d210b",
                "url--55fa740a-ed7c-4ddf-9deb-d2c4950d210b",
                "indicator--55fa740a-c7dc-4213-a392-d2c4950d210b",
                "indicator--55fa740a-3f64-4b56-b86e-d2c4950d210b",
                "observed-data--55fa740b-7cf0-4fb6-b323-d2c4950d210b",
                "url--55fa740b-7cf0-4fb6-b323-d2c4950d210b",
                "indicator--55fa740b-4b54-447d-a7ee-d2c4950d210b",
                "indicator--55fa740b-178c-43b4-baf9-d2c4950d210b",
                "observed-data--55fa740c-6798-428c-a2c4-d2c4950d210b",
                "url--55fa740c-6798-428c-a2c4-d2c4950d210b",
                "indicator--55fa740c-0314-47ea-a853-d2c4950d210b",
                "indicator--55fa740c-0770-41d9-a117-d2c4950d210b",
                "observed-data--55fa740d-ee5c-4b4e-bb8d-d2c4950d210b",
                "url--55fa740d-ee5c-4b4e-bb8d-d2c4950d210b",
                "indicator--55fa740d-25b4-46ef-ac62-d2c4950d210b",
                "indicator--55fa740d-9f68-42b1-bca6-d2c4950d210b",
                "observed-data--55fa740e-8660-4a47-ae40-d2c4950d210b",
                "url--55fa740e-8660-4a47-ae40-d2c4950d210b",
                "indicator--55fa740e-e574-4844-b5e6-d2c4950d210b",
                "indicator--55fa740e-fa60-47ab-8036-d2c4950d210b",
                "observed-data--55fa740f-6e68-4111-bffd-d2c4950d210b",
                "url--55fa740f-6e68-4111-bffd-d2c4950d210b",
                "indicator--55fa740f-377c-4b47-b7a6-d2c4950d210b",
                "indicator--55fa740f-6420-4f88-9ea6-d2c4950d210b",
                "observed-data--55fa7410-e3ac-44fb-8657-d2c4950d210b",
                "url--55fa7410-e3ac-44fb-8657-d2c4950d210b",
                "indicator--55fa7410-875c-46f1-a2e4-d2c4950d210b",
                "indicator--55fa7410-e748-4143-8e0d-d2c4950d210b",
                "observed-data--55fa7411-4990-40db-9144-d2c4950d210b",
                "url--55fa7411-4990-40db-9144-d2c4950d210b",
                "indicator--55fa7411-51e8-48e8-9776-d2c4950d210b",
                "indicator--55fa7412-e268-4cce-a003-d2c4950d210b",
                "observed-data--55fa7412-74a4-4817-b577-d2c4950d210b",
                "url--55fa7412-74a4-4817-b577-d2c4950d210b",
                "indicator--55fa7412-cff0-43ea-8a04-d2c4950d210b",
                "indicator--55fa7413-9640-42af-949b-d2c4950d210b",
                "observed-data--55fa7413-f70c-4b1c-a7b3-d2c4950d210b",
                "url--55fa7413-f70c-4b1c-a7b3-d2c4950d210b",
                "indicator--55fa7413-ac74-455c-a6c2-d2c4950d210b",
                "indicator--55fa7414-6f7c-48b5-b916-d2c4950d210b",
                "observed-data--55fa7414-bbc4-47aa-ba0e-d2c4950d210b",
                "url--55fa7414-bbc4-47aa-ba0e-d2c4950d210b",
                "indicator--55fa7414-8b38-40b6-a061-d2c4950d210b",
                "indicator--55fa7415-85e4-49d3-99ee-d2c4950d210b",
                "observed-data--55fa7415-d738-47a0-b558-d2c4950d210b",
                "url--55fa7415-d738-47a0-b558-d2c4950d210b",
                "indicator--55fa7415-001c-4da2-9ad6-d2c4950d210b",
                "indicator--55fa7416-af3c-425c-89ed-d2c4950d210b",
                "observed-data--55fa7416-88b4-4af3-a87d-d2c4950d210b",
                "url--55fa7416-88b4-4af3-a87d-d2c4950d210b",
                "indicator--55fa7416-87b8-444c-81ce-d2c4950d210b",
                "indicator--55fa7417-5ec8-4c68-aa67-d2c4950d210b",
                "observed-data--55fa7417-0054-4241-a003-d2c4950d210b",
                "url--55fa7417-0054-4241-a003-d2c4950d210b",
                "x-misp-attribute--55fa7f1d-4ca0-4271-8d4c-ca65950d210b",
                "x-misp-attribute--55fa7f1d-dc94-404e-a08e-ca65950d210b",
                "x-misp-attribute--55fa7f1d-5e14-4048-8ea6-ca65950d210b",
                "x-misp-attribute--55fa7f1d-29f8-48b1-9554-ca65950d210b",
                "x-misp-attribute--55fa7f1d-3170-45fa-89e5-ca65950d210b",
                "x-misp-attribute--55fa7ec5-732c-494b-b83f-e0ad950d210b",
                "x-misp-attribute--55fa7f1d-a53c-41d8-bc95-ca65950d210b",
                "x-misp-attribute--55fa7ec4-93d0-4cf5-b5ef-e0ad950d210b",
                "x-misp-attribute--55fa7ec5-cc90-48b4-9881-e0ad950d210b",
                "x-misp-attribute--55fa7ec5-5af4-4e66-a375-e0ad950d210b",
                "x-misp-attribute--55fa7ec5-0330-473f-bc51-e0ad950d210b",
                "x-misp-attribute--55fa7ec5-445c-49cb-93f8-e0ad950d210b",
                "observed-data--56de1c46-e1a0-4799-8aa4-4bab02de0b81",
                "url--56de1c46-e1a0-4799-8aa4-4bab02de0b81",
                "observed-data--56de1c46-f6c4-43d2-abab-461f02de0b81",
                "url--56de1c46-f6c4-43d2-abab-461f02de0b81",
                "observed-data--56de1c47-68d8-471c-add7-492602de0b81",
                "url--56de1c47-68d8-471c-add7-492602de0b81",
                "observed-data--56de1c47-6340-4c57-8988-4fa302de0b81",
                "url--56de1c47-6340-4c57-8988-4fa302de0b81",
                "observed-data--56de1c47-822c-4ba1-96a8-4ae502de0b81",
                "url--56de1c47-822c-4ba1-96a8-4ae502de0b81",
                "observed-data--56de1c48-4ad0-46d0-959a-43d102de0b81",
                "url--56de1c48-4ad0-46d0-959a-43d102de0b81",
                "observed-data--56de1c48-ee28-4deb-b495-459b02de0b81",
                "url--56de1c48-ee28-4deb-b495-459b02de0b81",
                "observed-data--56de1c48-a3b4-4fe0-9da1-4d1802de0b81",
                "url--56de1c48-a3b4-4fe0-9da1-4d1802de0b81",
                "observed-data--56de1c49-bfc4-40ec-bbed-4ed102de0b81",
                "url--56de1c49-bfc4-40ec-bbed-4ed102de0b81",
                "observed-data--56de1c49-e954-4ad0-81f7-452d02de0b81",
                "url--56de1c49-e954-4ad0-81f7-452d02de0b81",
                "observed-data--56de1c49-e3bc-40cb-a15e-459502de0b81",
                "url--56de1c49-e3bc-40cb-a15e-459502de0b81",
                "observed-data--56de1c4a-763c-4cda-895b-473402de0b81",
                "url--56de1c4a-763c-4cda-895b-473402de0b81",
                "observed-data--56de1c4a-417c-402a-b1df-41c602de0b81",
                "url--56de1c4a-417c-402a-b1df-41c602de0b81",
                "observed-data--56de1c4b-e25c-421e-a13a-4e3f02de0b81",
                "url--56de1c4b-e25c-421e-a13a-4e3f02de0b81",
                "observed-data--56de1c4b-9aa4-4c1a-8735-468702de0b81",
                "url--56de1c4b-9aa4-4c1a-8735-468702de0b81",
                "observed-data--56de1c4b-c3ac-45df-bd71-451a02de0b81",
                "url--56de1c4b-c3ac-45df-bd71-451a02de0b81",
                "observed-data--56de1c4c-9450-4c5c-be2e-4df402de0b81",
                "url--56de1c4c-9450-4c5c-be2e-4df402de0b81",
                "observed-data--56de1c4c-4720-4c82-b0b4-4daf02de0b81",
                "url--56de1c4c-4720-4c82-b0b4-4daf02de0b81",
                "observed-data--56de1c4c-cad8-4f52-8ff9-446f02de0b81",
                "url--56de1c4c-cad8-4f52-8ff9-446f02de0b81",
                "observed-data--56de1c4d-2d1c-4b15-8432-483902de0b81",
                "url--56de1c4d-2d1c-4b15-8432-483902de0b81",
                "observed-data--56de1c4d-d654-4586-a17d-458d02de0b81",
                "url--56de1c4d-d654-4586-a17d-458d02de0b81",
                "observed-data--56de1c4d-2180-454f-a022-493502de0b81",
                "url--56de1c4d-2180-454f-a022-493502de0b81",
                "observed-data--56de1c4e-053c-4494-8a33-4cb702de0b81",
                "url--56de1c4e-053c-4494-8a33-4cb702de0b81",
                "observed-data--56de1c4e-ce90-4de1-bf8f-4fc302de0b81",
                "url--56de1c4e-ce90-4de1-bf8f-4fc302de0b81",
                "observed-data--56de1c4e-81bc-4abe-888f-409402de0b81",
                "url--56de1c4e-81bc-4abe-888f-409402de0b81",
                "observed-data--56de1c4f-045c-4eb8-af23-49c102de0b81",
                "url--56de1c4f-045c-4eb8-af23-49c102de0b81",
                "observed-data--56de1c4f-c2ec-4851-85db-407b02de0b81",
                "url--56de1c4f-c2ec-4851-85db-407b02de0b81",
                "observed-data--56de1c4f-7238-4cfc-81e9-448f02de0b81",
                "url--56de1c4f-7238-4cfc-81e9-448f02de0b81",
                "observed-data--56de1c50-68c0-4955-931a-4b2b02de0b81",
                "url--56de1c50-68c0-4955-931a-4b2b02de0b81",
                "observed-data--56de1c50-065c-49f9-985a-42b602de0b81",
                "url--56de1c50-065c-49f9-985a-42b602de0b81",
                "observed-data--56de1c50-3f94-4899-99de-46b602de0b81",
                "url--56de1c50-3f94-4899-99de-46b602de0b81",
                "observed-data--56de1c51-2a1c-44d3-8806-477802de0b81",
                "url--56de1c51-2a1c-44d3-8806-477802de0b81",
                "observed-data--56de1c51-90e8-493b-9182-4a8b02de0b81",
                "url--56de1c51-90e8-493b-9182-4a8b02de0b81",
                "observed-data--56de1c52-a160-4d91-bd3e-4af602de0b81",
                "url--56de1c52-a160-4d91-bd3e-4af602de0b81",
                "observed-data--56de1c52-4478-4852-80bc-470902de0b81",
                "url--56de1c52-4478-4852-80bc-470902de0b81",
                "observed-data--56de1c52-b95c-42d6-a113-477402de0b81",
                "url--56de1c52-b95c-42d6-a113-477402de0b81",
                "observed-data--56de1c53-9e88-4196-9949-40b002de0b81",
                "url--56de1c53-9e88-4196-9949-40b002de0b81",
                "observed-data--56de1c53-a7ec-42d9-9eb8-4eb802de0b81",
                "url--56de1c53-a7ec-42d9-9eb8-4eb802de0b81",
                "observed-data--56de1c53-0fc4-43f7-b686-456402de0b81",
                "url--56de1c53-0fc4-43f7-b686-456402de0b81",
                "observed-data--56de1c54-b4b4-464d-9dea-476602de0b81",
                "url--56de1c54-b4b4-464d-9dea-476602de0b81",
                "observed-data--56de1c54-4190-4249-b2cc-406502de0b81",
                "url--56de1c54-4190-4249-b2cc-406502de0b81",
                "observed-data--56de1c54-2270-4ab0-881d-45f802de0b81",
                "url--56de1c54-2270-4ab0-881d-45f802de0b81",
                "observed-data--56de1c55-c044-4821-8585-412602de0b81",
                "url--56de1c55-c044-4821-8585-412602de0b81",
                "observed-data--56de1c55-ba3c-4f3d-88d0-4ee802de0b81",
                "url--56de1c55-ba3c-4f3d-88d0-4ee802de0b81",
                "observed-data--56de1c55-b89c-436e-a317-48c502de0b81",
                "url--56de1c55-b89c-436e-a317-48c502de0b81",
                "observed-data--56de1c56-4574-4988-9a1d-45f202de0b81",
                "url--56de1c56-4574-4988-9a1d-45f202de0b81",
                "observed-data--56de1c56-0d24-4df0-a32d-4d7202de0b81",
                "url--56de1c56-0d24-4df0-a32d-4d7202de0b81",
                "observed-data--56de1c56-8790-4277-b16f-489602de0b81",
                "url--56de1c56-8790-4277-b16f-489602de0b81",
                "observed-data--56de1c57-87a4-43e0-af0e-454302de0b81",
                "url--56de1c57-87a4-43e0-af0e-454302de0b81",
                "observed-data--56de1c57-85ec-4350-9462-4a5202de0b81",
                "url--56de1c57-85ec-4350-9462-4a5202de0b81",
                "observed-data--56de1c58-71b0-47f8-8fa8-4a4802de0b81",
                "url--56de1c58-71b0-47f8-8fa8-4a4802de0b81",
                "observed-data--56de1c58-f170-4e7b-bbbc-428502de0b81",
                "url--56de1c58-f170-4e7b-bbbc-428502de0b81",
                "observed-data--56de1c58-c820-42e9-aad2-43d302de0b81",
                "url--56de1c58-c820-42e9-aad2-43d302de0b81",
                "observed-data--56de1c59-3140-4908-87b1-431402de0b81",
                "url--56de1c59-3140-4908-87b1-431402de0b81",
                "observed-data--56de1c59-898c-4ad6-af25-485e02de0b81",
                "url--56de1c59-898c-4ad6-af25-485e02de0b81",
                "observed-data--56de1c59-4e48-45f2-ba77-4a1b02de0b81",
                "url--56de1c59-4e48-45f2-ba77-4a1b02de0b81",
                "observed-data--56de1c5a-d738-46f5-bc3e-4a7f02de0b81",
                "url--56de1c5a-d738-46f5-bc3e-4a7f02de0b81",
                "observed-data--56de1c5a-0f28-471d-9179-465c02de0b81",
                "url--56de1c5a-0f28-471d-9179-465c02de0b81",
                "observed-data--56de1c5a-8d6c-43fb-b717-475602de0b81",
                "url--56de1c5a-8d6c-43fb-b717-475602de0b81",
                "observed-data--56de1c5b-fcd4-499d-aeb8-4cae02de0b81",
                "url--56de1c5b-fcd4-499d-aeb8-4cae02de0b81",
                "observed-data--56de1c5b-c7b8-44f9-8d61-448c02de0b81",
                "url--56de1c5b-c7b8-44f9-8d61-448c02de0b81",
                "observed-data--56de1c5b-60f8-4a75-aa6a-490402de0b81",
                "url--56de1c5b-60f8-4a75-aa6a-490402de0b81",
                "observed-data--56de1c5c-5f84-4a86-a742-4a2f02de0b81",
                "url--56de1c5c-5f84-4a86-a742-4a2f02de0b81",
                "observed-data--56de1c5c-6244-48fe-8919-45ff02de0b81",
                "url--56de1c5c-6244-48fe-8919-45ff02de0b81",
                "observed-data--56de1c5c-d92c-4226-aead-43bf02de0b81",
                "url--56de1c5c-d92c-4226-aead-43bf02de0b81",
                "observed-data--56de1c5d-a164-4d51-9119-4c1502de0b81",
                "url--56de1c5d-a164-4d51-9119-4c1502de0b81",
                "observed-data--56de1c5d-fdbc-4da9-96a1-4fc502de0b81",
                "url--56de1c5d-fdbc-4da9-96a1-4fc502de0b81",
                "observed-data--56de1c5d-f998-4148-a7fa-40d702de0b81",
                "url--56de1c5d-f998-4148-a7fa-40d702de0b81",
                "observed-data--56de1c5e-9724-46ff-8686-44a502de0b81",
                "url--56de1c5e-9724-46ff-8686-44a502de0b81",
                "observed-data--56de1c5e-0cd0-4b34-aeac-4b6402de0b81",
                "url--56de1c5e-0cd0-4b34-aeac-4b6402de0b81",
                "observed-data--56de1c5f-c488-4c5f-b2e1-4b7b02de0b81",
                "url--56de1c5f-c488-4c5f-b2e1-4b7b02de0b81",
                "observed-data--56de1c5f-2e74-4e0a-9a75-4c7c02de0b81",
                "url--56de1c5f-2e74-4e0a-9a75-4c7c02de0b81",
                "observed-data--56de1c5f-35a4-470f-a97d-4f7802de0b81",
                "url--56de1c5f-35a4-470f-a97d-4f7802de0b81",
                "observed-data--56de1c60-20a4-43c2-aac8-467502de0b81",
                "url--56de1c60-20a4-43c2-aac8-467502de0b81",
                "observed-data--56de1c60-467c-4ee8-987e-4a0402de0b81",
                "url--56de1c60-467c-4ee8-987e-4a0402de0b81",
                "observed-data--56de1c60-1020-4d39-9433-40cb02de0b81",
                "url--56de1c60-1020-4d39-9433-40cb02de0b81",
                "observed-data--56de1c61-9794-4739-88f3-416202de0b81",
                "url--56de1c61-9794-4739-88f3-416202de0b81",
                "observed-data--56de1c61-a5c4-4001-8a89-422e02de0b81",
                "url--56de1c61-a5c4-4001-8a89-422e02de0b81",
                "observed-data--56de1c61-f8f4-4b51-841b-43be02de0b81",
                "url--56de1c61-f8f4-4b51-841b-43be02de0b81",
                "observed-data--56de1c62-23e8-4bb1-ab38-47de02de0b81",
                "url--56de1c62-23e8-4bb1-ab38-47de02de0b81",
                "observed-data--56de1c62-e41c-48b6-8e27-4da502de0b81",
                "url--56de1c62-e41c-48b6-8e27-4da502de0b81",
                "observed-data--56de1c62-f570-489e-acd6-4edb02de0b81",
                "url--56de1c62-f570-489e-acd6-4edb02de0b81",
                "observed-data--56de1c63-2cf4-4db4-af05-4ce002de0b81",
                "url--56de1c63-2cf4-4db4-af05-4ce002de0b81",
                "observed-data--56de1c63-c5fc-4509-80b2-465802de0b81",
                "url--56de1c63-c5fc-4509-80b2-465802de0b81",
                "observed-data--56de1c63-a678-4eec-a5aa-4c4c02de0b81",
                "url--56de1c63-a678-4eec-a5aa-4c4c02de0b81",
                "observed-data--56de1c64-0824-4cd5-a888-4d6802de0b81",
                "url--56de1c64-0824-4cd5-a888-4d6802de0b81",
                "observed-data--56de1c64-a834-4b75-986b-4eff02de0b81",
                "url--56de1c64-a834-4b75-986b-4eff02de0b81",
                "observed-data--56de1c65-1aac-4cd0-9bef-4d5b02de0b81",
                "url--56de1c65-1aac-4cd0-9bef-4d5b02de0b81",
                "observed-data--56de1c65-37f4-4272-80d4-4ccc02de0b81",
                "url--56de1c65-37f4-4272-80d4-4ccc02de0b81",
                "observed-data--56de1c65-45f4-4843-b87b-42c902de0b81",
                "url--56de1c65-45f4-4843-b87b-42c902de0b81",
                "observed-data--56de1c66-8cf4-4f68-ac3c-4b7a02de0b81",
                "url--56de1c66-8cf4-4f68-ac3c-4b7a02de0b81",
                "observed-data--56de1c66-a470-4abc-a2ff-479402de0b81",
                "url--56de1c66-a470-4abc-a2ff-479402de0b81",
                "observed-data--56de1c66-cc28-4db5-bbf3-431602de0b81",
                "url--56de1c66-cc28-4db5-bbf3-431602de0b81",
                "observed-data--56de1c67-01f8-45ff-9192-4cd102de0b81",
                "url--56de1c67-01f8-45ff-9192-4cd102de0b81",
                "observed-data--56de1c67-16dc-465f-9b0c-4cda02de0b81",
                "url--56de1c67-16dc-465f-9b0c-4cda02de0b81",
                "observed-data--56de1c68-7ac8-439a-9607-4d2902de0b81",
                "url--56de1c68-7ac8-439a-9607-4d2902de0b81",
                "observed-data--56de1c68-1f00-44a3-8838-48bd02de0b81",
                "url--56de1c68-1f00-44a3-8838-48bd02de0b81",
                "observed-data--56de1c68-5524-47d5-82d3-4ae302de0b81",
                "url--56de1c68-5524-47d5-82d3-4ae302de0b81",
                "observed-data--56de1c69-f63c-47c3-9d93-456702de0b81",
                "url--56de1c69-f63c-47c3-9d93-456702de0b81",
                "observed-data--56de1c69-4f50-4dbd-8174-4d9102de0b81",
                "url--56de1c69-4f50-4dbd-8174-4d9102de0b81",
                "observed-data--56de1c69-d424-4ed2-b81b-436702de0b81",
                "url--56de1c69-d424-4ed2-b81b-436702de0b81",
                "observed-data--56de1c6a-6b74-4733-80b1-43ba02de0b81",
                "url--56de1c6a-6b74-4733-80b1-43ba02de0b81",
                "observed-data--56de1c6a-3aac-4098-99f8-4b5f02de0b81",
                "url--56de1c6a-3aac-4098-99f8-4b5f02de0b81",
                "observed-data--56de1c6a-edcc-44e9-a42c-4ea902de0b81",
                "url--56de1c6a-edcc-44e9-a42c-4ea902de0b81",
                "observed-data--56de1c6a-9334-43e7-935d-434e02de0b81",
                "url--56de1c6a-9334-43e7-935d-434e02de0b81",
                "observed-data--56de1c6b-1a44-4c54-8f35-49f002de0b81",
                "url--56de1c6b-1a44-4c54-8f35-49f002de0b81",
                "observed-data--56de1c6b-a630-4031-bd64-4e2602de0b81",
                "url--56de1c6b-a630-4031-bd64-4e2602de0b81",
                "observed-data--56de1c6b-75ac-431c-a119-4b9f02de0b81",
                "url--56de1c6b-75ac-431c-a119-4b9f02de0b81",
                "observed-data--56de1c6c-05e4-4c48-a9e3-49c202de0b81",
                "url--56de1c6c-05e4-4c48-a9e3-49c202de0b81",
                "observed-data--56de1c6c-4568-49dd-9a99-4fb202de0b81",
                "url--56de1c6c-4568-49dd-9a99-4fb202de0b81",
                "observed-data--56de1c6c-5224-4236-84da-469702de0b81",
                "url--56de1c6c-5224-4236-84da-469702de0b81",
                "observed-data--56de1c6d-9a10-4a1c-8e56-4e5202de0b81",
                "url--56de1c6d-9a10-4a1c-8e56-4e5202de0b81",
                "observed-data--56de1c6d-a35c-457e-bfb1-497802de0b81",
                "url--56de1c6d-a35c-457e-bfb1-497802de0b81",
                "observed-data--56de1c6d-821c-4c2c-bdbb-417202de0b81",
                "url--56de1c6d-821c-4c2c-bdbb-417202de0b81",
                "observed-data--56de1c6e-2b58-4c57-91fd-445702de0b81",
                "url--56de1c6e-2b58-4c57-91fd-445702de0b81",
                "observed-data--56de1c6e-0180-4b45-8eb8-40ec02de0b81",
                "url--56de1c6e-0180-4b45-8eb8-40ec02de0b81",
                "observed-data--56de1c6f-1d14-4ff0-8005-415502de0b81",
                "url--56de1c6f-1d14-4ff0-8005-415502de0b81",
                "observed-data--56de1c6f-4d40-4ef7-aeca-430702de0b81",
                "url--56de1c6f-4d40-4ef7-aeca-430702de0b81",
                "observed-data--56de1c6f-9bd0-492f-aab8-48ae02de0b81",
                "url--56de1c6f-9bd0-492f-aab8-48ae02de0b81",
                "observed-data--56de1c70-8414-44b1-a72e-44f802de0b81",
                "url--56de1c70-8414-44b1-a72e-44f802de0b81",
                "observed-data--56de1c70-2648-42ce-8b27-475002de0b81",
                "url--56de1c70-2648-42ce-8b27-475002de0b81",
                "observed-data--56de1c70-0c10-4c34-bb98-40ac02de0b81",
                "url--56de1c70-0c10-4c34-bb98-40ac02de0b81",
                "observed-data--56de1c71-4484-435d-b4fc-4db402de0b81",
                "url--56de1c71-4484-435d-b4fc-4db402de0b81",
                "observed-data--56de1c71-9040-4b44-9e87-493a02de0b81",
                "url--56de1c71-9040-4b44-9e87-493a02de0b81",
                "observed-data--56de1c71-6bc4-486c-980f-447402de0b81",
                "url--56de1c71-6bc4-486c-980f-447402de0b81",
                "observed-data--56de1c72-3f20-4d9d-91b8-44c902de0b81",
                "url--56de1c72-3f20-4d9d-91b8-44c902de0b81",
                "observed-data--56de1c72-2188-4426-b174-424d02de0b81",
                "url--56de1c72-2188-4426-b174-424d02de0b81",
                "observed-data--56de1c72-a054-453e-8b1e-4d5002de0b81",
                "url--56de1c72-a054-453e-8b1e-4d5002de0b81",
                "observed-data--56de1c73-78c0-468a-9552-4ef702de0b81",
                "url--56de1c73-78c0-468a-9552-4ef702de0b81",
                "observed-data--56de1c73-1814-4b69-82d4-4d0b02de0b81",
                "url--56de1c73-1814-4b69-82d4-4d0b02de0b81",
                "observed-data--56de1c74-b170-46cf-82f3-42b102de0b81",
                "url--56de1c74-b170-46cf-82f3-42b102de0b81",
                "observed-data--56de1c74-d514-40e5-aaaa-4ea002de0b81",
                "url--56de1c74-d514-40e5-aaaa-4ea002de0b81",
                "observed-data--56de1c74-ed8c-4b93-809a-44b602de0b81",
                "url--56de1c74-ed8c-4b93-809a-44b602de0b81",
                "observed-data--56de1c75-aae8-4603-a9a3-473d02de0b81",
                "url--56de1c75-aae8-4603-a9a3-473d02de0b81",
                "observed-data--56de1c75-c07c-4170-ab0f-49f802de0b81",
                "url--56de1c75-c07c-4170-ab0f-49f802de0b81",
                "observed-data--56de1c75-575c-4e31-8a7a-478702de0b81",
                "url--56de1c75-575c-4e31-8a7a-478702de0b81",
                "observed-data--56de1c76-76d8-4787-afea-4fd402de0b81",
                "url--56de1c76-76d8-4787-afea-4fd402de0b81",
                "observed-data--56de1c76-fae4-4761-8a62-4e2602de0b81",
                "url--56de1c76-fae4-4761-8a62-4e2602de0b81",
                "observed-data--56de1c76-2670-4a80-b40d-492202de0b81",
                "url--56de1c76-2670-4a80-b40d-492202de0b81",
                "observed-data--56de1c77-b94c-4464-9226-4d2802de0b81",
                "url--56de1c77-b94c-4464-9226-4d2802de0b81",
                "observed-data--56de1c77-9300-4393-b0f6-480a02de0b81",
                "url--56de1c77-9300-4393-b0f6-480a02de0b81",
                "observed-data--56de1c77-9360-4a8f-bc66-46a502de0b81",
                "url--56de1c77-9360-4a8f-bc66-46a502de0b81",
                "observed-data--56de1c78-4ea4-48a5-b377-4fe702de0b81",
                "url--56de1c78-4ea4-48a5-b377-4fe702de0b81",
                "observed-data--56de1c78-7824-4e9e-b4f4-4d6502de0b81",
                "url--56de1c78-7824-4e9e-b4f4-4d6502de0b81",
                "observed-data--56de1c79-c02c-4948-beff-41bc02de0b81",
                "url--56de1c79-c02c-4948-beff-41bc02de0b81",
                "observed-data--56de1c79-90f4-4458-b316-4f2802de0b81",
                "url--56de1c79-90f4-4458-b316-4f2802de0b81",
                "observed-data--56de1c79-2730-456c-b129-44fc02de0b81",
                "url--56de1c79-2730-456c-b129-44fc02de0b81",
                "observed-data--56de1c7a-8c34-456e-9e37-491002de0b81",
                "url--56de1c7a-8c34-456e-9e37-491002de0b81",
                "observed-data--56de1c7a-98cc-4c5e-914e-4f8d02de0b81",
                "url--56de1c7a-98cc-4c5e-914e-4f8d02de0b81",
                "observed-data--56de1c7a-156c-4314-8936-448c02de0b81",
                "url--56de1c7a-156c-4314-8936-448c02de0b81",
                "observed-data--56de1c7b-4bd8-4c8f-a4d0-45fd02de0b81",
                "url--56de1c7b-4bd8-4c8f-a4d0-45fd02de0b81",
                "observed-data--56de1c7b-39f8-4fa5-9188-4f7102de0b81",
                "url--56de1c7b-39f8-4fa5-9188-4f7102de0b81",
                "observed-data--56de1c7b-8294-47d1-bc55-4fa702de0b81",
                "url--56de1c7b-8294-47d1-bc55-4fa702de0b81",
                "observed-data--56de1c7c-c83c-4b1a-8563-428a02de0b81",
                "url--56de1c7c-c83c-4b1a-8563-428a02de0b81",
                "observed-data--56de1c7c-b7ec-495a-8776-4fa802de0b81",
                "url--56de1c7c-b7ec-495a-8776-4fa802de0b81",
                "observed-data--56de1c7c-ac8c-4471-8cd7-4b2702de0b81",
                "url--56de1c7c-ac8c-4471-8cd7-4b2702de0b81",
                "observed-data--56de1c7d-c5c8-495b-9b4a-4dac02de0b81",
                "url--56de1c7d-c5c8-495b-9b4a-4dac02de0b81",
                "observed-data--56de1c7d-38c8-4e9b-9335-45f802de0b81",
                "url--56de1c7d-38c8-4e9b-9335-45f802de0b81",
                "observed-data--56de1c7d-0abc-4e3e-bc53-4aa502de0b81",
                "url--56de1c7d-0abc-4e3e-bc53-4aa502de0b81",
                "observed-data--56de1c7e-e874-4ee9-ad16-464a02de0b81",
                "url--56de1c7e-e874-4ee9-ad16-464a02de0b81",
                "observed-data--56de1c7e-2fe4-4c04-a1cf-414102de0b81",
                "url--56de1c7e-2fe4-4c04-a1cf-414102de0b81",
                "observed-data--56de1c7e-0950-4fff-be21-408d02de0b81",
                "url--56de1c7e-0950-4fff-be21-408d02de0b81",
                "observed-data--56de1c7f-5948-40f0-8675-41d002de0b81",
                "url--56de1c7f-5948-40f0-8675-41d002de0b81",
                "observed-data--56de1c7f-c9fc-49fa-9cb9-467502de0b81",
                "url--56de1c7f-c9fc-49fa-9cb9-467502de0b81",
                "observed-data--56de1c7f-cf28-43f1-9096-435802de0b81",
                "url--56de1c7f-cf28-43f1-9096-435802de0b81",
                "observed-data--56de1c80-6d5c-4c0a-952f-4b5702de0b81",
                "url--56de1c80-6d5c-4c0a-952f-4b5702de0b81",
                "observed-data--56de1c80-19e4-438c-bce2-467202de0b81",
                "url--56de1c80-19e4-438c-bce2-467202de0b81",
                "observed-data--56de1c80-f274-4ebd-acf8-4b6802de0b81",
                "url--56de1c80-f274-4ebd-acf8-4b6802de0b81",
                "observed-data--56de1c81-c050-4cd5-866d-4f6602de0b81",
                "url--56de1c81-c050-4cd5-866d-4f6602de0b81",
                "observed-data--56de1c81-e75c-4deb-9223-469d02de0b81",
                "url--56de1c81-e75c-4deb-9223-469d02de0b81",
                "observed-data--56de1c81-e334-4192-8c39-427b02de0b81",
                "url--56de1c81-e334-4192-8c39-427b02de0b81",
                "observed-data--56de1c82-7014-4e73-ad25-42a502de0b81",
                "url--56de1c82-7014-4e73-ad25-42a502de0b81",
                "observed-data--56de1c82-51bc-4189-9e75-429902de0b81",
                "url--56de1c82-51bc-4189-9e75-429902de0b81",
                "observed-data--56de1c82-17a8-44bf-bfa7-4d1a02de0b81",
                "url--56de1c82-17a8-44bf-bfa7-4d1a02de0b81",
                "observed-data--56de1c83-ab54-4467-af9a-42f702de0b81",
                "url--56de1c83-ab54-4467-af9a-42f702de0b81",
                "observed-data--56de1c83-39c8-473a-997f-476b02de0b81",
                "url--56de1c83-39c8-473a-997f-476b02de0b81",
                "observed-data--56de1c83-a72c-4335-89b2-48f802de0b81",
                "url--56de1c83-a72c-4335-89b2-48f802de0b81",
                "observed-data--56de1c84-2b14-49cd-93b7-458202de0b81",
                "url--56de1c84-2b14-49cd-93b7-458202de0b81",
                "observed-data--56de1c84-abdc-4a8e-a2de-4eea02de0b81",
                "url--56de1c84-abdc-4a8e-a2de-4eea02de0b81",
                "observed-data--56de1c84-cb60-4e99-a4a2-48ff02de0b81",
                "url--56de1c84-cb60-4e99-a4a2-48ff02de0b81",
                "observed-data--56de1c85-46c0-4011-bc26-49ef02de0b81",
                "url--56de1c85-46c0-4011-bc26-49ef02de0b81",
                "observed-data--56de1c85-bcf4-467a-a64c-4e1502de0b81",
                "url--56de1c85-bcf4-467a-a64c-4e1502de0b81",
                "observed-data--56de1c85-9b44-43a1-baa1-42e302de0b81",
                "url--56de1c85-9b44-43a1-baa1-42e302de0b81",
                "observed-data--56de1c86-3824-4057-83ed-455902de0b81",
                "url--56de1c86-3824-4057-83ed-455902de0b81",
                "observed-data--56de1c86-4460-4960-8376-4f9d02de0b81",
                "url--56de1c86-4460-4960-8376-4f9d02de0b81",
                "observed-data--56de1c86-f7b0-4361-9985-439802de0b81",
                "url--56de1c86-f7b0-4361-9985-439802de0b81",
                "observed-data--56de1c87-ac78-4668-952f-4a9902de0b81",
                "url--56de1c87-ac78-4668-952f-4a9902de0b81",
                "observed-data--56de1c87-5a90-44a8-886f-448602de0b81",
                "url--56de1c87-5a90-44a8-886f-448602de0b81",
                "observed-data--56de1c87-b5d8-4d59-abd5-47ea02de0b81",
                "url--56de1c87-b5d8-4d59-abd5-47ea02de0b81",
                "observed-data--56de1c88-0bcc-4069-867f-4b6102de0b81",
                "url--56de1c88-0bcc-4069-867f-4b6102de0b81",
                "observed-data--56de1c88-b60c-410f-a8b1-494e02de0b81",
                "url--56de1c88-b60c-410f-a8b1-494e02de0b81",
                "observed-data--56de1c88-5e58-4eee-84e4-4a1602de0b81",
                "url--56de1c88-5e58-4eee-84e4-4a1602de0b81",
                "observed-data--56de1c89-614c-4109-b795-4d7702de0b81",
                "url--56de1c89-614c-4109-b795-4d7702de0b81",
                "observed-data--56de1c89-27f8-49ba-80a9-473b02de0b81",
                "url--56de1c89-27f8-49ba-80a9-473b02de0b81",
                "observed-data--56de1c8a-488c-46d3-ac5d-46c302de0b81",
                "url--56de1c8a-488c-46d3-ac5d-46c302de0b81",
                "observed-data--56de1c8a-2cd8-4dcb-9f5a-43e202de0b81",
                "url--56de1c8a-2cd8-4dcb-9f5a-43e202de0b81",
                "observed-data--56de1c8a-078c-433c-b623-42da02de0b81",
                "url--56de1c8a-078c-433c-b623-42da02de0b81",
                "observed-data--56de1c8a-ca14-4aac-a6ac-4f6602de0b81",
                "url--56de1c8a-ca14-4aac-a6ac-4f6602de0b81",
                "observed-data--56de1c8b-b71c-488a-9c17-4b9e02de0b81",
                "url--56de1c8b-b71c-488a-9c17-4b9e02de0b81",
                "observed-data--56de1c8b-742c-499b-b6e9-423502de0b81",
                "url--56de1c8b-742c-499b-b6e9-423502de0b81",
                "observed-data--56de1c8b-08d4-4ac1-b716-45c702de0b81",
                "url--56de1c8b-08d4-4ac1-b716-45c702de0b81",
                "observed-data--56de1c8c-0f44-433b-85b3-485902de0b81",
                "url--56de1c8c-0f44-433b-85b3-485902de0b81",
                "observed-data--56de1c8c-1760-4319-86ff-46f302de0b81",
                "url--56de1c8c-1760-4319-86ff-46f302de0b81",
                "observed-data--56de1c8c-5a30-4929-a184-457e02de0b81",
                "url--56de1c8c-5a30-4929-a184-457e02de0b81",
                "observed-data--56de1c8d-764c-454a-b16b-4c7702de0b81",
                "url--56de1c8d-764c-454a-b16b-4c7702de0b81",
                "observed-data--56de1c8d-c1d0-4c17-99ea-4a7202de0b81",
                "url--56de1c8d-c1d0-4c17-99ea-4a7202de0b81",
                "observed-data--56de1c8d-8258-44dd-ad4c-4aa802de0b81",
                "url--56de1c8d-8258-44dd-ad4c-4aa802de0b81",
                "observed-data--56de1c8e-8230-4246-beb7-483502de0b81",
                "url--56de1c8e-8230-4246-beb7-483502de0b81",
                "observed-data--56de1c8e-82ac-4730-ad9d-4cc202de0b81",
                "url--56de1c8e-82ac-4730-ad9d-4cc202de0b81",
                "observed-data--56de1c8e-313c-46a0-afdc-45ee02de0b81",
                "url--56de1c8e-313c-46a0-afdc-45ee02de0b81",
                "observed-data--56de1c8f-9428-4ef3-8348-455f02de0b81",
                "url--56de1c8f-9428-4ef3-8348-455f02de0b81",
                "observed-data--56de1c8f-d068-4c25-a783-4ad402de0b81",
                "url--56de1c8f-d068-4c25-a783-4ad402de0b81",
                "observed-data--56de1c90-1d84-4369-bd86-4c6a02de0b81",
                "url--56de1c90-1d84-4369-bd86-4c6a02de0b81",
                "observed-data--56de1c90-ef44-4451-8805-466d02de0b81",
                "url--56de1c90-ef44-4451-8805-466d02de0b81",
                "observed-data--56de1c90-5fa0-450c-b74f-475f02de0b81",
                "url--56de1c90-5fa0-450c-b74f-475f02de0b81",
                "observed-data--56de1c91-c768-4a96-85ef-402602de0b81",
                "url--56de1c91-c768-4a96-85ef-402602de0b81",
                "observed-data--56de1c91-8684-4175-a2d1-491602de0b81",
                "url--56de1c91-8684-4175-a2d1-491602de0b81",
                "observed-data--56de1c91-90c4-4aa2-8c44-4e6502de0b81",
                "url--56de1c91-90c4-4aa2-8c44-4e6502de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa69ca-02a4-4a5f-9a0d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:20:42.000Z",
            "modified": "2015-09-17T07:20:42.000Z",
            "first_observed": "2015-09-17T07:20:42Z",
            "last_observed": "2015-09-17T07:20:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa69ca-02a4-4a5f-9a0d-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa69ca-02a4-4a5f-9a0d-8489950d210b",
            "value": "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa69ca-53b0-4cd9-b0ce-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:20:42.000Z",
            "modified": "2015-09-17T07:20:42.000Z",
            "first_observed": "2015-09-17T07:20:42Z",
            "last_observed": "2015-09-17T07:20:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa69ca-53b0-4cd9-b0ce-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa69ca-53b0-4cd9-b0ce-8489950d210b",
            "value": "https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6d01-8460-45a4-ba0b-819a950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:34:25.000Z",
            "modified": "2015-09-17T07:34:25.000Z",
            "labels": [
                "misp:type=\"comment\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "comment",
            "x_misp_value": "Today we release a new whitepaper on an APT group commonly referred to as \u00e2\u20ac\u0153the Dukes\u00e2\u20ac\u009d. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making.\r\n\r\nThe Dukes (sometimes also referred to as APT29) are known to employ a wide arsenal of malware toolsets including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka HAMMERTOSS [PDF]).\r\n\r\nDespite the extensive technical research by us and others into many of the toolsets of the Dukes, we felt that we were still missing crucial parts of the story. Meanwhile, others had envisioned how the story might look, but had concluded that \u00e2\u20ac\u0153it is difficult to lead the defense against that which one is not aware of or does not comprehend.\u00e2\u20ac\u009d (Maldre, 2015)\r\n\r\nWith this in mind, we recently set out on a journey back through all of our previous research on the Dukes looking for clues and threads that we might have missed or whose importance we might not have understood at the time. Through this process, we were able to uncover clues pointing to the existence of two previously unidentified Duke malware toolsets, PinchDuke and GeminiDuke."
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ece-41d8-41d8-add9-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:06.000Z",
            "modified": "2015-09-17T07:42:06.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "MiniDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ece-edc4-4e10-b5be-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:06.000Z",
            "modified": "2015-09-17T07:42:06.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "CosmicDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ecf-eeb0-4055-85c2-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:07.000Z",
            "modified": "2015-09-17T07:42:07.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "OnionDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ecf-6558-4db9-a027-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:07.000Z",
            "modified": "2015-09-17T07:42:07.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "CozyDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ecf-c224-4762-82ed-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:07.000Z",
            "modified": "2015-09-17T07:42:07.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "SeaDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ed0-c7c8-4deb-8fce-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:08.000Z",
            "modified": "2015-09-17T07:42:08.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "CloudDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ed0-6b60-4229-aecb-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:08.000Z",
            "modified": "2015-09-17T07:42:08.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "MiniDionis"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ed0-1d10-4afa-894a-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:08.000Z",
            "modified": "2015-09-17T07:42:08.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "HammerDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa6ed1-9d70-4366-9cf6-8bdd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:09.000Z",
            "modified": "2015-09-17T07:42:09.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_type": "text",
            "x_misp_value": "HAMMERTOSS"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ef8-39ac-49ff-add0-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:48.000Z",
            "modified": "2015-09-17T07:42:48.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '07b4e44b6b3e1c3904ded7d6c9dcf7fa609467ef']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ef9-0de8-441a-9138-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:49.000Z",
            "modified": "2015-09-17T07:42:49.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '0cf68d706c38ab112e0b667498c24626aec730f6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ef9-7158-4866-89b4-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:49.000Z",
            "modified": "2015-09-17T07:42:49.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '155004c1cc831a7f39caf2bec04f1841b61af802']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efa-1d88-4790-8706-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:50.000Z",
            "modified": "2015-09-17T07:42:50.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '17df96e423320ddfb7664413bf562a6b1aaef9d4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efa-d46c-4ec1-b0e8-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:50.000Z",
            "modified": "2015-09-17T07:42:50.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '1c124e1523fcbef25c4f3074b1f8088bcad2230f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efa-71e8-463d-80dd-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:50.000Z",
            "modified": "2015-09-17T07:42:50.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '285ac0fb341e57c87964282f621b3d1f018ab7ea']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efb-1ee8-45c1-8151-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:51.000Z",
            "modified": "2015-09-17T07:42:51.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '2f156a9f861cda356c4ddf332d71937ac9962c68']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efb-4f34-4abb-9c74-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:51.000Z",
            "modified": "2015-09-17T07:42:51.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '333f5acc35ea0206f7d1deadcb94ca6ec9564d02']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efb-0754-4d69-a13d-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:51.000Z",
            "modified": "2015-09-17T07:42:51.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '34af1909ec77d2c3878724234b9b1e3141c91409']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efc-174c-4bde-9c58-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:52.000Z",
            "modified": "2015-09-17T07:42:52.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '383fc3c218b9fb0d4224d69af66caf09869b4c73']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efc-5fa8-4046-84be-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:52.000Z",
            "modified": "2015-09-17T07:42:52.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '45ee9aa9f8ef3a9cc0b4b250766e7a9368a30934']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efc-1394-46ee-bef4-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:52.000Z",
            "modified": "2015-09-17T07:42:52.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '52164782fc9f8a2a6c4be2b9cd000e4a60a860ed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efd-8f04-4532-97a3-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:53.000Z",
            "modified": "2015-09-17T07:42:53.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '7371eecafbaeefd0dc5f4dd5737f745586133f59']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efd-4f04-4090-8c63-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:53.000Z",
            "modified": "2015-09-17T07:42:53.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = '797b3101b9352be812b8d411179ae765e14065a6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efd-d3f8-4eb9-b066-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:53.000Z",
            "modified": "2015-09-17T07:42:53.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'a10f2dc5dbdbf1a11ebe4c3e59a4c0e5d14bcc8a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efe-3bd4-4603-be8b-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:54.000Z",
            "modified": "2015-09-17T07:42:54.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'a3dfb5643c824ae0c3ba2b7f3efb266bfbf46b02']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efe-04dc-43cf-81fc-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:54.000Z",
            "modified": "2015-09-17T07:42:54.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'ad2cac618ab9d9d4a16a2db32410607bbf98ce8f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6efe-0438-400f-9933-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:54.000Z",
            "modified": "2015-09-17T07:42:54.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'bf48d8126e84185e7825b69951293271031cbad4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6eff-d9d0-4a6e-b60f-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:55.000Z",
            "modified": "2015-09-17T07:42:55.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'c1e229219e84203ba9e26f2917bd268656ff4716']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6eff-6458-4291-a3ba-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:55.000Z",
            "modified": "2015-09-17T07:42:55.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'c59114c79e3d3ddd77d6919b88bc99d40205e645']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6eff-97c0-4993-8166-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:55.000Z",
            "modified": "2015-09-17T07:42:55.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'c8ae844baea44ec1db172ae9b257dbac04dcbbe7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f00-c598-4251-864d-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:56.000Z",
            "modified": "2015-09-17T07:42:56.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'd5905327f213a69f314e2503c68ef5b51c2d381e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f00-3e78-44d5-9443-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:56.000Z",
            "modified": "2015-09-17T07:42:56.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'e7720ab728cb18ea329c7dd7c9b7408e266c986b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f00-e6d4-4f12-8aba-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:56.000Z",
            "modified": "2015-09-17T07:42:56.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'fdc65f38f458ceddf5a5e3f4b44df7337a1fb415']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f01-87cc-40d1-908c-b81b950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:42:57.000Z",
            "modified": "2015-09-17T07:42:57.000Z",
            "description": "Malware",
            "pattern": "[file:hashes.SHA1 = 'fdfd9abbaafe0bee747c0f1d7963d903174359df']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:42:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f2e-0a48-4e30-a80c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:42.000Z",
            "modified": "2015-09-17T07:43:42.000Z",
            "description": "Malware - Xchecked via VT: fdfd9abbaafe0bee747c0f1d7963d903174359df",
            "pattern": "[file:hashes.SHA256 = '8b7427620d6537aa905727af48f7dec1e003a8b7c74d417f0a5ded7926a7d590']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f2e-94ec-4787-b887-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:42.000Z",
            "modified": "2015-09-17T07:43:42.000Z",
            "description": "Malware - Xchecked via VT: fdfd9abbaafe0bee747c0f1d7963d903174359df",
            "pattern": "[file:hashes.MD5 = '69232da84dc7d9b2fdf1f1daade6eaae']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f2f-5ff8-402e-a7b6-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:43.000Z",
            "modified": "2015-09-17T07:43:43.000Z",
            "first_observed": "2015-09-17T07:43:43Z",
            "last_observed": "2015-09-17T07:43:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f2f-5ff8-402e-a7b6-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f2f-5ff8-402e-a7b6-8489950d210b",
            "value": "https://www.virustotal.com/file/8b7427620d6537aa905727af48f7dec1e003a8b7c74d417f0a5ded7926a7d590/analysis/1385744937/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f2f-b27c-4763-aa93-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:43.000Z",
            "modified": "2015-09-17T07:43:43.000Z",
            "description": "Malware - Xchecked via VT: fdc65f38f458ceddf5a5e3f4b44df7337a1fb415",
            "pattern": "[file:hashes.SHA256 = 'a607fa51662afdc089dd3f80bf6863d4cc00a73d74d4ddb9d7b74ed1b0337bf1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f2f-7608-4467-a15e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:43.000Z",
            "modified": "2015-09-17T07:43:43.000Z",
            "description": "Malware - Xchecked via VT: fdc65f38f458ceddf5a5e3f4b44df7337a1fb415",
            "pattern": "[file:hashes.MD5 = '823760d749db5f3f28c7d9366acd0f64']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f30-4bf0-4e72-954b-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:44.000Z",
            "modified": "2015-09-17T07:43:44.000Z",
            "first_observed": "2015-09-17T07:43:44Z",
            "last_observed": "2015-09-17T07:43:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f30-4bf0-4e72-954b-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f30-4bf0-4e72-954b-8489950d210b",
            "value": "https://www.virustotal.com/file/a607fa51662afdc089dd3f80bf6863d4cc00a73d74d4ddb9d7b74ed1b0337bf1/analysis/1428914951/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f30-4290-4977-8bb8-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:44.000Z",
            "modified": "2015-09-17T07:43:44.000Z",
            "description": "Malware - Xchecked via VT: e7720ab728cb18ea329c7dd7c9b7408e266c986b",
            "pattern": "[file:hashes.SHA256 = 'dd29a6b5c62d8726a3073b6f7d20e6f34d00616de61fc55d04bda9e7824cd598']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f30-7de4-47b0-b2d3-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:44.000Z",
            "modified": "2015-09-17T07:43:44.000Z",
            "description": "Malware - Xchecked via VT: e7720ab728cb18ea329c7dd7c9b7408e266c986b",
            "pattern": "[file:hashes.MD5 = '5bc3b701819a4f2004b000d7db4b1b63']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f31-7bc8-46ed-8c8c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:45.000Z",
            "modified": "2015-09-17T07:43:45.000Z",
            "first_observed": "2015-09-17T07:43:45Z",
            "last_observed": "2015-09-17T07:43:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f31-7bc8-46ed-8c8c-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f31-7bc8-46ed-8c8c-8489950d210b",
            "value": "https://www.virustotal.com/file/dd29a6b5c62d8726a3073b6f7d20e6f34d00616de61fc55d04bda9e7824cd598/analysis/1373315080/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f31-9904-4c08-938a-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:45.000Z",
            "modified": "2015-09-17T07:43:45.000Z",
            "description": "Malware - Xchecked via VT: d5905327f213a69f314e2503c68ef5b51c2d381e",
            "pattern": "[file:hashes.SHA256 = '49bc860fb8856436e1d540754732843f1a534901ecdd031870702bacab58ae54']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f31-a924-40d9-8170-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:45.000Z",
            "modified": "2015-09-17T07:43:45.000Z",
            "description": "Malware - Xchecked via VT: d5905327f213a69f314e2503c68ef5b51c2d381e",
            "pattern": "[file:hashes.MD5 = '89b1e1c3c927f43d6d8108cf1422287a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f32-da2c-44db-a225-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:46.000Z",
            "modified": "2015-09-17T07:43:46.000Z",
            "first_observed": "2015-09-17T07:43:46Z",
            "last_observed": "2015-09-17T07:43:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f32-da2c-44db-a225-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f32-da2c-44db-a225-8489950d210b",
            "value": "https://www.virustotal.com/file/49bc860fb8856436e1d540754732843f1a534901ecdd031870702bacab58ae54/analysis/1316678082/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f32-15a0-4df3-8360-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:46.000Z",
            "modified": "2015-09-17T07:43:46.000Z",
            "description": "Malware - Xchecked via VT: c8ae844baea44ec1db172ae9b257dbac04dcbbe7",
            "pattern": "[file:hashes.SHA256 = '56f87c2b24a502fbda0ae9cee8f21615b1ba39737d70d2f4f4011fa6fdd174a1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f32-b17c-4a6c-b212-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:46.000Z",
            "modified": "2015-09-17T07:43:46.000Z",
            "description": "Malware - Xchecked via VT: c8ae844baea44ec1db172ae9b257dbac04dcbbe7",
            "pattern": "[file:hashes.MD5 = 'db159b7a543cf0c0b84f00bd982482fc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f33-fd70-48ae-91f0-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:47.000Z",
            "modified": "2015-09-17T07:43:47.000Z",
            "first_observed": "2015-09-17T07:43:47Z",
            "last_observed": "2015-09-17T07:43:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f33-fd70-48ae-91f0-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f33-fd70-48ae-91f0-8489950d210b",
            "value": "https://www.virustotal.com/file/56f87c2b24a502fbda0ae9cee8f21615b1ba39737d70d2f4f4011fa6fdd174a1/analysis/1246062452/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f33-c2f4-42e9-a70d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:47.000Z",
            "modified": "2015-09-17T07:43:47.000Z",
            "description": "Malware - Xchecked via VT: c59114c79e3d3ddd77d6919b88bc99d40205e645",
            "pattern": "[file:hashes.SHA256 = '28b56f4245bd2081a8d0885bcd0cad7b384ee4a927d87ce8532c5650ac532916']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f33-0f00-4db0-abba-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:47.000Z",
            "modified": "2015-09-17T07:43:47.000Z",
            "description": "Malware - Xchecked via VT: c59114c79e3d3ddd77d6919b88bc99d40205e645",
            "pattern": "[file:hashes.MD5 = '8dcd3cb1e615edbfade8c2d9d6ef4c67']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f34-a278-4d4c-b41e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:48.000Z",
            "modified": "2015-09-17T07:43:48.000Z",
            "first_observed": "2015-09-17T07:43:48Z",
            "last_observed": "2015-09-17T07:43:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f34-a278-4d4c-b41e-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f34-a278-4d4c-b41e-8489950d210b",
            "value": "https://www.virustotal.com/file/28b56f4245bd2081a8d0885bcd0cad7b384ee4a927d87ce8532c5650ac532916/analysis/1365263446/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f34-2bb8-4a31-9eb1-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:48.000Z",
            "modified": "2015-09-17T07:43:48.000Z",
            "description": "Malware - Xchecked via VT: c1e229219e84203ba9e26f2917bd268656ff4716",
            "pattern": "[file:hashes.SHA256 = '35f911365d14ff533acce7367c2ab74167a9beb7b4e8fd487f25b9db4d68f627']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f34-6c74-4a28-a34e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:48.000Z",
            "modified": "2015-09-17T07:43:48.000Z",
            "description": "Malware - Xchecked via VT: c1e229219e84203ba9e26f2917bd268656ff4716",
            "pattern": "[file:hashes.MD5 = 'ddeeebb34da3deea82ea1f4ff4c894a5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f35-10e4-4785-a60d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:49.000Z",
            "modified": "2015-09-17T07:43:49.000Z",
            "first_observed": "2015-09-17T07:43:49Z",
            "last_observed": "2015-09-17T07:43:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f35-10e4-4785-a60d-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f35-10e4-4785-a60d-8489950d210b",
            "value": "https://www.virustotal.com/file/35f911365d14ff533acce7367c2ab74167a9beb7b4e8fd487f25b9db4d68f627/analysis/1279424215/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f35-f664-45aa-8e17-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:49.000Z",
            "modified": "2015-09-17T07:43:49.000Z",
            "description": "Malware - Xchecked via VT: bf48d8126e84185e7825b69951293271031cbad4",
            "pattern": "[file:hashes.SHA256 = '236ee4d1a9ba8f24dfe905235ee45d133a7c71928ad9f90b29334dae1c7ff594']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f35-f624-4968-a88e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:49.000Z",
            "modified": "2015-09-17T07:43:49.000Z",
            "description": "Malware - Xchecked via VT: bf48d8126e84185e7825b69951293271031cbad4",
            "pattern": "[file:hashes.MD5 = '59571740dcf8266c2205b901b6b489d1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f36-3a24-4d88-9dae-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:50.000Z",
            "modified": "2015-09-17T07:43:50.000Z",
            "first_observed": "2015-09-17T07:43:50Z",
            "last_observed": "2015-09-17T07:43:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f36-3a24-4d88-9dae-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f36-3a24-4d88-9dae-8489950d210b",
            "value": "https://www.virustotal.com/file/236ee4d1a9ba8f24dfe905235ee45d133a7c71928ad9f90b29334dae1c7ff594/analysis/1365659053/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f36-6c48-49b4-bf7b-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:50.000Z",
            "modified": "2015-09-17T07:43:50.000Z",
            "description": "Malware - Xchecked via VT: ad2cac618ab9d9d4a16a2db32410607bbf98ce8f",
            "pattern": "[file:hashes.SHA256 = '0f47573093859737935aa5ff31cde058718a816b321b0250451b99d04730cc10']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f36-5f18-4dd9-84d5-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:50.000Z",
            "modified": "2015-09-17T07:43:50.000Z",
            "description": "Malware - Xchecked via VT: ad2cac618ab9d9d4a16a2db32410607bbf98ce8f",
            "pattern": "[file:hashes.MD5 = 'ab24962ba63d32a62cefd3c68c54a2ec']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f37-04e4-46f7-ba8f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:51.000Z",
            "modified": "2015-09-17T07:43:51.000Z",
            "first_observed": "2015-09-17T07:43:51Z",
            "last_observed": "2015-09-17T07:43:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f37-04e4-46f7-ba8f-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f37-04e4-46f7-ba8f-8489950d210b",
            "value": "https://www.virustotal.com/file/0f47573093859737935aa5ff31cde058718a816b321b0250451b99d04730cc10/analysis/1373520094/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f37-5afc-491f-901f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:51.000Z",
            "modified": "2015-09-17T07:43:51.000Z",
            "description": "Malware - Xchecked via VT: a3dfb5643c824ae0c3ba2b7f3efb266bfbf46b02",
            "pattern": "[file:hashes.SHA256 = '0ce3bfa972ced61884ae7c1d77c7d4c45e17c7d767e669610cf2ef72b636b464']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f37-2394-49a9-862e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:51.000Z",
            "modified": "2015-09-17T07:43:51.000Z",
            "description": "Malware - Xchecked via VT: a3dfb5643c824ae0c3ba2b7f3efb266bfbf46b02",
            "pattern": "[file:hashes.MD5 = '0775a35e939a14a382b562c95845cb50']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f38-598c-4e4f-9818-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:52.000Z",
            "modified": "2015-09-17T07:43:52.000Z",
            "first_observed": "2015-09-17T07:43:52Z",
            "last_observed": "2015-09-17T07:43:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f38-598c-4e4f-9818-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f38-598c-4e4f-9818-8489950d210b",
            "value": "https://www.virustotal.com/file/0ce3bfa972ced61884ae7c1d77c7d4c45e17c7d767e669610cf2ef72b636b464/analysis/1363415953/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f38-dd30-4d48-9327-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:52.000Z",
            "modified": "2015-09-17T07:43:52.000Z",
            "description": "Malware - Xchecked via VT: a10f2dc5dbdbf1a11ebe4c3e59a4c0e5d14bcc8a",
            "pattern": "[file:hashes.SHA256 = 'ded70a8fc7074ea0ceb7f489b2ebb1198154a2507538fc73cbb74712d5fc6d19']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f39-9730-4e80-a68c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:53.000Z",
            "modified": "2015-09-17T07:43:53.000Z",
            "description": "Malware - Xchecked via VT: a10f2dc5dbdbf1a11ebe4c3e59a4c0e5d14bcc8a",
            "pattern": "[file:hashes.MD5 = '33c87cf8895a81706ca582efd922601b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f39-31cc-407c-ab2f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:53.000Z",
            "modified": "2015-09-17T07:43:53.000Z",
            "first_observed": "2015-09-17T07:43:53Z",
            "last_observed": "2015-09-17T07:43:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f39-31cc-407c-ab2f-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f39-31cc-407c-ab2f-8489950d210b",
            "value": "https://www.virustotal.com/file/ded70a8fc7074ea0ceb7f489b2ebb1198154a2507538fc73cbb74712d5fc6d19/analysis/1266334302/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f39-e364-4abc-98f4-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:53.000Z",
            "modified": "2015-09-17T07:43:53.000Z",
            "description": "Malware - Xchecked via VT: 797b3101b9352be812b8d411179ae765e14065a6",
            "pattern": "[file:hashes.SHA256 = '005630f7e82ffa8f17261e4321184a15a15bd960e7ac3e584be2a27de88838d4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3a-8894-4638-8010-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:54.000Z",
            "modified": "2015-09-17T07:43:54.000Z",
            "description": "Malware - Xchecked via VT: 797b3101b9352be812b8d411179ae765e14065a6",
            "pattern": "[file:hashes.MD5 = 'c728dc7b8b9cf927a8c3aa29a1e935b4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f3a-910c-424c-ac3e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:54.000Z",
            "modified": "2015-09-17T07:43:54.000Z",
            "first_observed": "2015-09-17T07:43:54Z",
            "last_observed": "2015-09-17T07:43:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f3a-910c-424c-ac3e-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f3a-910c-424c-ac3e-8489950d210b",
            "value": "https://www.virustotal.com/file/005630f7e82ffa8f17261e4321184a15a15bd960e7ac3e584be2a27de88838d4/analysis/1373993956/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3a-0d40-4d76-896b-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:54.000Z",
            "modified": "2015-09-17T07:43:54.000Z",
            "description": "Malware - Xchecked via VT: 7371eecafbaeefd0dc5f4dd5737f745586133f59",
            "pattern": "[file:hashes.SHA256 = '51eda4521b3ee9d6917832e4e04a4f58891867b8f7b0ade61725fd124ba40f82']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3b-5bf8-4675-a2b4-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:55.000Z",
            "modified": "2015-09-17T07:43:55.000Z",
            "description": "Malware - Xchecked via VT: 7371eecafbaeefd0dc5f4dd5737f745586133f59",
            "pattern": "[file:hashes.MD5 = '45fb9f8733b3f0b26d38195b2c5ae54e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f3b-60d4-4bbb-8c5c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:55.000Z",
            "modified": "2015-09-17T07:43:55.000Z",
            "first_observed": "2015-09-17T07:43:55Z",
            "last_observed": "2015-09-17T07:43:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f3b-60d4-4bbb-8c5c-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f3b-60d4-4bbb-8c5c-8489950d210b",
            "value": "https://www.virustotal.com/file/51eda4521b3ee9d6917832e4e04a4f58891867b8f7b0ade61725fd124ba40f82/analysis/1373214532/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3b-924c-4d04-8b2c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:55.000Z",
            "modified": "2015-09-17T07:43:55.000Z",
            "description": "Malware - Xchecked via VT: 52164782fc9f8a2a6c4be2b9cd000e4a60a860ed",
            "pattern": "[file:hashes.SHA256 = 'b2417de25ad9e6bed08229561eb96d4f2e83ab63b4407c7601a0113ed193fe84']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3c-5900-450b-8996-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:56.000Z",
            "modified": "2015-09-17T07:43:56.000Z",
            "description": "Malware - Xchecked via VT: 52164782fc9f8a2a6c4be2b9cd000e4a60a860ed",
            "pattern": "[file:hashes.MD5 = '33548f84763edb22ea6039dbbd064aeb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f3c-d88c-4b94-b1bc-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:56.000Z",
            "modified": "2015-09-17T07:43:56.000Z",
            "first_observed": "2015-09-17T07:43:56Z",
            "last_observed": "2015-09-17T07:43:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f3c-d88c-4b94-b1bc-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f3c-d88c-4b94-b1bc-8489950d210b",
            "value": "https://www.virustotal.com/file/b2417de25ad9e6bed08229561eb96d4f2e83ab63b4407c7601a0113ed193fe84/analysis/1345764867/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3c-ed3c-4f55-834c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:56.000Z",
            "modified": "2015-09-17T07:43:56.000Z",
            "description": "Malware - Xchecked via VT: 45ee9aa9f8ef3a9cc0b4b250766e7a9368a30934",
            "pattern": "[file:hashes.SHA256 = '4e31304e1ea66c267b5882f9335a2384eea18a6617a49308846ce624b68e7489']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3d-4098-4ccd-ab3d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:57.000Z",
            "modified": "2015-09-17T07:43:57.000Z",
            "description": "Malware - Xchecked via VT: 45ee9aa9f8ef3a9cc0b4b250766e7a9368a30934",
            "pattern": "[file:hashes.MD5 = '573b0f9dc06833bcfaea2147d28bcffc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f3d-be54-4487-a19d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:57.000Z",
            "modified": "2015-09-17T07:43:57.000Z",
            "first_observed": "2015-09-17T07:43:57Z",
            "last_observed": "2015-09-17T07:43:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f3d-be54-4487-a19d-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f3d-be54-4487-a19d-8489950d210b",
            "value": "https://www.virustotal.com/file/4e31304e1ea66c267b5882f9335a2384eea18a6617a49308846ce624b68e7489/analysis/1281216044/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3d-a6ec-411c-90a9-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:57.000Z",
            "modified": "2015-09-17T07:43:57.000Z",
            "description": "Malware - Xchecked via VT: 383fc3c218b9fb0d4224d69af66caf09869b4c73",
            "pattern": "[file:hashes.SHA256 = 'd88bd6947eef00bd3baadc55ff1c55b3cdcff5ba8fd145d5b5bf8894c42a7fd3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3e-3ec0-4486-a40d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:58.000Z",
            "modified": "2015-09-17T07:43:58.000Z",
            "description": "Malware - Xchecked via VT: 383fc3c218b9fb0d4224d69af66caf09869b4c73",
            "pattern": "[file:hashes.MD5 = '2384eb7914fd9d8d11be72bb83046445']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f3e-99cc-414c-b3bf-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:58.000Z",
            "modified": "2015-09-17T07:43:58.000Z",
            "first_observed": "2015-09-17T07:43:58Z",
            "last_observed": "2015-09-17T07:43:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f3e-99cc-414c-b3bf-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f3e-99cc-414c-b3bf-8489950d210b",
            "value": "https://www.virustotal.com/file/d88bd6947eef00bd3baadc55ff1c55b3cdcff5ba8fd145d5b5bf8894c42a7fd3/analysis/1365957701/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3e-f568-4156-9b8f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:58.000Z",
            "modified": "2015-09-17T07:43:58.000Z",
            "description": "Malware - Xchecked via VT: 34af1909ec77d2c3878724234b9b1e3141c91409",
            "pattern": "[file:hashes.SHA256 = 'd9cfcd9e64cdd0a4beba9da2b1cfdf7b5af9480bc19d6fdf95ec5b1f07fceb1d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3f-070c-42a7-83ff-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:59.000Z",
            "modified": "2015-09-17T07:43:59.000Z",
            "description": "Malware - Xchecked via VT: 34af1909ec77d2c3878724234b9b1e3141c91409",
            "pattern": "[file:hashes.MD5 = 'bf839cb54473c333b2c151ad627eb39f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f3f-442c-49fe-9e71-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:59.000Z",
            "modified": "2015-09-17T07:43:59.000Z",
            "first_observed": "2015-09-17T07:43:59Z",
            "last_observed": "2015-09-17T07:43:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f3f-442c-49fe-9e71-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f3f-442c-49fe-9e71-8489950d210b",
            "value": "https://www.virustotal.com/file/d9cfcd9e64cdd0a4beba9da2b1cfdf7b5af9480bc19d6fdf95ec5b1f07fceb1d/analysis/1376260152/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f3f-7f20-4255-b884-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:43:59.000Z",
            "modified": "2015-09-17T07:43:59.000Z",
            "description": "Malware - Xchecked via VT: 333f5acc35ea0206f7d1deadcb94ca6ec9564d02",
            "pattern": "[file:hashes.SHA256 = '7a3b78feba1670850602b7c33cb0968b4d89db609d98c81744b43cae23d563f5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:43:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f40-bdf8-4fc4-9f18-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:00.000Z",
            "modified": "2015-09-17T07:44:00.000Z",
            "description": "Malware - Xchecked via VT: 333f5acc35ea0206f7d1deadcb94ca6ec9564d02",
            "pattern": "[file:hashes.MD5 = 'b84a148f40c3a694b930c5374f7a90cb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f40-ec3c-4fb0-922e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:00.000Z",
            "modified": "2015-09-17T07:44:00.000Z",
            "first_observed": "2015-09-17T07:44:00Z",
            "last_observed": "2015-09-17T07:44:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f40-ec3c-4fb0-922e-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f40-ec3c-4fb0-922e-8489950d210b",
            "value": "https://www.virustotal.com/file/7a3b78feba1670850602b7c33cb0968b4d89db609d98c81744b43cae23d563f5/analysis/1316678640/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f40-792c-470a-9b4e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:00.000Z",
            "modified": "2015-09-17T07:44:00.000Z",
            "description": "Malware - Xchecked via VT: 2f156a9f861cda356c4ddf332d71937ac9962c68",
            "pattern": "[file:hashes.SHA256 = '7abf424fd57e49756307cc07e05627470a0d1f000a3c8fcc422ea4391981f6a2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f41-002c-4a8b-9e72-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:01.000Z",
            "modified": "2015-09-17T07:44:01.000Z",
            "description": "Malware - Xchecked via VT: 2f156a9f861cda356c4ddf332d71937ac9962c68",
            "pattern": "[file:hashes.MD5 = '87f235c00e8c3960b264192621f594ae']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f41-07cc-4ada-8f6c-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:01.000Z",
            "modified": "2015-09-17T07:44:01.000Z",
            "first_observed": "2015-09-17T07:44:01Z",
            "last_observed": "2015-09-17T07:44:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f41-07cc-4ada-8f6c-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f41-07cc-4ada-8f6c-8489950d210b",
            "value": "https://www.virustotal.com/file/7abf424fd57e49756307cc07e05627470a0d1f000a3c8fcc422ea4391981f6a2/analysis/1274194885/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f41-f320-4c80-8baa-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:01.000Z",
            "modified": "2015-09-17T07:44:01.000Z",
            "description": "Malware - Xchecked via VT: 285ac0fb341e57c87964282f621b3d1f018ab7ea",
            "pattern": "[file:hashes.SHA256 = '28f1940e63b6fde028dd1ae55979296daa4f7b081df5e3e251b7f98825415a86']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f42-1590-4cda-b4a7-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:02.000Z",
            "modified": "2015-09-17T07:44:02.000Z",
            "description": "Malware - Xchecked via VT: 285ac0fb341e57c87964282f621b3d1f018ab7ea",
            "pattern": "[file:hashes.MD5 = '4638a4e7faf5a9343551cc6e9668d143']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f42-6a64-4de6-b088-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:02.000Z",
            "modified": "2015-09-17T07:44:02.000Z",
            "first_observed": "2015-09-17T07:44:02Z",
            "last_observed": "2015-09-17T07:44:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f42-6a64-4de6-b088-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f42-6a64-4de6-b088-8489950d210b",
            "value": "https://www.virustotal.com/file/28f1940e63b6fde028dd1ae55979296daa4f7b081df5e3e251b7f98825415a86/analysis/1438324455/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f42-cc78-464c-82cd-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:02.000Z",
            "modified": "2015-09-17T07:44:02.000Z",
            "description": "Malware - Xchecked via VT: 1c124e1523fcbef25c4f3074b1f8088bcad2230f",
            "pattern": "[file:hashes.SHA256 = '98eca1c2b6db3224ca1790fba1b1d5915f5448ae85dc4ec553718a0d0dd443a2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f43-5f60-42ba-9594-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:03.000Z",
            "modified": "2015-09-17T07:44:03.000Z",
            "description": "Malware - Xchecked via VT: 1c124e1523fcbef25c4f3074b1f8088bcad2230f",
            "pattern": "[file:hashes.MD5 = 'a250c5ca9968e4ce2336462fc839bb90']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f43-4f2c-4f9f-bc20-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:03.000Z",
            "modified": "2015-09-17T07:44:03.000Z",
            "first_observed": "2015-09-17T07:44:03Z",
            "last_observed": "2015-09-17T07:44:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f43-4f2c-4f9f-bc20-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f43-4f2c-4f9f-bc20-8489950d210b",
            "value": "https://www.virustotal.com/file/98eca1c2b6db3224ca1790fba1b1d5915f5448ae85dc4ec553718a0d0dd443a2/analysis/1425392425/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f43-41f4-4cd0-bd55-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:03.000Z",
            "modified": "2015-09-17T07:44:03.000Z",
            "description": "Malware - Xchecked via VT: 17df96e423320ddfb7664413bf562a6b1aaef9d4",
            "pattern": "[file:hashes.SHA256 = '98cd87a544ca06ae249e4f3c9790efbd63d8954e0ff695d2404e92f2383871bf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f44-11c4-45ec-9cc5-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:04.000Z",
            "modified": "2015-09-17T07:44:04.000Z",
            "description": "Malware - Xchecked via VT: 17df96e423320ddfb7664413bf562a6b1aaef9d4",
            "pattern": "[file:hashes.MD5 = '210834cfcde3f416b82263c521eefa78']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f44-6854-4c4d-b345-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:04.000Z",
            "modified": "2015-09-17T07:44:04.000Z",
            "first_observed": "2015-09-17T07:44:04Z",
            "last_observed": "2015-09-17T07:44:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f44-6854-4c4d-b345-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f44-6854-4c4d-b345-8489950d210b",
            "value": "https://www.virustotal.com/file/98cd87a544ca06ae249e4f3c9790efbd63d8954e0ff695d2404e92f2383871bf/analysis/1390491616/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f44-301c-474a-a1bb-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:04.000Z",
            "modified": "2015-09-17T07:44:04.000Z",
            "description": "Malware - Xchecked via VT: 155004c1cc831a7f39caf2bec04f1841b61af802",
            "pattern": "[file:hashes.SHA256 = 'b9c723575b7798f7ac14f7e03b8b2ae047d5d37900a27793972e512abfecdb07']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f45-c800-4cbd-949e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:05.000Z",
            "modified": "2015-09-17T07:44:05.000Z",
            "description": "Malware - Xchecked via VT: 155004c1cc831a7f39caf2bec04f1841b61af802",
            "pattern": "[file:hashes.MD5 = 'f7367f89d23e17d036a53662cc82882b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f45-ed80-4ec2-bf8f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:05.000Z",
            "modified": "2015-09-17T07:44:05.000Z",
            "first_observed": "2015-09-17T07:44:05Z",
            "last_observed": "2015-09-17T07:44:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f45-ed80-4ec2-bf8f-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f45-ed80-4ec2-bf8f-8489950d210b",
            "value": "https://www.virustotal.com/file/b9c723575b7798f7ac14f7e03b8b2ae047d5d37900a27793972e512abfecdb07/analysis/1351078701/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f45-f8c0-4c74-ba60-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:05.000Z",
            "modified": "2015-09-17T07:44:05.000Z",
            "description": "Malware - Xchecked via VT: 0cf68d706c38ab112e0b667498c24626aec730f6",
            "pattern": "[file:hashes.SHA256 = '52ba22dc22f5a85f66e2a9a530a8f848eabeff19b02edda7a88c68f519bf91a8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f46-e72c-44db-ae54-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:06.000Z",
            "modified": "2015-09-17T07:44:06.000Z",
            "description": "Malware - Xchecked via VT: 0cf68d706c38ab112e0b667498c24626aec730f6",
            "pattern": "[file:hashes.MD5 = '2e30fd352b659557b5da83dcba6195c0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f46-0028-4857-abb3-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:06.000Z",
            "modified": "2015-09-17T07:44:06.000Z",
            "first_observed": "2015-09-17T07:44:06Z",
            "last_observed": "2015-09-17T07:44:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f46-0028-4857-abb3-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f46-0028-4857-abb3-8489950d210b",
            "value": "https://www.virustotal.com/file/52ba22dc22f5a85f66e2a9a530a8f848eabeff19b02edda7a88c68f519bf91a8/analysis/1400109949/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f46-12a0-4662-9896-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:06.000Z",
            "modified": "2015-09-17T07:44:06.000Z",
            "description": "Malware - Xchecked via VT: 07b4e44b6b3e1c3904ded7d6c9dcf7fa609467ef",
            "pattern": "[file:hashes.SHA256 = 'b06285f7a30f4905801572deda68afa4e1f8dfa733ce9ff985ecbf1847f78db6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f47-4ba4-440d-a8a2-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:07.000Z",
            "modified": "2015-09-17T07:44:07.000Z",
            "description": "Malware - Xchecked via VT: 07b4e44b6b3e1c3904ded7d6c9dcf7fa609467ef",
            "pattern": "[file:hashes.MD5 = 'c166d00faa2baf4851e51e46933461dd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa6f47-f590-4040-ab10-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:07.000Z",
            "modified": "2015-09-17T07:44:07.000Z",
            "first_observed": "2015-09-17T07:44:07Z",
            "last_observed": "2015-09-17T07:44:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa6f47-f590-4040-ab10-8489950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa6f47-f590-4040-ab10-8489950d210b",
            "value": "https://www.virustotal.com/file/b06285f7a30f4905801572deda68afa4e1f8dfa733ce9ff985ecbf1847f78db6/analysis/1246560294/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f71-e0d0-443a-b4ac-ca4f950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:49.000Z",
            "modified": "2015-09-17T07:44:49.000Z",
            "description": "PinchDuke exploit",
            "pattern": "[file:hashes.SHA1 = '50f8ea7eb685656c02a83420b3910d14ac588c8b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f71-cab8-4af3-93b4-ca4f950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:44:49.000Z",
            "modified": "2015-09-17T07:44:49.000Z",
            "description": "PinchDuke exploit",
            "pattern": "[file:hashes.SHA1 = '9fae684a130c052ad2b55ebaf7f6e513c0e62abe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:44:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f94-2b78-4bd1-93c3-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:24.000Z",
            "modified": "2015-09-17T07:45:24.000Z",
            "description": "GeminiDuke",
            "pattern": "[file:hashes.SHA1 = '3ed561786ca07c8e9862f4f682c1828a039d6dd4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f95-b164-4d4a-9d09-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:25.000Z",
            "modified": "2015-09-17T07:45:25.000Z",
            "description": "GeminiDuke",
            "pattern": "[file:hashes.SHA1 = '6b0b8ad038c7ae2efbad066b8ba22de859b81f98']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f95-7b30-4bb6-b08e-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:25.000Z",
            "modified": "2015-09-17T07:45:25.000Z",
            "description": "GeminiDuke",
            "pattern": "[file:hashes.SHA1 = 'a3653091334892cf97a55715c7555c8881230bc4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f95-f064-4433-b7a7-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:25.000Z",
            "modified": "2015-09-17T07:45:25.000Z",
            "description": "GeminiDuke",
            "pattern": "[file:hashes.SHA1 = 'b14b9241197c667f00f86d096d71c47d6fa9aca6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6f96-4800-4663-aaf5-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:26.000Z",
            "modified": "2015-09-17T07:45:26.000Z",
            "description": "GeminiDuke",
            "pattern": "[file:hashes.SHA1 = 'c011552d61ac5a87d95e43b90f2bf13077856def']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb2-9c08-40c4-893b-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:54.000Z",
            "modified": "2015-09-17T07:45:54.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '01e5080b832c6e4fcb7b9d06caffe03dab8d95da']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb2-36b4-493d-8d0b-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:54.000Z",
            "modified": "2015-09-17T07:45:54.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '02f55947402689ec755356ab6b0345a592446da7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb2-b670-45b6-9c02-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:54.000Z",
            "modified": "2015-09-17T07:45:54.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '03c5690728b7dffb2f4ab947fe390264751428aa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb3-cadc-4664-8196-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:55.000Z",
            "modified": "2015-09-17T07:45:55.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '0653a8f06b140f4fac44acb3be723d7bb2602558']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb3-de70-48af-9e94-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:55.000Z",
            "modified": "2015-09-17T07:45:55.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '0bc8485ce6c24bb888e2329d479c9b7303bb98b4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb3-41a0-41ec-9492-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:55.000Z",
            "modified": "2015-09-17T07:45:55.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '0c8db6542172de98fa16c9bacfef9ed4099fd872']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb4-76f0-4320-ae1e-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:56.000Z",
            "modified": "2015-09-17T07:45:56.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '0d8f41fe09dbd75ab953f9e64a6cdbbbc198bf2b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb4-5bf4-4541-b154-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:56.000Z",
            "modified": "2015-09-17T07:45:56.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '0e5f55676e01d8e41d77cdc43489da8381b68086']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb5-f914-4a03-998d-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:57.000Z",
            "modified": "2015-09-17T07:45:57.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '0ff7ce34841c03c876b141c1f46d0ff2519889cc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb5-433c-42a1-87ed-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:57.000Z",
            "modified": "2015-09-17T07:45:57.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '11b5cfb37efb45d2c721cbf20cab7c1f5c1aa44b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb5-61c0-4464-8fe3-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:57.000Z",
            "modified": "2015-09-17T07:45:57.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '151362502d569b16453e84a2f5d277d8e4e878c2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb6-4c3c-47ee-9546-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:58.000Z",
            "modified": "2015-09-17T07:45:58.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '174373ab44cf6e7355f9dbb8469453519cb61a44']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb6-3348-4eb3-b29f-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:58.000Z",
            "modified": "2015-09-17T07:45:58.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '18d983ba09da695ce704ab8093296366b543996a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb6-0af4-4dec-be1d-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:58.000Z",
            "modified": "2015-09-17T07:45:58.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '1a31245e943b131d81375d70b489d8e4bf3d6dce']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb7-b068-4953-bfd0-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:59.000Z",
            "modified": "2015-09-17T07:45:59.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '1ce049522c4df595a1c4c9e9ca24be72dc5c6b28']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb7-582c-4a69-b242-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:59.000Z",
            "modified": "2015-09-17T07:45:59.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '1df78a1dc0aa3382fcc6fac172b70aafd0ed8d3d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb7-3a90-47cb-8046-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:45:59.000Z",
            "modified": "2015-09-17T07:45:59.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '1e5c6d3f64295cb36d364f7fa183177a3f5e6b7e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:45:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb8-1d3c-41f4-b83e-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:00.000Z",
            "modified": "2015-09-17T07:46:00.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '2345cd5c112e55ba631dac539c8efab850c536b2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb8-405c-426d-9223-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:00.000Z",
            "modified": "2015-09-17T07:46:00.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '2b1e7d54723cf9ee2fd133b8f17fa99470d7a51a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb8-dbbc-4a7b-8641-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:00.000Z",
            "modified": "2015-09-17T07:46:00.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '322e042cf1cb43a8072c4a4cbf6e37004a88d6f7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb9-0a7c-4f38-8349-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:01.000Z",
            "modified": "2015-09-17T07:46:01.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '332aac7bdb0f697fd96e35c31c54d15e548061f4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb9-e290-47f7-919c-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:01.000Z",
            "modified": "2015-09-17T07:46:01.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '365f61c7886ca82bfdf8ee19ce0f92c4f7d0901e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fb9-ab5c-4651-a280-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:01.000Z",
            "modified": "2015-09-17T07:46:01.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '3980f0e3fe80b2e7378325ab64ecbe725ae5eca9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fba-c0b4-4b4c-9907-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:02.000Z",
            "modified": "2015-09-17T07:46:02.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '3f4a5bf72a15b7a8638655b24eb3359e229b9aea']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fba-d434-4266-9e2f-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:02.000Z",
            "modified": "2015-09-17T07:46:02.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '42dbfbedd813e6dbea1398323f085a88fa014293']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fba-af10-4dfe-b1b3-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:02.000Z",
            "modified": "2015-09-17T07:46:02.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '4a9875f646c5410f8317191ef2a91f934ce76f57']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbb-0850-475a-9d0b-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:03.000Z",
            "modified": "2015-09-17T07:46:03.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '4aaac99607013b21863728b9453e4ffee67b902e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbb-acf4-4d0e-aaed-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:03.000Z",
            "modified": "2015-09-17T07:46:03.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '4e3c9d7eb8302739e6931a3b5b605efe8f211e51']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbc-36f0-4510-9b6e-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:04.000Z",
            "modified": "2015-09-17T07:46:04.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '4fbc518df60df395ea27224cb85c4da2ff327e98']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbc-65c4-4bbb-8862-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:04.000Z",
            "modified": "2015-09-17T07:46:04.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '4fd46c30fb1b6f5431c12a38430d684ed1ff5a75']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbc-fe80-4581-a96b-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:04.000Z",
            "modified": "2015-09-17T07:46:04.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '524aaf596dc12b1bb479cd69c620914fd4c3f9c9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbd-dc58-470f-bbb2-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:05.000Z",
            "modified": "2015-09-17T07:46:05.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '541816260c71535cfebc743b9e2770a3a601acdf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbd-065c-43e8-8792-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:05.000Z",
            "modified": "2015-09-17T07:46:05.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '558f1d400be521f8286b6a51f56d362d64278132']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbd-b420-4f61-ac8d-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:05.000Z",
            "modified": "2015-09-17T07:46:05.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '55f83ff166ab8978d6ce38e80fde858cf29e660b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbe-fd44-4932-9521-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:06.000Z",
            "modified": "2015-09-17T07:46:06.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '580eca9e36dcd1a2deb9075bcae90afee46aace2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbe-b800-43ea-9a5a-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:06.000Z",
            "modified": "2015-09-17T07:46:06.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '5a199a75411047903b7ba7851bf705ec545f6da9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbe-3f38-4ea8-8232-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:06.000Z",
            "modified": "2015-09-17T07:46:06.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '5c5ec0b5112a74a95edc23ef093792eb3698320e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbf-0f80-47f0-a775-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:07.000Z",
            "modified": "2015-09-17T07:46:07.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '63aedcd38fe947404dda4fbaddb1da539d632417']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbf-1ed4-4993-b523-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:07.000Z",
            "modified": "2015-09-17T07:46:07.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '6483ed51bd244c7b2cf97db62602b19c27fa3059']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fbf-5bd0-4bc7-80db-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:07.000Z",
            "modified": "2015-09-17T07:46:07.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '658db78c0ce62e08e86b51988a222b5fb5fbb913']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fc0-f7a4-4b6d-a837-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:08.000Z",
            "modified": "2015-09-17T07:46:08.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '6a43ada6a3741892b56b0ef38cdf48df1ace236d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fc0-f5f4-4ec6-86e0-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:08.000Z",
            "modified": "2015-09-17T07:46:08.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '6b7a4ccd5a411c03e3f1e86f86b273965991eb85']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fc0-7e70-46f4-bf64-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:08.000Z",
            "modified": "2015-09-17T07:46:08.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '6db1151eeb4339fc72d6d094e2d6c2572de89470']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fc1-0dc4-4b25-a4dc-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:09.000Z",
            "modified": "2015-09-17T07:46:09.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '7631f1db92e61504596790057ce674ee90570755']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fc1-59fc-4bf6-92a1-ccd8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:09.000Z",
            "modified": "2015-09-17T07:46:09.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '764add69922342b8c4200d64652fbee1376adf1c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fec-8e74-4b0f-b844-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:52.000Z",
            "modified": "2015-09-17T07:46:52.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '7803f160af428bcfb4b9ea2aba07886f232cde4e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fec-6a74-4a2b-953e-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:52.000Z",
            "modified": "2015-09-17T07:46:52.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '78d1c1e11ebae22849bccb3eb154ec986d992364']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fec-8cc0-4c67-a82d-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:52.000Z",
            "modified": "2015-09-17T07:46:52.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '7ad1bef0ba61dbed98d76d4207676d08c893fc13']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fed-d468-48b5-93b1-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:53.000Z",
            "modified": "2015-09-17T07:46:53.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '807c3db7385972a78b6d217a379dab67e68a3cf5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fed-55b0-4a9c-8515-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:53.000Z",
            "modified": "2015-09-17T07:46:53.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '88b7ead7c0bf8b3d8a54b4a9c8871f44d1577ce7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fed-1cf0-4125-961b-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:53.000Z",
            "modified": "2015-09-17T07:46:53.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '8a2227cafa5713297313844344d6b6d9e0885093']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fee-3c94-4d25-92e2-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:54.000Z",
            "modified": "2015-09-17T07:46:54.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '8aa9f5d426428ec360229f4cb9f722388f0e535c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fee-1498-47cd-a522-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:54.000Z",
            "modified": "2015-09-17T07:46:54.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '8ab7f806fa18dd9a9c2dc43db0ad3ee79060b6e8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fee-4d0c-4971-802c-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:54.000Z",
            "modified": "2015-09-17T07:46:54.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '8f4138e9588ef329b5cf5bc945dee4ad9fec1dff']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fef-4954-430c-a13d-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:55.000Z",
            "modified": "2015-09-17T07:46:55.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '9090de286ce9126e8e9c1c3a175a70ab4656ca09']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fef-5ddc-478e-b706-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:55.000Z",
            "modified": "2015-09-17T07:46:55.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '91fd13a6b44e99f7235697ab5fe520d540279741']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6fef-b62c-4f51-b39f-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:55.000Z",
            "modified": "2015-09-17T07:46:55.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '926046f0c727358d1a6fbdd6ff3e28bc67d5e2f6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff0-b464-4b37-9674-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:56.000Z",
            "modified": "2015-09-17T07:46:56.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '9700c8a41a929449cfba6567a648e9c5e4a14e70']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff0-a180-4432-a974-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:56.000Z",
            "modified": "2015-09-17T07:46:56.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = '97c62e04b0ce401bd338224cdd58f5943f47c8de']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff1-2118-47d3-92a4-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:57.000Z",
            "modified": "2015-09-17T07:46:57.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'a2ed0eaaeadaa90d25f8b1da23033593bb76598e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff1-cb40-4c91-95b4-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:57.000Z",
            "modified": "2015-09-17T07:46:57.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'a421e0758f1007527fec4d72fa2668da340554c9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff1-5fb8-4ce2-9aa2-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:57.000Z",
            "modified": "2015-09-17T07:46:57.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'a74eceea45207a6b46f461d436b73314b2065756']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff2-a99c-47a8-bff4-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:58.000Z",
            "modified": "2015-09-17T07:46:58.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'a7819c06746ae8d1e5d5111b1ca711db0c8d923e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff2-6c6c-4305-9f4e-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:58.000Z",
            "modified": "2015-09-17T07:46:58.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'a81b58b2171c6a728039dc493faaf2cab7d146a5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff2-e82c-47c6-8e6d-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:58.000Z",
            "modified": "2015-09-17T07:46:58.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'b2a951c5b2613abdb9174678f43a579592b0abc9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff3-cacc-4d01-8096-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:59.000Z",
            "modified": "2015-09-17T07:46:59.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'b54b3c67f1827dab4cc2b3de94ff0af4e5db3d4c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff3-a848-4303-8231-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:59.000Z",
            "modified": "2015-09-17T07:46:59.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'b579845c223331fea9dfd674517fa4633082970e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff3-bf8c-4bf6-b356-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:46:59.000Z",
            "modified": "2015-09-17T07:46:59.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'bbe24aa5e554002f8fd092fc5af7747931307a15']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:46:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff4-0f74-4b11-91f9-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:00.000Z",
            "modified": "2015-09-17T07:47:00.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'c2b5aff3435a7241637f288fedef722541c4dad8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff4-58dc-45ec-b418-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:00.000Z",
            "modified": "2015-09-17T07:47:00.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'c637a9c3fb08879e0f54230bd8dca81deb6e1bcf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff4-51b8-4d36-a5bb-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:00.000Z",
            "modified": "2015-09-17T07:47:00.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'cbca642acdb9f6df1b3efef0af8e675e32bd71d1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff5-f2b8-44f6-a6ec-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:01.000Z",
            "modified": "2015-09-17T07:47:01.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'ccb29875222527af4e58b9dd8994c3c7ef617fd8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff5-e848-469f-b838-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:01.000Z",
            "modified": "2015-09-17T07:47:01.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'cd7116fc6a5fa170690590e161c7589d502bd6a7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff5-50c0-434c-bdd5-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:01.000Z",
            "modified": "2015-09-17T07:47:01.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'd303a6ddd63ce993a8432f4daab5132732748843']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff6-5528-4063-9157-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:02.000Z",
            "modified": "2015-09-17T07:47:02.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'e60d36efd6b307bef4f18e31e7932a711106cd44']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff6-9ce0-42ba-8d8b-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:02.000Z",
            "modified": "2015-09-17T07:47:02.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'e841ca216ce4ee9e967ffff9b059d31ccbf126bd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff6-8958-451c-93ef-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:02.000Z",
            "modified": "2015-09-17T07:47:02.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'ecd2feb0afd5614d7575598c63d9b0146a67ecaa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff7-0828-49eb-a908-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:03.000Z",
            "modified": "2015-09-17T07:47:03.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'ed14da9b9075bd3281967033c90886fd7d4f14e5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff7-4684-4f33-9146-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:03.000Z",
            "modified": "2015-09-17T07:47:03.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'ed328e83cda3cdf75ff68372d69bcbacfe2c9c5e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff7-5010-46ed-93f5-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:03.000Z",
            "modified": "2015-09-17T07:47:03.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'f621ec1b363e13dd60474fcfab374b8570ede4de']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff8-8aa0-4f1c-ac33-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:04.000Z",
            "modified": "2015-09-17T07:47:04.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'fbf290f6adad79ae9628ec6d5703e5ffb86cf8f1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa6ff8-0730-4cbd-a4ff-c35d950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:04.000Z",
            "modified": "2015-09-17T07:47:04.000Z",
            "description": "CosmicDuke",
            "pattern": "[file:hashes.SHA1 = 'fecdba1d903a51499a3953b4df1d850fbd5438bd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7022-10dc-4d1a-b3ae-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:46.000Z",
            "modified": "2015-09-17T07:47:46.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '1e770f2a17664e7d7687c53860b1c0dc0da7157e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7023-11a8-4c19-912c-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:47.000Z",
            "modified": "2015-09-17T07:47:47.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '353540c6619f2bba2351babad736599811d3392e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7023-5674-4a87-af5a-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:47.000Z",
            "modified": "2015-09-17T07:47:47.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '412d488e88deef81225d15959f48479fc8d387b3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7023-fbe0-490a-ae8e-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:47.000Z",
            "modified": "2015-09-17T07:47:47.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '5295b09592d5a651ca3f748f0e6401bd48fe7bda']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7024-5314-465c-9e89-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:48.000Z",
            "modified": "2015-09-17T07:47:48.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '65681390d203871e9c21c68075dbf38944e782e8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7024-7d78-4f77-9672-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:48.000Z",
            "modified": "2015-09-17T07:47:48.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '74bc93107b1bbae2d98fca6d819c2f0bbe8c9f8a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7024-6728-4573-bd83-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:48.000Z",
            "modified": "2015-09-17T07:47:48.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = '8949c1d82dda5c2ead0a73b532c4b2e1fbb58a0e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7025-57f8-4e71-afb4-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:49.000Z",
            "modified": "2015-09-17T07:47:49.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = 'c671786abd87d214a28d136b6bafd4e33ee66951']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7025-d2b0-4500-9a7f-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:47:49.000Z",
            "modified": "2015-09-17T07:47:49.000Z",
            "description": "CosmicDuke Exploit file",
            "pattern": "[file:hashes.SHA1 = 'f1f1ace3906080cef52ca4948185b665d1d7b13e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:47:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7056-986c-4d7a-b110-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:38.000Z",
            "modified": "2015-09-17T07:48:38.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '00852745cb40730dc333124549a768b471dff4bc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7056-bf28-4ed2-853b-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:38.000Z",
            "modified": "2015-09-17T07:48:38.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '03661a5e2352a797233c23883b25bb652f03f205']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7057-faf0-4125-8d50-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:39.000Z",
            "modified": "2015-09-17T07:48:39.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '045867051a6052d1d910abfcb24a7674bcc046ca']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7057-72cc-4401-93e8-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:39.000Z",
            "modified": "2015-09-17T07:48:39.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '0d78d1690d2db2ee322ca11b82d79c758a901ebc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7057-78e0-45e7-85c9-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:39.000Z",
            "modified": "2015-09-17T07:48:39.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '0e263d80c46d5a538115f71e077a6175168abc5c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7058-5a34-4b62-9abc-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:40.000Z",
            "modified": "2015-09-17T07:48:40.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '103c37f6276059a5ff47117b7f638013ccffe407']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7058-49ec-41e8-9cbd-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:40.000Z",
            "modified": "2015-09-17T07:48:40.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '118114446847ead7a2fe87ecb4943fdbdd2bbd1e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7058-33c0-4c07-b9ba-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:40.000Z",
            "modified": "2015-09-17T07:48:40.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '15c75472f160f082f6905d57a98de94c026e2c56']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7059-797c-4f1f-9eb1-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:41.000Z",
            "modified": "2015-09-17T07:48:41.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '1ba5bcd62abcbff517a4adb2609f721dd7f609df']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7059-4840-418e-b35a-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:41.000Z",
            "modified": "2015-09-17T07:48:41.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '1e6b9414fce4277207aab2aa12e4f0842a23f9c1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7059-862c-4204-b8ac-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:41.000Z",
            "modified": "2015-09-17T07:48:41.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '223c7eb7b9dde08ee028bba6552409ee144db54a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705a-0980-4677-a1d1-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:42.000Z",
            "modified": "2015-09-17T07:48:42.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '28a43eac3be1b96c68a1e7463ae91367434a2ac4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705a-0d10-490d-b5fc-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:42.000Z",
            "modified": "2015-09-17T07:48:42.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '296fd4c5b4bf8ea288f45b4801512d7dec7c497b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705a-97c0-494e-a5da-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:42.000Z",
            "modified": "2015-09-17T07:48:42.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '2a13ae3806de8e2c7adba6465c4b2a7bb347f0f5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705b-f554-4074-8c89-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:43.000Z",
            "modified": "2015-09-17T07:48:43.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '2ceae0f5f3efe366ebded0a413e5ea264fbf2a33']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705b-ac9c-4765-81ae-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:43.000Z",
            "modified": "2015-09-17T07:48:43.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '2d74a4efaecd0d23afcad02118e00c08e17996ed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705c-e984-4de7-82b4-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:44.000Z",
            "modified": "2015-09-17T07:48:44.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '30b377e7dc2418607d8cf5d01ae1f925eab2f037']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705c-37e8-4cbe-8530-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:44.000Z",
            "modified": "2015-09-17T07:48:44.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '31ab6830f4e39c2c520ae55d4c4bffe0b347c947']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705c-59dc-47c8-a9c1-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:44.000Z",
            "modified": "2015-09-17T07:48:44.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '36b969c1b3c46953077e4aabb75be8cc6aa6a327']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705d-a59c-4382-97e0-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:45.000Z",
            "modified": "2015-09-17T07:48:45.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '416d1035168b99cc8ba7227d4c7c3c6bc1ce169a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705d-df40-407b-97f5-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:45.000Z",
            "modified": "2015-09-17T07:48:45.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '43fa0d5a30b4cd72bb7e156c00c1611bb4f4bd0a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705d-2f00-484a-9811-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:45.000Z",
            "modified": "2015-09-17T07:48:45.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '493d0660c9cf738be08209bfd56351d4cf075877']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705e-0394-44a0-9680-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:46.000Z",
            "modified": "2015-09-17T07:48:46.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '4b4841ca3f05879ca0dab0659b07fc93a780f9f1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705e-88f0-4117-86f2-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:46.000Z",
            "modified": "2015-09-17T07:48:46.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '4ec769c15a9e318d41fd4a1997ec13c029976fc2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705e-1808-412a-9c56-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:46.000Z",
            "modified": "2015-09-17T07:48:46.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '53140342b8fe2dd7661fce0d0e88d909f55099db']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705f-cbb4-4d06-aed5-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:47.000Z",
            "modified": "2015-09-17T07:48:47.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '5acaea49540635670036dc626503431b5a783b56']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705f-6248-4732-921c-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:47.000Z",
            "modified": "2015-09-17T07:48:47.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '5b2c4da743798bde4158848a8a44094703e842cb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa705f-8b34-45cb-a696-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:47.000Z",
            "modified": "2015-09-17T07:48:47.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '634a1649995309b9c7d163af627f7e39f42d5968']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7060-dba0-48a0-81ed-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:48.000Z",
            "modified": "2015-09-17T07:48:48.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '683104d28bd5c52c53d2e6c710a7bd19676c28b8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7060-1c08-4756-8869-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:48.000Z",
            "modified": "2015-09-17T07:48:48.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '694fa03160d50865dce0c35227dc97ffa1acfa48']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7060-382c-43d5-bc4d-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:48.000Z",
            "modified": "2015-09-17T07:48:48.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '73366c1eb26b92886531586728be4975d56f7ca5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7061-f000-4d72-aebd-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:49.000Z",
            "modified": "2015-09-17T07:48:49.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '827de388e0feabd92fe7bd433138aa35142bd01a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7061-7b00-4c16-9bd4-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:49.000Z",
            "modified": "2015-09-17T07:48:49.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '909d369c42125e84e0650f7e1183abe740486f58']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7061-2e04-4a80-968e-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:49.000Z",
            "modified": "2015-09-17T07:48:49.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = '9796d22994ff4b4e838079d2e5613e7ac425dd1d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7062-97d0-4d5b-afa2-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:50.000Z",
            "modified": "2015-09-17T07:48:50.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'a32817e9ff07bc69974221d9b7a9b980fa80b677']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7062-fc44-422f-88aa-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:50.000Z",
            "modified": "2015-09-17T07:48:50.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'a4e39298866b72e5399d5177f717c46861d8d3df']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7063-b2bc-4540-87e5-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:51.000Z",
            "modified": "2015-09-17T07:48:51.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'a6c18fcbe6b25c370e1305d523b5de662172875b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7063-aa30-4ade-a04d-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:51.000Z",
            "modified": "2015-09-17T07:48:51.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'a9e529c7b04a99019dd31c3c0d7f576e1bbd0970']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7063-3fc4-4fc0-a180-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:51.000Z",
            "modified": "2015-09-17T07:48:51.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'ad9734b05973a0a0f1d34a32cd1936e66898c034']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7064-3ba8-4f8a-aeb0-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:52.000Z",
            "modified": "2015-09-17T07:48:52.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'b27f6174173e71dc154413a525baddf3d6dea1fd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7064-e974-4cd8-b41c-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:52.000Z",
            "modified": "2015-09-17T07:48:52.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'b8b116d11909a05428b7cb6dcce06113f4cc9e58']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7064-659c-4a06-b2c5-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:52.000Z",
            "modified": "2015-09-17T07:48:52.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'c17ad20e3790ba674e3fe6f01b9c10270bf0f0e4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7065-e6bc-45ae-af69-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:53.000Z",
            "modified": "2015-09-17T07:48:53.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'c39d0b12bb1c25cf46a5ae6b197a59f8ea90caa0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7065-83d4-4768-baf3-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:53.000Z",
            "modified": "2015-09-17T07:48:53.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'c6d3dac500de2f46e56611c13c589e037e4ca5e0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7065-8334-44e6-8098-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:53.000Z",
            "modified": "2015-09-17T07:48:53.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'cb3a83fc24c7b6b0b9d438fbf053276cceaacd2e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7066-57ac-42b2-803d-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:54.000Z",
            "modified": "2015-09-17T07:48:54.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'cc3df7de75db8be4a0a30ede21f226122d2dfe87']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7066-c870-4ca2-989c-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:54.000Z",
            "modified": "2015-09-17T07:48:54.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'cd50170a70b9cc767aa4b21a150c136cb25fbd44']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7066-f728-4d1a-a089-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:54.000Z",
            "modified": "2015-09-17T07:48:54.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'cdcfac3e9d60aae54586b30fa5b99f180839deed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7067-d1d8-4464-876f-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:55.000Z",
            "modified": "2015-09-17T07:48:55.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'd22d80da6f042c4da3392a69c713ee4d64be8bc8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7067-eef4-4d12-8af6-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:55.000Z",
            "modified": "2015-09-17T07:48:55.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'd81b0705d26390eb82188c03644786dd6f1a2a9e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7067-a650-40e0-aeba-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:55.000Z",
            "modified": "2015-09-17T07:48:55.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'de8e9def2553f4d211cc0b34a3972d9814f156aa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7068-d5a0-4cea-80f3-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:56.000Z",
            "modified": "2015-09-17T07:48:56.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'e4add0b118113b2627143c7ef1d5b1327de395f1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7068-e54c-4421-962d-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:56.000Z",
            "modified": "2015-09-17T07:48:56.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'e95e2c166be39a4d9cd671531b376b1a8ceb4a55']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7069-de9c-404a-9d4b-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:57.000Z",
            "modified": "2015-09-17T07:48:57.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'edf74413a6e2763147184b5e1b8732537a854365']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7069-d6d8-43db-9d96-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:57.000Z",
            "modified": "2015-09-17T07:48:57.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'efcb9be7bf162980187237bcb50f4da2d55430c2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7069-c098-462a-90c0-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:48:57.000Z",
            "modified": "2015-09-17T07:48:57.000Z",
            "description": "MiniDuke",
            "pattern": "[file:hashes.SHA1 = 'f62600984c5086f2da3d70bc1f5042cf464f928d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:48:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708b-4c08-4bc4-a6dc-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:31.000Z",
            "modified": "2015-09-17T07:49:31.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '01d3973e1bb46e2b75034736991c567862a11263']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708c-e974-4132-960e-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:32.000Z",
            "modified": "2015-09-17T07:49:32.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '04aefbf1527536159d72d20dea907cbd080793e3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708c-46fc-4d9f-9756-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:32.000Z",
            "modified": "2015-09-17T07:49:32.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '0e020c03fffabc6d20eca67f559c46b4939bb4f4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708c-0ecc-4dd3-9d6a-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:32.000Z",
            "modified": "2015-09-17T07:49:32.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '1e5f6a5624a9e5472d547b8aa54c6d146813f91d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708d-64fc-4744-a6f8-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:33.000Z",
            "modified": "2015-09-17T07:49:33.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '207be5648c0a2e48be98dc4dc1d5d16944189219']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708d-f824-479d-af1d-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:33.000Z",
            "modified": "2015-09-17T07:49:33.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '23e20c523b9970686d913360d438c88e6067c157']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708e-dc90-43bf-bd46-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:34.000Z",
            "modified": "2015-09-17T07:49:34.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '25b6c73124f11f70474f2687ad1de407343ac025']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708e-4914-42e7-ba5a-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:34.000Z",
            "modified": "2015-09-17T07:49:34.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '32b0c8c46f8baaba0159967c5602f58dd73ebde9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708e-3240-41ea-a684-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:34.000Z",
            "modified": "2015-09-17T07:49:34.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '446daabb7ac2b9f11dc1267fbd192628cc2bac19']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708f-fba0-4823-94b5-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:35.000Z",
            "modified": "2015-09-17T07:49:35.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '482d1624f9450ca1c99926ceec2606260e7ce544']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708f-9538-4fa1-995c-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:35.000Z",
            "modified": "2015-09-17T07:49:35.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '49fb759d133eeaab3fcc78cec64418e44ed649ab']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa708f-a37c-42cf-bdba-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:35.000Z",
            "modified": "2015-09-17T07:49:35.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '5150174a4d5e5bb0bccc568e82dbb86406487510']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7090-3740-4439-8a66-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:36.000Z",
            "modified": "2015-09-17T07:49:36.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '543783df44459a3878ad00ecae47ff077f5efd7b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7090-c500-4c81-a7a5-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:36.000Z",
            "modified": "2015-09-17T07:49:36.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '6b0721a9ced806076f84e828d9c65504a77d106c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7090-32cc-4f41-a9d8-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:36.000Z",
            "modified": "2015-09-17T07:49:36.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '6e00b86a2480abc6dbd971c0bf6495d81ed1b629']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7091-bb5c-4fe0-9798-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:37.000Z",
            "modified": "2015-09-17T07:49:37.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '78e9960cc5819583fb98fb619b33bff7768ee861']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7091-4688-4b81-8d5d-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:37.000Z",
            "modified": "2015-09-17T07:49:37.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '7e9eb570ef07b793828c28ca3f84177e1ab76e14']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7091-4f54-458b-ba10-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:37.000Z",
            "modified": "2015-09-17T07:49:37.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '8099a40b9ef478ee50c466eb65fe71b247fcf014']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7092-ebec-4c18-9ad2-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:38.000Z",
            "modified": "2015-09-17T07:49:38.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '87668d14910c1e1bb8bbea0c6363f76e664dcd09']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7092-8cec-49be-89a8-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:38.000Z",
            "modified": "2015-09-17T07:49:38.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '8b357ff017df3ed882b278d0dbbdf129235d123d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7093-536c-41b4-9474-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:39.000Z",
            "modified": "2015-09-17T07:49:39.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '8c3ed0bbdc77aec299c77f666c21659840f5ce23']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7093-eb4c-4d15-bd56-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:39.000Z",
            "modified": "2015-09-17T07:49:39.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '93d53be2c3e7961bc01e0bfa5065a2390305268c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7093-1520-4520-9d2e-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:39.000Z",
            "modified": "2015-09-17T07:49:39.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '93ee1c714fad9cc1bf2cba19f3de9d1e83c665e2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7094-59e0-4c13-a836-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:40.000Z",
            "modified": "2015-09-17T07:49:40.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = '9b56155b82f14000f0ec027f29ff20e6ae5205c2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7094-f224-4125-88a8-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:40.000Z",
            "modified": "2015-09-17T07:49:40.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'b65aa8590a1bac52a85dbd1ea091fc586f6ab00a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7094-eea4-4e3c-a576-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:40.000Z",
            "modified": "2015-09-17T07:49:40.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'bdd2bae83c3bab9ba0c199492fe57e70c6425dd3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7095-74a8-46fa-9333-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:41.000Z",
            "modified": "2015-09-17T07:49:41.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'bf265227f9a8e22ea1c0035ac4d2449ceed43e2b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7095-df68-4df4-94ce-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:41.000Z",
            "modified": "2015-09-17T07:49:41.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'bf9d3a45273608caf90084c1157de2074322a230']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7095-a1f0-4a36-a447-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:41.000Z",
            "modified": "2015-09-17T07:49:41.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'c3d8a548fa0525e1e55aa592e14303fc6964d28d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7096-fb50-4c2c-ba4d-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:42.000Z",
            "modified": "2015-09-17T07:49:42.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'c6472898e9085e563cd56baeb6b6e21928c5486d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7096-4bfc-4ce8-9cef-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:42.000Z",
            "modified": "2015-09-17T07:49:42.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'ccf83cd713e0f078697f9e842a06d624f8b9757e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7096-2dd4-4bf0-9659-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:42.000Z",
            "modified": "2015-09-17T07:49:42.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'dea73f04e52917dc71cc4e9d7592b6317e09a054']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7097-d024-4686-8805-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:43.000Z",
            "modified": "2015-09-17T07:49:43.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'e0779ac6e5cc76e91fca71efeade2a5d7f099c80']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7097-9c1c-4814-af67-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:43.000Z",
            "modified": "2015-09-17T07:49:43.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'e76da232ec020d133530fdd52ffcc38b7c1d7662']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7098-e3e0-4f8e-ae3b-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:44.000Z",
            "modified": "2015-09-17T07:49:44.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'e78870f3807a89684085d605dcd57a06e7327125']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7098-2e44-4eb0-885a-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:44.000Z",
            "modified": "2015-09-17T07:49:44.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'e99a03ebe3462d2399f1b819f48384f6714dcba1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7098-6510-4fea-9dea-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:44.000Z",
            "modified": "2015-09-17T07:49:44.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'ea0cfe60a7b7168c42c0e86e15feb5b0c9674029']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7099-076c-45cd-8841-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:45.000Z",
            "modified": "2015-09-17T07:49:45.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'eb851adfada7b40fc4f6c0ae348694500f878493']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7099-b84c-4e1e-ad63-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:45.000Z",
            "modified": "2015-09-17T07:49:45.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'f2ffc4e1d5faec0b7c03a233524bb78e44f0e50b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7099-b7bc-4d3f-852d-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:45.000Z",
            "modified": "2015-09-17T07:49:45.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'f33c980d4b6aaab1dc401226ab452ce840ad4f40']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa709a-09f0-4d31-8208-ca50950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:49:46.000Z",
            "modified": "2015-09-17T07:49:46.000Z",
            "description": "CozyDuke",
            "pattern": "[file:hashes.SHA1 = 'f7d47c38eca7ec68aa478c06b1ba983d9bf02e15']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:49:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7118-8904-4294-9891-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:52.000Z",
            "modified": "2015-09-17T07:51:52.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '073faad9c18dbe0e0285b2747eae0c629e56830c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7119-eedc-45ea-b35f-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:53.000Z",
            "modified": "2015-09-17T07:51:53.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '145c5081037fad98fa72aa4d6dc6c193fdb1c127']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7119-41b4-47d7-a260-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:53.000Z",
            "modified": "2015-09-17T07:51:53.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '16b632b4076a458b6e2087d64a42764d86b5b021']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711a-9ddc-4835-8f62-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:54.000Z",
            "modified": "2015-09-17T07:51:54.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '1e200fbb02dc4a51ea3ede0b6d1ff9004f07fe73']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711a-7460-4de7-9397-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:54.000Z",
            "modified": "2015-09-17T07:51:54.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '22bae6be13561cec758d25fa7adac89e67a1f33a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711a-c944-4760-bdb8-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:54.000Z",
            "modified": "2015-09-17T07:51:54.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '25e0af331b8e9fed64dc0df71a2687be348100e8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711b-7fec-414f-853d-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:55.000Z",
            "modified": "2015-09-17T07:51:55.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '3bf6b0d49b8e594f8b59eec98942e1380e16dd22']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711b-eb84-4345-85b1-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:55.000Z",
            "modified": "2015-09-17T07:51:55.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '42429d0c0cade08cfe4f72dcd77892b883e8a4bc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711b-470c-4e0b-9a6d-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:55.000Z",
            "modified": "2015-09-17T07:51:55.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '5ccff14ce7c1732fadfe74af95a912093007357f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711c-fcec-4e2f-8a9e-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:56.000Z",
            "modified": "2015-09-17T07:51:56.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '61283ef203f4286f1d366a57e077b0a581be1659']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711c-a8b8-466a-964e-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:56.000Z",
            "modified": "2015-09-17T07:51:56.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '6b3b42f584b6dc1e0a7b0e0c389f1fbe040968aa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711c-5b30-454d-b91c-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:56.000Z",
            "modified": "2015-09-17T07:51:56.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '6b631396013ddfd8c946772d3cd4919495298d40']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711d-0550-4817-9b51-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:57.000Z",
            "modified": "2015-09-17T07:51:57.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '7b3652f8d51bf74174e1e5364dbbf901a2ebcba1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711d-862c-494d-8ef1-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:57.000Z",
            "modified": "2015-09-17T07:51:57.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '7d17917cb8bc00b022a86bb7bab59e28c3453126']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711d-e3c4-4add-9f70-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:57.000Z",
            "modified": "2015-09-17T07:51:57.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '7d871a2d467474178893cd017e4e3e04e589c9a0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711e-4dc8-4402-ad21-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:58.000Z",
            "modified": "2015-09-17T07:51:58.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '7efd300efed0a42c7d1f568e309c45b2b641f5c2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711e-e1ac-45e2-9262-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:58.000Z",
            "modified": "2015-09-17T07:51:58.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '91cb047f28a15b558a9a4dff26df642b9001f8d7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711f-ce84-472f-a2cc-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:59.000Z",
            "modified": "2015-09-17T07:51:59.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = '9a277a63e41d32d9af3eddea1710056be0d42347']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711f-8c1c-4f94-b20c-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:59.000Z",
            "modified": "2015-09-17T07:51:59.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'a75995f94854dea8799650a2f4a97980b71199d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa711f-8fe0-4ab1-b3d4-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:51:59.000Z",
            "modified": "2015-09-17T07:51:59.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'b3873d2c969d224b0fd17b5f886ea253ac1bfb5b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:51:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7120-313c-445f-b836-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:00.000Z",
            "modified": "2015-09-17T07:52:00.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'b491c14d8cfb48636f6095b7b16555e9a575d57f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7120-1b70-4354-a7a5-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:00.000Z",
            "modified": "2015-09-17T07:52:00.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'c1ec762878a0eed8ebf47e122e87c79a5e3f7b44']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7120-eb48-4c2e-afed-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:00.000Z",
            "modified": "2015-09-17T07:52:00.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'cce5b3a2965c500de8fa75e1429b8be5aa744e14']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7121-7248-4dab-9596-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:01.000Z",
            "modified": "2015-09-17T07:52:01.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'd433f281cf56015941a1c2cb87066ca62ea1db37']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7121-4754-42d5-bba8-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:01.000Z",
            "modified": "2015-09-17T07:52:01.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'e09f283ade693ff89864f6ec9c2354091fbd186e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7121-d0d8-40e2-9125-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:01.000Z",
            "modified": "2015-09-17T07:52:01.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'e519198de4cc8bcb0644aa1ab6552b1d15c99a0e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7122-579c-4312-920c-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:02.000Z",
            "modified": "2015-09-17T07:52:02.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'f2b4b1605360d7f4e0c47932e555b36707f287be']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7122-6ee8-491a-a9ae-c8bd950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:02.000Z",
            "modified": "2015-09-17T07:52:02.000Z",
            "description": "OnionDuke",
            "pattern": "[file:hashes.SHA1 = 'f3dcbc016393497f681e12628ad9411c27e57d48']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7133-aab8-4f61-8df5-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:19.000Z",
            "modified": "2015-09-17T07:52:19.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '04299c0b549d4a46154e0a754dda2bc9e43dff76']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7133-03fc-46dc-9d88-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:19.000Z",
            "modified": "2015-09-17T07:52:19.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '10b31a17449705be20890ddd8ad97a2feb093674']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7133-5024-4a03-a854-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:19.000Z",
            "modified": "2015-09-17T07:52:19.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '2e27c59f0cf0dbf81466cc63d87d421b33843e87']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7134-64fc-4b22-a2e2-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:20.000Z",
            "modified": "2015-09-17T07:52:20.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '2f53bfcd2016d506674d0a05852318f9e8188ee1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7134-bcf0-4262-af42-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:20.000Z",
            "modified": "2015-09-17T07:52:20.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '317bde14307d8777d613280546f47dd0ce54f95b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7134-dc24-4009-8d5c-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:20.000Z",
            "modified": "2015-09-17T07:52:20.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '44403a3e51e337c1372b0becdab74313125452c7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7135-9908-4dd1-8a61-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:21.000Z",
            "modified": "2015-09-17T07:52:21.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '47f26990d063c947debbde0e10bd267fb0f32719']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7135-419c-45f3-822e-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:21.000Z",
            "modified": "2015-09-17T07:52:21.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '4800d67ea326e6d037198abd3d95f4ed59449313']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7135-02d8-4d86-989d-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:21.000Z",
            "modified": "2015-09-17T07:52:21.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '52d44e936388b77a0afdb21b099cf83ed6cbaa6f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7136-38d8-4a43-bc9d-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:22.000Z",
            "modified": "2015-09-17T07:52:22.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '6a3c2ad9919ad09ef6cdffc80940286814a0aa2c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7136-0ac8-45c5-9830-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:22.000Z",
            "modified": "2015-09-17T07:52:22.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '7b8851f98f765038f275489c69a485e1bed4f82d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7137-c850-4275-929e-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:23.000Z",
            "modified": "2015-09-17T07:52:23.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '84ba6b6a0a3999c0932f35298948f149ee05bc02']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7137-8f9c-4879-884f-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:23.000Z",
            "modified": "2015-09-17T07:52:23.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '910dfe45905b63c12c6f93193f5dc08f5b012bc3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7137-4898-4979-b777-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:23.000Z",
            "modified": "2015-09-17T07:52:23.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = '9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7138-04c4-4f0a-b0cf-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:24.000Z",
            "modified": "2015-09-17T07:52:24.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'bfe26837da22f21451f0416aa9d241f98ff1c0f8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7138-8b28-47fb-add1-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:24.000Z",
            "modified": "2015-09-17T07:52:24.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'c16529dbc2987be3ac628b9b413106e5749999ed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7138-9cc0-45b8-9905-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:24.000Z",
            "modified": "2015-09-17T07:52:24.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'cc15924d37e36060faa405e5fa8f6ca15a3cace2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7139-4b58-4f18-93b2-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:25.000Z",
            "modified": "2015-09-17T07:52:25.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'd7f7aef824265136ad077ae4f874d265ae45a6b0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7139-1e88-4a3f-8629-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:25.000Z",
            "modified": "2015-09-17T07:52:25.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7139-8b5c-4d66-b82b-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:25.000Z",
            "modified": "2015-09-17T07:52:25.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'ed0cf362c0a9de96ce49c841aa55997b4777b326']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa713a-9998-43dc-859e-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:26.000Z",
            "modified": "2015-09-17T07:52:26.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'f54f4e46f5f933a96650ca5123a4c41e115a9f61']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa713a-1c0c-41b3-aac1-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:26.000Z",
            "modified": "2015-09-17T07:52:26.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'f97c5e8d018207b1d546501fe2036adfbf774cfd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa713a-77cc-4f59-aeba-cea8950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:26.000Z",
            "modified": "2015-09-17T07:52:26.000Z",
            "description": "CloudDuke",
            "pattern": "[file:hashes.SHA1 = 'fe33b9f95db53c0096ae9fb9672f9c7c32d22acf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7154-f5fc-480b-b0f4-d125950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:52.000Z",
            "modified": "2015-09-17T07:52:52.000Z",
            "description": "SeaDuke",
            "pattern": "[file:hashes.SHA1 = '3459d9c27c31c0e8b2ea5b21fdc200e784c7edf4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7154-4268-40d3-902d-d125950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:52.000Z",
            "modified": "2015-09-17T07:52:52.000Z",
            "description": "SeaDuke",
            "pattern": "[file:hashes.SHA1 = 'aa7cf4f1269fa7bca784a18e5cecab962b901cc2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7154-df9c-4c24-a91a-d125950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:52:52.000Z",
            "modified": "2015-09-17T07:52:52.000Z",
            "description": "SeaDuke",
            "pattern": "[file:hashes.SHA1 = 'bb71254fbd41855e8e70f05231ce77fee6f00388']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:52:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7176-9b08-4603-8adc-d2a6950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:53:26.000Z",
            "modified": "2015-09-17T07:53:26.000Z",
            "description": "HammerDuke",
            "pattern": "[file:hashes.SHA1 = '42e6da9a08802b5ce5d1f754d4567665637b47bc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T07:53:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:01.000Z",
            "modified": "2015-09-17T07:54:01.000Z",
            "first_observed": "2015-09-17T07:54:01Z",
            "last_observed": "2015-09-17T07:54:01Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
                "ipv4-addr--55fa7199-4ce8-40ed-9f69-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa7199-4ce8-40ed-9f69-d2b5950d210b",
            "value": "128.199.138.233"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:02.000Z",
            "modified": "2015-09-17T07:54:02.000Z",
            "first_observed": "2015-09-17T07:54:02Z",
            "last_observed": "2015-09-17T07:54:02Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
                "ipv4-addr--55fa719a-5cb8-43c5-87a9-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719a-5cb8-43c5-87a9-d2b5950d210b",
            "value": "151.236.23.31"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719a-dc34-4ab7-a672-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:02.000Z",
            "modified": "2015-09-17T07:54:02.000Z",
            "first_observed": "2015-09-17T07:54:02Z",
            "last_observed": "2015-09-17T07:54:02Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719a-dc34-4ab7-a672-d2b5950d210b",
                "ipv4-addr--55fa719a-dc34-4ab7-a672-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719a-dc34-4ab7-a672-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719a-dc34-4ab7-a672-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719a-dc34-4ab7-a672-d2b5950d210b",
            "value": "173.236.70.212"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719a-b760-4993-a45d-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:02.000Z",
            "modified": "2015-09-17T07:54:02.000Z",
            "first_observed": "2015-09-17T07:54:02Z",
            "last_observed": "2015-09-17T07:54:02Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719a-b760-4993-a45d-d2b5950d210b",
                "ipv4-addr--55fa719a-b760-4993-a45d-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719a-b760-4993-a45d-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719a-b760-4993-a45d-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719a-b760-4993-a45d-d2b5950d210b",
            "value": "176.74.216.14"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719b-2ab8-451e-81b9-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:03.000Z",
            "modified": "2015-09-17T07:54:03.000Z",
            "first_observed": "2015-09-17T07:54:03Z",
            "last_observed": "2015-09-17T07:54:03Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719b-2ab8-451e-81b9-d2b5950d210b",
                "ipv4-addr--55fa719b-2ab8-451e-81b9-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719b-2ab8-451e-81b9-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719b-2ab8-451e-81b9-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719b-2ab8-451e-81b9-d2b5950d210b",
            "value": "178.21.172.157"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:03.000Z",
            "modified": "2015-09-17T07:54:03.000Z",
            "first_observed": "2015-09-17T07:54:03Z",
            "last_observed": "2015-09-17T07:54:03Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
                "ipv4-addr--55fa719b-3c7c-4e13-bac3-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719b-3c7c-4e13-bac3-d2b5950d210b",
            "value": "178.63.149.142"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719b-bb70-4bf7-88da-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:03.000Z",
            "modified": "2015-09-17T07:54:03.000Z",
            "first_observed": "2015-09-17T07:54:03Z",
            "last_observed": "2015-09-17T07:54:03Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719b-bb70-4bf7-88da-d2b5950d210b",
                "ipv4-addr--55fa719b-bb70-4bf7-88da-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719b-bb70-4bf7-88da-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719b-bb70-4bf7-88da-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719b-bb70-4bf7-88da-d2b5950d210b",
            "value": "184.154.184.83"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719c-6b70-4902-b58a-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:04.000Z",
            "modified": "2015-09-17T07:54:04.000Z",
            "first_observed": "2015-09-17T07:54:04Z",
            "last_observed": "2015-09-17T07:54:04Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719c-6b70-4902-b58a-d2b5950d210b",
                "ipv4-addr--55fa719c-6b70-4902-b58a-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719c-6b70-4902-b58a-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719c-6b70-4902-b58a-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719c-6b70-4902-b58a-d2b5950d210b",
            "value": "188.116.32.164"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719c-2480-4dd1-bc15-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:04.000Z",
            "modified": "2015-09-17T07:54:04.000Z",
            "first_observed": "2015-09-17T07:54:04Z",
            "last_observed": "2015-09-17T07:54:04Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719c-2480-4dd1-bc15-d2b5950d210b",
                "ipv4-addr--55fa719c-2480-4dd1-bc15-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719c-2480-4dd1-bc15-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719c-2480-4dd1-bc15-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719c-2480-4dd1-bc15-d2b5950d210b",
            "value": "188.241.115.41"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719c-0f64-4695-ab0a-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:04.000Z",
            "modified": "2015-09-17T07:54:04.000Z",
            "first_observed": "2015-09-17T07:54:04Z",
            "last_observed": "2015-09-17T07:54:04Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719c-0f64-4695-ab0a-d2b5950d210b",
                "ipv4-addr--55fa719c-0f64-4695-ab0a-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719c-0f64-4695-ab0a-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719c-0f64-4695-ab0a-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719c-0f64-4695-ab0a-d2b5950d210b",
            "value": "188.40.13.99"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719d-7310-4d68-b0e7-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:05.000Z",
            "modified": "2015-09-17T07:54:05.000Z",
            "first_observed": "2015-09-17T07:54:05Z",
            "last_observed": "2015-09-17T07:54:05Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719d-7310-4d68-b0e7-d2b5950d210b",
                "ipv4-addr--55fa719d-7310-4d68-b0e7-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719d-7310-4d68-b0e7-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719d-7310-4d68-b0e7-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719d-7310-4d68-b0e7-d2b5950d210b",
            "value": "195.43.94.104"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719d-81d0-45fd-8c19-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:05.000Z",
            "modified": "2015-09-17T07:54:05.000Z",
            "first_observed": "2015-09-17T07:54:05Z",
            "last_observed": "2015-09-17T07:54:05Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719d-81d0-45fd-8c19-d2b5950d210b",
                "ipv4-addr--55fa719d-81d0-45fd-8c19-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719d-81d0-45fd-8c19-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719d-81d0-45fd-8c19-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719d-81d0-45fd-8c19-d2b5950d210b",
            "value": "199.231.188.109"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:05.000Z",
            "modified": "2015-09-17T07:54:05.000Z",
            "first_observed": "2015-09-17T07:54:05Z",
            "last_observed": "2015-09-17T07:54:05Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
                "ipv4-addr--55fa719d-79a8-4bf1-9b0f-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719d-79a8-4bf1-9b0f-d2b5950d210b",
            "value": "212.76.128.149"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719e-22bc-4395-8cfa-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:06.000Z",
            "modified": "2015-09-17T07:54:06.000Z",
            "first_observed": "2015-09-17T07:54:06Z",
            "last_observed": "2015-09-17T07:54:06Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719e-22bc-4395-8cfa-d2b5950d210b",
                "ipv4-addr--55fa719e-22bc-4395-8cfa-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719e-22bc-4395-8cfa-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719e-22bc-4395-8cfa-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719e-22bc-4395-8cfa-d2b5950d210b",
            "value": "46.246.120.178"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719e-6d20-42f2-95a1-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:06.000Z",
            "modified": "2015-09-17T07:54:06.000Z",
            "first_observed": "2015-09-17T07:54:06Z",
            "last_observed": "2015-09-17T07:54:06Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719e-6d20-42f2-95a1-d2b5950d210b",
                "ipv4-addr--55fa719e-6d20-42f2-95a1-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719e-6d20-42f2-95a1-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719e-6d20-42f2-95a1-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719e-6d20-42f2-95a1-d2b5950d210b",
            "value": "5.45.66.134"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719f-7984-4527-b41d-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:07.000Z",
            "modified": "2015-09-17T07:54:07.000Z",
            "first_observed": "2015-09-17T07:54:07Z",
            "last_observed": "2015-09-17T07:54:07Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719f-7984-4527-b41d-d2b5950d210b",
                "ipv4-addr--55fa719f-7984-4527-b41d-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719f-7984-4527-b41d-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719f-7984-4527-b41d-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719f-7984-4527-b41d-d2b5950d210b",
            "value": "50.7.192.146"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:07.000Z",
            "modified": "2015-09-17T07:54:07.000Z",
            "first_observed": "2015-09-17T07:54:07Z",
            "last_observed": "2015-09-17T07:54:07Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
                "ipv4-addr--55fa719f-8bf4-4c3b-88db-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719f-8bf4-4c3b-88db-d2b5950d210b",
            "value": "64.18.143.66"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa719f-faf4-424c-ad39-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:07.000Z",
            "modified": "2015-09-17T07:54:07.000Z",
            "first_observed": "2015-09-17T07:54:07Z",
            "last_observed": "2015-09-17T07:54:07Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa719f-faf4-424c-ad39-d2b5950d210b",
                "ipv4-addr--55fa719f-faf4-424c-ad39-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa719f-faf4-424c-ad39-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa719f-faf4-424c-ad39-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa719f-faf4-424c-ad39-d2b5950d210b",
            "value": "66.29.115.55"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a0-d830-4629-840d-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:08.000Z",
            "modified": "2015-09-17T07:54:08.000Z",
            "first_observed": "2015-09-17T07:54:08Z",
            "last_observed": "2015-09-17T07:54:08Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a0-d830-4629-840d-d2b5950d210b",
                "ipv4-addr--55fa71a0-d830-4629-840d-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a0-d830-4629-840d-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a0-d830-4629-840d-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a0-d830-4629-840d-d2b5950d210b",
            "value": "69.59.28.57"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:08.000Z",
            "modified": "2015-09-17T07:54:08.000Z",
            "first_observed": "2015-09-17T07:54:08Z",
            "last_observed": "2015-09-17T07:54:08Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
                "ipv4-addr--55fa71a0-6b60-4b05-b20a-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a0-6b60-4b05-b20a-d2b5950d210b",
            "value": "82.146.47.163"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a0-724c-4b2a-b205-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:08.000Z",
            "modified": "2015-09-17T07:54:08.000Z",
            "first_observed": "2015-09-17T07:54:08Z",
            "last_observed": "2015-09-17T07:54:08Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a0-724c-4b2a-b205-d2b5950d210b",
                "ipv4-addr--55fa71a0-724c-4b2a-b205-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a0-724c-4b2a-b205-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a0-724c-4b2a-b205-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a0-724c-4b2a-b205-d2b5950d210b",
            "value": "82.146.51.22"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a1-2894-4346-b45f-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:09.000Z",
            "modified": "2015-09-17T07:54:09.000Z",
            "first_observed": "2015-09-17T07:54:09Z",
            "last_observed": "2015-09-17T07:54:09Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a1-2894-4346-b45f-d2b5950d210b",
                "ipv4-addr--55fa71a1-2894-4346-b45f-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a1-2894-4346-b45f-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a1-2894-4346-b45f-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a1-2894-4346-b45f-d2b5950d210b",
            "value": "83.149.74.73"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a1-f250-444b-a914-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:09.000Z",
            "modified": "2015-09-17T07:54:09.000Z",
            "first_observed": "2015-09-17T07:54:09Z",
            "last_observed": "2015-09-17T07:54:09Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a1-f250-444b-a914-d2b5950d210b",
                "ipv4-addr--55fa71a1-f250-444b-a914-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a1-f250-444b-a914-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a1-f250-444b-a914-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a1-f250-444b-a914-d2b5950d210b",
            "value": "85.17.143.149"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:09.000Z",
            "modified": "2015-09-17T07:54:09.000Z",
            "first_observed": "2015-09-17T07:54:09Z",
            "last_observed": "2015-09-17T07:54:09Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
                "ipv4-addr--55fa71a1-b348-42bb-bcc3-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a1-b348-42bb-bcc3-d2b5950d210b",
            "value": "87.118.106.55"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:10.000Z",
            "modified": "2015-09-17T07:54:10.000Z",
            "first_observed": "2015-09-17T07:54:10Z",
            "last_observed": "2015-09-17T07:54:10Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
                "ipv4-addr--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a2-8ecc-47a9-ae9a-d2b5950d210b",
            "value": "87.255.77.36"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:10.000Z",
            "modified": "2015-09-17T07:54:10.000Z",
            "first_observed": "2015-09-17T07:54:10Z",
            "last_observed": "2015-09-17T07:54:10Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
                "ipv4-addr--55fa71a2-7cc0-4221-9efb-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a2-7cc0-4221-9efb-d2b5950d210b",
            "value": "88.150.208.207"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:10.000Z",
            "modified": "2015-09-17T07:54:10.000Z",
            "first_observed": "2015-09-17T07:54:10Z",
            "last_observed": "2015-09-17T07:54:10Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
                "ipv4-addr--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a2-13f8-4bfa-9fc3-d2b5950d210b",
            "value": "91.221.66.242"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:11.000Z",
            "modified": "2015-09-17T07:54:11.000Z",
            "first_observed": "2015-09-17T07:54:11Z",
            "last_observed": "2015-09-17T07:54:11Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
                "ipv4-addr--55fa71a3-f3d4-4567-9ed8-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a3-f3d4-4567-9ed8-d2b5950d210b",
            "value": "91.224.141.235"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a3-c110-46d7-a628-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:11.000Z",
            "modified": "2015-09-17T07:54:11.000Z",
            "first_observed": "2015-09-17T07:54:11Z",
            "last_observed": "2015-09-17T07:54:11Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a3-c110-46d7-a628-d2b5950d210b",
                "ipv4-addr--55fa71a3-c110-46d7-a628-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a3-c110-46d7-a628-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a3-c110-46d7-a628-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a3-c110-46d7-a628-d2b5950d210b",
            "value": "94.242.199.88"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:11.000Z",
            "modified": "2015-09-17T07:54:11.000Z",
            "first_observed": "2015-09-17T07:54:11Z",
            "last_observed": "2015-09-17T07:54:11Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
                "ipv4-addr--55fa71a3-5db0-45f0-aa2e-d2b5950d210b"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
            "dst_ref": "ipv4-addr--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--55fa71a3-5db0-45f0-aa2e-d2b5950d210b",
            "value": "96.9.182.37"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71c7-244c-4ae1-86ec-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:47.000Z",
            "modified": "2015-09-17T07:54:47.000Z",
            "first_observed": "2015-09-17T07:54:47Z",
            "last_observed": "2015-09-17T07:54:47Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71c7-244c-4ae1-86ec-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71c7-244c-4ae1-86ec-8489950d210b",
            "value": "airtravelabroad.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71c8-8adc-4d3f-b780-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:48.000Z",
            "modified": "2015-09-17T07:54:48.000Z",
            "first_observed": "2015-09-17T07:54:48Z",
            "last_observed": "2015-09-17T07:54:48Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71c8-8adc-4d3f-b780-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71c8-8adc-4d3f-b780-8489950d210b",
            "value": "beijingnewsblog.net"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71c8-fc28-4bce-8085-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:48.000Z",
            "modified": "2015-09-17T07:54:48.000Z",
            "first_observed": "2015-09-17T07:54:48Z",
            "last_observed": "2015-09-17T07:54:48Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71c8-fc28-4bce-8085-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71c8-fc28-4bce-8085-8489950d210b",
            "value": "deervalleyassociation.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71c9-f104-4572-9010-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:49.000Z",
            "modified": "2015-09-17T07:54:49.000Z",
            "first_observed": "2015-09-17T07:54:49Z",
            "last_observed": "2015-09-17T07:54:49Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71c9-f104-4572-9010-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71c9-f104-4572-9010-8489950d210b",
            "value": "greencastleadvantage.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71c9-31c4-49ac-a110-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:49.000Z",
            "modified": "2015-09-17T07:54:49.000Z",
            "first_observed": "2015-09-17T07:54:49Z",
            "last_observed": "2015-09-17T07:54:49Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71c9-31c4-49ac-a110-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71c9-31c4-49ac-a110-8489950d210b",
            "value": "grouptumbler.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71c9-8220-40da-9bf0-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:49.000Z",
            "modified": "2015-09-17T07:54:49.000Z",
            "first_observed": "2015-09-17T07:54:49Z",
            "last_observed": "2015-09-17T07:54:49Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71c9-8220-40da-9bf0-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71c9-8220-40da-9bf0-8489950d210b",
            "value": "juliet.usexy.cc"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71ca-c108-4126-bf02-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:50.000Z",
            "modified": "2015-09-17T07:54:50.000Z",
            "first_observed": "2015-09-17T07:54:50Z",
            "last_observed": "2015-09-17T07:54:50Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71ca-c108-4126-bf02-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71ca-c108-4126-bf02-8489950d210b",
            "value": "leveldelta.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71ca-c330-4905-9e2a-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:50.000Z",
            "modified": "2015-09-17T07:54:50.000Z",
            "first_observed": "2015-09-17T07:54:50Z",
            "last_observed": "2015-09-17T07:54:50Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71ca-c330-4905-9e2a-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71ca-c330-4905-9e2a-8489950d210b",
            "value": "nasdaqblog.net"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71ca-91c4-44f3-a58e-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:50.000Z",
            "modified": "2015-09-17T07:54:50.000Z",
            "first_observed": "2015-09-17T07:54:50Z",
            "last_observed": "2015-09-17T07:54:50Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71ca-91c4-44f3-a58e-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71ca-91c4-44f3-a58e-8489950d210b",
            "value": "natureinhome.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cb-4540-40ff-8e89-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:51.000Z",
            "modified": "2015-09-17T07:54:51.000Z",
            "first_observed": "2015-09-17T07:54:51Z",
            "last_observed": "2015-09-17T07:54:51Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cb-4540-40ff-8e89-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cb-4540-40ff-8e89-8489950d210b",
            "value": "nestedmail.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cb-6298-4a37-a9d6-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:51.000Z",
            "modified": "2015-09-17T07:54:51.000Z",
            "first_observed": "2015-09-17T07:54:51Z",
            "last_observed": "2015-09-17T07:54:51Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cb-6298-4a37-a9d6-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cb-6298-4a37-a9d6-8489950d210b",
            "value": "nostressjob.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cb-b994-49b3-935f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:51.000Z",
            "modified": "2015-09-17T07:54:51.000Z",
            "first_observed": "2015-09-17T07:54:51Z",
            "last_observed": "2015-09-17T07:54:51Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cb-b994-49b3-935f-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cb-b994-49b3-935f-8489950d210b",
            "value": "nytunion.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cc-f540-4f5d-99e3-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:52.000Z",
            "modified": "2015-09-17T07:54:52.000Z",
            "first_observed": "2015-09-17T07:54:52Z",
            "last_observed": "2015-09-17T07:54:52Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cc-f540-4f5d-99e3-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cc-f540-4f5d-99e3-8489950d210b",
            "value": "oilnewsblog.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cc-0a5c-49f3-ad1d-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:52.000Z",
            "modified": "2015-09-17T07:54:52.000Z",
            "first_observed": "2015-09-17T07:54:52Z",
            "last_observed": "2015-09-17T07:54:52Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cc-0a5c-49f3-ad1d-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cc-0a5c-49f3-ad1d-8489950d210b",
            "value": "overpict.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cc-db84-45fa-8c82-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:52.000Z",
            "modified": "2015-09-17T07:54:52.000Z",
            "first_observed": "2015-09-17T07:54:52Z",
            "last_observed": "2015-09-17T07:54:52Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cc-db84-45fa-8c82-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cc-db84-45fa-8c82-8489950d210b",
            "value": "serials.hacked.jp"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cd-d170-43c1-920f-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:53.000Z",
            "modified": "2015-09-17T07:54:53.000Z",
            "first_observed": "2015-09-17T07:54:53Z",
            "last_observed": "2015-09-17T07:54:53Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cd-d170-43c1-920f-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cd-d170-43c1-920f-8489950d210b",
            "value": "sixsquare.net"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cd-40b8-4c01-bacb-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:53.000Z",
            "modified": "2015-09-17T07:54:53.000Z",
            "first_observed": "2015-09-17T07:54:53Z",
            "last_observed": "2015-09-17T07:54:53Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cd-40b8-4c01-bacb-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cd-40b8-4c01-bacb-8489950d210b",
            "value": "store.extremesportsevents.net"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa71cd-6e80-47ce-89bd-8489950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:54:53.000Z",
            "modified": "2015-09-17T07:54:53.000Z",
            "first_observed": "2015-09-17T07:54:53Z",
            "last_observed": "2015-09-17T07:54:53Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--55fa71cd-6e80-47ce-89bd-8489950d210b"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--55fa71cd-6e80-47ce-89bd-8489950d210b",
            "value": "ustradecomp.com"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e1-3d18-4f0b-a5ea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:13.000Z",
            "modified": "2015-09-17T07:55:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/MiniDuke.A"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e1-0298-4d01-a40b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:13.000Z",
            "modified": "2015-09-17T07:55:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Dropper:W32/MiniDuke.B"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e2-21dc-4849-ac4e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:14.000Z",
            "modified": "2015-09-17T07:55:14.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Exploit:W32/MiniDuke.C"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e2-4078-4bde-a1ce-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:14.000Z",
            "modified": "2015-09-17T07:55:14.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Dropper:W32/MiniDuke.D"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e2-81ec-44e3-ab98-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:14.000Z",
            "modified": "2015-09-17T07:55:14.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/MiniDuke.E"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e3-6fbc-48ad-897f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:15.000Z",
            "modified": "2015-09-17T07:55:15.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/MiniDuke.F"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e3-d650-4eaa-94a4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:15.000Z",
            "modified": "2015-09-17T07:55:15.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/MiniDuke.H"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e4-29d8-4831-9f5b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:16.000Z",
            "modified": "2015-09-17T07:55:16.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/MiniDuke.I"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e4-dfcc-4789-ab64-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:16.000Z",
            "modified": "2015-09-17T07:55:16.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/MiniDuke.J"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e4-4fa0-4387-a5f8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:16.000Z",
            "modified": "2015-09-17T07:55:16.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Dropper:W32/CosmicDuke.A"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e5-3bb4-4f10-92e1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:17.000Z",
            "modified": "2015-09-17T07:55:17.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-PSW:W32/CosmicDuke.B"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e5-6ac0-429c-b0a4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:17.000Z",
            "modified": "2015-09-17T07:55:17.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CosmicDuke.C"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e5-a1cc-4ef7-8728-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:17.000Z",
            "modified": "2015-09-17T07:55:17.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Exploit:W32/CosmicDuke.D"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e6-6d10-418d-95bc-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:18.000Z",
            "modified": "2015-09-17T07:55:18.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Exploit:SWF/CosmicDuke.E"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e6-3df8-42bf-abce-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:18.000Z",
            "modified": "2015-09-17T07:55:18.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-PSW:W32/CosmicDuke.F"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e6-9b04-41d1-950c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:18.000Z",
            "modified": "2015-09-17T07:55:18.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Dropper:W32/CosmicDuke.G"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e7-6f7c-4a82-8488-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:19.000Z",
            "modified": "2015-09-17T07:55:19.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CosmicDuke.H"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e7-0bb0-4182-a8ac-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:19.000Z",
            "modified": "2015-09-17T07:55:19.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CosmicDuke.I"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e7-bf04-4f38-873e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:19.000Z",
            "modified": "2015-09-17T07:55:19.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/OnionDuke.A"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e8-d980-46b8-85a5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:20.000Z",
            "modified": "2015-09-17T07:55:20.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Dropper:W32/OnionDuke.A"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e8-ff94-447f-b502-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:20.000Z",
            "modified": "2015-09-17T07:55:20.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/OnionDuke.B"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e8-8750-468e-8cdb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:20.000Z",
            "modified": "2015-09-17T07:55:20.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/OnionDuke.C"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e9-c508-4795-bce5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:21.000Z",
            "modified": "2015-09-17T07:55:21.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/OnionDuke.D"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e9-45e8-47be-adf7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:21.000Z",
            "modified": "2015-09-17T07:55:21.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-PSW:W32/OnionDuke.E"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71e9-0718-4ea6-8579-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:21.000Z",
            "modified": "2015-09-17T07:55:21.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/OnionDuke.F"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ea-df88-4d7a-bc16-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:22.000Z",
            "modified": "2015-09-17T07:55:22.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/OnionDuke.G"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ea-8ab4-4820-bc05-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:22.000Z",
            "modified": "2015-09-17T07:55:22.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CozyDuke.A"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71eb-7d50-4a8d-84f5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:23.000Z",
            "modified": "2015-09-17T07:55:23.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CozyDuke.B"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71eb-4e60-4414-8bff-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:23.000Z",
            "modified": "2015-09-17T07:55:23.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Dropper:W32/CozyDuke.C"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71eb-a67c-41ee-87db-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:23.000Z",
            "modified": "2015-09-17T07:55:23.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CozyDuke.D"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ec-ce90-4330-abc6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:24.000Z",
            "modified": "2015-09-17T07:55:24.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W64/CozyDuke.E"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ec-40b4-4170-b237-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:24.000Z",
            "modified": "2015-09-17T07:55:24.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan-Downloader:W32/CloudDuke.A"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ec-2d00-4ddc-afc2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:24.000Z",
            "modified": "2015-09-17T07:55:24.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W32/CloudDuke.B"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ed-f6b0-478b-a745-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:25.000Z",
            "modified": "2015-09-17T07:55:25.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Trojan:W64/CloudDuke.B"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa71ed-4dbc-405f-8078-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T07:55:25.000Z",
            "modified": "2015-09-17T07:55:25.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "Backdoor:W32/SeaDuke.A"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7314-0e48-49a6-87b9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:20.000Z",
            "modified": "2015-09-17T08:00:20.000Z",
            "description": "HammerDuke - Xchecked via VT: 42e6da9a08802b5ce5d1f754d4567665637b47bc",
            "pattern": "[file:hashes.SHA256 = '8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7314-53d8-4e65-a813-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:20.000Z",
            "modified": "2015-09-17T08:00:20.000Z",
            "description": "HammerDuke - Xchecked via VT: 42e6da9a08802b5ce5d1f754d4567665637b47bc",
            "pattern": "[file:hashes.MD5 = 'd3109c83e07dd5d7fe032dc80c581d08']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7315-5468-4071-9fb9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:21.000Z",
            "modified": "2015-09-17T08:00:21.000Z",
            "first_observed": "2015-09-17T08:00:21Z",
            "last_observed": "2015-09-17T08:00:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7315-5468-4071-9fb9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7315-5468-4071-9fb9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96/analysis/1441887522/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7315-f89c-466e-820b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:21.000Z",
            "modified": "2015-09-17T08:00:21.000Z",
            "description": "SeaDuke - Xchecked via VT: bb71254fbd41855e8e70f05231ce77fee6f00388",
            "pattern": "[file:hashes.SHA256 = '3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7315-31e4-404e-8fc6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:21.000Z",
            "modified": "2015-09-17T08:00:21.000Z",
            "description": "SeaDuke - Xchecked via VT: bb71254fbd41855e8e70f05231ce77fee6f00388",
            "pattern": "[file:hashes.MD5 = 'a25ec7749b2de12c2a86167afa88a4dd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7316-2e6c-4201-bc28-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:22.000Z",
            "modified": "2015-09-17T08:00:22.000Z",
            "first_observed": "2015-09-17T08:00:22Z",
            "last_observed": "2015-09-17T08:00:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7316-2e6c-4201-bc28-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7316-2e6c-4201-bc28-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0d/analysis/1437819251/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7316-4140-43bf-bfae-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:22.000Z",
            "modified": "2015-09-17T08:00:22.000Z",
            "description": "SeaDuke - Xchecked via VT: aa7cf4f1269fa7bca784a18e5cecab962b901cc2",
            "pattern": "[file:hashes.SHA256 = 'c11212ff6474a15402ac848d1e4b9c6ced3deafb959b59837f14b834e5d0ad15']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7317-7f9c-4b94-87a3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:23.000Z",
            "modified": "2015-09-17T08:00:23.000Z",
            "description": "SeaDuke - Xchecked via VT: aa7cf4f1269fa7bca784a18e5cecab962b901cc2",
            "pattern": "[file:hashes.MD5 = '22a46be630c877e2885c51147de10863']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7317-0e30-40f1-9a40-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:23.000Z",
            "modified": "2015-09-17T08:00:23.000Z",
            "first_observed": "2015-09-17T08:00:23Z",
            "last_observed": "2015-09-17T08:00:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7317-0e30-40f1-9a40-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7317-0e30-40f1-9a40-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c11212ff6474a15402ac848d1e4b9c6ced3deafb959b59837f14b834e5d0ad15/analysis/1438892985/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7317-2284-4ef0-80df-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:23.000Z",
            "modified": "2015-09-17T08:00:23.000Z",
            "description": "SeaDuke - Xchecked via VT: 3459d9c27c31c0e8b2ea5b21fdc200e784c7edf4",
            "pattern": "[file:hashes.SHA256 = 'c0b939598bf5913885b1837637f166fda09d932f3484525c8cbcc0b1efba2520']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7318-56b8-4b80-b7e9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:24.000Z",
            "modified": "2015-09-17T08:00:24.000Z",
            "description": "SeaDuke - Xchecked via VT: 3459d9c27c31c0e8b2ea5b21fdc200e784c7edf4",
            "pattern": "[file:hashes.MD5 = 'e315436c42e681962a8e174ef7fad480']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7318-3e80-4578-833e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:24.000Z",
            "modified": "2015-09-17T08:00:24.000Z",
            "first_observed": "2015-09-17T08:00:24Z",
            "last_observed": "2015-09-17T08:00:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7318-3e80-4578-833e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7318-3e80-4578-833e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c0b939598bf5913885b1837637f166fda09d932f3484525c8cbcc0b1efba2520/analysis/1438173839/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7318-c100-4e25-8c35-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:24.000Z",
            "modified": "2015-09-17T08:00:24.000Z",
            "description": "CloudDuke - Xchecked via VT: fe33b9f95db53c0096ae9fb9672f9c7c32d22acf",
            "pattern": "[file:hashes.SHA256 = '6c7e768e48b9b225b7b9f84528c53c2e6f9b639ce2e7919fe0dff9aad07ea4f5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7319-da1c-429f-986a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:25.000Z",
            "modified": "2015-09-17T08:00:25.000Z",
            "description": "CloudDuke - Xchecked via VT: fe33b9f95db53c0096ae9fb9672f9c7c32d22acf",
            "pattern": "[file:hashes.MD5 = '4f148ffeac50df60f9f9015b909d8ed0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7319-bae4-4d76-aa4e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:25.000Z",
            "modified": "2015-09-17T08:00:25.000Z",
            "first_observed": "2015-09-17T08:00:25Z",
            "last_observed": "2015-09-17T08:00:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7319-bae4-4d76-aa4e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7319-bae4-4d76-aa4e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6c7e768e48b9b225b7b9f84528c53c2e6f9b639ce2e7919fe0dff9aad07ea4f5/analysis/1440239105/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7319-526c-4e2a-b137-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:25.000Z",
            "modified": "2015-09-17T08:00:25.000Z",
            "description": "CloudDuke - Xchecked via VT: f97c5e8d018207b1d546501fe2036adfbf774cfd",
            "pattern": "[file:hashes.SHA256 = 'c3ea57eea9f522cfc70ef8c3b614f7e44903293a2e8354359b99efbf4cd436df']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731a-2048-4181-9cee-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:26.000Z",
            "modified": "2015-09-17T08:00:26.000Z",
            "description": "CloudDuke - Xchecked via VT: f97c5e8d018207b1d546501fe2036adfbf774cfd",
            "pattern": "[file:hashes.MD5 = 'b8690064dc61333c591252c4204fbbb3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa731a-fac4-4e8b-895d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:26.000Z",
            "modified": "2015-09-17T08:00:26.000Z",
            "first_observed": "2015-09-17T08:00:26Z",
            "last_observed": "2015-09-17T08:00:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa731a-fac4-4e8b-895d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa731a-fac4-4e8b-895d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c3ea57eea9f522cfc70ef8c3b614f7e44903293a2e8354359b99efbf4cd436df/analysis/1438018785/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731a-6408-4fc1-9e9d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:26.000Z",
            "modified": "2015-09-17T08:00:26.000Z",
            "description": "CloudDuke - Xchecked via VT: f54f4e46f5f933a96650ca5123a4c41e115a9f61",
            "pattern": "[file:hashes.SHA256 = 'ecd0ce1973500c27bb5d70f326d115fba84c0b1680a726a041ed57b42063e7b1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731b-663c-4e13-8607-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:27.000Z",
            "modified": "2015-09-17T08:00:27.000Z",
            "description": "CloudDuke - Xchecked via VT: f54f4e46f5f933a96650ca5123a4c41e115a9f61",
            "pattern": "[file:hashes.MD5 = 'ffb407dc2b20357302a4550a73f6c342']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa731b-d418-42ca-acc4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:27.000Z",
            "modified": "2015-09-17T08:00:27.000Z",
            "first_observed": "2015-09-17T08:00:27Z",
            "last_observed": "2015-09-17T08:00:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa731b-d418-42ca-acc4-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa731b-d418-42ca-acc4-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ecd0ce1973500c27bb5d70f326d115fba84c0b1680a726a041ed57b42063e7b1/analysis/1439718285/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731b-7748-47a6-97e0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:27.000Z",
            "modified": "2015-09-17T08:00:27.000Z",
            "description": "CloudDuke - Xchecked via VT: ed0cf362c0a9de96ce49c841aa55997b4777b326",
            "pattern": "[file:hashes.SHA256 = 'bfc1bafd9b01178037226fa55546d7ed7e9203c13e1b66419e887fee704d5196']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731c-f18c-4bb2-a667-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:28.000Z",
            "modified": "2015-09-17T08:00:28.000Z",
            "description": "CloudDuke - Xchecked via VT: ed0cf362c0a9de96ce49c841aa55997b4777b326",
            "pattern": "[file:hashes.MD5 = '856b224da7525ea5192efbef7a9b8112']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa731c-5610-4b96-a7fa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:28.000Z",
            "modified": "2015-09-17T08:00:28.000Z",
            "first_observed": "2015-09-17T08:00:28Z",
            "last_observed": "2015-09-17T08:00:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa731c-5610-4b96-a7fa-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa731c-5610-4b96-a7fa-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bfc1bafd9b01178037226fa55546d7ed7e9203c13e1b66419e887fee704d5196/analysis/1441622125/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731c-d37c-40cc-8407-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:28.000Z",
            "modified": "2015-09-17T08:00:28.000Z",
            "description": "CloudDuke - Xchecked via VT: dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8",
            "pattern": "[file:hashes.SHA256 = '80cb4007b9756246404c260bc69abf5d4938a1cc217d40ecbfdd6171b02b9e24']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731d-842c-4a05-a96f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:29.000Z",
            "modified": "2015-09-17T08:00:29.000Z",
            "description": "CloudDuke - Xchecked via VT: dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8",
            "pattern": "[file:hashes.MD5 = '4d3a94134aaf590ae8ece0a57257e129']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa731d-9ed4-4352-bcf8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:29.000Z",
            "modified": "2015-09-17T08:00:29.000Z",
            "first_observed": "2015-09-17T08:00:29Z",
            "last_observed": "2015-09-17T08:00:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa731d-9ed4-4352-bcf8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa731d-9ed4-4352-bcf8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/80cb4007b9756246404c260bc69abf5d4938a1cc217d40ecbfdd6171b02b9e24/analysis/1437668426/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731d-c06c-48f5-b893-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:29.000Z",
            "modified": "2015-09-17T08:00:29.000Z",
            "description": "CloudDuke - Xchecked via VT: d7f7aef824265136ad077ae4f874d265ae45a6b0",
            "pattern": "[file:hashes.SHA256 = '88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731e-c830-48f6-95ca-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:30.000Z",
            "modified": "2015-09-17T08:00:30.000Z",
            "description": "CloudDuke - Xchecked via VT: d7f7aef824265136ad077ae4f874d265ae45a6b0",
            "pattern": "[file:hashes.MD5 = '3195110045f64a3c83fc3e043c46d253']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa731e-b620-40f9-9479-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:30.000Z",
            "modified": "2015-09-17T08:00:30.000Z",
            "first_observed": "2015-09-17T08:00:30Z",
            "last_observed": "2015-09-17T08:00:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa731e-b620-40f9-9479-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa731e-b620-40f9-9479-d2c4950d210b",
            "value": "https://www.virustotal.com/file/88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f/analysis/1438272799/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731e-e398-488f-84f4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:30.000Z",
            "modified": "2015-09-17T08:00:30.000Z",
            "description": "CloudDuke - Xchecked via VT: cc15924d37e36060faa405e5fa8f6ca15a3cace2",
            "pattern": "[file:hashes.SHA256 = '6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731f-b750-4da5-9c45-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:31.000Z",
            "modified": "2015-09-17T08:00:31.000Z",
            "description": "CloudDuke - Xchecked via VT: cc15924d37e36060faa405e5fa8f6ca15a3cace2",
            "pattern": "[file:hashes.MD5 = 'b0a9a175e2407352214b2d005253bc0c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa731f-e754-42f4-943e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:31.000Z",
            "modified": "2015-09-17T08:00:31.000Z",
            "first_observed": "2015-09-17T08:00:31Z",
            "last_observed": "2015-09-17T08:00:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa731f-e754-42f4-943e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa731f-e754-42f4-943e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720/analysis/1438296385/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa731f-cefc-499b-a4fe-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:31.000Z",
            "modified": "2015-09-17T08:00:31.000Z",
            "description": "CloudDuke - Xchecked via VT: c16529dbc2987be3ac628b9b413106e5749999ed",
            "pattern": "[file:hashes.SHA256 = 'd4d79be85dc98f74088d6393a8fdf2b5d947ae4f279909af2aed0221dcecfe94']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7320-ba64-440a-bc82-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:32.000Z",
            "modified": "2015-09-17T08:00:32.000Z",
            "description": "CloudDuke - Xchecked via VT: c16529dbc2987be3ac628b9b413106e5749999ed",
            "pattern": "[file:hashes.MD5 = 'e163d9a91f97f133b0e3f2bbe4dc226a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7320-6218-4b5e-abe8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:32.000Z",
            "modified": "2015-09-17T08:00:32.000Z",
            "first_observed": "2015-09-17T08:00:32Z",
            "last_observed": "2015-09-17T08:00:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7320-6218-4b5e-abe8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7320-6218-4b5e-abe8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/d4d79be85dc98f74088d6393a8fdf2b5d947ae4f279909af2aed0221dcecfe94/analysis/1439718988/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7321-2940-41c0-b333-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:33.000Z",
            "modified": "2015-09-17T08:00:33.000Z",
            "description": "CloudDuke - Xchecked via VT: bfe26837da22f21451f0416aa9d241f98ff1c0f8",
            "pattern": "[file:hashes.SHA256 = '12f58639a883b0fcfe3d2e8bcb0330b978731975c9dfa2f8e583adbafc4d534e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7321-d668-45e7-8264-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:33.000Z",
            "modified": "2015-09-17T08:00:33.000Z",
            "description": "CloudDuke - Xchecked via VT: bfe26837da22f21451f0416aa9d241f98ff1c0f8",
            "pattern": "[file:hashes.MD5 = '837b522730ff896435682b36f7b27a3e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7321-4658-4b05-ae72-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:33.000Z",
            "modified": "2015-09-17T08:00:33.000Z",
            "first_observed": "2015-09-17T08:00:33Z",
            "last_observed": "2015-09-17T08:00:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7321-4658-4b05-ae72-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7321-4658-4b05-ae72-d2c4950d210b",
            "value": "https://www.virustotal.com/file/12f58639a883b0fcfe3d2e8bcb0330b978731975c9dfa2f8e583adbafc4d534e/analysis/1437615013/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7322-386c-4ee2-904e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:34.000Z",
            "modified": "2015-09-17T08:00:34.000Z",
            "description": "CloudDuke - Xchecked via VT: 9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f",
            "pattern": "[file:hashes.SHA256 = '85c5ba695992ed59269ea7f7a58f3453f6047729d1f68a444d450439bbccc1f4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7322-75c8-4e58-ac07-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:34.000Z",
            "modified": "2015-09-17T08:00:34.000Z",
            "description": "CloudDuke - Xchecked via VT: 9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f",
            "pattern": "[file:hashes.MD5 = '97886672cc570ba4a5d6a162e92d0155']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7322-843c-469a-8ad8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:34.000Z",
            "modified": "2015-09-17T08:00:34.000Z",
            "first_observed": "2015-09-17T08:00:34Z",
            "last_observed": "2015-09-17T08:00:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7322-843c-469a-8ad8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7322-843c-469a-8ad8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/85c5ba695992ed59269ea7f7a58f3453f6047729d1f68a444d450439bbccc1f4/analysis/1437668426/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7323-9bd0-47c8-8b73-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:35.000Z",
            "modified": "2015-09-17T08:00:35.000Z",
            "description": "CloudDuke - Xchecked via VT: 910dfe45905b63c12c6f93193f5dc08f5b012bc3",
            "pattern": "[file:hashes.SHA256 = 'ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7323-d418-4305-906f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:35.000Z",
            "modified": "2015-09-17T08:00:35.000Z",
            "description": "CloudDuke - Xchecked via VT: 910dfe45905b63c12c6f93193f5dc08f5b012bc3",
            "pattern": "[file:hashes.MD5 = '9018fa0826f237342471895f315dbf39']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7323-5160-4157-8e24-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:35.000Z",
            "modified": "2015-09-17T08:00:35.000Z",
            "first_observed": "2015-09-17T08:00:35Z",
            "last_observed": "2015-09-17T08:00:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7323-5160-4157-8e24-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7323-5160-4157-8e24-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46/analysis/1437545149/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7324-1c58-4618-90ad-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:36.000Z",
            "modified": "2015-09-17T08:00:36.000Z",
            "description": "CloudDuke - Xchecked via VT: 84ba6b6a0a3999c0932f35298948f149ee05bc02",
            "pattern": "[file:hashes.SHA256 = 'a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7324-38e4-44d6-851a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:36.000Z",
            "modified": "2015-09-17T08:00:36.000Z",
            "description": "CloudDuke - Xchecked via VT: 84ba6b6a0a3999c0932f35298948f149ee05bc02",
            "pattern": "[file:hashes.MD5 = '70f5574e4e7ad360f4f5c2117a7a1ca7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7324-b9a0-4bc8-972f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:36.000Z",
            "modified": "2015-09-17T08:00:36.000Z",
            "first_observed": "2015-09-17T08:00:36Z",
            "last_observed": "2015-09-17T08:00:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7324-b9a0-4bc8-972f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7324-b9a0-4bc8-972f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004/analysis/1438340896/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7325-10a4-476c-940b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:37.000Z",
            "modified": "2015-09-17T08:00:37.000Z",
            "description": "CloudDuke - Xchecked via VT: 7b8851f98f765038f275489c69a485e1bed4f82d",
            "pattern": "[file:hashes.SHA256 = 'd3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7325-0698-4b6c-9a0c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:37.000Z",
            "modified": "2015-09-17T08:00:37.000Z",
            "description": "CloudDuke - Xchecked via VT: 7b8851f98f765038f275489c69a485e1bed4f82d",
            "pattern": "[file:hashes.MD5 = 'a9c045c401afb9766e2ca838dc6f47a4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7325-5c10-47ec-ab5b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:37.000Z",
            "modified": "2015-09-17T08:00:37.000Z",
            "first_observed": "2015-09-17T08:00:37Z",
            "last_observed": "2015-09-17T08:00:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7325-5c10-47ec-ab5b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7325-5c10-47ec-ab5b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/d3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36/analysis/1438873154/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7326-de44-4055-a752-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:38.000Z",
            "modified": "2015-09-17T08:00:38.000Z",
            "description": "CloudDuke - Xchecked via VT: 6a3c2ad9919ad09ef6cdffc80940286814a0aa2c",
            "pattern": "[file:hashes.SHA256 = '51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7326-2720-477c-a879-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:38.000Z",
            "modified": "2015-09-17T08:00:38.000Z",
            "description": "CloudDuke - Xchecked via VT: 6a3c2ad9919ad09ef6cdffc80940286814a0aa2c",
            "pattern": "[file:hashes.MD5 = '50bf9c6de53b7de6906c2d5ed6177c28']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7326-0a4c-47d4-bd0b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:38.000Z",
            "modified": "2015-09-17T08:00:38.000Z",
            "first_observed": "2015-09-17T08:00:38Z",
            "last_observed": "2015-09-17T08:00:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7326-0a4c-47d4-bd0b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7326-0a4c-47d4-bd0b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57/analysis/1440692194/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7327-47d0-4b1c-a9a1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:39.000Z",
            "modified": "2015-09-17T08:00:39.000Z",
            "description": "CloudDuke - Xchecked via VT: 52d44e936388b77a0afdb21b099cf83ed6cbaa6f",
            "pattern": "[file:hashes.SHA256 = '0f7d64f514e99a2abdc10dc85e7e6f57c210a0f35472f7b897a19b73be36bece']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7327-40e4-4e10-9743-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:39.000Z",
            "modified": "2015-09-17T08:00:39.000Z",
            "description": "CloudDuke - Xchecked via VT: 52d44e936388b77a0afdb21b099cf83ed6cbaa6f",
            "pattern": "[file:hashes.MD5 = '72512c49401bd3d04a8ef6c7a6475307']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7327-7998-46c0-9bc2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:39.000Z",
            "modified": "2015-09-17T08:00:39.000Z",
            "first_observed": "2015-09-17T08:00:39Z",
            "last_observed": "2015-09-17T08:00:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7327-7998-46c0-9bc2-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7327-7998-46c0-9bc2-d2c4950d210b",
            "value": "https://www.virustotal.com/file/0f7d64f514e99a2abdc10dc85e7e6f57c210a0f35472f7b897a19b73be36bece/analysis/1441199710/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7328-95b0-45c3-8055-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:40.000Z",
            "modified": "2015-09-17T08:00:40.000Z",
            "description": "CloudDuke - Xchecked via VT: 4800d67ea326e6d037198abd3d95f4ed59449313",
            "pattern": "[file:hashes.SHA256 = '97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7328-b6bc-40a8-835f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:40.000Z",
            "modified": "2015-09-17T08:00:40.000Z",
            "description": "CloudDuke - Xchecked via VT: 4800d67ea326e6d037198abd3d95f4ed59449313",
            "pattern": "[file:hashes.MD5 = '8473fae7fdae7ee5a8b0fb64ebb596c1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7328-1320-4458-9c4c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:40.000Z",
            "modified": "2015-09-17T08:00:40.000Z",
            "first_observed": "2015-09-17T08:00:40Z",
            "last_observed": "2015-09-17T08:00:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7328-1320-4458-9c4c-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7328-1320-4458-9c4c-d2c4950d210b",
            "value": "https://www.virustotal.com/file/97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7/analysis/1438272790/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7329-5a44-4d43-9376-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:41.000Z",
            "modified": "2015-09-17T08:00:41.000Z",
            "description": "CloudDuke - Xchecked via VT: 47f26990d063c947debbde0e10bd267fb0f32719",
            "pattern": "[file:hashes.SHA256 = 'c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7329-1c84-491b-909a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:41.000Z",
            "modified": "2015-09-17T08:00:41.000Z",
            "description": "CloudDuke - Xchecked via VT: 47f26990d063c947debbde0e10bd267fb0f32719",
            "pattern": "[file:hashes.MD5 = '42ffc84c6381a18b1f6d000b94c74b09']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa732a-10d4-4781-aa4c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:42.000Z",
            "modified": "2015-09-17T08:00:42.000Z",
            "first_observed": "2015-09-17T08:00:42Z",
            "last_observed": "2015-09-17T08:00:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa732a-10d4-4781-aa4c-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa732a-10d4-4781-aa4c-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3/analysis/1438272884/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732a-01c4-42c1-bb54-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:42.000Z",
            "modified": "2015-09-17T08:00:42.000Z",
            "description": "CloudDuke - Xchecked via VT: 44403a3e51e337c1372b0becdab74313125452c7",
            "pattern": "[file:hashes.SHA256 = '56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732a-66f8-4ab7-9986-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:42.000Z",
            "modified": "2015-09-17T08:00:42.000Z",
            "description": "CloudDuke - Xchecked via VT: 44403a3e51e337c1372b0becdab74313125452c7",
            "pattern": "[file:hashes.MD5 = 'e00bf9b8261410744c10ae3fe2ce9049']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa732b-1cb8-4eb0-bba8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:43.000Z",
            "modified": "2015-09-17T08:00:43.000Z",
            "first_observed": "2015-09-17T08:00:43Z",
            "last_observed": "2015-09-17T08:00:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa732b-1cb8-4eb0-bba8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa732b-1cb8-4eb0-bba8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e/analysis/1438272856/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732b-1a84-482c-9f81-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:43.000Z",
            "modified": "2015-09-17T08:00:43.000Z",
            "description": "CloudDuke - Xchecked via VT: 317bde14307d8777d613280546f47dd0ce54f95b",
            "pattern": "[file:hashes.SHA256 = '5d695ff02202808805da942e484caa7c1dc68e6d9c3d77dc383cfa0617e61e48']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732b-c8fc-4304-b0e2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:43.000Z",
            "modified": "2015-09-17T08:00:43.000Z",
            "description": "CloudDuke - Xchecked via VT: 317bde14307d8777d613280546f47dd0ce54f95b",
            "pattern": "[file:hashes.MD5 = 'a4f3e00b3da3e9d9382840dfbdbef311']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa732c-b938-4f3c-b1e8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:44.000Z",
            "modified": "2015-09-17T08:00:44.000Z",
            "first_observed": "2015-09-17T08:00:44Z",
            "last_observed": "2015-09-17T08:00:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa732c-b938-4f3c-b1e8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa732c-b938-4f3c-b1e8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5d695ff02202808805da942e484caa7c1dc68e6d9c3d77dc383cfa0617e61e48/analysis/1439718568/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732c-3958-400c-bce4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:44.000Z",
            "modified": "2015-09-17T08:00:44.000Z",
            "description": "CloudDuke - Xchecked via VT: 2f53bfcd2016d506674d0a05852318f9e8188ee1",
            "pattern": "[file:hashes.SHA256 = 'e1490d6e5ce4c2cddef0815c55bf8946cb830ce0ac7f586cf1ae16ef66f1bd8b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732c-0510-41a3-aacd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:44.000Z",
            "modified": "2015-09-17T08:00:44.000Z",
            "description": "CloudDuke - Xchecked via VT: 2f53bfcd2016d506674d0a05852318f9e8188ee1",
            "pattern": "[file:hashes.MD5 = '07660a9b83b7fbc7ab372a911c69a85b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa732d-bee4-4e39-bc99-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:45.000Z",
            "modified": "2015-09-17T08:00:45.000Z",
            "first_observed": "2015-09-17T08:00:45Z",
            "last_observed": "2015-09-17T08:00:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa732d-bee4-4e39-bc99-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa732d-bee4-4e39-bc99-d2c4950d210b",
            "value": "https://www.virustotal.com/file/e1490d6e5ce4c2cddef0815c55bf8946cb830ce0ac7f586cf1ae16ef66f1bd8b/analysis/1439719952/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732d-57e8-4403-8d6e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:45.000Z",
            "modified": "2015-09-17T08:00:45.000Z",
            "description": "CloudDuke - Xchecked via VT: 2e27c59f0cf0dbf81466cc63d87d421b33843e87",
            "pattern": "[file:hashes.SHA256 = '1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732d-735c-45fe-bf8e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:45.000Z",
            "modified": "2015-09-17T08:00:45.000Z",
            "description": "CloudDuke - Xchecked via VT: 2e27c59f0cf0dbf81466cc63d87d421b33843e87",
            "pattern": "[file:hashes.MD5 = '964e4b516d72b7717aabb71ad7cc7bf6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa732e-8b64-4e63-b691-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:46.000Z",
            "modified": "2015-09-17T08:00:46.000Z",
            "first_observed": "2015-09-17T08:00:46Z",
            "last_observed": "2015-09-17T08:00:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa732e-8b64-4e63-b691-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa732e-8b64-4e63-b691-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7/analysis/1439721062/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732e-2748-4d24-b414-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:46.000Z",
            "modified": "2015-09-17T08:00:46.000Z",
            "description": "CloudDuke - Xchecked via VT: 10b31a17449705be20890ddd8ad97a2feb093674",
            "pattern": "[file:hashes.SHA256 = 'ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732e-17e0-4e2f-8e67-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:46.000Z",
            "modified": "2015-09-17T08:00:46.000Z",
            "description": "CloudDuke - Xchecked via VT: 10b31a17449705be20890ddd8ad97a2feb093674",
            "pattern": "[file:hashes.MD5 = '3a04a5d7ed785daa16f4ebfd3acf0867']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa732f-1ca8-468a-8caa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:47.000Z",
            "modified": "2015-09-17T08:00:47.000Z",
            "first_observed": "2015-09-17T08:00:47Z",
            "last_observed": "2015-09-17T08:00:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa732f-1ca8-468a-8caa-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa732f-1ca8-468a-8caa-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145/analysis/1442216260/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732f-ea14-4345-9e15-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:47.000Z",
            "modified": "2015-09-17T08:00:47.000Z",
            "description": "CloudDuke - Xchecked via VT: 04299c0b549d4a46154e0a754dda2bc9e43dff76",
            "pattern": "[file:hashes.SHA256 = '56531cc133e7a760b238aadc5b7a622cd11c835a3e6b78079d825d417fb02198']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa732f-dd48-4753-ac79-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:47.000Z",
            "modified": "2015-09-17T08:00:47.000Z",
            "description": "CloudDuke - Xchecked via VT: 04299c0b549d4a46154e0a754dda2bc9e43dff76",
            "pattern": "[file:hashes.MD5 = 'bfd2d6bf8e99332157a0fe46a4a91c52']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7330-9fd0-44d4-bbb6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:48.000Z",
            "modified": "2015-09-17T08:00:48.000Z",
            "first_observed": "2015-09-17T08:00:48Z",
            "last_observed": "2015-09-17T08:00:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7330-9fd0-44d4-bbb6-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7330-9fd0-44d4-bbb6-d2c4950d210b",
            "value": "https://www.virustotal.com/file/56531cc133e7a760b238aadc5b7a622cd11c835a3e6b78079d825d417fb02198/analysis/1439718242/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7330-2950-4b1b-85e7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:48.000Z",
            "modified": "2015-09-17T08:00:48.000Z",
            "description": "OnionDuke - Xchecked via VT: f3dcbc016393497f681e12628ad9411c27e57d48",
            "pattern": "[file:hashes.SHA256 = '316528ade312cc5ed76f0b44c7f2c2fc84f60ae215992d9393f57431383cf776']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7330-c214-4d74-9a4c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:48.000Z",
            "modified": "2015-09-17T08:00:48.000Z",
            "description": "OnionDuke - Xchecked via VT: f3dcbc016393497f681e12628ad9411c27e57d48",
            "pattern": "[file:hashes.MD5 = 'f23a89f3b7b6fa1312e6a10ede4e23a6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7331-a1e8-4ca2-90b3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:49.000Z",
            "modified": "2015-09-17T08:00:49.000Z",
            "first_observed": "2015-09-17T08:00:49Z",
            "last_observed": "2015-09-17T08:00:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7331-a1e8-4ca2-90b3-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7331-a1e8-4ca2-90b3-d2c4950d210b",
            "value": "https://www.virustotal.com/file/316528ade312cc5ed76f0b44c7f2c2fc84f60ae215992d9393f57431383cf776/analysis/1385678112/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7331-6cb4-4fb2-aeff-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:49.000Z",
            "modified": "2015-09-17T08:00:49.000Z",
            "description": "OnionDuke - Xchecked via VT: f2b4b1605360d7f4e0c47932e555b36707f287be",
            "pattern": "[file:hashes.SHA256 = 'd04bef6765408d528fdf82a46c157b44e8b5e7762a15b0264033c9558ccc48dd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7331-f598-41cd-aace-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:49.000Z",
            "modified": "2015-09-17T08:00:49.000Z",
            "description": "OnionDuke - Xchecked via VT: f2b4b1605360d7f4e0c47932e555b36707f287be",
            "pattern": "[file:hashes.MD5 = '591a5ef38c1be504fbbc88219eb39692']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7332-f904-4404-94fc-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:50.000Z",
            "modified": "2015-09-17T08:00:50.000Z",
            "first_observed": "2015-09-17T08:00:50Z",
            "last_observed": "2015-09-17T08:00:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7332-f904-4404-94fc-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7332-f904-4404-94fc-d2c4950d210b",
            "value": "https://www.virustotal.com/file/d04bef6765408d528fdf82a46c157b44e8b5e7762a15b0264033c9558ccc48dd/analysis/1436086946/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7332-4e50-46c2-b6c3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:50.000Z",
            "modified": "2015-09-17T08:00:50.000Z",
            "description": "OnionDuke - Xchecked via VT: e519198de4cc8bcb0644aa1ab6552b1d15c99a0e",
            "pattern": "[file:hashes.SHA256 = '4558eb18504f724e4f33f1504ff924ce64701d26d703cf1e42a48504e7f51927']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7332-b9d8-44ec-8898-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:50.000Z",
            "modified": "2015-09-17T08:00:50.000Z",
            "description": "OnionDuke - Xchecked via VT: e519198de4cc8bcb0644aa1ab6552b1d15c99a0e",
            "pattern": "[file:hashes.MD5 = 'd33e91246924adb5edc97ceae8a60084']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7333-3214-43ce-9a3e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:51.000Z",
            "modified": "2015-09-17T08:00:51.000Z",
            "first_observed": "2015-09-17T08:00:51Z",
            "last_observed": "2015-09-17T08:00:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7333-3214-43ce-9a3e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7333-3214-43ce-9a3e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4558eb18504f724e4f33f1504ff924ce64701d26d703cf1e42a48504e7f51927/analysis/1442476267/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7333-8a50-43fb-900c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:51.000Z",
            "modified": "2015-09-17T08:00:51.000Z",
            "description": "OnionDuke - Xchecked via VT: e09f283ade693ff89864f6ec9c2354091fbd186e",
            "pattern": "[file:hashes.SHA256 = 'df03f0ae0622f5040bf449ab8b7559a97da7f746cc2ce24a8ad5336b18699296']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7333-1c9c-4f07-be59-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:51.000Z",
            "modified": "2015-09-17T08:00:51.000Z",
            "description": "OnionDuke - Xchecked via VT: e09f283ade693ff89864f6ec9c2354091fbd186e",
            "pattern": "[file:hashes.MD5 = '80a93e5dd3a3ea22f9a9af1547f797ab']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7334-b940-4a00-91f1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:52.000Z",
            "modified": "2015-09-17T08:00:52.000Z",
            "first_observed": "2015-09-17T08:00:52Z",
            "last_observed": "2015-09-17T08:00:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7334-b940-4a00-91f1-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7334-b940-4a00-91f1-d2c4950d210b",
            "value": "https://www.virustotal.com/file/df03f0ae0622f5040bf449ab8b7559a97da7f746cc2ce24a8ad5336b18699296/analysis/1417772385/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7334-6b60-40f7-a6d0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:52.000Z",
            "modified": "2015-09-17T08:00:52.000Z",
            "description": "OnionDuke - Xchecked via VT: d433f281cf56015941a1c2cb87066ca62ea1db37",
            "pattern": "[file:hashes.SHA256 = '0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7335-788c-4e91-a406-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:53.000Z",
            "modified": "2015-09-17T08:00:53.000Z",
            "description": "OnionDuke - Xchecked via VT: d433f281cf56015941a1c2cb87066ca62ea1db37",
            "pattern": "[file:hashes.MD5 = 'd1ce79089578da2d41f1ad901f7b1014']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7335-4a7c-492a-b184-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:53.000Z",
            "modified": "2015-09-17T08:00:53.000Z",
            "first_observed": "2015-09-17T08:00:53Z",
            "last_observed": "2015-09-17T08:00:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7335-4a7c-492a-b184-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7335-4a7c-492a-b184-d2c4950d210b",
            "value": "https://www.virustotal.com/file/0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade/analysis/1440570597/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7335-09ec-4b9d-b1af-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:53.000Z",
            "modified": "2015-09-17T08:00:53.000Z",
            "description": "OnionDuke - Xchecked via VT: cce5b3a2965c500de8fa75e1429b8be5aa744e14",
            "pattern": "[file:hashes.SHA256 = 'ddce4b5e1c03d04bb82780a2d0f08469bb589b6fe8f0d4cc2a140b16344f5bd1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7336-eaec-46b8-8cab-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:54.000Z",
            "modified": "2015-09-17T08:00:54.000Z",
            "description": "OnionDuke - Xchecked via VT: cce5b3a2965c500de8fa75e1429b8be5aa744e14",
            "pattern": "[file:hashes.MD5 = '16bb0f9d98eb7a832b6db1e92f4e4f1a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7336-5568-4889-8e29-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:54.000Z",
            "modified": "2015-09-17T08:00:54.000Z",
            "first_observed": "2015-09-17T08:00:54Z",
            "last_observed": "2015-09-17T08:00:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7336-5568-4889-8e29-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7336-5568-4889-8e29-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ddce4b5e1c03d04bb82780a2d0f08469bb589b6fe8f0d4cc2a140b16344f5bd1/analysis/1396138821/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7336-5300-4ee5-9966-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:54.000Z",
            "modified": "2015-09-17T08:00:54.000Z",
            "description": "OnionDuke - Xchecked via VT: c1ec762878a0eed8ebf47e122e87c79a5e3f7b44",
            "pattern": "[file:hashes.SHA256 = '6271c4909f39e1f29dcc79cde0f526cbde45d906726e73bd3b52d041a34eda38']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7337-5744-4ff5-bc2b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:55.000Z",
            "modified": "2015-09-17T08:00:55.000Z",
            "description": "OnionDuke - Xchecked via VT: c1ec762878a0eed8ebf47e122e87c79a5e3f7b44",
            "pattern": "[file:hashes.MD5 = 'c0f27bcdede7fe36664770dfe9f84044']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7337-36c4-4c8b-b28a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:55.000Z",
            "modified": "2015-09-17T08:00:55.000Z",
            "first_observed": "2015-09-17T08:00:55Z",
            "last_observed": "2015-09-17T08:00:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7337-36c4-4c8b-b28a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7337-36c4-4c8b-b28a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6271c4909f39e1f29dcc79cde0f526cbde45d906726e73bd3b52d041a34eda38/analysis/1382853861/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7337-3164-4479-9f29-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:55.000Z",
            "modified": "2015-09-17T08:00:55.000Z",
            "description": "OnionDuke - Xchecked via VT: b491c14d8cfb48636f6095b7b16555e9a575d57f",
            "pattern": "[file:hashes.SHA256 = '366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7338-1ec8-4830-a081-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:56.000Z",
            "modified": "2015-09-17T08:00:56.000Z",
            "description": "OnionDuke - Xchecked via VT: b491c14d8cfb48636f6095b7b16555e9a575d57f",
            "pattern": "[file:hashes.MD5 = 'c8eb6040fd02d77660d19057a38ff769']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7338-e3a0-4993-83b0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:56.000Z",
            "modified": "2015-09-17T08:00:56.000Z",
            "first_observed": "2015-09-17T08:00:56Z",
            "last_observed": "2015-09-17T08:00:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7338-e3a0-4993-83b0-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7338-e3a0-4993-83b0-d2c4950d210b",
            "value": "https://www.virustotal.com/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/1440570638/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7338-8118-4f2b-950b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:56.000Z",
            "modified": "2015-09-17T08:00:56.000Z",
            "description": "OnionDuke - Xchecked via VT: b3873d2c969d224b0fd17b5f886ea253ac1bfb5b",
            "pattern": "[file:hashes.SHA256 = 'ac9c7ac457a605ff836eb6fe127eabc7a251dd73ea0a1fa59a591de30fa75d3f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7339-45d4-4b17-ad6b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:57.000Z",
            "modified": "2015-09-17T08:00:57.000Z",
            "description": "OnionDuke - Xchecked via VT: b3873d2c969d224b0fd17b5f886ea253ac1bfb5b",
            "pattern": "[file:hashes.MD5 = '2d96b4c95152819a888deccf7ec965d6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7339-843c-48c6-9321-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:57.000Z",
            "modified": "2015-09-17T08:00:57.000Z",
            "first_observed": "2015-09-17T08:00:57Z",
            "last_observed": "2015-09-17T08:00:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7339-843c-48c6-9321-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7339-843c-48c6-9321-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ac9c7ac457a605ff836eb6fe127eabc7a251dd73ea0a1fa59a591de30fa75d3f/analysis/1416932401/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7339-21f4-4456-b480-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:57.000Z",
            "modified": "2015-09-17T08:00:57.000Z",
            "description": "OnionDuke - Xchecked via VT: a75995f94854dea8799650a2f4a97980b71199d2",
            "pattern": "[file:hashes.SHA256 = '19972cc87c7653aff9620461ce459b996b1f9b030d7c8031df0c8265b73f670d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733a-4a38-4906-8d7b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:58.000Z",
            "modified": "2015-09-17T08:00:58.000Z",
            "description": "OnionDuke - Xchecked via VT: a75995f94854dea8799650a2f4a97980b71199d2",
            "pattern": "[file:hashes.MD5 = '28f96a57fa5ff663926e9bad51a1d0cb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa733a-1544-4255-b26a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:58.000Z",
            "modified": "2015-09-17T08:00:58.000Z",
            "first_observed": "2015-09-17T08:00:58Z",
            "last_observed": "2015-09-17T08:00:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa733a-1544-4255-b26a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa733a-1544-4255-b26a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/19972cc87c7653aff9620461ce459b996b1f9b030d7c8031df0c8265b73f670d/analysis/1440569133/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733a-ffc0-483a-af27-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:58.000Z",
            "modified": "2015-09-17T08:00:58.000Z",
            "description": "OnionDuke - Xchecked via VT: 9a277a63e41d32d9af3eddea1710056be0d42347",
            "pattern": "[file:hashes.SHA256 = '489d448514a3ddf30144cc1634e6623e529dd3aee54a050a920a3d4342b4b96a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733b-9b08-4dff-8a28-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:59.000Z",
            "modified": "2015-09-17T08:00:59.000Z",
            "description": "OnionDuke - Xchecked via VT: 9a277a63e41d32d9af3eddea1710056be0d42347",
            "pattern": "[file:hashes.MD5 = '0ea4ccf2737f7095b367eda58e475e1f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa733b-b8e4-47e8-a13b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:59.000Z",
            "modified": "2015-09-17T08:00:59.000Z",
            "first_observed": "2015-09-17T08:00:59Z",
            "last_observed": "2015-09-17T08:00:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa733b-b8e4-47e8-a13b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa733b-b8e4-47e8-a13b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/489d448514a3ddf30144cc1634e6623e529dd3aee54a050a920a3d4342b4b96a/analysis/1421499567/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733b-c9e0-4e7f-90c1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:00:59.000Z",
            "modified": "2015-09-17T08:00:59.000Z",
            "description": "OnionDuke - Xchecked via VT: 91cb047f28a15b558a9a4dff26df642b9001f8d7",
            "pattern": "[file:hashes.SHA256 = '49dca913ff5c4782e8f8fa2dfd161110bc5c8cd36c9ce8aa0efd1860ab668e6e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:00:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733c-9a14-4a84-a5f6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:00.000Z",
            "modified": "2015-09-17T08:01:00.000Z",
            "description": "OnionDuke - Xchecked via VT: 91cb047f28a15b558a9a4dff26df642b9001f8d7",
            "pattern": "[file:hashes.MD5 = 'ccb6d74a8577ca44ca56cfc7fa6332b6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa733c-9b34-461a-9ea2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:00.000Z",
            "modified": "2015-09-17T08:01:00.000Z",
            "first_observed": "2015-09-17T08:01:00Z",
            "last_observed": "2015-09-17T08:01:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa733c-9b34-461a-9ea2-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa733c-9b34-461a-9ea2-d2c4950d210b",
            "value": "https://www.virustotal.com/file/49dca913ff5c4782e8f8fa2dfd161110bc5c8cd36c9ce8aa0efd1860ab668e6e/analysis/1412352067/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733c-12a4-457a-9552-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:00.000Z",
            "modified": "2015-09-17T08:01:00.000Z",
            "description": "OnionDuke - Xchecked via VT: 7efd300efed0a42c7d1f568e309c45b2b641f5c2",
            "pattern": "[file:hashes.SHA256 = 'c47f2973f077f21abfb202b54ea18ee2a182e4305ee0046c1bc6d15a1179a43c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733d-3f34-42b7-a57b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:01.000Z",
            "modified": "2015-09-17T08:01:01.000Z",
            "description": "OnionDuke - Xchecked via VT: 7efd300efed0a42c7d1f568e309c45b2b641f5c2",
            "pattern": "[file:hashes.MD5 = '6a5a0ac42161333e9758589ecabed3c6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa733d-0508-4191-8c87-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:01.000Z",
            "modified": "2015-09-17T08:01:01.000Z",
            "first_observed": "2015-09-17T08:01:01Z",
            "last_observed": "2015-09-17T08:01:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa733d-0508-4191-8c87-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa733d-0508-4191-8c87-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c47f2973f077f21abfb202b54ea18ee2a182e4305ee0046c1bc6d15a1179a43c/analysis/1417196914/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733d-e8bc-4a84-8fe6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:01.000Z",
            "modified": "2015-09-17T08:01:01.000Z",
            "description": "OnionDuke - Xchecked via VT: 7d871a2d467474178893cd017e4e3e04e589c9a0",
            "pattern": "[file:hashes.SHA256 = '3af9cfb2797bed22e1d12970d068d794270a0f07d3f3dcfdcdb9abfc3a80e0f8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733e-2558-4765-b1ed-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:02.000Z",
            "modified": "2015-09-17T08:01:02.000Z",
            "description": "OnionDuke - Xchecked via VT: 7d871a2d467474178893cd017e4e3e04e589c9a0",
            "pattern": "[file:hashes.MD5 = '3a6b45a7c8fa74bc342b69e926079960']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa733e-7ab4-4bc7-9323-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:02.000Z",
            "modified": "2015-09-17T08:01:02.000Z",
            "first_observed": "2015-09-17T08:01:02Z",
            "last_observed": "2015-09-17T08:01:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa733e-7ab4-4bc7-9323-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa733e-7ab4-4bc7-9323-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3af9cfb2797bed22e1d12970d068d794270a0f07d3f3dcfdcdb9abfc3a80e0f8/analysis/1385678197/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733f-2c84-4263-a2c4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:03.000Z",
            "modified": "2015-09-17T08:01:03.000Z",
            "description": "OnionDuke - Xchecked via VT: 7d17917cb8bc00b022a86bb7bab59e28c3453126",
            "pattern": "[file:hashes.SHA256 = '8d86c0985530271618a342579afd1a9ecb27dfb080866e3b888bd3e45e1eb8f5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa733f-f094-4afd-9826-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:03.000Z",
            "modified": "2015-09-17T08:01:03.000Z",
            "description": "OnionDuke - Xchecked via VT: 7d17917cb8bc00b022a86bb7bab59e28c3453126",
            "pattern": "[file:hashes.MD5 = '9e3f3b5e9ece79102d257e8cf982e09e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa733f-30a0-4ee4-a831-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:03.000Z",
            "modified": "2015-09-17T08:01:03.000Z",
            "first_observed": "2015-09-17T08:01:03Z",
            "last_observed": "2015-09-17T08:01:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa733f-30a0-4ee4-a831-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa733f-30a0-4ee4-a831-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8d86c0985530271618a342579afd1a9ecb27dfb080866e3b888bd3e45e1eb8f5/analysis/1437907599/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7340-5a54-474d-9858-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:04.000Z",
            "modified": "2015-09-17T08:01:04.000Z",
            "description": "OnionDuke - Xchecked via VT: 7b3652f8d51bf74174e1e5364dbbf901a2ebcba1",
            "pattern": "[file:hashes.SHA256 = 'df818c2dccacc532ba0205749329b7e46d1f6616b40da55e0d994105bd988bd2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7340-b5bc-4e96-965e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:04.000Z",
            "modified": "2015-09-17T08:01:04.000Z",
            "description": "OnionDuke - Xchecked via VT: 7b3652f8d51bf74174e1e5364dbbf901a2ebcba1",
            "pattern": "[file:hashes.MD5 = '19aca5da05ee8e5862e1d1ee50e84cec']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7340-7cd0-4e59-bb27-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:04.000Z",
            "modified": "2015-09-17T08:01:04.000Z",
            "first_observed": "2015-09-17T08:01:04Z",
            "last_observed": "2015-09-17T08:01:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7340-7cd0-4e59-bb27-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7340-7cd0-4e59-bb27-d2c4950d210b",
            "value": "https://www.virustotal.com/file/df818c2dccacc532ba0205749329b7e46d1f6616b40da55e0d994105bd988bd2/analysis/1416932496/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7341-89fc-444a-901a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:05.000Z",
            "modified": "2015-09-17T08:01:05.000Z",
            "description": "OnionDuke - Xchecked via VT: 6b631396013ddfd8c946772d3cd4919495298d40",
            "pattern": "[file:hashes.SHA256 = '97afcd01e00d32dc4d1161d7a127933593cfc092ec635af5dc7a775a088b6091']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7341-8180-48dd-b0d9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:05.000Z",
            "modified": "2015-09-17T08:01:05.000Z",
            "description": "OnionDuke - Xchecked via VT: 6b631396013ddfd8c946772d3cd4919495298d40",
            "pattern": "[file:hashes.MD5 = 'a4c77494cccb41aaa8849176bd58055e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7341-983c-4394-b1d0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:05.000Z",
            "modified": "2015-09-17T08:01:05.000Z",
            "first_observed": "2015-09-17T08:01:05Z",
            "last_observed": "2015-09-17T08:01:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7341-983c-4394-b1d0-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7341-983c-4394-b1d0-d2c4950d210b",
            "value": "https://www.virustotal.com/file/97afcd01e00d32dc4d1161d7a127933593cfc092ec635af5dc7a775a088b6091/analysis/1372267562/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7342-aafc-4580-8a7a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:06.000Z",
            "modified": "2015-09-17T08:01:06.000Z",
            "description": "OnionDuke - Xchecked via VT: 6b3b42f584b6dc1e0a7b0e0c389f1fbe040968aa",
            "pattern": "[file:hashes.SHA256 = 'c218b779461d83d70791e0578175503cd69128c9723f2c5d7d36b85073b0f2f9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7342-f6f8-4e98-837d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:06.000Z",
            "modified": "2015-09-17T08:01:06.000Z",
            "description": "OnionDuke - Xchecked via VT: 6b3b42f584b6dc1e0a7b0e0c389f1fbe040968aa",
            "pattern": "[file:hashes.MD5 = '65c40b01a0870250fb358efc8b201192']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7342-c3e8-46a1-87b9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:06.000Z",
            "modified": "2015-09-17T08:01:06.000Z",
            "first_observed": "2015-09-17T08:01:06Z",
            "last_observed": "2015-09-17T08:01:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7342-c3e8-46a1-87b9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7342-c3e8-46a1-87b9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c218b779461d83d70791e0578175503cd69128c9723f2c5d7d36b85073b0f2f9/analysis/1431624122/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7343-2aa8-4849-ab1f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:07.000Z",
            "modified": "2015-09-17T08:01:07.000Z",
            "description": "OnionDuke - Xchecked via VT: 61283ef203f4286f1d366a57e077b0a581be1659",
            "pattern": "[file:hashes.SHA256 = '540913b3647c28a14418a6f288be9e4d8f99048227efea8ca1b13877269002eb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7343-578c-48d8-9014-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:07.000Z",
            "modified": "2015-09-17T08:01:07.000Z",
            "description": "OnionDuke - Xchecked via VT: 61283ef203f4286f1d366a57e077b0a581be1659",
            "pattern": "[file:hashes.MD5 = 'db9ccc6fa0f7605f39d93487fbaba866']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7343-bab8-4a9e-b56b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:07.000Z",
            "modified": "2015-09-17T08:01:07.000Z",
            "first_observed": "2015-09-17T08:01:07Z",
            "last_observed": "2015-09-17T08:01:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7343-bab8-4a9e-b56b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7343-bab8-4a9e-b56b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/540913b3647c28a14418a6f288be9e4d8f99048227efea8ca1b13877269002eb/analysis/1411010934/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7344-3d4c-40aa-86b3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:08.000Z",
            "modified": "2015-09-17T08:01:08.000Z",
            "description": "OnionDuke - Xchecked via VT: 5ccff14ce7c1732fadfe74af95a912093007357f",
            "pattern": "[file:hashes.SHA256 = 'd07a802eb6d2c296c3f1bc726b5a716c4a7d8e97053c53e81658a31f969e6ce7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7344-8df4-45c0-8c99-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:08.000Z",
            "modified": "2015-09-17T08:01:08.000Z",
            "description": "OnionDuke - Xchecked via VT: 5ccff14ce7c1732fadfe74af95a912093007357f",
            "pattern": "[file:hashes.MD5 = '89b3cf1023825cc49efe59b06092dba1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7344-0104-4144-bb79-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:08.000Z",
            "modified": "2015-09-17T08:01:08.000Z",
            "first_observed": "2015-09-17T08:01:08Z",
            "last_observed": "2015-09-17T08:01:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7344-0104-4144-bb79-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7344-0104-4144-bb79-d2c4950d210b",
            "value": "https://www.virustotal.com/file/d07a802eb6d2c296c3f1bc726b5a716c4a7d8e97053c53e81658a31f969e6ce7/analysis/1416932625/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7345-7ff0-4aca-a007-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:09.000Z",
            "modified": "2015-09-17T08:01:09.000Z",
            "description": "OnionDuke - Xchecked via VT: 42429d0c0cade08cfe4f72dcd77892b883e8a4bc",
            "pattern": "[file:hashes.SHA256 = '567332c2a6813d529bcb9196102ad45eceb982143e9d2f326f02cec1511954b0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7345-d9dc-499f-a905-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:09.000Z",
            "modified": "2015-09-17T08:01:09.000Z",
            "description": "OnionDuke - Xchecked via VT: 42429d0c0cade08cfe4f72dcd77892b883e8a4bc",
            "pattern": "[file:hashes.MD5 = '4649609b8394283ec36ada132b02a0c6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7345-32a4-41b0-a736-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:09.000Z",
            "modified": "2015-09-17T08:01:09.000Z",
            "first_observed": "2015-09-17T08:01:09Z",
            "last_observed": "2015-09-17T08:01:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7345-32a4-41b0-a736-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7345-32a4-41b0-a736-d2c4950d210b",
            "value": "https://www.virustotal.com/file/567332c2a6813d529bcb9196102ad45eceb982143e9d2f326f02cec1511954b0/analysis/1422158326/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7346-3a74-4b02-aa8b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:10.000Z",
            "modified": "2015-09-17T08:01:10.000Z",
            "description": "OnionDuke - Xchecked via VT: 3bf6b0d49b8e594f8b59eec98942e1380e16dd22",
            "pattern": "[file:hashes.SHA256 = '65a2ca760bfce4762cd1cb3623c7d5d0ff86187d3bf3ba8fdea1339585a57ec2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7346-2ec4-4b61-a07b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:10.000Z",
            "modified": "2015-09-17T08:01:10.000Z",
            "description": "OnionDuke - Xchecked via VT: 3bf6b0d49b8e594f8b59eec98942e1380e16dd22",
            "pattern": "[file:hashes.MD5 = 'd26ff50f81e76dffd1382fbf16783b47']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7346-2454-47a6-bdb9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:10.000Z",
            "modified": "2015-09-17T08:01:10.000Z",
            "first_observed": "2015-09-17T08:01:10Z",
            "last_observed": "2015-09-17T08:01:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7346-2454-47a6-bdb9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7346-2454-47a6-bdb9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/65a2ca760bfce4762cd1cb3623c7d5d0ff86187d3bf3ba8fdea1339585a57ec2/analysis/1380351275/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7347-46c8-421a-841b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:11.000Z",
            "modified": "2015-09-17T08:01:11.000Z",
            "description": "OnionDuke - Xchecked via VT: 25e0af331b8e9fed64dc0df71a2687be348100e8",
            "pattern": "[file:hashes.SHA256 = 'bd589360b299dc4803aa35abca527137a51feadae2b1e3bc2b5a301bb5b245da']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7347-f5a4-4aa6-8a8f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:11.000Z",
            "modified": "2015-09-17T08:01:11.000Z",
            "description": "OnionDuke - Xchecked via VT: 25e0af331b8e9fed64dc0df71a2687be348100e8",
            "pattern": "[file:hashes.MD5 = '0753697172046fcfb03d6445fff1f093']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7347-a9a4-4b3d-b301-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:11.000Z",
            "modified": "2015-09-17T08:01:11.000Z",
            "first_observed": "2015-09-17T08:01:11Z",
            "last_observed": "2015-09-17T08:01:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7347-a9a4-4b3d-b301-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7347-a9a4-4b3d-b301-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bd589360b299dc4803aa35abca527137a51feadae2b1e3bc2b5a301bb5b245da/analysis/1415655517/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7348-6330-4e58-89a6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:12.000Z",
            "modified": "2015-09-17T08:01:12.000Z",
            "description": "OnionDuke - Xchecked via VT: 22bae6be13561cec758d25fa7adac89e67a1f33a",
            "pattern": "[file:hashes.SHA256 = 'a9e2d988781e970882fb1cee420bf01dda30730046a82f0faf4703523842feb5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7348-abf4-4e7b-8c6f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:12.000Z",
            "modified": "2015-09-17T08:01:12.000Z",
            "description": "OnionDuke - Xchecked via VT: 22bae6be13561cec758d25fa7adac89e67a1f33a",
            "pattern": "[file:hashes.MD5 = 'b602adb677d0560601e7668eaf158605']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7349-aaf4-4039-bb21-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:13.000Z",
            "modified": "2015-09-17T08:01:13.000Z",
            "first_observed": "2015-09-17T08:01:13Z",
            "last_observed": "2015-09-17T08:01:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7349-aaf4-4039-bb21-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7349-aaf4-4039-bb21-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a9e2d988781e970882fb1cee420bf01dda30730046a82f0faf4703523842feb5/analysis/1419449641/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7349-ce14-4d0c-911b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:13.000Z",
            "modified": "2015-09-17T08:01:13.000Z",
            "description": "OnionDuke - Xchecked via VT: 1e200fbb02dc4a51ea3ede0b6d1ff9004f07fe73",
            "pattern": "[file:hashes.SHA256 = '3877a522c924f834e442ef19d9b11ab6d3385849e60d5f310f6320e2d9e42804']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7349-a1d4-4f2e-bdca-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:13.000Z",
            "modified": "2015-09-17T08:01:13.000Z",
            "description": "OnionDuke - Xchecked via VT: 1e200fbb02dc4a51ea3ede0b6d1ff9004f07fe73",
            "pattern": "[file:hashes.MD5 = '9993445521ca03ac3a693625b5ca1f36']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa734a-0b88-4522-ac66-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:14.000Z",
            "modified": "2015-09-17T08:01:14.000Z",
            "first_observed": "2015-09-17T08:01:14Z",
            "last_observed": "2015-09-17T08:01:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa734a-0b88-4522-ac66-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa734a-0b88-4522-ac66-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3877a522c924f834e442ef19d9b11ab6d3385849e60d5f310f6320e2d9e42804/analysis/1430653404/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734a-f168-4f1e-9f49-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:14.000Z",
            "modified": "2015-09-17T08:01:14.000Z",
            "description": "OnionDuke - Xchecked via VT: 16b632b4076a458b6e2087d64a42764d86b5b021",
            "pattern": "[file:hashes.SHA256 = 'ef0fab7757a6b5e842297fa2e0dc7a7ce084278c5d12b878bba7d90759a0e22b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734a-dc40-4a56-959c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:14.000Z",
            "modified": "2015-09-17T08:01:14.000Z",
            "description": "OnionDuke - Xchecked via VT: 16b632b4076a458b6e2087d64a42764d86b5b021",
            "pattern": "[file:hashes.MD5 = 'af534ba7bfc624c76e718ceab3477118']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa734b-0068-4d81-b27d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:15.000Z",
            "modified": "2015-09-17T08:01:15.000Z",
            "first_observed": "2015-09-17T08:01:15Z",
            "last_observed": "2015-09-17T08:01:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa734b-0068-4d81-b27d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa734b-0068-4d81-b27d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ef0fab7757a6b5e842297fa2e0dc7a7ce084278c5d12b878bba7d90759a0e22b/analysis/1423157320/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734b-da08-44a0-a243-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:15.000Z",
            "modified": "2015-09-17T08:01:15.000Z",
            "description": "OnionDuke - Xchecked via VT: 145c5081037fad98fa72aa4d6dc6c193fdb1c127",
            "pattern": "[file:hashes.SHA256 = '930939256e2c2fa30e7260897d96859c08cf767664e4bd3cedf156b6765b5413']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734b-740c-46e3-85de-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:15.000Z",
            "modified": "2015-09-17T08:01:15.000Z",
            "description": "OnionDuke - Xchecked via VT: 145c5081037fad98fa72aa4d6dc6c193fdb1c127",
            "pattern": "[file:hashes.MD5 = 'e1db6b72ec26311b175663b7d88e3c00']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa734c-db6c-4f7d-a37f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:16.000Z",
            "modified": "2015-09-17T08:01:16.000Z",
            "first_observed": "2015-09-17T08:01:16Z",
            "last_observed": "2015-09-17T08:01:16Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa734c-db6c-4f7d-a37f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa734c-db6c-4f7d-a37f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/930939256e2c2fa30e7260897d96859c08cf767664e4bd3cedf156b6765b5413/analysis/1412071961/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734c-37bc-4581-97c5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:16.000Z",
            "modified": "2015-09-17T08:01:16.000Z",
            "description": "OnionDuke - Xchecked via VT: 073faad9c18dbe0e0285b2747eae0c629e56830c",
            "pattern": "[file:hashes.SHA256 = '0474111e44b9aa56d6e6024c6f278e915d57b7862ceb927672fc3417f76a3ba3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734c-2c8c-42ab-829f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:16.000Z",
            "modified": "2015-09-17T08:01:16.000Z",
            "description": "OnionDuke - Xchecked via VT: 073faad9c18dbe0e0285b2747eae0c629e56830c",
            "pattern": "[file:hashes.MD5 = '1aa8a941ec22a3ffe32d079323a2e6c4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa734d-c454-4bf0-b91f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:17.000Z",
            "modified": "2015-09-17T08:01:17.000Z",
            "first_observed": "2015-09-17T08:01:17Z",
            "last_observed": "2015-09-17T08:01:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa734d-c454-4bf0-b91f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa734d-c454-4bf0-b91f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/0474111e44b9aa56d6e6024c6f278e915d57b7862ceb927672fc3417f76a3ba3/analysis/1424914639/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734d-89dc-4c49-82e4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:17.000Z",
            "modified": "2015-09-17T08:01:17.000Z",
            "description": "CozyDuke - Xchecked via VT: f7d47c38eca7ec68aa478c06b1ba983d9bf02e15",
            "pattern": "[file:hashes.SHA256 = '7ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734d-debc-4d21-80d6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:17.000Z",
            "modified": "2015-09-17T08:01:17.000Z",
            "description": "CozyDuke - Xchecked via VT: f7d47c38eca7ec68aa478c06b1ba983d9bf02e15",
            "pattern": "[file:hashes.MD5 = 'a5d6ad8ad82c266fda96e076335a5080']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa734e-f618-4591-aa1d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:18.000Z",
            "modified": "2015-09-17T08:01:18.000Z",
            "first_observed": "2015-09-17T08:01:18Z",
            "last_observed": "2015-09-17T08:01:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa734e-f618-4591-aa1d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa734e-f618-4591-aa1d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261/analysis/1431112501/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734e-26a8-4783-8bce-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:18.000Z",
            "modified": "2015-09-17T08:01:18.000Z",
            "description": "CozyDuke - Xchecked via VT: f33c980d4b6aaab1dc401226ab452ce840ad4f40",
            "pattern": "[file:hashes.SHA256 = '65fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734e-a37c-41e9-bb92-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:18.000Z",
            "modified": "2015-09-17T08:01:18.000Z",
            "description": "CozyDuke - Xchecked via VT: f33c980d4b6aaab1dc401226ab452ce840ad4f40",
            "pattern": "[file:hashes.MD5 = '7f6bca4f08c63e597bed969f5b729c56']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa734f-74f4-4cb9-9d55-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:19.000Z",
            "modified": "2015-09-17T08:01:19.000Z",
            "first_observed": "2015-09-17T08:01:19Z",
            "last_observed": "2015-09-17T08:01:19Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa734f-74f4-4cb9-9d55-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa734f-74f4-4cb9-9d55-d2c4950d210b",
            "value": "https://www.virustotal.com/file/65fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4e/analysis/1441054527/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734f-8360-49bf-bf36-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:19.000Z",
            "modified": "2015-09-17T08:01:19.000Z",
            "description": "CozyDuke - Xchecked via VT: f2ffc4e1d5faec0b7c03a233524bb78e44f0e50b",
            "pattern": "[file:hashes.SHA256 = '8a5d8d103cb175d7dc41932ef9a890997e25dbe15f94ecd2105835fe49779354']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa734f-b6f0-4b4d-8745-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:19.000Z",
            "modified": "2015-09-17T08:01:19.000Z",
            "description": "CozyDuke - Xchecked via VT: f2ffc4e1d5faec0b7c03a233524bb78e44f0e50b",
            "pattern": "[file:hashes.MD5 = '9f65e3b320ec91380ebc28d4fdff4895']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7350-ea20-4ea6-a31f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:20.000Z",
            "modified": "2015-09-17T08:01:20.000Z",
            "first_observed": "2015-09-17T08:01:20Z",
            "last_observed": "2015-09-17T08:01:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7350-ea20-4ea6-a31f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7350-ea20-4ea6-a31f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8a5d8d103cb175d7dc41932ef9a890997e25dbe15f94ecd2105835fe49779354/analysis/1439029247/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7350-4c7c-4049-9b62-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:20.000Z",
            "modified": "2015-09-17T08:01:20.000Z",
            "description": "CozyDuke - Xchecked via VT: eb851adfada7b40fc4f6c0ae348694500f878493",
            "pattern": "[file:hashes.SHA256 = '1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7350-36c0-4444-93ff-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:20.000Z",
            "modified": "2015-09-17T08:01:20.000Z",
            "description": "CozyDuke - Xchecked via VT: eb851adfada7b40fc4f6c0ae348694500f878493",
            "pattern": "[file:hashes.MD5 = 'b5553645fe819a93aafe2894da13dae7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7351-e2cc-4cc2-a825-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:21.000Z",
            "modified": "2015-09-17T08:01:21.000Z",
            "first_observed": "2015-09-17T08:01:21Z",
            "last_observed": "2015-09-17T08:01:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7351-e2cc-4cc2-a825-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7351-e2cc-4cc2-a825-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16/analysis/1431330913/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7351-729c-48de-8a04-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:21.000Z",
            "modified": "2015-09-17T08:01:21.000Z",
            "description": "CozyDuke - Xchecked via VT: ea0cfe60a7b7168c42c0e86e15feb5b0c9674029",
            "pattern": "[file:hashes.SHA256 = 'f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7352-24f0-4b4c-a1eb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:22.000Z",
            "modified": "2015-09-17T08:01:22.000Z",
            "description": "CozyDuke - Xchecked via VT: ea0cfe60a7b7168c42c0e86e15feb5b0c9674029",
            "pattern": "[file:hashes.MD5 = 'eb22b99d44223866e24872d80a4ddefd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7352-17d4-4cba-8fce-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:22.000Z",
            "modified": "2015-09-17T08:01:22.000Z",
            "first_observed": "2015-09-17T08:01:22Z",
            "last_observed": "2015-09-17T08:01:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7352-17d4-4cba-8fce-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7352-17d4-4cba-8fce-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db/analysis/1433440460/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7352-9f68-4dd0-b0c4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:22.000Z",
            "modified": "2015-09-17T08:01:22.000Z",
            "description": "CozyDuke - Xchecked via VT: e99a03ebe3462d2399f1b819f48384f6714dcba1",
            "pattern": "[file:hashes.SHA256 = '099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7353-383c-42c6-a5e2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:23.000Z",
            "modified": "2015-09-17T08:01:23.000Z",
            "description": "CozyDuke - Xchecked via VT: e99a03ebe3462d2399f1b819f48384f6714dcba1",
            "pattern": "[file:hashes.MD5 = '1a262a7bfecd981d7874633f41ea5de8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7353-7254-4497-aebb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:23.000Z",
            "modified": "2015-09-17T08:01:23.000Z",
            "first_observed": "2015-09-17T08:01:23Z",
            "last_observed": "2015-09-17T08:01:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7353-7254-4497-aebb-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7353-7254-4497-aebb-d2c4950d210b",
            "value": "https://www.virustotal.com/file/099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e/analysis/1441054522/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7353-2f00-431d-8022-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:23.000Z",
            "modified": "2015-09-17T08:01:23.000Z",
            "description": "CozyDuke - Xchecked via VT: e78870f3807a89684085d605dcd57a06e7327125",
            "pattern": "[file:hashes.SHA256 = '6eeffe540693418a107db3e7d2d9b72a54b2354aa6886b571272aa41f8cc8e0c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7354-7cf8-4e4b-aa29-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:24.000Z",
            "modified": "2015-09-17T08:01:24.000Z",
            "description": "CozyDuke - Xchecked via VT: e78870f3807a89684085d605dcd57a06e7327125",
            "pattern": "[file:hashes.MD5 = '75457cc94b1d1dfa3f5d1aedc2edb044']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7354-7d40-457e-8519-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:24.000Z",
            "modified": "2015-09-17T08:01:24.000Z",
            "first_observed": "2015-09-17T08:01:24Z",
            "last_observed": "2015-09-17T08:01:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7354-7d40-457e-8519-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7354-7d40-457e-8519-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6eeffe540693418a107db3e7d2d9b72a54b2354aa6886b571272aa41f8cc8e0c/analysis/1426613960/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7354-63bc-49fa-8352-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:24.000Z",
            "modified": "2015-09-17T08:01:24.000Z",
            "description": "CozyDuke - Xchecked via VT: e76da232ec020d133530fdd52ffcc38b7c1d7662",
            "pattern": "[file:hashes.SHA256 = 'f44bead117d2cf34b8e50b81c82fbd1b938b94387cdf84386ace46b1f3b5df1a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7355-aa30-47ea-9a86-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:25.000Z",
            "modified": "2015-09-17T08:01:25.000Z",
            "description": "CozyDuke - Xchecked via VT: e76da232ec020d133530fdd52ffcc38b7c1d7662",
            "pattern": "[file:hashes.MD5 = '62c4ce93050e48d623569c7dcc4d0278']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7355-0738-4d65-8b42-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:25.000Z",
            "modified": "2015-09-17T08:01:25.000Z",
            "first_observed": "2015-09-17T08:01:25Z",
            "last_observed": "2015-09-17T08:01:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7355-0738-4d65-8b42-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7355-0738-4d65-8b42-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f44bead117d2cf34b8e50b81c82fbd1b938b94387cdf84386ace46b1f3b5df1a/analysis/1431729127/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7355-549c-4eec-b051-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:25.000Z",
            "modified": "2015-09-17T08:01:25.000Z",
            "description": "CozyDuke - Xchecked via VT: e0779ac6e5cc76e91fca71efeade2a5d7f099c80",
            "pattern": "[file:hashes.SHA256 = '86056f462d5783604b7f050047db210ecf698e72f3664b27d58265663ff5b324']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7356-b390-4f0d-b33b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:26.000Z",
            "modified": "2015-09-17T08:01:26.000Z",
            "description": "CozyDuke - Xchecked via VT: e0779ac6e5cc76e91fca71efeade2a5d7f099c80",
            "pattern": "[file:hashes.MD5 = '209a4a102a977b698544c99d8236e9ca']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7356-9e30-44ea-b830-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:26.000Z",
            "modified": "2015-09-17T08:01:26.000Z",
            "first_observed": "2015-09-17T08:01:26Z",
            "last_observed": "2015-09-17T08:01:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7356-9e30-44ea-b830-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7356-9e30-44ea-b830-d2c4950d210b",
            "value": "https://www.virustotal.com/file/86056f462d5783604b7f050047db210ecf698e72f3664b27d58265663ff5b324/analysis/1430931560/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7356-d11c-4aa0-afa0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:26.000Z",
            "modified": "2015-09-17T08:01:26.000Z",
            "description": "CozyDuke - Xchecked via VT: dea73f04e52917dc71cc4e9d7592b6317e09a054",
            "pattern": "[file:hashes.SHA256 = '3f0ebe892ab87ea24db172ae96cfc216b591d3967821c9d2581a9e11faccde28']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7357-cde0-44f0-80dd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:27.000Z",
            "modified": "2015-09-17T08:01:27.000Z",
            "description": "CozyDuke - Xchecked via VT: dea73f04e52917dc71cc4e9d7592b6317e09a054",
            "pattern": "[file:hashes.MD5 = '7688be226b946e231e0cd36e6b708d20']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7357-46e4-4cf8-8e85-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:27.000Z",
            "modified": "2015-09-17T08:01:27.000Z",
            "first_observed": "2015-09-17T08:01:27Z",
            "last_observed": "2015-09-17T08:01:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7357-46e4-4cf8-8e85-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7357-46e4-4cf8-8e85-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3f0ebe892ab87ea24db172ae96cfc216b591d3967821c9d2581a9e11faccde28/analysis/1441054527/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7357-5c98-4616-b09c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:27.000Z",
            "modified": "2015-09-17T08:01:27.000Z",
            "description": "CozyDuke - Xchecked via VT: ccf83cd713e0f078697f9e842a06d624f8b9757e",
            "pattern": "[file:hashes.SHA256 = '262dbadca239e5259161130ac9f0f5ef50691fd9dc3e3490b6c0d7b76e7ee34e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7358-b6f8-4630-ad4a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:28.000Z",
            "modified": "2015-09-17T08:01:28.000Z",
            "description": "CozyDuke - Xchecked via VT: ccf83cd713e0f078697f9e842a06d624f8b9757e",
            "pattern": "[file:hashes.MD5 = 'acffb2823fc655637657dcbd25f35af8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7358-c690-447c-909c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:28.000Z",
            "modified": "2015-09-17T08:01:28.000Z",
            "first_observed": "2015-09-17T08:01:28Z",
            "last_observed": "2015-09-17T08:01:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7358-c690-447c-909c-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7358-c690-447c-909c-d2c4950d210b",
            "value": "https://www.virustotal.com/file/262dbadca239e5259161130ac9f0f5ef50691fd9dc3e3490b6c0d7b76e7ee34e/analysis/1439469885/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7358-a960-4139-8f4d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:28.000Z",
            "modified": "2015-09-17T08:01:28.000Z",
            "description": "CozyDuke - Xchecked via VT: c6472898e9085e563cd56baeb6b6e21928c5486d",
            "pattern": "[file:hashes.SHA256 = '9891b5586cede16aa1e1b87380621f68e8956b991cf7675bbe18d2ec61a7522f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7359-1524-47ae-b584-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:29.000Z",
            "modified": "2015-09-17T08:01:29.000Z",
            "description": "CozyDuke - Xchecked via VT: c6472898e9085e563cd56baeb6b6e21928c5486d",
            "pattern": "[file:hashes.MD5 = '98a6484533fa12a9ba6b1bd9df1899dc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7359-6db4-422c-8fd7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:29.000Z",
            "modified": "2015-09-17T08:01:29.000Z",
            "first_observed": "2015-09-17T08:01:29Z",
            "last_observed": "2015-09-17T08:01:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7359-6db4-422c-8fd7-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7359-6db4-422c-8fd7-d2c4950d210b",
            "value": "https://www.virustotal.com/file/9891b5586cede16aa1e1b87380621f68e8956b991cf7675bbe18d2ec61a7522f/analysis/1430909955/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7359-62d0-454d-aae8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:29.000Z",
            "modified": "2015-09-17T08:01:29.000Z",
            "description": "CozyDuke - Xchecked via VT: c3d8a548fa0525e1e55aa592e14303fc6964d28d",
            "pattern": "[file:hashes.SHA256 = '2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735a-2f10-466d-bac7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:30.000Z",
            "modified": "2015-09-17T08:01:30.000Z",
            "description": "CozyDuke - Xchecked via VT: c3d8a548fa0525e1e55aa592e14303fc6964d28d",
            "pattern": "[file:hashes.MD5 = 'f16dff8ec8702518471f637eb5313ab2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa735a-7e78-485c-b2e5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:30.000Z",
            "modified": "2015-09-17T08:01:30.000Z",
            "first_observed": "2015-09-17T08:01:30Z",
            "last_observed": "2015-09-17T08:01:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa735a-7e78-485c-b2e5-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa735a-7e78-485c-b2e5-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541/analysis/1441054532/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735a-cde0-4066-8cf3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:30.000Z",
            "modified": "2015-09-17T08:01:30.000Z",
            "description": "CozyDuke - Xchecked via VT: bf9d3a45273608caf90084c1157de2074322a230",
            "pattern": "[file:hashes.SHA256 = '3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735b-cb34-457b-9660-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:31.000Z",
            "modified": "2015-09-17T08:01:31.000Z",
            "description": "CozyDuke - Xchecked via VT: bf9d3a45273608caf90084c1157de2074322a230",
            "pattern": "[file:hashes.MD5 = '43c012086c1ae0a67c38b0926d6cba3f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa735b-2818-4672-ad8f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:31.000Z",
            "modified": "2015-09-17T08:01:31.000Z",
            "first_observed": "2015-09-17T08:01:31Z",
            "last_observed": "2015-09-17T08:01:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa735b-2818-4672-ad8f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa735b-2818-4672-ad8f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d/analysis/1434015494/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735c-be10-40b3-881d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:31.000Z",
            "modified": "2015-09-17T08:01:31.000Z",
            "description": "CozyDuke - Xchecked via VT: bf265227f9a8e22ea1c0035ac4d2449ceed43e2b",
            "pattern": "[file:hashes.SHA256 = '418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735c-f83c-4624-a273-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:32.000Z",
            "modified": "2015-09-17T08:01:32.000Z",
            "description": "CozyDuke - Xchecked via VT: bf265227f9a8e22ea1c0035ac4d2449ceed43e2b",
            "pattern": "[file:hashes.MD5 = '1dde02ff744fa4e261168e2008fd613a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa735c-e128-4a6f-8b54-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:32.000Z",
            "modified": "2015-09-17T08:01:32.000Z",
            "first_observed": "2015-09-17T08:01:32Z",
            "last_observed": "2015-09-17T08:01:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa735c-e128-4a6f-8b54-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa735c-e128-4a6f-8b54-d2c4950d210b",
            "value": "https://www.virustotal.com/file/418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda/analysis/1429791905/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735d-5c24-424e-af5c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:33.000Z",
            "modified": "2015-09-17T08:01:33.000Z",
            "description": "CozyDuke - Xchecked via VT: bdd2bae83c3bab9ba0c199492fe57e70c6425dd3",
            "pattern": "[file:hashes.SHA256 = '4bcb2a5d99297b30f8ff00e08cf7330d5e2f69fc602bb317bf8e9f703a137a99']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735d-2500-4df5-8e0e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:33.000Z",
            "modified": "2015-09-17T08:01:33.000Z",
            "description": "CozyDuke - Xchecked via VT: bdd2bae83c3bab9ba0c199492fe57e70c6425dd3",
            "pattern": "[file:hashes.MD5 = '416db420e781c709bb71acee0b79282f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa735d-886c-4bc8-829d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:33.000Z",
            "modified": "2015-09-17T08:01:33.000Z",
            "first_observed": "2015-09-17T08:01:33Z",
            "last_observed": "2015-09-17T08:01:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa735d-886c-4bc8-829d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa735d-886c-4bc8-829d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4bcb2a5d99297b30f8ff00e08cf7330d5e2f69fc602bb317bf8e9f703a137a99/analysis/1434008236/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735e-8d9c-4e79-8c0e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:34.000Z",
            "modified": "2015-09-17T08:01:34.000Z",
            "description": "CozyDuke - Xchecked via VT: b65aa8590a1bac52a85dbd1ea091fc586f6ab00a",
            "pattern": "[file:hashes.SHA256 = '036c5c0075d67f67fee546321f5b9c4f00d37aa9249ffe1627e71946bad4a3d1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735e-46bc-41f9-92a3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:34.000Z",
            "modified": "2015-09-17T08:01:34.000Z",
            "description": "CozyDuke - Xchecked via VT: b65aa8590a1bac52a85dbd1ea091fc586f6ab00a",
            "pattern": "[file:hashes.MD5 = 'f2b05e6b01be3b6cb14e9068e7a66fc1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa735e-f7e8-4d12-8f9b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:34.000Z",
            "modified": "2015-09-17T08:01:34.000Z",
            "first_observed": "2015-09-17T08:01:34Z",
            "last_observed": "2015-09-17T08:01:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa735e-f7e8-4d12-8f9b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa735e-f7e8-4d12-8f9b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/036c5c0075d67f67fee546321f5b9c4f00d37aa9249ffe1627e71946bad4a3d1/analysis/1429656117/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735f-1510-4a03-bf1d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:35.000Z",
            "modified": "2015-09-17T08:01:35.000Z",
            "description": "CozyDuke - Xchecked via VT: 9b56155b82f14000f0ec027f29ff20e6ae5205c2",
            "pattern": "[file:hashes.SHA256 = '7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa735f-2978-4272-baea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:35.000Z",
            "modified": "2015-09-17T08:01:35.000Z",
            "description": "CozyDuke - Xchecked via VT: 9b56155b82f14000f0ec027f29ff20e6ae5205c2",
            "pattern": "[file:hashes.MD5 = '9ad55b83f2eec0c19873a770b0c86a2f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa735f-c388-4073-9b25-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:35.000Z",
            "modified": "2015-09-17T08:01:35.000Z",
            "first_observed": "2015-09-17T08:01:35Z",
            "last_observed": "2015-09-17T08:01:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa735f-c388-4073-9b25-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa735f-c388-4073-9b25-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522/analysis/1441054529/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7360-2514-43cd-9dfd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:36.000Z",
            "modified": "2015-09-17T08:01:36.000Z",
            "description": "CozyDuke - Xchecked via VT: 93ee1c714fad9cc1bf2cba19f3de9d1e83c665e2",
            "pattern": "[file:hashes.SHA256 = 'ac4ffc7a2ba8840a20f6b07aa44328f1802b79ced6a56b3ac7e78fa1178ba65a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7360-6854-4525-80d8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:36.000Z",
            "modified": "2015-09-17T08:01:36.000Z",
            "description": "CozyDuke - Xchecked via VT: 93ee1c714fad9cc1bf2cba19f3de9d1e83c665e2",
            "pattern": "[file:hashes.MD5 = 'f02da961eb7b87b41aee5fd9537022f0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7360-cd94-4a41-bc49-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:36.000Z",
            "modified": "2015-09-17T08:01:36.000Z",
            "first_observed": "2015-09-17T08:01:36Z",
            "last_observed": "2015-09-17T08:01:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7360-cd94-4a41-bc49-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7360-cd94-4a41-bc49-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ac4ffc7a2ba8840a20f6b07aa44328f1802b79ced6a56b3ac7e78fa1178ba65a/analysis/1430074857/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7361-c8f0-44e0-b02a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:37.000Z",
            "modified": "2015-09-17T08:01:37.000Z",
            "description": "CozyDuke - Xchecked via VT: 93d53be2c3e7961bc01e0bfa5065a2390305268c",
            "pattern": "[file:hashes.SHA256 = 'ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7361-ed68-44fc-88f4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:37.000Z",
            "modified": "2015-09-17T08:01:37.000Z",
            "description": "CozyDuke - Xchecked via VT: 93d53be2c3e7961bc01e0bfa5065a2390305268c",
            "pattern": "[file:hashes.MD5 = '90bd910ee161b71c7a37ac642f910059']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7361-2e20-4565-b91b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:37.000Z",
            "modified": "2015-09-17T08:01:37.000Z",
            "first_observed": "2015-09-17T08:01:37Z",
            "last_observed": "2015-09-17T08:01:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7361-2e20-4565-b91b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7361-2e20-4565-b91b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf/analysis/1429717494/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7362-6a9c-4e52-9d8c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:38.000Z",
            "modified": "2015-09-17T08:01:38.000Z",
            "description": "CozyDuke - Xchecked via VT: 8c3ed0bbdc77aec299c77f666c21659840f5ce23",
            "pattern": "[file:hashes.SHA256 = '18c0b02776487babbf6219cdaf97cbf2b534e0cf87a527228dda2d4a468a257f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7362-bfe4-43a2-99f8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:38.000Z",
            "modified": "2015-09-17T08:01:38.000Z",
            "description": "CozyDuke - Xchecked via VT: 8c3ed0bbdc77aec299c77f666c21659840f5ce23",
            "pattern": "[file:hashes.MD5 = 'e8510a7ae4919a3fcedad985fbbca352']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7362-60dc-4a12-b87c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:38.000Z",
            "modified": "2015-09-17T08:01:38.000Z",
            "first_observed": "2015-09-17T08:01:38Z",
            "last_observed": "2015-09-17T08:01:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7362-60dc-4a12-b87c-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7362-60dc-4a12-b87c-d2c4950d210b",
            "value": "https://www.virustotal.com/file/18c0b02776487babbf6219cdaf97cbf2b534e0cf87a527228dda2d4a468a257f/analysis/1433413270/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7363-ac40-4996-8e64-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:39.000Z",
            "modified": "2015-09-17T08:01:39.000Z",
            "description": "CozyDuke - Xchecked via VT: 8b357ff017df3ed882b278d0dbbdf129235d123d",
            "pattern": "[file:hashes.SHA256 = '01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7363-8d10-4640-ba6e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:39.000Z",
            "modified": "2015-09-17T08:01:39.000Z",
            "description": "CozyDuke - Xchecked via VT: 8b357ff017df3ed882b278d0dbbdf129235d123d",
            "pattern": "[file:hashes.MD5 = '3d3363598f87c78826c859077606e514']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7363-2cb0-4e84-9b97-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:39.000Z",
            "modified": "2015-09-17T08:01:39.000Z",
            "first_observed": "2015-09-17T08:01:39Z",
            "last_observed": "2015-09-17T08:01:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7363-2cb0-4e84-9b97-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7363-2cb0-4e84-9b97-d2c4950d210b",
            "value": "https://www.virustotal.com/file/01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9/analysis/1432194438/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7364-4d24-42af-aac6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:40.000Z",
            "modified": "2015-09-17T08:01:40.000Z",
            "description": "CozyDuke - Xchecked via VT: 87668d14910c1e1bb8bbea0c6363f76e664dcd09",
            "pattern": "[file:hashes.SHA256 = '30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7364-90d4-4bbe-a3ed-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:40.000Z",
            "modified": "2015-09-17T08:01:40.000Z",
            "description": "CozyDuke - Xchecked via VT: 87668d14910c1e1bb8bbea0c6363f76e664dcd09",
            "pattern": "[file:hashes.MD5 = 'f58a4369b8176edbde4396dc977c9008']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7364-c978-431e-8049-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:40.000Z",
            "modified": "2015-09-17T08:01:40.000Z",
            "first_observed": "2015-09-17T08:01:40Z",
            "last_observed": "2015-09-17T08:01:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7364-c978-431e-8049-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7364-c978-431e-8049-d2c4950d210b",
            "value": "https://www.virustotal.com/file/30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73/analysis/1441054534/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7365-4a20-455b-81f1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:41.000Z",
            "modified": "2015-09-17T08:01:41.000Z",
            "description": "CozyDuke - Xchecked via VT: 8099a40b9ef478ee50c466eb65fe71b247fcf014",
            "pattern": "[file:hashes.SHA256 = '1233cca912fb61873c7388f299a4a1b78054e681941beb31f0a48f8c6d7a182b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7365-324c-4269-8f0a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:41.000Z",
            "modified": "2015-09-17T08:01:41.000Z",
            "description": "CozyDuke - Xchecked via VT: 8099a40b9ef478ee50c466eb65fe71b247fcf014",
            "pattern": "[file:hashes.MD5 = '8670710bc9477431a01a576b6b5c1b2a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7366-35dc-4255-a703-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:42.000Z",
            "modified": "2015-09-17T08:01:42.000Z",
            "first_observed": "2015-09-17T08:01:42Z",
            "last_observed": "2015-09-17T08:01:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7366-35dc-4255-a703-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7366-35dc-4255-a703-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1233cca912fb61873c7388f299a4a1b78054e681941beb31f0a48f8c6d7a182b/analysis/1430490754/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7366-5f6c-414a-a538-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:42.000Z",
            "modified": "2015-09-17T08:01:42.000Z",
            "description": "CozyDuke - Xchecked via VT: 7e9eb570ef07b793828c28ca3f84177e1ab76e14",
            "pattern": "[file:hashes.SHA256 = 'f6d52c5608931cdf66d71502fcf012b6781edde64ba1f956c1868f7e36d8c8d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7366-32a4-4c07-8592-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:42.000Z",
            "modified": "2015-09-17T08:01:42.000Z",
            "description": "CozyDuke - Xchecked via VT: 7e9eb570ef07b793828c28ca3f84177e1ab76e14",
            "pattern": "[file:hashes.MD5 = 'ac7a22d1af180c21b0061b8d512586d3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7367-9554-4d1b-93de-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:43.000Z",
            "modified": "2015-09-17T08:01:43.000Z",
            "first_observed": "2015-09-17T08:01:43Z",
            "last_observed": "2015-09-17T08:01:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7367-9554-4d1b-93de-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7367-9554-4d1b-93de-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f6d52c5608931cdf66d71502fcf012b6781edde64ba1f956c1868f7e36d8c8d2/analysis/1415560967/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7367-c020-4ee2-a3e9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:43.000Z",
            "modified": "2015-09-17T08:01:43.000Z",
            "description": "CozyDuke - Xchecked via VT: 78e9960cc5819583fb98fb619b33bff7768ee861",
            "pattern": "[file:hashes.SHA256 = 'a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7367-c800-4ee9-8ad7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:43.000Z",
            "modified": "2015-09-17T08:01:43.000Z",
            "description": "CozyDuke - Xchecked via VT: 78e9960cc5819583fb98fb619b33bff7768ee861",
            "pattern": "[file:hashes.MD5 = '181a88c911b10d0fcb4682ae552c0de3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7368-d2c4-47c6-ae41-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:44.000Z",
            "modified": "2015-09-17T08:01:44.000Z",
            "first_observed": "2015-09-17T08:01:44Z",
            "last_observed": "2015-09-17T08:01:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7368-d2c4-47c6-ae41-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7368-d2c4-47c6-ae41-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41/analysis/1434398539/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7368-2e9c-4123-b91c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:44.000Z",
            "modified": "2015-09-17T08:01:44.000Z",
            "description": "CozyDuke - Xchecked via VT: 6e00b86a2480abc6dbd971c0bf6495d81ed1b629",
            "pattern": "[file:hashes.SHA256 = '12e1139ef422c2c0884fb5b1786a8489c1769a96880a30406e4a28b76ea4a73a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7368-ce3c-43de-b73d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:44.000Z",
            "modified": "2015-09-17T08:01:44.000Z",
            "description": "CozyDuke - Xchecked via VT: 6e00b86a2480abc6dbd971c0bf6495d81ed1b629",
            "pattern": "[file:hashes.MD5 = '556b9eca4a85f52e2f3176c306e18661']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7369-2528-4e18-95bd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:45.000Z",
            "modified": "2015-09-17T08:01:45.000Z",
            "first_observed": "2015-09-17T08:01:45Z",
            "last_observed": "2015-09-17T08:01:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7369-2528-4e18-95bd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7369-2528-4e18-95bd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/12e1139ef422c2c0884fb5b1786a8489c1769a96880a30406e4a28b76ea4a73a/analysis/1439469306/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7369-0cfc-472d-a828-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:45.000Z",
            "modified": "2015-09-17T08:01:45.000Z",
            "description": "CozyDuke - Xchecked via VT: 6b0721a9ced806076f84e828d9c65504a77d106c",
            "pattern": "[file:hashes.SHA256 = 'bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7369-27b4-479e-b311-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:45.000Z",
            "modified": "2015-09-17T08:01:45.000Z",
            "description": "CozyDuke - Xchecked via VT: 6b0721a9ced806076f84e828d9c65504a77d106c",
            "pattern": "[file:hashes.MD5 = '57a1f0658712ee7b3a724b6d07e97259']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa736a-50f8-4fdd-88b0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:46.000Z",
            "modified": "2015-09-17T08:01:46.000Z",
            "first_observed": "2015-09-17T08:01:46Z",
            "last_observed": "2015-09-17T08:01:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa736a-50f8-4fdd-88b0-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa736a-50f8-4fdd-88b0-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b/analysis/1441054525/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736a-adf8-4881-be4d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:46.000Z",
            "modified": "2015-09-17T08:01:46.000Z",
            "description": "CozyDuke - Xchecked via VT: 543783df44459a3878ad00ecae47ff077f5efd7b",
            "pattern": "[file:hashes.SHA256 = '70ae2363191e8b20d1773ecc73afc2b9a5dd8247c7b97eecfd1378f3e7aabf92']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736a-97c4-4a70-a10d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:46.000Z",
            "modified": "2015-09-17T08:01:46.000Z",
            "description": "CozyDuke - Xchecked via VT: 543783df44459a3878ad00ecae47ff077f5efd7b",
            "pattern": "[file:hashes.MD5 = 'd5a82520ebf38a0c595367ff0ca89fae']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa736b-8e08-4737-bb46-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:47.000Z",
            "modified": "2015-09-17T08:01:47.000Z",
            "first_observed": "2015-09-17T08:01:47Z",
            "last_observed": "2015-09-17T08:01:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa736b-8e08-4737-bb46-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa736b-8e08-4737-bb46-d2c4950d210b",
            "value": "https://www.virustotal.com/file/70ae2363191e8b20d1773ecc73afc2b9a5dd8247c7b97eecfd1378f3e7aabf92/analysis/1429795219/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736b-a274-48c8-b512-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:47.000Z",
            "modified": "2015-09-17T08:01:47.000Z",
            "description": "CozyDuke - Xchecked via VT: 5150174a4d5e5bb0bccc568e82dbb86406487510",
            "pattern": "[file:hashes.SHA256 = '89996b66d5a339939b2072d29675ec3ca6d793f42a5d335a8ea7dab8773321ef']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736b-af98-4c31-86db-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:47.000Z",
            "modified": "2015-09-17T08:01:47.000Z",
            "description": "CozyDuke - Xchecked via VT: 5150174a4d5e5bb0bccc568e82dbb86406487510",
            "pattern": "[file:hashes.MD5 = '2ef51f1ca11ce73fa20b54a5886ad1dd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa736c-8dc8-4256-9452-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:48.000Z",
            "modified": "2015-09-17T08:01:48.000Z",
            "first_observed": "2015-09-17T08:01:48Z",
            "last_observed": "2015-09-17T08:01:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa736c-8dc8-4256-9452-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa736c-8dc8-4256-9452-d2c4950d210b",
            "value": "https://www.virustotal.com/file/89996b66d5a339939b2072d29675ec3ca6d793f42a5d335a8ea7dab8773321ef/analysis/1429717514/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736c-ffd0-4d95-a5a3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:48.000Z",
            "modified": "2015-09-17T08:01:48.000Z",
            "description": "CozyDuke - Xchecked via VT: 49fb759d133eeaab3fcc78cec64418e44ed649ab",
            "pattern": "[file:hashes.SHA256 = 'bc7bcb663477238508ce8ad366cc9a77811c7f5eabaec47175858fe972639f40']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736c-a7ec-468d-acbd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:48.000Z",
            "modified": "2015-09-17T08:01:48.000Z",
            "description": "CozyDuke - Xchecked via VT: 49fb759d133eeaab3fcc78cec64418e44ed649ab",
            "pattern": "[file:hashes.MD5 = '08709ef0e3d467ce843af4deb77d74d5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa736d-f504-498a-8b73-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:49.000Z",
            "modified": "2015-09-17T08:01:49.000Z",
            "first_observed": "2015-09-17T08:01:49Z",
            "last_observed": "2015-09-17T08:01:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa736d-f504-498a-8b73-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa736d-f504-498a-8b73-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bc7bcb663477238508ce8ad366cc9a77811c7f5eabaec47175858fe972639f40/analysis/1429717510/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736d-89e4-4784-98ef-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:49.000Z",
            "modified": "2015-09-17T08:01:49.000Z",
            "description": "CozyDuke - Xchecked via VT: 482d1624f9450ca1c99926ceec2606260e7ce544",
            "pattern": "[file:hashes.SHA256 = 'f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736d-2adc-4205-9734-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:49.000Z",
            "modified": "2015-09-17T08:01:49.000Z",
            "description": "CozyDuke - Xchecked via VT: 482d1624f9450ca1c99926ceec2606260e7ce544",
            "pattern": "[file:hashes.MD5 = 'fd8e27f820bdbdf6cb80a46c67fd978a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa736e-a070-4948-84ab-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:50.000Z",
            "modified": "2015-09-17T08:01:50.000Z",
            "first_observed": "2015-09-17T08:01:50Z",
            "last_observed": "2015-09-17T08:01:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa736e-a070-4948-84ab-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa736e-a070-4948-84ab-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039/analysis/1442083606/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736e-d1ec-4c8c-b26e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:50.000Z",
            "modified": "2015-09-17T08:01:50.000Z",
            "description": "CozyDuke - Xchecked via VT: 446daabb7ac2b9f11dc1267fbd192628cc2bac19",
            "pattern": "[file:hashes.SHA256 = 'dc70d3046b59785b2b9b7091e26f2484ba7a488dba420a8a05be388a337c399e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736e-021c-431b-b987-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:50.000Z",
            "modified": "2015-09-17T08:01:50.000Z",
            "description": "CozyDuke - Xchecked via VT: 446daabb7ac2b9f11dc1267fbd192628cc2bac19",
            "pattern": "[file:hashes.MD5 = '91aaf47843a34a9d8d1bb715a6d4acec']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa736f-8470-4156-af93-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:51.000Z",
            "modified": "2015-09-17T08:01:51.000Z",
            "first_observed": "2015-09-17T08:01:51Z",
            "last_observed": "2015-09-17T08:01:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa736f-8470-4156-af93-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa736f-8470-4156-af93-d2c4950d210b",
            "value": "https://www.virustotal.com/file/dc70d3046b59785b2b9b7091e26f2484ba7a488dba420a8a05be388a337c399e/analysis/1432202334/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa736f-0d4c-44dd-999d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:51.000Z",
            "modified": "2015-09-17T08:01:51.000Z",
            "description": "CozyDuke - Xchecked via VT: 32b0c8c46f8baaba0159967c5602f58dd73ebde9",
            "pattern": "[file:hashes.SHA256 = 'c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7370-cd4c-43e9-9f57-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:51.000Z",
            "modified": "2015-09-17T08:01:51.000Z",
            "description": "CozyDuke - Xchecked via VT: 32b0c8c46f8baaba0159967c5602f58dd73ebde9",
            "pattern": "[file:hashes.MD5 = '0e0182694c381f8b68afc5f3ff4c4653']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7370-fbb4-494c-8e01-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:52.000Z",
            "modified": "2015-09-17T08:01:52.000Z",
            "first_observed": "2015-09-17T08:01:52Z",
            "last_observed": "2015-09-17T08:01:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7370-fbb4-494c-8e01-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7370-fbb4-494c-8e01-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be/analysis/1439029144/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7370-6a90-40ec-bab2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:52.000Z",
            "modified": "2015-09-17T08:01:52.000Z",
            "description": "CozyDuke - Xchecked via VT: 25b6c73124f11f70474f2687ad1de407343ac025",
            "pattern": "[file:hashes.SHA256 = 'd469000ca9e6af92876334e3a460ea4ac8a61c1a6ee819eefbfd0c79ea4fb315']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7371-d4c4-4cb1-9e83-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:53.000Z",
            "modified": "2015-09-17T08:01:53.000Z",
            "description": "CozyDuke - Xchecked via VT: 25b6c73124f11f70474f2687ad1de407343ac025",
            "pattern": "[file:hashes.MD5 = '6332176672744320e9fee2117b059193']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7371-98f8-41bb-a79e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:53.000Z",
            "modified": "2015-09-17T08:01:53.000Z",
            "first_observed": "2015-09-17T08:01:53Z",
            "last_observed": "2015-09-17T08:01:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7371-98f8-41bb-a79e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7371-98f8-41bb-a79e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/d469000ca9e6af92876334e3a460ea4ac8a61c1a6ee819eefbfd0c79ea4fb315/analysis/1413342126/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7371-fc98-4687-a99d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:53.000Z",
            "modified": "2015-09-17T08:01:53.000Z",
            "description": "CozyDuke - Xchecked via VT: 23e20c523b9970686d913360d438c88e6067c157",
            "pattern": "[file:hashes.SHA256 = '5f827730c7bd155997121f023ca9775077a37a58111738fcb3213757170bd860']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7372-3d0c-4209-b075-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:54.000Z",
            "modified": "2015-09-17T08:01:54.000Z",
            "description": "CozyDuke - Xchecked via VT: 23e20c523b9970686d913360d438c88e6067c157",
            "pattern": "[file:hashes.MD5 = 'f0a6436ffee12558a434a0fc24b3b33f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7372-6660-437e-8e43-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:54.000Z",
            "modified": "2015-09-17T08:01:54.000Z",
            "first_observed": "2015-09-17T08:01:54Z",
            "last_observed": "2015-09-17T08:01:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7372-6660-437e-8e43-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7372-6660-437e-8e43-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5f827730c7bd155997121f023ca9775077a37a58111738fcb3213757170bd860/analysis/1434050550/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7372-7fd8-4be2-8d0f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:54.000Z",
            "modified": "2015-09-17T08:01:54.000Z",
            "description": "CozyDuke - Xchecked via VT: 207be5648c0a2e48be98dc4dc1d5d16944189219",
            "pattern": "[file:hashes.SHA256 = 'b9ea2cc39808780ade1fe51287072e958448be7e3a7b32bfd48438453592018c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7373-4ee8-469e-a665-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:55.000Z",
            "modified": "2015-09-17T08:01:55.000Z",
            "description": "CozyDuke - Xchecked via VT: 207be5648c0a2e48be98dc4dc1d5d16944189219",
            "pattern": "[file:hashes.MD5 = '14d779777af6eb7c556ae338b462c48d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7373-5938-4f63-aeb7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:55.000Z",
            "modified": "2015-09-17T08:01:55.000Z",
            "first_observed": "2015-09-17T08:01:55Z",
            "last_observed": "2015-09-17T08:01:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7373-5938-4f63-aeb7-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7373-5938-4f63-aeb7-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b9ea2cc39808780ade1fe51287072e958448be7e3a7b32bfd48438453592018c/analysis/1432892714/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7373-99d4-42bd-8893-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:55.000Z",
            "modified": "2015-09-17T08:01:55.000Z",
            "description": "CozyDuke - Xchecked via VT: 1e5f6a5624a9e5472d547b8aa54c6d146813f91d",
            "pattern": "[file:hashes.SHA256 = 'b9c996b06e0db273a4edede3fd6fda2b40b2e0201eba3e8ac581d802fc610a4a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7374-b1a8-43a9-878f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:56.000Z",
            "modified": "2015-09-17T08:01:56.000Z",
            "description": "CozyDuke - Xchecked via VT: 1e5f6a5624a9e5472d547b8aa54c6d146813f91d",
            "pattern": "[file:hashes.MD5 = 'bd52b2a371ff397c90b891b7a4f04c66']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7374-4bb0-4761-96c9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:56.000Z",
            "modified": "2015-09-17T08:01:56.000Z",
            "first_observed": "2015-09-17T08:01:56Z",
            "last_observed": "2015-09-17T08:01:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7374-4bb0-4761-96c9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7374-4bb0-4761-96c9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b9c996b06e0db273a4edede3fd6fda2b40b2e0201eba3e8ac581d802fc610a4a/analysis/1430865425/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7374-ed90-4aee-af65-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:56.000Z",
            "modified": "2015-09-17T08:01:56.000Z",
            "description": "CozyDuke - Xchecked via VT: 0e020c03fffabc6d20eca67f559c46b4939bb4f4",
            "pattern": "[file:hashes.SHA256 = 'fdd7e8582ef8d7a23f269653435582cfe924ca9b2db34af63af5e57d1f3e09c2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7375-1e68-4a99-8eeb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:57.000Z",
            "modified": "2015-09-17T08:01:57.000Z",
            "description": "CozyDuke - Xchecked via VT: 0e020c03fffabc6d20eca67f559c46b4939bb4f4",
            "pattern": "[file:hashes.MD5 = '83f57f0116a3b3d69ef7b1dbe9943801']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7375-6bb0-4bf0-b6f2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:57.000Z",
            "modified": "2015-09-17T08:01:57.000Z",
            "first_observed": "2015-09-17T08:01:57Z",
            "last_observed": "2015-09-17T08:01:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7375-6bb0-4bf0-b6f2-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7375-6bb0-4bf0-b6f2-d2c4950d210b",
            "value": "https://www.virustotal.com/file/fdd7e8582ef8d7a23f269653435582cfe924ca9b2db34af63af5e57d1f3e09c2/analysis/1439469606/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7375-ce74-484a-9ea7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:57.000Z",
            "modified": "2015-09-17T08:01:57.000Z",
            "description": "CozyDuke - Xchecked via VT: 04aefbf1527536159d72d20dea907cbd080793e3",
            "pattern": "[file:hashes.SHA256 = '4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7376-b154-4e3d-9fd1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:58.000Z",
            "modified": "2015-09-17T08:01:58.000Z",
            "description": "CozyDuke - Xchecked via VT: 04aefbf1527536159d72d20dea907cbd080793e3",
            "pattern": "[file:hashes.MD5 = '1a42acbdb285a7fba17f95068822ea4e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7376-0830-4685-8aad-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:58.000Z",
            "modified": "2015-09-17T08:01:58.000Z",
            "first_observed": "2015-09-17T08:01:58Z",
            "last_observed": "2015-09-17T08:01:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7376-0830-4685-8aad-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7376-0830-4685-8aad-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8/analysis/1439468827/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7376-d518-4e52-8c1a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:58.000Z",
            "modified": "2015-09-17T08:01:58.000Z",
            "description": "CozyDuke - Xchecked via VT: 01d3973e1bb46e2b75034736991c567862a11263",
            "pattern": "[file:hashes.SHA256 = '637cabc343e3ed5b447dccb13aa7caf4d3a3eb3cd617d360167f270ec34596ea']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7377-9104-409c-9a4e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:59.000Z",
            "modified": "2015-09-17T08:01:59.000Z",
            "description": "CozyDuke - Xchecked via VT: 01d3973e1bb46e2b75034736991c567862a11263",
            "pattern": "[file:hashes.MD5 = '5b4250a6bb4c6915ce962d489ee912d6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7377-6d5c-4d1e-83ea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:59.000Z",
            "modified": "2015-09-17T08:01:59.000Z",
            "first_observed": "2015-09-17T08:01:59Z",
            "last_observed": "2015-09-17T08:01:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7377-6d5c-4d1e-83ea-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7377-6d5c-4d1e-83ea-d2c4950d210b",
            "value": "https://www.virustotal.com/file/637cabc343e3ed5b447dccb13aa7caf4d3a3eb3cd617d360167f270ec34596ea/analysis/1432309916/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7377-8e6c-484c-935c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:01:59.000Z",
            "modified": "2015-09-17T08:01:59.000Z",
            "description": "MiniDuke - Xchecked via VT: f62600984c5086f2da3d70bc1f5042cf464f928d",
            "pattern": "[file:hashes.SHA256 = '13a50942322977d6471f71debc6d3db38807d88778366bae6cfcae45823a17f8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:01:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7378-6e88-4b51-bd83-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:00.000Z",
            "modified": "2015-09-17T08:02:00.000Z",
            "description": "MiniDuke - Xchecked via VT: f62600984c5086f2da3d70bc1f5042cf464f928d",
            "pattern": "[file:hashes.MD5 = '381691b297f7f5694709e21ad61ec645']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7378-2380-41da-bfb4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:00.000Z",
            "modified": "2015-09-17T08:02:00.000Z",
            "first_observed": "2015-09-17T08:02:00Z",
            "last_observed": "2015-09-17T08:02:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7378-2380-41da-bfb4-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7378-2380-41da-bfb4-d2c4950d210b",
            "value": "https://www.virustotal.com/file/13a50942322977d6471f71debc6d3db38807d88778366bae6cfcae45823a17f8/analysis/1366727882/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7378-6bc4-4522-91b0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:00.000Z",
            "modified": "2015-09-17T08:02:00.000Z",
            "description": "MiniDuke - Xchecked via VT: efcb9be7bf162980187237bcb50f4da2d55430c2",
            "pattern": "[file:hashes.SHA256 = 'a962ea9027514712ba3949dc3ca54559d1d42e116837dda5f9809d6523a41255']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7379-b4b4-4941-aec5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:01.000Z",
            "modified": "2015-09-17T08:02:01.000Z",
            "description": "MiniDuke - Xchecked via VT: efcb9be7bf162980187237bcb50f4da2d55430c2",
            "pattern": "[file:hashes.MD5 = '935892bb70d954efdc5ee1b0c5f97184']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7379-88ec-449a-854e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:01.000Z",
            "modified": "2015-09-17T08:02:01.000Z",
            "first_observed": "2015-09-17T08:02:01Z",
            "last_observed": "2015-09-17T08:02:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7379-88ec-449a-854e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7379-88ec-449a-854e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a962ea9027514712ba3949dc3ca54559d1d42e116837dda5f9809d6523a41255/analysis/1366727899/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7379-36f8-4ca0-93f9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:01.000Z",
            "modified": "2015-09-17T08:02:01.000Z",
            "description": "MiniDuke - Xchecked via VT: edf74413a6e2763147184b5e1b8732537a854365",
            "pattern": "[file:hashes.SHA256 = 'fe2672737205351df003e1969ef1ef0df9e13a9a31bf77f844236857ed0b0bf5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737a-7184-4f5a-81fb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:02.000Z",
            "modified": "2015-09-17T08:02:02.000Z",
            "description": "MiniDuke - Xchecked via VT: edf74413a6e2763147184b5e1b8732537a854365",
            "pattern": "[file:hashes.MD5 = '8282eb6d6f20c5de6e7f4ae3a42438d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa737a-651c-461b-9cc9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:02.000Z",
            "modified": "2015-09-17T08:02:02.000Z",
            "first_observed": "2015-09-17T08:02:02Z",
            "last_observed": "2015-09-17T08:02:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa737a-651c-461b-9cc9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa737a-651c-461b-9cc9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/fe2672737205351df003e1969ef1ef0df9e13a9a31bf77f844236857ed0b0bf5/analysis/1366727864/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737b-81d8-4f77-97f2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:03.000Z",
            "modified": "2015-09-17T08:02:03.000Z",
            "description": "MiniDuke - Xchecked via VT: e95e2c166be39a4d9cd671531b376b1a8ceb4a55",
            "pattern": "[file:hashes.SHA256 = 'f2ede48413704b3efc4d629d3db1a1331352a0afb0d91683640dc4b4af2921d1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737b-9684-440a-9c87-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:03.000Z",
            "modified": "2015-09-17T08:02:03.000Z",
            "description": "MiniDuke - Xchecked via VT: e95e2c166be39a4d9cd671531b376b1a8ceb4a55",
            "pattern": "[file:hashes.MD5 = 'f78f1359fcf04e89e3bb0fbdf74c1e05']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa737b-1eac-469b-8535-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:03.000Z",
            "modified": "2015-09-17T08:02:03.000Z",
            "first_observed": "2015-09-17T08:02:03Z",
            "last_observed": "2015-09-17T08:02:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa737b-1eac-469b-8535-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa737b-1eac-469b-8535-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f2ede48413704b3efc4d629d3db1a1331352a0afb0d91683640dc4b4af2921d1/analysis/1416199868/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737c-ff88-43e9-96a2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:04.000Z",
            "modified": "2015-09-17T08:02:04.000Z",
            "description": "MiniDuke - Xchecked via VT: e4add0b118113b2627143c7ef1d5b1327de395f1",
            "pattern": "[file:hashes.SHA256 = 'b1584a6f1059ad1c24bde2a9a8ae83ffc6679eb531d30f3f1c69f81e3a3819dc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737c-8f24-43f8-8725-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:04.000Z",
            "modified": "2015-09-17T08:02:04.000Z",
            "description": "MiniDuke - Xchecked via VT: e4add0b118113b2627143c7ef1d5b1327de395f1",
            "pattern": "[file:hashes.MD5 = '18e64b8e5ce5bdd33ce8bd9e00af672c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa737c-3898-4656-b763-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:04.000Z",
            "modified": "2015-09-17T08:02:04.000Z",
            "first_observed": "2015-09-17T08:02:04Z",
            "last_observed": "2015-09-17T08:02:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa737c-3898-4656-b763-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa737c-3898-4656-b763-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b1584a6f1059ad1c24bde2a9a8ae83ffc6679eb531d30f3f1c69f81e3a3819dc/analysis/1427264703/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737d-a5bc-404e-ae57-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:05.000Z",
            "modified": "2015-09-17T08:02:05.000Z",
            "description": "MiniDuke - Xchecked via VT: de8e9def2553f4d211cc0b34a3972d9814f156aa",
            "pattern": "[file:hashes.SHA256 = 'a1015f0b99106ae2852d740f366e15c1d5c711f57680a2f04be0283e8310f69e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737d-7848-41c4-a658-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:05.000Z",
            "modified": "2015-09-17T08:02:05.000Z",
            "description": "MiniDuke - Xchecked via VT: de8e9def2553f4d211cc0b34a3972d9814f156aa",
            "pattern": "[file:hashes.MD5 = '1e1b0d16a16cf5c7f3a7c053ce78f515']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa737d-3814-4549-8760-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:05.000Z",
            "modified": "2015-09-17T08:02:05.000Z",
            "first_observed": "2015-09-17T08:02:05Z",
            "last_observed": "2015-09-17T08:02:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa737d-3814-4549-8760-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa737d-3814-4549-8760-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a1015f0b99106ae2852d740f366e15c1d5c711f57680a2f04be0283e8310f69e/analysis/1436359247/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737e-7898-417b-aa90-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:06.000Z",
            "modified": "2015-09-17T08:02:06.000Z",
            "description": "MiniDuke - Xchecked via VT: d81b0705d26390eb82188c03644786dd6f1a2a9e",
            "pattern": "[file:hashes.SHA256 = 'b55e6e10a7f46c97cd247028287ea664bacf7ec7e500a4bf4f53c9dea7625426']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737e-c4e0-4346-9096-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:06.000Z",
            "modified": "2015-09-17T08:02:06.000Z",
            "description": "MiniDuke - Xchecked via VT: d81b0705d26390eb82188c03644786dd6f1a2a9e",
            "pattern": "[file:hashes.MD5 = 'f19345e0e5aecc0da45b4c110591bdd9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa737e-5bbc-41cf-9c60-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:06.000Z",
            "modified": "2015-09-17T08:02:06.000Z",
            "first_observed": "2015-09-17T08:02:06Z",
            "last_observed": "2015-09-17T08:02:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa737e-5bbc-41cf-9c60-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa737e-5bbc-41cf-9c60-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b55e6e10a7f46c97cd247028287ea664bacf7ec7e500a4bf4f53c9dea7625426/analysis/1366728026/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737f-078c-4651-aeea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:07.000Z",
            "modified": "2015-09-17T08:02:07.000Z",
            "description": "MiniDuke - Xchecked via VT: d22d80da6f042c4da3392a69c713ee4d64be8bc8",
            "pattern": "[file:hashes.SHA256 = '12a057ca7c92cda3cd0e09efc5bff2ebd3f7d2991e999038c7f31a6ac6a95c3d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa737f-fcf4-4a02-b561-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:07.000Z",
            "modified": "2015-09-17T08:02:07.000Z",
            "description": "MiniDuke - Xchecked via VT: d22d80da6f042c4da3392a69c713ee4d64be8bc8",
            "pattern": "[file:hashes.MD5 = 'b798c968cbfd53f878e13c7698610d9c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa737f-7ba8-48b0-8b74-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:07.000Z",
            "modified": "2015-09-17T08:02:07.000Z",
            "first_observed": "2015-09-17T08:02:07Z",
            "last_observed": "2015-09-17T08:02:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa737f-7ba8-48b0-8b74-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa737f-7ba8-48b0-8b74-d2c4950d210b",
            "value": "https://www.virustotal.com/file/12a057ca7c92cda3cd0e09efc5bff2ebd3f7d2991e999038c7f31a6ac6a95c3d/analysis/1436821910/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7380-eac8-410d-a20f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:08.000Z",
            "modified": "2015-09-17T08:02:08.000Z",
            "description": "MiniDuke - Xchecked via VT: cdcfac3e9d60aae54586b30fa5b99f180839deed",
            "pattern": "[file:hashes.SHA256 = 'e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7380-59b0-4894-b370-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:08.000Z",
            "modified": "2015-09-17T08:02:08.000Z",
            "description": "MiniDuke - Xchecked via VT: cdcfac3e9d60aae54586b30fa5b99f180839deed",
            "pattern": "[file:hashes.MD5 = '7040ee4cd4be4b84f8510c04663a2500']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7380-db78-4859-b584-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:08.000Z",
            "modified": "2015-09-17T08:02:08.000Z",
            "first_observed": "2015-09-17T08:02:08Z",
            "last_observed": "2015-09-17T08:02:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7380-db78-4859-b584-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7380-db78-4859-b584-d2c4950d210b",
            "value": "https://www.virustotal.com/file/e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85/analysis/1420030979/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7381-5244-4d19-8fca-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:09.000Z",
            "modified": "2015-09-17T08:02:09.000Z",
            "description": "MiniDuke - Xchecked via VT: cd50170a70b9cc767aa4b21a150c136cb25fbd44",
            "pattern": "[file:hashes.SHA256 = '56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7381-4b7c-4fe9-9488-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:09.000Z",
            "modified": "2015-09-17T08:02:09.000Z",
            "description": "MiniDuke - Xchecked via VT: cd50170a70b9cc767aa4b21a150c136cb25fbd44",
            "pattern": "[file:hashes.MD5 = '2530f54b87508e6f09a6bc5ab863b5db']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7381-f8f8-4c70-9f2d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:09.000Z",
            "modified": "2015-09-17T08:02:09.000Z",
            "first_observed": "2015-09-17T08:02:09Z",
            "last_observed": "2015-09-17T08:02:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7381-f8f8-4c70-9f2d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7381-f8f8-4c70-9f2d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84/analysis/1369558763/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7382-0d5c-45d8-b951-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:10.000Z",
            "modified": "2015-09-17T08:02:10.000Z",
            "description": "MiniDuke - Xchecked via VT: cc3df7de75db8be4a0a30ede21f226122d2dfe87",
            "pattern": "[file:hashes.SHA256 = '7815e5275ea849a9ed1f193abd8781ff7ae6b88ef6282f6a0900175a4bb59131']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7382-3e4c-492b-9989-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:10.000Z",
            "modified": "2015-09-17T08:02:10.000Z",
            "description": "MiniDuke - Xchecked via VT: cc3df7de75db8be4a0a30ede21f226122d2dfe87",
            "pattern": "[file:hashes.MD5 = '810de1b9fa0a9396acae23dcd113a60d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7382-d87c-4bee-9bc2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:10.000Z",
            "modified": "2015-09-17T08:02:10.000Z",
            "first_observed": "2015-09-17T08:02:10Z",
            "last_observed": "2015-09-17T08:02:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7382-d87c-4bee-9bc2-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7382-d87c-4bee-9bc2-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7815e5275ea849a9ed1f193abd8781ff7ae6b88ef6282f6a0900175a4bb59131/analysis/1436173092/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7383-6e00-47c8-9863-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:11.000Z",
            "modified": "2015-09-17T08:02:11.000Z",
            "description": "MiniDuke - Xchecked via VT: cb3a83fc24c7b6b0b9d438fbf053276cceaacd2e",
            "pattern": "[file:hashes.SHA256 = '2f9834f7b7fe09d98ef7b27d3828691ed4b361d1ccbbf8e10703f9ec03b05259']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7383-76c4-4770-b941-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:11.000Z",
            "modified": "2015-09-17T08:02:11.000Z",
            "description": "MiniDuke - Xchecked via VT: cb3a83fc24c7b6b0b9d438fbf053276cceaacd2e",
            "pattern": "[file:hashes.MD5 = '612fba96383a5098c26fe1a222e1e755']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7384-a9a4-4e5e-a32b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:11.000Z",
            "modified": "2015-09-17T08:02:11.000Z",
            "first_observed": "2015-09-17T08:02:11Z",
            "last_observed": "2015-09-17T08:02:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7384-a9a4-4e5e-a32b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7384-a9a4-4e5e-a32b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2f9834f7b7fe09d98ef7b27d3828691ed4b361d1ccbbf8e10703f9ec03b05259/analysis/1430509681/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7384-9ebc-4da5-8d7a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:12.000Z",
            "modified": "2015-09-17T08:02:12.000Z",
            "description": "MiniDuke - Xchecked via VT: c6d3dac500de2f46e56611c13c589e037e4ca5e0",
            "pattern": "[file:hashes.SHA256 = '6c2409d415e66faebf0a031350b44d5a014ab4f62f2c1a3115982d452b7f97b9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7384-7fd8-4c2b-923a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:12.000Z",
            "modified": "2015-09-17T08:02:12.000Z",
            "description": "MiniDuke - Xchecked via VT: c6d3dac500de2f46e56611c13c589e037e4ca5e0",
            "pattern": "[file:hashes.MD5 = '527537cc28705e01af8d8006ae8308a9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7385-87fc-4d2c-9fc3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:13.000Z",
            "modified": "2015-09-17T08:02:13.000Z",
            "first_observed": "2015-09-17T08:02:13Z",
            "last_observed": "2015-09-17T08:02:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7385-87fc-4d2c-9fc3-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7385-87fc-4d2c-9fc3-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6c2409d415e66faebf0a031350b44d5a014ab4f62f2c1a3115982d452b7f97b9/analysis/1368840074/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7385-b4d8-421e-be8c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:13.000Z",
            "modified": "2015-09-17T08:02:13.000Z",
            "description": "MiniDuke - Xchecked via VT: c39d0b12bb1c25cf46a5ae6b197a59f8ea90caa0",
            "pattern": "[file:hashes.SHA256 = '23486eedb5fe8a026f602507f490b4df4721e8befa65007b84c4f5b1ed95e1bd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7385-122c-4e85-bad9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:13.000Z",
            "modified": "2015-09-17T08:02:13.000Z",
            "description": "MiniDuke - Xchecked via VT: c39d0b12bb1c25cf46a5ae6b197a59f8ea90caa0",
            "pattern": "[file:hashes.MD5 = '2d87ab160291664d62445548a2164c60']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7386-69e4-4554-bf5b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:14.000Z",
            "modified": "2015-09-17T08:02:14.000Z",
            "first_observed": "2015-09-17T08:02:14Z",
            "last_observed": "2015-09-17T08:02:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7386-69e4-4554-bf5b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7386-69e4-4554-bf5b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/23486eedb5fe8a026f602507f490b4df4721e8befa65007b84c4f5b1ed95e1bd/analysis/1366727796/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7386-3d44-4224-af90-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:14.000Z",
            "modified": "2015-09-17T08:02:14.000Z",
            "description": "MiniDuke - Xchecked via VT: c17ad20e3790ba674e3fe6f01b9c10270bf0f0e4",
            "pattern": "[file:hashes.SHA256 = '91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7386-e880-4b91-9e68-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:14.000Z",
            "modified": "2015-09-17T08:02:14.000Z",
            "description": "MiniDuke - Xchecked via VT: c17ad20e3790ba674e3fe6f01b9c10270bf0f0e4",
            "pattern": "[file:hashes.MD5 = '1c658719e6dedb929a6d85359c59682d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7387-5e84-421c-8bbe-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:15.000Z",
            "modified": "2015-09-17T08:02:15.000Z",
            "first_observed": "2015-09-17T08:02:15Z",
            "last_observed": "2015-09-17T08:02:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7387-5e84-421c-8bbe-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7387-5e84-421c-8bbe-d2c4950d210b",
            "value": "https://www.virustotal.com/file/91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7/analysis/1319994917/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7387-0c64-4f92-9618-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:15.000Z",
            "modified": "2015-09-17T08:02:15.000Z",
            "description": "MiniDuke - Xchecked via VT: b8b116d11909a05428b7cb6dcce06113f4cc9e58",
            "pattern": "[file:hashes.SHA256 = '415f88765b88dd90e5b0502e4fa1408e06ac9552c7c8974a510e6e23a9756a45']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7387-5670-418f-89e6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:15.000Z",
            "modified": "2015-09-17T08:02:15.000Z",
            "description": "MiniDuke - Xchecked via VT: b8b116d11909a05428b7cb6dcce06113f4cc9e58",
            "pattern": "[file:hashes.MD5 = 'e48fb57ce3d9c56ca3cf6c4aed8ad0ea']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7388-497c-42b2-8ad0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:16.000Z",
            "modified": "2015-09-17T08:02:16.000Z",
            "first_observed": "2015-09-17T08:02:16Z",
            "last_observed": "2015-09-17T08:02:16Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7388-497c-42b2-8ad0-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7388-497c-42b2-8ad0-d2c4950d210b",
            "value": "https://www.virustotal.com/file/415f88765b88dd90e5b0502e4fa1408e06ac9552c7c8974a510e6e23a9756a45/analysis/1348585081/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7388-a3e8-4917-8114-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:16.000Z",
            "modified": "2015-09-17T08:02:16.000Z",
            "description": "MiniDuke - Xchecked via VT: b27f6174173e71dc154413a525baddf3d6dea1fd",
            "pattern": "[file:hashes.SHA256 = '2ae4cc6834e3679e99fc93d2f5fba02167a31cf5b68a5a9ca7aa1a4b9f7cb4ae']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7388-17e4-42ee-8b14-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:16.000Z",
            "modified": "2015-09-17T08:02:16.000Z",
            "description": "MiniDuke - Xchecked via VT: b27f6174173e71dc154413a525baddf3d6dea1fd",
            "pattern": "[file:hashes.MD5 = '270ca8368cd4216b1813281d3efe485d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7389-516c-4480-ab05-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:17.000Z",
            "modified": "2015-09-17T08:02:17.000Z",
            "first_observed": "2015-09-17T08:02:17Z",
            "last_observed": "2015-09-17T08:02:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7389-516c-4480-ab05-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7389-516c-4480-ab05-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2ae4cc6834e3679e99fc93d2f5fba02167a31cf5b68a5a9ca7aa1a4b9f7cb4ae/analysis/1425793398/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7389-0ea4-415f-9a26-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:17.000Z",
            "modified": "2015-09-17T08:02:17.000Z",
            "description": "MiniDuke - Xchecked via VT: ad9734b05973a0a0f1d34a32cd1936e66898c034",
            "pattern": "[file:hashes.SHA256 = '5b96b07528f762dfcb9d6936995ed4e358d29542ae756f6e5547fa3b5b7797b6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7389-93d0-40b4-95b2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:17.000Z",
            "modified": "2015-09-17T08:02:17.000Z",
            "description": "MiniDuke - Xchecked via VT: ad9734b05973a0a0f1d34a32cd1936e66898c034",
            "pattern": "[file:hashes.MD5 = 'a58e8e935341b6f5cc1369c616de3765']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa738a-0408-40f4-b72f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:18.000Z",
            "modified": "2015-09-17T08:02:18.000Z",
            "first_observed": "2015-09-17T08:02:18Z",
            "last_observed": "2015-09-17T08:02:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa738a-0408-40f4-b72f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa738a-0408-40f4-b72f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5b96b07528f762dfcb9d6936995ed4e358d29542ae756f6e5547fa3b5b7797b6/analysis/1366727926/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738a-a054-40ea-8cea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:18.000Z",
            "modified": "2015-09-17T08:02:18.000Z",
            "description": "MiniDuke - Xchecked via VT: a9e529c7b04a99019dd31c3c0d7f576e1bbd0970",
            "pattern": "[file:hashes.SHA256 = '19580f275b82ee091bdc3028e6e5018fdcc915fe7853d4151b44f3d7e101e531']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738a-43f8-414a-b34b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:18.000Z",
            "modified": "2015-09-17T08:02:18.000Z",
            "description": "MiniDuke - Xchecked via VT: a9e529c7b04a99019dd31c3c0d7f576e1bbd0970",
            "pattern": "[file:hashes.MD5 = 'd2f39019bfa05c7e71748d0624be9a94']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa738b-64c8-411a-a7e4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:19.000Z",
            "modified": "2015-09-17T08:02:19.000Z",
            "first_observed": "2015-09-17T08:02:19Z",
            "last_observed": "2015-09-17T08:02:19Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa738b-64c8-411a-a7e4-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa738b-64c8-411a-a7e4-d2c4950d210b",
            "value": "https://www.virustotal.com/file/19580f275b82ee091bdc3028e6e5018fdcc915fe7853d4151b44f3d7e101e531/analysis/1367472490/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738b-5654-4317-b13a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:19.000Z",
            "modified": "2015-09-17T08:02:19.000Z",
            "description": "MiniDuke - Xchecked via VT: a6c18fcbe6b25c370e1305d523b5de662172875b",
            "pattern": "[file:hashes.SHA256 = '94d39845ec228ff1c84668207c4591ae0e2b6605bdf11e84916534ab09744736']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738b-c054-4706-adcc-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:19.000Z",
            "modified": "2015-09-17T08:02:19.000Z",
            "description": "MiniDuke - Xchecked via VT: a6c18fcbe6b25c370e1305d523b5de662172875b",
            "pattern": "[file:hashes.MD5 = 'b68677e04fcc9103560bb0a5e5c7303f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa738c-5d70-480b-a096-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:20.000Z",
            "modified": "2015-09-17T08:02:20.000Z",
            "first_observed": "2015-09-17T08:02:20Z",
            "last_observed": "2015-09-17T08:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa738c-5d70-480b-a096-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa738c-5d70-480b-a096-d2c4950d210b",
            "value": "https://www.virustotal.com/file/94d39845ec228ff1c84668207c4591ae0e2b6605bdf11e84916534ab09744736/analysis/1366727949/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738c-26c4-4599-a333-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:20.000Z",
            "modified": "2015-09-17T08:02:20.000Z",
            "description": "MiniDuke - Xchecked via VT: a4e39298866b72e5399d5177f717c46861d8d3df",
            "pattern": "[file:hashes.SHA256 = '1db9187b7b0e5bc97aca233f29b96295c0bc4058fdcff50df543c1f044e58836']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738d-9548-4f97-8041-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:21.000Z",
            "modified": "2015-09-17T08:02:21.000Z",
            "description": "MiniDuke - Xchecked via VT: a4e39298866b72e5399d5177f717c46861d8d3df",
            "pattern": "[file:hashes.MD5 = '1de51ec5d2b8466f0d424e1c8dcd6454']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa738d-803c-4563-8490-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:21.000Z",
            "modified": "2015-09-17T08:02:21.000Z",
            "first_observed": "2015-09-17T08:02:21Z",
            "last_observed": "2015-09-17T08:02:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa738d-803c-4563-8490-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa738d-803c-4563-8490-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1db9187b7b0e5bc97aca233f29b96295c0bc4058fdcff50df543c1f044e58836/analysis/1382533954/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738d-8688-49e7-9cfa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:21.000Z",
            "modified": "2015-09-17T08:02:21.000Z",
            "description": "MiniDuke - Xchecked via VT: a32817e9ff07bc69974221d9b7a9b980fa80b677",
            "pattern": "[file:hashes.SHA256 = '8d457e4189017712917c5c8f900bb9072c5910c9f975c50337115f952d885635']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738e-5de8-40e8-bc00-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:22.000Z",
            "modified": "2015-09-17T08:02:22.000Z",
            "description": "MiniDuke - Xchecked via VT: a32817e9ff07bc69974221d9b7a9b980fa80b677",
            "pattern": "[file:hashes.MD5 = '1528567b1a2f1da31d602ce1ddfd8918']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa738e-6a60-4f17-ba1e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:22.000Z",
            "modified": "2015-09-17T08:02:22.000Z",
            "first_observed": "2015-09-17T08:02:22Z",
            "last_observed": "2015-09-17T08:02:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa738e-6a60-4f17-ba1e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa738e-6a60-4f17-ba1e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8d457e4189017712917c5c8f900bb9072c5910c9f975c50337115f952d885635/analysis/1436821326/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738e-9018-4efb-9217-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:22.000Z",
            "modified": "2015-09-17T08:02:22.000Z",
            "description": "MiniDuke - Xchecked via VT: 9796d22994ff4b4e838079d2e5613e7ac425dd1d",
            "pattern": "[file:hashes.SHA256 = 'bf210e54c65ea69ebda418f701c2c6b8aff840f31c1072d641a726cef8c7b5ad']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738f-fb54-4c6f-99ae-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:23.000Z",
            "modified": "2015-09-17T08:02:23.000Z",
            "description": "MiniDuke - Xchecked via VT: 9796d22994ff4b4e838079d2e5613e7ac425dd1d",
            "pattern": "[file:hashes.MD5 = 'ded2f80457aaefe1a80a9cefd1f4645d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa738f-6928-4a1d-a762-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:23.000Z",
            "modified": "2015-09-17T08:02:23.000Z",
            "first_observed": "2015-09-17T08:02:23Z",
            "last_observed": "2015-09-17T08:02:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa738f-6928-4a1d-a762-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa738f-6928-4a1d-a762-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bf210e54c65ea69ebda418f701c2c6b8aff840f31c1072d641a726cef8c7b5ad/analysis/1362251383/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa738f-a070-48e6-8a6b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:23.000Z",
            "modified": "2015-09-17T08:02:23.000Z",
            "description": "MiniDuke - Xchecked via VT: 909d369c42125e84e0650f7e1183abe740486f58",
            "pattern": "[file:hashes.SHA256 = 'c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7390-16c8-4790-ac80-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:24.000Z",
            "modified": "2015-09-17T08:02:24.000Z",
            "description": "MiniDuke - Xchecked via VT: 909d369c42125e84e0650f7e1183abe740486f58",
            "pattern": "[file:hashes.MD5 = '423bb8914078a587d08b54d16bbd527c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7390-8444-418e-9636-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:24.000Z",
            "modified": "2015-09-17T08:02:24.000Z",
            "first_observed": "2015-09-17T08:02:24Z",
            "last_observed": "2015-09-17T08:02:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7390-8444-418e-9636-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7390-8444-418e-9636-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982/analysis/1430508038/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7390-8ec0-4f00-9d45-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:24.000Z",
            "modified": "2015-09-17T08:02:24.000Z",
            "description": "MiniDuke - Xchecked via VT: 827de388e0feabd92fe7bd433138aa35142bd01a",
            "pattern": "[file:hashes.SHA256 = '6a95d2895362fc8657bc90d73d77e32f09b86699eb625905ddeb45ccd6b13c71']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7391-60b8-4de9-aa3b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:25.000Z",
            "modified": "2015-09-17T08:02:25.000Z",
            "description": "MiniDuke - Xchecked via VT: 827de388e0feabd92fe7bd433138aa35142bd01a",
            "pattern": "[file:hashes.MD5 = '2ab25d33d61cf4cfbac92c26c7c0598e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7391-bd28-4bcd-b5fa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:25.000Z",
            "modified": "2015-09-17T08:02:25.000Z",
            "first_observed": "2015-09-17T08:02:25Z",
            "last_observed": "2015-09-17T08:02:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7391-bd28-4bcd-b5fa-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7391-bd28-4bcd-b5fa-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6a95d2895362fc8657bc90d73d77e32f09b86699eb625905ddeb45ccd6b13c71/analysis/1436359334/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7391-4818-43f9-a2f8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:25.000Z",
            "modified": "2015-09-17T08:02:25.000Z",
            "description": "MiniDuke - Xchecked via VT: 73366c1eb26b92886531586728be4975d56f7ca5",
            "pattern": "[file:hashes.SHA256 = '7f5d3a8dfa13ba8e2142a3b1d644f107cc89c7e90cda2a5543df5787f8bfde1e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7392-315c-4102-abb0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:26.000Z",
            "modified": "2015-09-17T08:02:26.000Z",
            "description": "MiniDuke - Xchecked via VT: 73366c1eb26b92886531586728be4975d56f7ca5",
            "pattern": "[file:hashes.MD5 = 'c92252487615d5379317febc22dba7d4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7392-04f8-49ad-b3b8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:26.000Z",
            "modified": "2015-09-17T08:02:26.000Z",
            "first_observed": "2015-09-17T08:02:26Z",
            "last_observed": "2015-09-17T08:02:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7392-04f8-49ad-b3b8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7392-04f8-49ad-b3b8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7f5d3a8dfa13ba8e2142a3b1d644f107cc89c7e90cda2a5543df5787f8bfde1e/analysis/1366727982/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7392-7bcc-4484-b643-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:26.000Z",
            "modified": "2015-09-17T08:02:26.000Z",
            "description": "MiniDuke - Xchecked via VT: 694fa03160d50865dce0c35227dc97ffa1acfa48",
            "pattern": "[file:hashes.SHA256 = 'f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7393-0ec8-45a1-a2c9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:27.000Z",
            "modified": "2015-09-17T08:02:27.000Z",
            "description": "MiniDuke - Xchecked via VT: 694fa03160d50865dce0c35227dc97ffa1acfa48",
            "pattern": "[file:hashes.MD5 = '6942f1dfd61d231df8acb7ed0f6310c4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7393-8b14-49a8-abbb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:27.000Z",
            "modified": "2015-09-17T08:02:27.000Z",
            "first_observed": "2015-09-17T08:02:27Z",
            "last_observed": "2015-09-17T08:02:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7393-8b14-49a8-abbb-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7393-8b14-49a8-abbb-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109/analysis/1362098246/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7393-c864-45e0-a33c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:27.000Z",
            "modified": "2015-09-17T08:02:27.000Z",
            "description": "MiniDuke - Xchecked via VT: 683104d28bd5c52c53d2e6c710a7bd19676c28b8",
            "pattern": "[file:hashes.SHA256 = '830ee990a6d4aaf00bb051704c93b468792561e8dd6a6ed4662f6032d38dd37a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7394-9ef8-4dec-9b44-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:28.000Z",
            "modified": "2015-09-17T08:02:28.000Z",
            "description": "MiniDuke - Xchecked via VT: 683104d28bd5c52c53d2e6c710a7bd19676c28b8",
            "pattern": "[file:hashes.MD5 = 'e1a659473ae1e828508309b77da13783']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7394-d8ec-404b-9780-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:28.000Z",
            "modified": "2015-09-17T08:02:28.000Z",
            "first_observed": "2015-09-17T08:02:28Z",
            "last_observed": "2015-09-17T08:02:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7394-d8ec-404b-9780-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7394-d8ec-404b-9780-d2c4950d210b",
            "value": "https://www.virustotal.com/file/830ee990a6d4aaf00bb051704c93b468792561e8dd6a6ed4662f6032d38dd37a/analysis/1366728009/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7395-1e9c-406f-bdaa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:29.000Z",
            "modified": "2015-09-17T08:02:29.000Z",
            "description": "MiniDuke - Xchecked via VT: 634a1649995309b9c7d163af627f7e39f42d5968",
            "pattern": "[file:hashes.SHA256 = '5569b85532adb1e637f83c997910924345f10aa9c2948b3d26be13eec6cbeb8b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7395-1e5c-4735-8ae3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:29.000Z",
            "modified": "2015-09-17T08:02:29.000Z",
            "description": "MiniDuke - Xchecked via VT: 634a1649995309b9c7d163af627f7e39f42d5968",
            "pattern": "[file:hashes.MD5 = 'b8088f6594dd8cba31b4f52a2d91f40e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7395-86c4-4029-9a10-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:29.000Z",
            "modified": "2015-09-17T08:02:29.000Z",
            "first_observed": "2015-09-17T08:02:29Z",
            "last_observed": "2015-09-17T08:02:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7395-86c4-4029-9a10-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7395-86c4-4029-9a10-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5569b85532adb1e637f83c997910924345f10aa9c2948b3d26be13eec6cbeb8b/analysis/1390194041/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7396-8490-40ef-a96a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:30.000Z",
            "modified": "2015-09-17T08:02:30.000Z",
            "description": "MiniDuke - Xchecked via VT: 5b2c4da743798bde4158848a8a44094703e842cb",
            "pattern": "[file:hashes.SHA256 = 'ecc5e2526ca32a447c862612b71c1db5675a759897e680573fa143ac0a8e662a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7396-889c-4e39-b5a6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:30.000Z",
            "modified": "2015-09-17T08:02:30.000Z",
            "description": "MiniDuke - Xchecked via VT: 5b2c4da743798bde4158848a8a44094703e842cb",
            "pattern": "[file:hashes.MD5 = 'e863737773f64498091cd775c7abde66']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7396-dd84-4d11-9962-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:30.000Z",
            "modified": "2015-09-17T08:02:30.000Z",
            "first_observed": "2015-09-17T08:02:30Z",
            "last_observed": "2015-09-17T08:02:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7396-dd84-4d11-9962-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7396-dd84-4d11-9962-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ecc5e2526ca32a447c862612b71c1db5675a759897e680573fa143ac0a8e662a/analysis/1362950180/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7397-b608-4aa7-aeb1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:31.000Z",
            "modified": "2015-09-17T08:02:31.000Z",
            "description": "MiniDuke - Xchecked via VT: 5acaea49540635670036dc626503431b5a783b56",
            "pattern": "[file:hashes.SHA256 = 'acd886fa7b9117807f1e11f0f38b9fad1afce51aa9cfbe3810a39d883d0ca663']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7397-3614-4688-bf50-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:31.000Z",
            "modified": "2015-09-17T08:02:31.000Z",
            "description": "MiniDuke - Xchecked via VT: 5acaea49540635670036dc626503431b5a783b56",
            "pattern": "[file:hashes.MD5 = 'c519eef57001ad3ae60cdcb0009bf778']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7397-38ec-4765-ad52-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:31.000Z",
            "modified": "2015-09-17T08:02:31.000Z",
            "first_observed": "2015-09-17T08:02:31Z",
            "last_observed": "2015-09-17T08:02:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7397-38ec-4765-ad52-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7397-38ec-4765-ad52-d2c4950d210b",
            "value": "https://www.virustotal.com/file/acd886fa7b9117807f1e11f0f38b9fad1afce51aa9cfbe3810a39d883d0ca663/analysis/1366727968/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7398-c2e8-435a-8a90-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:32.000Z",
            "modified": "2015-09-17T08:02:32.000Z",
            "description": "MiniDuke - Xchecked via VT: 53140342b8fe2dd7661fce0d0e88d909f55099db",
            "pattern": "[file:hashes.SHA256 = 'cc6ad212f50e0a7a708bb1b63a01d8932f471618cdda69b2e12106ae112b2415']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7398-6d38-460c-a308-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:32.000Z",
            "modified": "2015-09-17T08:02:32.000Z",
            "description": "MiniDuke - Xchecked via VT: 53140342b8fe2dd7661fce0d0e88d909f55099db",
            "pattern": "[file:hashes.MD5 = 'e990e0d1ee90cd10c4be7bfde6cc3e5a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7398-f584-4113-bb6e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:32.000Z",
            "modified": "2015-09-17T08:02:32.000Z",
            "first_observed": "2015-09-17T08:02:32Z",
            "last_observed": "2015-09-17T08:02:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7398-f584-4113-bb6e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7398-f584-4113-bb6e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/cc6ad212f50e0a7a708bb1b63a01d8932f471618cdda69b2e12106ae112b2415/analysis/1366728017/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7399-8b08-460c-98c9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:33.000Z",
            "modified": "2015-09-17T08:02:33.000Z",
            "description": "MiniDuke - Xchecked via VT: 4ec769c15a9e318d41fd4a1997ec13c029976fc2",
            "pattern": "[file:hashes.SHA256 = '62a2df9d001d3e0f222d77b6781eb279761f1354570773ef1929a86557a11454']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7399-9c70-4bd2-bfbc-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:33.000Z",
            "modified": "2015-09-17T08:02:33.000Z",
            "description": "MiniDuke - Xchecked via VT: 4ec769c15a9e318d41fd4a1997ec13c029976fc2",
            "pattern": "[file:hashes.MD5 = '05d10323111f02233163a6742556c974']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7399-7a64-44c9-a373-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:33.000Z",
            "modified": "2015-09-17T08:02:33.000Z",
            "first_observed": "2015-09-17T08:02:33Z",
            "last_observed": "2015-09-17T08:02:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7399-7a64-44c9-a373-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7399-7a64-44c9-a373-d2c4950d210b",
            "value": "https://www.virustotal.com/file/62a2df9d001d3e0f222d77b6781eb279761f1354570773ef1929a86557a11454/analysis/1366727804/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739a-53c4-4eea-887f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:34.000Z",
            "modified": "2015-09-17T08:02:34.000Z",
            "description": "MiniDuke - Xchecked via VT: 4b4841ca3f05879ca0dab0659b07fc93a780f9f1",
            "pattern": "[file:hashes.SHA256 = 'f151f5a656d43a76a07fa03166906d51f9683b27b0e9b86464e3a68e9dba1fac']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739a-c418-482d-aba1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:34.000Z",
            "modified": "2015-09-17T08:02:34.000Z",
            "description": "MiniDuke - Xchecked via VT: 4b4841ca3f05879ca0dab0659b07fc93a780f9f1",
            "pattern": "[file:hashes.MD5 = '8d3542af992b1de4cf1f587f61dddb50']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa739a-4614-4e09-94f7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:34.000Z",
            "modified": "2015-09-17T08:02:34.000Z",
            "first_observed": "2015-09-17T08:02:34Z",
            "last_observed": "2015-09-17T08:02:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa739a-4614-4e09-94f7-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa739a-4614-4e09-94f7-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f151f5a656d43a76a07fa03166906d51f9683b27b0e9b86464e3a68e9dba1fac/analysis/1430509385/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739b-1bd4-495a-9b24-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:35.000Z",
            "modified": "2015-09-17T08:02:35.000Z",
            "description": "MiniDuke - Xchecked via VT: 493d0660c9cf738be08209bfd56351d4cf075877",
            "pattern": "[file:hashes.SHA256 = 'a6e2852f2e6701656da74adb412cd0850b0d27750803613223be3eb5ac5cc26c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739b-9ce0-4bb8-99e2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:35.000Z",
            "modified": "2015-09-17T08:02:35.000Z",
            "description": "MiniDuke - Xchecked via VT: 493d0660c9cf738be08209bfd56351d4cf075877",
            "pattern": "[file:hashes.MD5 = '86ef8f5f62ae8590d6edf45e04806515']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa739b-db30-454d-988b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:35.000Z",
            "modified": "2015-09-17T08:02:35.000Z",
            "first_observed": "2015-09-17T08:02:35Z",
            "last_observed": "2015-09-17T08:02:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa739b-db30-454d-988b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa739b-db30-454d-988b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a6e2852f2e6701656da74adb412cd0850b0d27750803613223be3eb5ac5cc26c/analysis/1415363494/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739c-ede8-4e97-9e78-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:36.000Z",
            "modified": "2015-09-17T08:02:36.000Z",
            "description": "MiniDuke - Xchecked via VT: 43fa0d5a30b4cd72bb7e156c00c1611bb4f4bd0a",
            "pattern": "[file:hashes.SHA256 = '9c13a32033bc7dd06016651b0f21a2bed9be1dc40c6879f925c71e05f4f1c8f7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739c-c06c-4e97-b58a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:36.000Z",
            "modified": "2015-09-17T08:02:36.000Z",
            "description": "MiniDuke - Xchecked via VT: 43fa0d5a30b4cd72bb7e156c00c1611bb4f4bd0a",
            "pattern": "[file:hashes.MD5 = 'b100d530d67cfbe76394bb0160567382']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa739c-365c-469f-927b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:36.000Z",
            "modified": "2015-09-17T08:02:36.000Z",
            "first_observed": "2015-09-17T08:02:36Z",
            "last_observed": "2015-09-17T08:02:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa739c-365c-469f-927b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa739c-365c-469f-927b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/9c13a32033bc7dd06016651b0f21a2bed9be1dc40c6879f925c71e05f4f1c8f7/analysis/1388921686/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739d-fd84-49cc-99a5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:37.000Z",
            "modified": "2015-09-17T08:02:37.000Z",
            "description": "MiniDuke - Xchecked via VT: 416d1035168b99cc8ba7227d4c7c3c6bc1ce169a",
            "pattern": "[file:hashes.SHA256 = '4809c2c7fa19acfa011f97946205f979afb54ac2c166f48ab35a20cd9d53a2ca']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739d-4ebc-4046-9816-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:37.000Z",
            "modified": "2015-09-17T08:02:37.000Z",
            "description": "MiniDuke - Xchecked via VT: 416d1035168b99cc8ba7227d4c7c3c6bc1ce169a",
            "pattern": "[file:hashes.MD5 = '811f66d6dd2c713073c0b0aebbe74ce8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa739e-0fc4-4e8e-bd19-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:38.000Z",
            "modified": "2015-09-17T08:02:38.000Z",
            "first_observed": "2015-09-17T08:02:38Z",
            "last_observed": "2015-09-17T08:02:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa739e-0fc4-4e8e-bd19-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa739e-0fc4-4e8e-bd19-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4809c2c7fa19acfa011f97946205f979afb54ac2c166f48ab35a20cd9d53a2ca/analysis/1409474019/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739e-7824-4d81-b173-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:38.000Z",
            "modified": "2015-09-17T08:02:38.000Z",
            "description": "MiniDuke - Xchecked via VT: 36b969c1b3c46953077e4aabb75be8cc6aa6a327",
            "pattern": "[file:hashes.SHA256 = '55265193d63d56553e8e135e9a60d7d7c13cbf9d82ac25f84306ec98d74725b0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739e-451c-4afc-870f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:38.000Z",
            "modified": "2015-09-17T08:02:38.000Z",
            "description": "MiniDuke - Xchecked via VT: 36b969c1b3c46953077e4aabb75be8cc6aa6a327",
            "pattern": "[file:hashes.MD5 = 'ab2d8a0d5b03d40f148f2f907b55f9f1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa739f-ad68-4bec-a7e3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:39.000Z",
            "modified": "2015-09-17T08:02:39.000Z",
            "first_observed": "2015-09-17T08:02:39Z",
            "last_observed": "2015-09-17T08:02:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa739f-ad68-4bec-a7e3-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa739f-ad68-4bec-a7e3-d2c4950d210b",
            "value": "https://www.virustotal.com/file/55265193d63d56553e8e135e9a60d7d7c13cbf9d82ac25f84306ec98d74725b0/analysis/1390179525/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739f-ce38-4278-8747-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:39.000Z",
            "modified": "2015-09-17T08:02:39.000Z",
            "description": "MiniDuke - Xchecked via VT: 31ab6830f4e39c2c520ae55d4c4bffe0b347c947",
            "pattern": "[file:hashes.SHA256 = '764f8c8f8832954c99fb0c2ac5ac5d89506dc5dc50310c9112318b75e9f9e2bf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa739f-f284-4523-817b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:39.000Z",
            "modified": "2015-09-17T08:02:39.000Z",
            "description": "MiniDuke - Xchecked via VT: 31ab6830f4e39c2c520ae55d4c4bffe0b347c947",
            "pattern": "[file:hashes.MD5 = 'ffefe16d581340c1e49f585a576a1fd8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a0-20f8-4827-9be3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:40.000Z",
            "modified": "2015-09-17T08:02:40.000Z",
            "first_observed": "2015-09-17T08:02:40Z",
            "last_observed": "2015-09-17T08:02:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a0-20f8-4827-9be3-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a0-20f8-4827-9be3-d2c4950d210b",
            "value": "https://www.virustotal.com/file/764f8c8f8832954c99fb0c2ac5ac5d89506dc5dc50310c9112318b75e9f9e2bf/analysis/1387874585/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a0-674c-479c-a7a9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:40.000Z",
            "modified": "2015-09-17T08:02:40.000Z",
            "description": "MiniDuke - Xchecked via VT: 30b377e7dc2418607d8cf5d01ae1f925eab2f037",
            "pattern": "[file:hashes.SHA256 = '354786c5df71cd090c96d1328b4e31cd28b8ddc77904863d100b6c35ad235b69']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a0-9378-412a-b298-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:40.000Z",
            "modified": "2015-09-17T08:02:40.000Z",
            "description": "MiniDuke - Xchecked via VT: 30b377e7dc2418607d8cf5d01ae1f925eab2f037",
            "pattern": "[file:hashes.MD5 = '2dcd049c591644e35102921a48799975']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a1-fa64-4171-8d32-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:41.000Z",
            "modified": "2015-09-17T08:02:41.000Z",
            "first_observed": "2015-09-17T08:02:41Z",
            "last_observed": "2015-09-17T08:02:41Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a1-fa64-4171-8d32-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a1-fa64-4171-8d32-d2c4950d210b",
            "value": "https://www.virustotal.com/file/354786c5df71cd090c96d1328b4e31cd28b8ddc77904863d100b6c35ad235b69/analysis/1387837934/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a1-1a0c-4dd8-bda1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:41.000Z",
            "modified": "2015-09-17T08:02:41.000Z",
            "description": "MiniDuke - Xchecked via VT: 2d74a4efaecd0d23afcad02118e00c08e17996ed",
            "pattern": "[file:hashes.SHA256 = '15101f74f974e3e80cc37805ebe5cc2efed77bb5745d82e1b44b1da4f0c83691']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a1-ed84-4bda-a875-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:41.000Z",
            "modified": "2015-09-17T08:02:41.000Z",
            "description": "MiniDuke - Xchecked via VT: 2d74a4efaecd0d23afcad02118e00c08e17996ed",
            "pattern": "[file:hashes.MD5 = '73931351f883cff5dbdcc54cc4eb10a7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a2-8390-4094-b482-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:42.000Z",
            "modified": "2015-09-17T08:02:42.000Z",
            "first_observed": "2015-09-17T08:02:42Z",
            "last_observed": "2015-09-17T08:02:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a2-8390-4094-b482-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a2-8390-4094-b482-d2c4950d210b",
            "value": "https://www.virustotal.com/file/15101f74f974e3e80cc37805ebe5cc2efed77bb5745d82e1b44b1da4f0c83691/analysis/1382609720/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a2-e7d8-4314-b895-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:42.000Z",
            "modified": "2015-09-17T08:02:42.000Z",
            "description": "MiniDuke - Xchecked via VT: 2ceae0f5f3efe366ebded0a413e5ea264fbf2a33",
            "pattern": "[file:hashes.SHA256 = 'f4b01a3a299b09d2b4418cb66e80c34e3ec04016ed27199c472515cf95a023d0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a2-0500-4731-9347-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:42.000Z",
            "modified": "2015-09-17T08:02:42.000Z",
            "description": "MiniDuke - Xchecked via VT: 2ceae0f5f3efe366ebded0a413e5ea264fbf2a33",
            "pattern": "[file:hashes.MD5 = '441ee6a307e672c24d334d66cd7b2e1a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a3-7c74-466e-b8c6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:43.000Z",
            "modified": "2015-09-17T08:02:43.000Z",
            "first_observed": "2015-09-17T08:02:43Z",
            "last_observed": "2015-09-17T08:02:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a3-7c74-466e-b8c6-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a3-7c74-466e-b8c6-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f4b01a3a299b09d2b4418cb66e80c34e3ec04016ed27199c472515cf95a023d0/analysis/1366727846/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a3-66f8-42e6-a8a1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:43.000Z",
            "modified": "2015-09-17T08:02:43.000Z",
            "description": "MiniDuke - Xchecked via VT: 2a13ae3806de8e2c7adba6465c4b2a7bb347f0f5",
            "pattern": "[file:hashes.SHA256 = 'dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a3-efe8-456f-b5bf-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:43.000Z",
            "modified": "2015-09-17T08:02:43.000Z",
            "description": "MiniDuke - Xchecked via VT: 2a13ae3806de8e2c7adba6465c4b2a7bb347f0f5",
            "pattern": "[file:hashes.MD5 = '561017f887865b8d13f85c5474cdcbb8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a4-ac84-406a-b947-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:44.000Z",
            "modified": "2015-09-17T08:02:44.000Z",
            "first_observed": "2015-09-17T08:02:44Z",
            "last_observed": "2015-09-17T08:02:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a4-ac84-406a-b947-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a4-ac84-406a-b947-d2c4950d210b",
            "value": "https://www.virustotal.com/file/dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741/analysis/1376306303/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a4-3c9c-4a38-9906-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:44.000Z",
            "modified": "2015-09-17T08:02:44.000Z",
            "description": "MiniDuke - Xchecked via VT: 296fd4c5b4bf8ea288f45b4801512d7dec7c497b",
            "pattern": "[file:hashes.SHA256 = '8e28dcf7fd7ce1ad9a65c186e09a7843ee31af924509148f085958cadfdda8fb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a4-e384-4c37-9c4c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:44.000Z",
            "modified": "2015-09-17T08:02:44.000Z",
            "description": "MiniDuke - Xchecked via VT: 296fd4c5b4bf8ea288f45b4801512d7dec7c497b",
            "pattern": "[file:hashes.MD5 = 'b8e89f9908262b5385623c0e39d6b940']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a5-ccd4-4c3b-804a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:45.000Z",
            "modified": "2015-09-17T08:02:45.000Z",
            "first_observed": "2015-09-17T08:02:45Z",
            "last_observed": "2015-09-17T08:02:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a5-ccd4-4c3b-804a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a5-ccd4-4c3b-804a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8e28dcf7fd7ce1ad9a65c186e09a7843ee31af924509148f085958cadfdda8fb/analysis/1390204101/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a5-0420-4acc-9548-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:45.000Z",
            "modified": "2015-09-17T08:02:45.000Z",
            "description": "MiniDuke - Xchecked via VT: 28a43eac3be1b96c68a1e7463ae91367434a2ac4",
            "pattern": "[file:hashes.SHA256 = 'c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a5-8400-4cbc-9021-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:45.000Z",
            "modified": "2015-09-17T08:02:45.000Z",
            "description": "MiniDuke - Xchecked via VT: 28a43eac3be1b96c68a1e7463ae91367434a2ac4",
            "pattern": "[file:hashes.MD5 = '297ef5bf99b5e4fd413f3755ba6aad79']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a6-71dc-418d-9b0d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:46.000Z",
            "modified": "2015-09-17T08:02:46.000Z",
            "first_observed": "2015-09-17T08:02:46Z",
            "last_observed": "2015-09-17T08:02:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a6-71dc-418d-9b0d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a6-71dc-418d-9b0d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295/analysis/1410181713/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a6-42c0-4031-8506-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:46.000Z",
            "modified": "2015-09-17T08:02:46.000Z",
            "description": "MiniDuke - Xchecked via VT: 223c7eb7b9dde08ee028bba6552409ee144db54a",
            "pattern": "[file:hashes.SHA256 = '35c08566dc38ad65e906b3683ace98e5beef855aeedc611a0317a72eee193539']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a7-54b0-4608-a71c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:47.000Z",
            "modified": "2015-09-17T08:02:47.000Z",
            "description": "MiniDuke - Xchecked via VT: 223c7eb7b9dde08ee028bba6552409ee144db54a",
            "pattern": "[file:hashes.MD5 = 'a67ad3e2a020f690d892b727102a759b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a7-1fc8-41f3-94cd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:47.000Z",
            "modified": "2015-09-17T08:02:47.000Z",
            "first_observed": "2015-09-17T08:02:47Z",
            "last_observed": "2015-09-17T08:02:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a7-1fc8-41f3-94cd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a7-1fc8-41f3-94cd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/35c08566dc38ad65e906b3683ace98e5beef855aeedc611a0317a72eee193539/analysis/1425032225/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a7-11b8-4398-84ab-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:47.000Z",
            "modified": "2015-09-17T08:02:47.000Z",
            "description": "MiniDuke - Xchecked via VT: 1e6b9414fce4277207aab2aa12e4f0842a23f9c1",
            "pattern": "[file:hashes.SHA256 = '7889fbd40f65cfe21d0c7486b29eb4c5042abff4ac660c12c7936831445cfd6e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a8-dcf4-4e6e-abaf-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:48.000Z",
            "modified": "2015-09-17T08:02:48.000Z",
            "description": "MiniDuke - Xchecked via VT: 1e6b9414fce4277207aab2aa12e4f0842a23f9c1",
            "pattern": "[file:hashes.MD5 = 'a4ad6b55b1bc9e16123de1388f6ef9bf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a8-7320-4237-9489-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:48.000Z",
            "modified": "2015-09-17T08:02:48.000Z",
            "first_observed": "2015-09-17T08:02:48Z",
            "last_observed": "2015-09-17T08:02:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a8-7320-4237-9489-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a8-7320-4237-9489-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7889fbd40f65cfe21d0c7486b29eb4c5042abff4ac660c12c7936831445cfd6e/analysis/1436821470/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a8-1034-4179-9ef2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:48.000Z",
            "modified": "2015-09-17T08:02:48.000Z",
            "description": "MiniDuke - Xchecked via VT: 1ba5bcd62abcbff517a4adb2609f721dd7f609df",
            "pattern": "[file:hashes.SHA256 = '1f19bd932336fa721e739b32c07b67c01ea4bd0ebc70e92a70f41e51f4668a0a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a9-9df8-4939-bcff-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:49.000Z",
            "modified": "2015-09-17T08:02:49.000Z",
            "description": "MiniDuke - Xchecked via VT: 1ba5bcd62abcbff517a4adb2609f721dd7f609df",
            "pattern": "[file:hashes.MD5 = '48bbce47e4d2d51811ea99d5a771cd1a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73a9-ecd8-4048-bef1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:49.000Z",
            "modified": "2015-09-17T08:02:49.000Z",
            "first_observed": "2015-09-17T08:02:49Z",
            "last_observed": "2015-09-17T08:02:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73a9-ecd8-4048-bef1-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73a9-ecd8-4048-bef1-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1f19bd932336fa721e739b32c07b67c01ea4bd0ebc70e92a70f41e51f4668a0a/analysis/1387095457/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73a9-f0e8-4aa1-b071-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:49.000Z",
            "modified": "2015-09-17T08:02:49.000Z",
            "description": "MiniDuke - Xchecked via VT: 15c75472f160f082f6905d57a98de94c026e2c56",
            "pattern": "[file:hashes.SHA256 = 'de8184c6850d17f90e861309828af1f7b7e3b1695ebe5d303d3d4b6ef4ba1218']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73aa-9b24-4eb5-b020-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:50.000Z",
            "modified": "2015-09-17T08:02:50.000Z",
            "description": "MiniDuke - Xchecked via VT: 15c75472f160f082f6905d57a98de94c026e2c56",
            "pattern": "[file:hashes.MD5 = '738c60fff066934b6f33e368cfe9a88c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73aa-0128-48d7-9830-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:50.000Z",
            "modified": "2015-09-17T08:02:50.000Z",
            "first_observed": "2015-09-17T08:02:50Z",
            "last_observed": "2015-09-17T08:02:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73aa-0128-48d7-9830-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73aa-0128-48d7-9830-d2c4950d210b",
            "value": "https://www.virustotal.com/file/de8184c6850d17f90e861309828af1f7b7e3b1695ebe5d303d3d4b6ef4ba1218/analysis/1426774519/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73aa-2b1c-4c29-a424-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:50.000Z",
            "modified": "2015-09-17T08:02:50.000Z",
            "description": "MiniDuke - Xchecked via VT: 118114446847ead7a2fe87ecb4943fdbdd2bbd1e",
            "pattern": "[file:hashes.SHA256 = '29ad305cba186c07cedc1f633c09b9b0171289301e1d4319a1d76d0513a6ac50']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ab-22bc-4ecf-bae3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:51.000Z",
            "modified": "2015-09-17T08:02:51.000Z",
            "description": "MiniDuke - Xchecked via VT: 118114446847ead7a2fe87ecb4943fdbdd2bbd1e",
            "pattern": "[file:hashes.MD5 = '4c6608203e751cf27f627220269d6835']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ab-a440-430a-9537-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:51.000Z",
            "modified": "2015-09-17T08:02:51.000Z",
            "first_observed": "2015-09-17T08:02:51Z",
            "last_observed": "2015-09-17T08:02:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ab-a440-430a-9537-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ab-a440-430a-9537-d2c4950d210b",
            "value": "https://www.virustotal.com/file/29ad305cba186c07cedc1f633c09b9b0171289301e1d4319a1d76d0513a6ac50/analysis/1436359467/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ab-d25c-4bcf-9b4d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:51.000Z",
            "modified": "2015-09-17T08:02:51.000Z",
            "description": "MiniDuke - Xchecked via VT: 103c37f6276059a5ff47117b7f638013ccffe407",
            "pattern": "[file:hashes.SHA256 = '55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ac-cdd0-49e4-b1e8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:52.000Z",
            "modified": "2015-09-17T08:02:52.000Z",
            "description": "MiniDuke - Xchecked via VT: 103c37f6276059a5ff47117b7f638013ccffe407",
            "pattern": "[file:hashes.MD5 = '74593127f50abff5327b3f7038b456d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ac-3458-4a9f-b605-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:52.000Z",
            "modified": "2015-09-17T08:02:52.000Z",
            "first_observed": "2015-09-17T08:02:52Z",
            "last_observed": "2015-09-17T08:02:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ac-3458-4a9f-b605-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ac-3458-4a9f-b605-d2c4950d210b",
            "value": "https://www.virustotal.com/file/55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468/analysis/1430508692/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ac-cac8-4956-a583-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:52.000Z",
            "modified": "2015-09-17T08:02:52.000Z",
            "description": "MiniDuke - Xchecked via VT: 0e263d80c46d5a538115f71e077a6175168abc5c",
            "pattern": "[file:hashes.SHA256 = '05e4224d4dd4e5fbd381ed33edb5bf847fbc138fbe9f57cb7d1f8fc9fa9a382d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ad-2358-4660-b5d3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:53.000Z",
            "modified": "2015-09-17T08:02:53.000Z",
            "description": "MiniDuke - Xchecked via VT: 0e263d80c46d5a538115f71e077a6175168abc5c",
            "pattern": "[file:hashes.MD5 = '78e51be60eab2c6e952c9538a46ab521']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ad-8aa4-4d19-8cec-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:53.000Z",
            "modified": "2015-09-17T08:02:53.000Z",
            "first_observed": "2015-09-17T08:02:53Z",
            "last_observed": "2015-09-17T08:02:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ad-8aa4-4d19-8cec-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ad-8aa4-4d19-8cec-d2c4950d210b",
            "value": "https://www.virustotal.com/file/05e4224d4dd4e5fbd381ed33edb5bf847fbc138fbe9f57cb7d1f8fc9fa9a382d/analysis/1415363486/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ad-d8bc-48bd-b149-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:53.000Z",
            "modified": "2015-09-17T08:02:53.000Z",
            "description": "MiniDuke - Xchecked via VT: 0d78d1690d2db2ee322ca11b82d79c758a901ebc",
            "pattern": "[file:hashes.SHA256 = 'abfffd23c81b6301675567622ccee08cf578ce91f372fce68cff8fc1dbc3053d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ae-7f1c-43a8-a4ae-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:54.000Z",
            "modified": "2015-09-17T08:02:54.000Z",
            "description": "MiniDuke - Xchecked via VT: 0d78d1690d2db2ee322ca11b82d79c758a901ebc",
            "pattern": "[file:hashes.MD5 = 'c786a4cdfe08dbe7c64972a14669c4d1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ae-9ca0-4472-abdf-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:54.000Z",
            "modified": "2015-09-17T08:02:54.000Z",
            "first_observed": "2015-09-17T08:02:54Z",
            "last_observed": "2015-09-17T08:02:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ae-9ca0-4472-abdf-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ae-9ca0-4472-abdf-d2c4950d210b",
            "value": "https://www.virustotal.com/file/abfffd23c81b6301675567622ccee08cf578ce91f372fce68cff8fc1dbc3053d/analysis/1421402405/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ae-a444-43e9-aaac-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:54.000Z",
            "modified": "2015-09-17T08:02:54.000Z",
            "description": "MiniDuke - Xchecked via VT: 045867051a6052d1d910abfcb24a7674bcc046ca",
            "pattern": "[file:hashes.SHA256 = 'e961202d84aad7fa9faaeb63651735416612d25c611a7a025e2eaab67c79e272']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73af-d0cc-4f4c-9488-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:55.000Z",
            "modified": "2015-09-17T08:02:55.000Z",
            "description": "MiniDuke - Xchecked via VT: 045867051a6052d1d910abfcb24a7674bcc046ca",
            "pattern": "[file:hashes.MD5 = 'ff83dad77ac2b526849930f1860dfd3f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73af-48ec-44dd-9f11-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:55.000Z",
            "modified": "2015-09-17T08:02:55.000Z",
            "first_observed": "2015-09-17T08:02:55Z",
            "last_observed": "2015-09-17T08:02:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73af-48ec-44dd-9f11-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73af-48ec-44dd-9f11-d2c4950d210b",
            "value": "https://www.virustotal.com/file/e961202d84aad7fa9faaeb63651735416612d25c611a7a025e2eaab67c79e272/analysis/1355025475/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b0-8404-4265-a1d0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:56.000Z",
            "modified": "2015-09-17T08:02:56.000Z",
            "description": "MiniDuke - Xchecked via VT: 03661a5e2352a797233c23883b25bb652f03f205",
            "pattern": "[file:hashes.SHA256 = '6e57c69963562d28a3a9da9f9103c199c909d0baa185a5d21e1b200a5a14ab72']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b0-b108-4be4-98e3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:56.000Z",
            "modified": "2015-09-17T08:02:56.000Z",
            "description": "MiniDuke - Xchecked via VT: 03661a5e2352a797233c23883b25bb652f03f205",
            "pattern": "[file:hashes.MD5 = '9f13dc03904dbd45374acc2134477273']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b0-95a8-4fbb-8651-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:56.000Z",
            "modified": "2015-09-17T08:02:56.000Z",
            "first_observed": "2015-09-17T08:02:56Z",
            "last_observed": "2015-09-17T08:02:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b0-95a8-4fbb-8651-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b0-95a8-4fbb-8651-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6e57c69963562d28a3a9da9f9103c199c909d0baa185a5d21e1b200a5a14ab72/analysis/1383810542/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b1-c134-4a30-84e3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:57.000Z",
            "modified": "2015-09-17T08:02:57.000Z",
            "description": "MiniDuke - Xchecked via VT: 00852745cb40730dc333124549a768b471dff4bc",
            "pattern": "[file:hashes.SHA256 = '3d0b1f970eaeeabf9372ffc1ad7e61226632904cf0311ea8f872ddbfd34a3a2a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b1-c798-4e16-8b39-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:57.000Z",
            "modified": "2015-09-17T08:02:57.000Z",
            "description": "MiniDuke - Xchecked via VT: 00852745cb40730dc333124549a768b471dff4bc",
            "pattern": "[file:hashes.MD5 = 'cf59ed2b5473281cc2e083eba3f4b662']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b1-44e0-476c-a852-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:57.000Z",
            "modified": "2015-09-17T08:02:57.000Z",
            "first_observed": "2015-09-17T08:02:57Z",
            "last_observed": "2015-09-17T08:02:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b1-44e0-476c-a852-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b1-44e0-476c-a852-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3d0b1f970eaeeabf9372ffc1ad7e61226632904cf0311ea8f872ddbfd34a3a2a/analysis/1426778165/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b2-349c-466f-aad9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:58.000Z",
            "modified": "2015-09-17T08:02:58.000Z",
            "description": "CosmicDuke - Xchecked via VT: fecdba1d903a51499a3953b4df1d850fbd5438bd",
            "pattern": "[file:hashes.SHA256 = '3e889cd495e008760fd12751d6d45cadf8a7280c4545f2ebe469f84b9b77c835']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b2-bf54-49b6-8112-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:58.000Z",
            "modified": "2015-09-17T08:02:58.000Z",
            "description": "CosmicDuke - Xchecked via VT: fecdba1d903a51499a3953b4df1d850fbd5438bd",
            "pattern": "[file:hashes.MD5 = 'dffcd7f930f8874dc9f5115d0ae50b57']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b2-6128-4066-9171-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:58.000Z",
            "modified": "2015-09-17T08:02:58.000Z",
            "first_observed": "2015-09-17T08:02:58Z",
            "last_observed": "2015-09-17T08:02:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b2-6128-4066-9171-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b2-6128-4066-9171-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3e889cd495e008760fd12751d6d45cadf8a7280c4545f2ebe469f84b9b77c835/analysis/1440568995/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b3-1e20-4f12-a1bb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:59.000Z",
            "modified": "2015-09-17T08:02:59.000Z",
            "description": "CosmicDuke - Xchecked via VT: fbf290f6adad79ae9628ec6d5703e5ffb86cf8f1",
            "pattern": "[file:hashes.SHA256 = 'f21794d0b0938643e2aabe9f2ed762528e631a2ebda76020d0b59ce91fb51e41']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b3-10b4-41a9-aab8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:59.000Z",
            "modified": "2015-09-17T08:02:59.000Z",
            "description": "CosmicDuke - Xchecked via VT: fbf290f6adad79ae9628ec6d5703e5ffb86cf8f1",
            "pattern": "[file:hashes.MD5 = '5080bc705217c614b9cbf67a679979a8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:02:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b3-46d4-47e7-ae7f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:02:59.000Z",
            "modified": "2015-09-17T08:02:59.000Z",
            "first_observed": "2015-09-17T08:02:59Z",
            "last_observed": "2015-09-17T08:02:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b3-46d4-47e7-ae7f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b3-46d4-47e7-ae7f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f21794d0b0938643e2aabe9f2ed762528e631a2ebda76020d0b59ce91fb51e41/analysis/1437392702/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b4-25bc-4a8a-8a25-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:00.000Z",
            "modified": "2015-09-17T08:03:00.000Z",
            "description": "CosmicDuke - Xchecked via VT: f621ec1b363e13dd60474fcfab374b8570ede4de",
            "pattern": "[file:hashes.SHA256 = '68355d29ce79a5177084fe6292f0f8b9daa2018c571b552fff9f4a0815b432ce']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b4-8bc0-4484-aa13-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:00.000Z",
            "modified": "2015-09-17T08:03:00.000Z",
            "description": "CosmicDuke - Xchecked via VT: f621ec1b363e13dd60474fcfab374b8570ede4de",
            "pattern": "[file:hashes.MD5 = 'd824cbf08604dea9724ab8e707bb9fec']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b4-76ec-4e61-a9c1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:00.000Z",
            "modified": "2015-09-17T08:03:00.000Z",
            "first_observed": "2015-09-17T08:03:00Z",
            "last_observed": "2015-09-17T08:03:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b4-76ec-4e61-a9c1-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b4-76ec-4e61-a9c1-d2c4950d210b",
            "value": "https://www.virustotal.com/file/68355d29ce79a5177084fe6292f0f8b9daa2018c571b552fff9f4a0815b432ce/analysis/1440569012/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b5-00dc-4849-926b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:01.000Z",
            "modified": "2015-09-17T08:03:01.000Z",
            "description": "CosmicDuke - Xchecked via VT: ed328e83cda3cdf75ff68372d69bcbacfe2c9c5e",
            "pattern": "[file:hashes.SHA256 = '43bcee4067c067d9063ddfc101fc8b5a6e8d42184ef8b0fdd9bb14102cb9973d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b5-c634-41fd-8be4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:01.000Z",
            "modified": "2015-09-17T08:03:01.000Z",
            "description": "CosmicDuke - Xchecked via VT: ed328e83cda3cdf75ff68372d69bcbacfe2c9c5e",
            "pattern": "[file:hashes.MD5 = 'f5cc1c0c90fb89e4b4fc048c5a03b46f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b5-38fc-4f3d-8ad5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:01.000Z",
            "modified": "2015-09-17T08:03:01.000Z",
            "first_observed": "2015-09-17T08:03:01Z",
            "last_observed": "2015-09-17T08:03:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b5-38fc-4f3d-8ad5-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b5-38fc-4f3d-8ad5-d2c4950d210b",
            "value": "https://www.virustotal.com/file/43bcee4067c067d9063ddfc101fc8b5a6e8d42184ef8b0fdd9bb14102cb9973d/analysis/1316679386/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b6-251c-4379-9a23-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:02.000Z",
            "modified": "2015-09-17T08:03:02.000Z",
            "description": "CosmicDuke - Xchecked via VT: ed14da9b9075bd3281967033c90886fd7d4f14e5",
            "pattern": "[file:hashes.SHA256 = '9c2562e05eb940ae8d73c9baa7cfe85cb3ec619689227f65e4fbeeb3fec598ad']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b6-9e24-443d-92a5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:02.000Z",
            "modified": "2015-09-17T08:03:02.000Z",
            "description": "CosmicDuke - Xchecked via VT: ed14da9b9075bd3281967033c90886fd7d4f14e5",
            "pattern": "[file:hashes.MD5 = 'acac7584d7dc066d27555997d0f6d6cf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b6-e604-4870-a54a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:02.000Z",
            "modified": "2015-09-17T08:03:02.000Z",
            "first_observed": "2015-09-17T08:03:02Z",
            "last_observed": "2015-09-17T08:03:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b6-e604-4870-a54a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b6-e604-4870-a54a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/9c2562e05eb940ae8d73c9baa7cfe85cb3ec619689227f65e4fbeeb3fec598ad/analysis/1440570565/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b7-ca80-44e0-9c3e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:03.000Z",
            "modified": "2015-09-17T08:03:03.000Z",
            "description": "CosmicDuke - Xchecked via VT: ecd2feb0afd5614d7575598c63d9b0146a67ecaa",
            "pattern": "[file:hashes.SHA256 = 'bd4928921ddadb44f9f573da61dac034533bf14fe38acd5754f3ccec1d566300']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b7-cbac-4f7c-94c2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:03.000Z",
            "modified": "2015-09-17T08:03:03.000Z",
            "description": "CosmicDuke - Xchecked via VT: ecd2feb0afd5614d7575598c63d9b0146a67ecaa",
            "pattern": "[file:hashes.MD5 = 'edf7a81dab0bf0520bfb8204a010b730']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b8-e90c-4872-bffe-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:04.000Z",
            "modified": "2015-09-17T08:03:04.000Z",
            "first_observed": "2015-09-17T08:03:04Z",
            "last_observed": "2015-09-17T08:03:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b8-e90c-4872-bffe-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b8-e90c-4872-bffe-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bd4928921ddadb44f9f573da61dac034533bf14fe38acd5754f3ccec1d566300/analysis/1438095616/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b8-8734-43ff-89d0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:04.000Z",
            "modified": "2015-09-17T08:03:04.000Z",
            "description": "CosmicDuke - Xchecked via VT: e841ca216ce4ee9e967ffff9b059d31ccbf126bd",
            "pattern": "[file:hashes.SHA256 = '6322e8bbb5a7cc542a7da0fb33a60fc7443bcbd8601b828c9c7f138c71cce090']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b8-18ec-4dd8-86fa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:04.000Z",
            "modified": "2015-09-17T08:03:04.000Z",
            "description": "CosmicDuke - Xchecked via VT: e841ca216ce4ee9e967ffff9b059d31ccbf126bd",
            "pattern": "[file:hashes.MD5 = 'f239e79e87f09000c247ff7e91ab9603']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73b9-eee8-4b1d-a087-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:05.000Z",
            "modified": "2015-09-17T08:03:05.000Z",
            "first_observed": "2015-09-17T08:03:05Z",
            "last_observed": "2015-09-17T08:03:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73b9-eee8-4b1d-a087-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73b9-eee8-4b1d-a087-d2c4950d210b",
            "value": "https://www.virustotal.com/file/6322e8bbb5a7cc542a7da0fb33a60fc7443bcbd8601b828c9c7f138c71cce090/analysis/1393228396/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b9-7864-44d5-b83f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:05.000Z",
            "modified": "2015-09-17T08:03:05.000Z",
            "description": "CosmicDuke - Xchecked via VT: e60d36efd6b307bef4f18e31e7932a711106cd44",
            "pattern": "[file:hashes.SHA256 = '2eafc64769c500d635b7225c9b1411db8f50db8618e4d5807e1640b641a2f5ee']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73b9-7d94-4719-94a4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:05.000Z",
            "modified": "2015-09-17T08:03:05.000Z",
            "description": "CosmicDuke - Xchecked via VT: e60d36efd6b307bef4f18e31e7932a711106cd44",
            "pattern": "[file:hashes.MD5 = '61c6d0076ee4187f9ec31841aa645d42']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ba-e218-4d18-a96a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:06.000Z",
            "modified": "2015-09-17T08:03:06.000Z",
            "first_observed": "2015-09-17T08:03:06Z",
            "last_observed": "2015-09-17T08:03:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ba-e218-4d18-a96a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ba-e218-4d18-a96a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2eafc64769c500d635b7225c9b1411db8f50db8618e4d5807e1640b641a2f5ee/analysis/1284297296/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ba-b0e4-40d4-b559-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:06.000Z",
            "modified": "2015-09-17T08:03:06.000Z",
            "description": "CosmicDuke - Xchecked via VT: d303a6ddd63ce993a8432f4daab5132732748843",
            "pattern": "[file:hashes.SHA256 = 'c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ba-7200-4863-9377-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:06.000Z",
            "modified": "2015-09-17T08:03:06.000Z",
            "description": "CosmicDuke - Xchecked via VT: d303a6ddd63ce993a8432f4daab5132732748843",
            "pattern": "[file:hashes.MD5 = '3adea70969f52d365c119b3d25619de9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73bb-6a78-4af3-ae49-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:07.000Z",
            "modified": "2015-09-17T08:03:07.000Z",
            "first_observed": "2015-09-17T08:03:07Z",
            "last_observed": "2015-09-17T08:03:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73bb-6a78-4af3-ae49-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73bb-6a78-4af3-ae49-d2c4950d210b",
            "value": "https://www.virustotal.com/file/c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665/analysis/1436509802/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bb-d2c4-4e53-864a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:07.000Z",
            "modified": "2015-09-17T08:03:07.000Z",
            "description": "CosmicDuke - Xchecked via VT: cd7116fc6a5fa170690590e161c7589d502bd6a7",
            "pattern": "[file:hashes.SHA256 = '4bc8280a99d07165055fabed11049d8da275f27f5d8cffc4ed10a68be2d0cb84']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bb-1c98-49b1-95a5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:07.000Z",
            "modified": "2015-09-17T08:03:07.000Z",
            "description": "CosmicDuke - Xchecked via VT: cd7116fc6a5fa170690590e161c7589d502bd6a7",
            "pattern": "[file:hashes.MD5 = '37369a91ad462f1fac9004f3a86bb3ac']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73bc-1d14-48dc-9111-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:08.000Z",
            "modified": "2015-09-17T08:03:08.000Z",
            "first_observed": "2015-09-17T08:03:08Z",
            "last_observed": "2015-09-17T08:03:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73bc-1d14-48dc-9111-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73bc-1d14-48dc-9111-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4bc8280a99d07165055fabed11049d8da275f27f5d8cffc4ed10a68be2d0cb84/analysis/1354586768/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bc-1534-4b77-bb4e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:08.000Z",
            "modified": "2015-09-17T08:03:08.000Z",
            "description": "CosmicDuke - Xchecked via VT: ccb29875222527af4e58b9dd8994c3c7ef617fd8",
            "pattern": "[file:hashes.SHA256 = '04819cde7e928e6ff376daeb73b894959f672a85b363753c227416fc0f4a8acd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bc-209c-4fed-8697-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:08.000Z",
            "modified": "2015-09-17T08:03:08.000Z",
            "description": "CosmicDuke - Xchecked via VT: ccb29875222527af4e58b9dd8994c3c7ef617fd8",
            "pattern": "[file:hashes.MD5 = '0be02d5f66f84ebd03f362ad4b4a06e6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73bd-8008-41cc-95d8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:09.000Z",
            "modified": "2015-09-17T08:03:09.000Z",
            "first_observed": "2015-09-17T08:03:09Z",
            "last_observed": "2015-09-17T08:03:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73bd-8008-41cc-95d8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73bd-8008-41cc-95d8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/04819cde7e928e6ff376daeb73b894959f672a85b363753c227416fc0f4a8acd/analysis/1440570606/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bd-00d0-4e58-bcc1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:09.000Z",
            "modified": "2015-09-17T08:03:09.000Z",
            "description": "CosmicDuke - Xchecked via VT: cbca642acdb9f6df1b3efef0af8e675e32bd71d1",
            "pattern": "[file:hashes.SHA256 = 'a38e41831d495ceb07dd232506447c62203ab05fe9e15e2b2a6a74aa9b0b0e96']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bd-85a8-4a63-a482-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:09.000Z",
            "modified": "2015-09-17T08:03:09.000Z",
            "description": "CosmicDuke - Xchecked via VT: cbca642acdb9f6df1b3efef0af8e675e32bd71d1",
            "pattern": "[file:hashes.MD5 = '9003e1d69cd29280d2233c1634370c60']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73be-c73c-4aa0-ad88-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:10.000Z",
            "modified": "2015-09-17T08:03:10.000Z",
            "first_observed": "2015-09-17T08:03:10Z",
            "last_observed": "2015-09-17T08:03:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73be-c73c-4aa0-ad88-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73be-c73c-4aa0-ad88-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a38e41831d495ceb07dd232506447c62203ab05fe9e15e2b2a6a74aa9b0b0e96/analysis/1362100872/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73be-2ac0-48dc-a9d3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:10.000Z",
            "modified": "2015-09-17T08:03:10.000Z",
            "description": "CosmicDuke - Xchecked via VT: c637a9c3fb08879e0f54230bd8dca81deb6e1bcf",
            "pattern": "[file:hashes.SHA256 = '4203168c1bad752af7f39f8fa8eae4e8a5e41f39892abffa804d52a008e2dfd7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73be-59fc-4828-9e72-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:10.000Z",
            "modified": "2015-09-17T08:03:10.000Z",
            "description": "CosmicDuke - Xchecked via VT: c637a9c3fb08879e0f54230bd8dca81deb6e1bcf",
            "pattern": "[file:hashes.MD5 = 'bc304fb92a79bab73b75772427d14ffa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73bf-4440-4c71-b043-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:11.000Z",
            "modified": "2015-09-17T08:03:11.000Z",
            "first_observed": "2015-09-17T08:03:11Z",
            "last_observed": "2015-09-17T08:03:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73bf-4440-4c71-b043-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73bf-4440-4c71-b043-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4203168c1bad752af7f39f8fa8eae4e8a5e41f39892abffa804d52a008e2dfd7/analysis/1348716534/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73bf-a574-4d39-bf3e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:11.000Z",
            "modified": "2015-09-17T08:03:11.000Z",
            "description": "CosmicDuke - Xchecked via VT: c2b5aff3435a7241637f288fedef722541c4dad8",
            "pattern": "[file:hashes.SHA256 = 'bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c0-8b74-420b-818b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:11.000Z",
            "modified": "2015-09-17T08:03:11.000Z",
            "description": "CosmicDuke - Xchecked via VT: c2b5aff3435a7241637f288fedef722541c4dad8",
            "pattern": "[file:hashes.MD5 = '345adb4594e3a2b02041c7e2b5fde46b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c0-9a5c-462a-9fab-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:12.000Z",
            "modified": "2015-09-17T08:03:12.000Z",
            "first_observed": "2015-09-17T08:03:12Z",
            "last_observed": "2015-09-17T08:03:12Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c0-9a5c-462a-9fab-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c0-9a5c-462a-9fab-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab/analysis/1404368080/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c0-18b8-4c0d-ab60-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:12.000Z",
            "modified": "2015-09-17T08:03:12.000Z",
            "description": "CosmicDuke - Xchecked via VT: bbe24aa5e554002f8fd092fc5af7747931307a15",
            "pattern": "[file:hashes.SHA256 = '910a016a7b6e0a76bc7ddf12f9135090e0b23d00c382d70084b46bea4bbbcae7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c1-35b0-4381-a305-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:13.000Z",
            "modified": "2015-09-17T08:03:13.000Z",
            "description": "CosmicDuke - Xchecked via VT: bbe24aa5e554002f8fd092fc5af7747931307a15",
            "pattern": "[file:hashes.MD5 = '26e8b95dfbc6a8aafe40ab84b1d2ab5e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c1-4f8c-4418-9cc7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:13.000Z",
            "modified": "2015-09-17T08:03:13.000Z",
            "first_observed": "2015-09-17T08:03:13Z",
            "last_observed": "2015-09-17T08:03:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c1-4f8c-4418-9cc7-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c1-4f8c-4418-9cc7-d2c4950d210b",
            "value": "https://www.virustotal.com/file/910a016a7b6e0a76bc7ddf12f9135090e0b23d00c382d70084b46bea4bbbcae7/analysis/1276620632/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c1-a244-4fe0-8ecb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:13.000Z",
            "modified": "2015-09-17T08:03:13.000Z",
            "description": "CosmicDuke - Xchecked via VT: b579845c223331fea9dfd674517fa4633082970e",
            "pattern": "[file:hashes.SHA256 = '73aac0b568f83746c9a54a2a6fdd2984c3e6f8d0c77a681c219abb9480859197']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c2-43b4-44d0-98c5-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:14.000Z",
            "modified": "2015-09-17T08:03:14.000Z",
            "description": "CosmicDuke - Xchecked via VT: b579845c223331fea9dfd674517fa4633082970e",
            "pattern": "[file:hashes.MD5 = '2337a4fa99547eb0cf7600601ab44dda']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c2-49ac-4acc-abd3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:14.000Z",
            "modified": "2015-09-17T08:03:14.000Z",
            "first_observed": "2015-09-17T08:03:14Z",
            "last_observed": "2015-09-17T08:03:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c2-49ac-4acc-abd3-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c2-49ac-4acc-abd3-d2c4950d210b",
            "value": "https://www.virustotal.com/file/73aac0b568f83746c9a54a2a6fdd2984c3e6f8d0c77a681c219abb9480859197/analysis/1436418461/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c2-ffdc-4ffb-8c9f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:14.000Z",
            "modified": "2015-09-17T08:03:14.000Z",
            "description": "CosmicDuke - Xchecked via VT: b54b3c67f1827dab4cc2b3de94ff0af4e5db3d4c",
            "pattern": "[file:hashes.SHA256 = '16870c6b572934f5a106d5f632b6d41bb23924c12ddf172be24c6dfca25226b1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c3-180c-419a-a5da-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:15.000Z",
            "modified": "2015-09-17T08:03:15.000Z",
            "description": "CosmicDuke - Xchecked via VT: b54b3c67f1827dab4cc2b3de94ff0af4e5db3d4c",
            "pattern": "[file:hashes.MD5 = 'f611f8b0655a8980cf71a252536c7a5a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c3-de74-4c86-86d4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:15.000Z",
            "modified": "2015-09-17T08:03:15.000Z",
            "first_observed": "2015-09-17T08:03:15Z",
            "last_observed": "2015-09-17T08:03:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c3-de74-4c86-86d4-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c3-de74-4c86-86d4-d2c4950d210b",
            "value": "https://www.virustotal.com/file/16870c6b572934f5a106d5f632b6d41bb23924c12ddf172be24c6dfca25226b1/analysis/1440570634/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c3-6628-422a-b427-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:15.000Z",
            "modified": "2015-09-17T08:03:15.000Z",
            "description": "CosmicDuke - Xchecked via VT: b2a951c5b2613abdb9174678f43a579592b0abc9",
            "pattern": "[file:hashes.SHA256 = '7c2bb277e3a982e9e2f76da2c96119514dde4f3e36b16eca5994be5f28bd0029']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c4-7e20-42af-8083-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:16.000Z",
            "modified": "2015-09-17T08:03:16.000Z",
            "description": "CosmicDuke - Xchecked via VT: b2a951c5b2613abdb9174678f43a579592b0abc9",
            "pattern": "[file:hashes.MD5 = 'b2737204531a80c31bb30e9be9a1cc4c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c4-5a84-4380-a363-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:16.000Z",
            "modified": "2015-09-17T08:03:16.000Z",
            "first_observed": "2015-09-17T08:03:16Z",
            "last_observed": "2015-09-17T08:03:16Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c4-5a84-4380-a363-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c4-5a84-4380-a363-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7c2bb277e3a982e9e2f76da2c96119514dde4f3e36b16eca5994be5f28bd0029/analysis/1418406140/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c4-313c-412f-a868-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:16.000Z",
            "modified": "2015-09-17T08:03:16.000Z",
            "description": "CosmicDuke - Xchecked via VT: a81b58b2171c6a728039dc493faaf2cab7d146a5",
            "pattern": "[file:hashes.SHA256 = '7d9296ac474b991780b41f654b557e01ba93ae932ba717146e60c1b9ed579539']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c5-9e08-4c03-b0a4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:17.000Z",
            "modified": "2015-09-17T08:03:17.000Z",
            "description": "CosmicDuke - Xchecked via VT: a81b58b2171c6a728039dc493faaf2cab7d146a5",
            "pattern": "[file:hashes.MD5 = '35c6928790ce08309af997654ed6d719']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c5-1b64-43cf-b1b6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:17.000Z",
            "modified": "2015-09-17T08:03:17.000Z",
            "first_observed": "2015-09-17T08:03:17Z",
            "last_observed": "2015-09-17T08:03:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c5-1b64-43cf-b1b6-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c5-1b64-43cf-b1b6-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7d9296ac474b991780b41f654b557e01ba93ae932ba717146e60c1b9ed579539/analysis/1436418976/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c5-95d8-4a8d-8c73-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:17.000Z",
            "modified": "2015-09-17T08:03:17.000Z",
            "description": "CosmicDuke - Xchecked via VT: a7819c06746ae8d1e5d5111b1ca711db0c8d923e",
            "pattern": "[file:hashes.SHA256 = '30b24935c8537c51ce56a69510019d8481ac78e6c5ccdbe792c625c69c5358f9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c6-86c0-46fc-ae0a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:18.000Z",
            "modified": "2015-09-17T08:03:18.000Z",
            "description": "CosmicDuke - Xchecked via VT: a7819c06746ae8d1e5d5111b1ca711db0c8d923e",
            "pattern": "[file:hashes.MD5 = 'd47b25667effc0f88ab460c6edeecc55']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c6-2ee4-43e4-8260-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:18.000Z",
            "modified": "2015-09-17T08:03:18.000Z",
            "first_observed": "2015-09-17T08:03:18Z",
            "last_observed": "2015-09-17T08:03:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c6-2ee4-43e4-8260-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c6-2ee4-43e4-8260-d2c4950d210b",
            "value": "https://www.virustotal.com/file/30b24935c8537c51ce56a69510019d8481ac78e6c5ccdbe792c625c69c5358f9/analysis/1410335357/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c6-3f7c-4f84-a9be-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:18.000Z",
            "modified": "2015-09-17T08:03:18.000Z",
            "description": "CosmicDuke - Xchecked via VT: a74eceea45207a6b46f461d436b73314b2065756",
            "pattern": "[file:hashes.SHA256 = 'a7b230593aa43c701c30862d3054b4510ed1dea1fd5f219b1c3bc11321bab73b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c7-0ff8-4170-b9c1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:19.000Z",
            "modified": "2015-09-17T08:03:19.000Z",
            "description": "CosmicDuke - Xchecked via VT: a74eceea45207a6b46f461d436b73314b2065756",
            "pattern": "[file:hashes.MD5 = '704381812f4cc3c5b3875ea33232c842']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c7-4104-4f30-b8af-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:19.000Z",
            "modified": "2015-09-17T08:03:19.000Z",
            "first_observed": "2015-09-17T08:03:19Z",
            "last_observed": "2015-09-17T08:03:19Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c7-4104-4f30-b8af-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c7-4104-4f30-b8af-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a7b230593aa43c701c30862d3054b4510ed1dea1fd5f219b1c3bc11321bab73b/analysis/1374213846/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c7-9eec-45a5-b492-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:19.000Z",
            "modified": "2015-09-17T08:03:19.000Z",
            "description": "CosmicDuke - Xchecked via VT: a421e0758f1007527fec4d72fa2668da340554c9",
            "pattern": "[file:hashes.SHA256 = '85d75a3eddc2f849e1dee40b47629ea0d1e3a1da6ba3cd9078177bb61a63f4fd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c8-1118-44c1-900c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:20.000Z",
            "modified": "2015-09-17T08:03:20.000Z",
            "description": "CosmicDuke - Xchecked via VT: a421e0758f1007527fec4d72fa2668da340554c9",
            "pattern": "[file:hashes.MD5 = '75c97ca9b085411af1860523c3c884b5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c8-ccf4-4488-b99b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:20.000Z",
            "modified": "2015-09-17T08:03:20.000Z",
            "first_observed": "2015-09-17T08:03:20Z",
            "last_observed": "2015-09-17T08:03:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c8-ccf4-4488-b99b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c8-ccf4-4488-b99b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/85d75a3eddc2f849e1dee40b47629ea0d1e3a1da6ba3cd9078177bb61a63f4fd/analysis/1271543920/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c8-327c-4beb-8a87-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:20.000Z",
            "modified": "2015-09-17T08:03:20.000Z",
            "description": "CosmicDuke - Xchecked via VT: a2ed0eaaeadaa90d25f8b1da23033593bb76598e",
            "pattern": "[file:hashes.SHA256 = '4e9942bddfeb3369897c58d9b8fe2478c1df96e5b13733bfb24d975282685c29']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73c9-0910-4029-bb80-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:21.000Z",
            "modified": "2015-09-17T08:03:21.000Z",
            "description": "CosmicDuke - Xchecked via VT: a2ed0eaaeadaa90d25f8b1da23033593bb76598e",
            "pattern": "[file:hashes.MD5 = 'cf2041ddfdc177b863a23ab7ade78043']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73c9-ac74-48f5-9b9e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:21.000Z",
            "modified": "2015-09-17T08:03:21.000Z",
            "first_observed": "2015-09-17T08:03:21Z",
            "last_observed": "2015-09-17T08:03:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73c9-ac74-48f5-9b9e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73c9-ac74-48f5-9b9e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4e9942bddfeb3369897c58d9b8fe2478c1df96e5b13733bfb24d975282685c29/analysis/1364274631/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ca-c4ac-4f9b-b8d1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:22.000Z",
            "modified": "2015-09-17T08:03:22.000Z",
            "description": "CosmicDuke - Xchecked via VT: 97c62e04b0ce401bd338224cdd58f5943f47c8de",
            "pattern": "[file:hashes.SHA256 = 'ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ca-c7cc-4280-9339-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:22.000Z",
            "modified": "2015-09-17T08:03:22.000Z",
            "description": "CosmicDuke - Xchecked via VT: 97c62e04b0ce401bd338224cdd58f5943f47c8de",
            "pattern": "[file:hashes.MD5 = '37c394e3e15d211a050446bc90edac94']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ca-33cc-4fc8-999e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:22.000Z",
            "modified": "2015-09-17T08:03:22.000Z",
            "first_observed": "2015-09-17T08:03:22Z",
            "last_observed": "2015-09-17T08:03:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ca-33cc-4fc8-999e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ca-33cc-4fc8-999e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8/analysis/1426841217/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cb-90b4-4809-a454-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:23.000Z",
            "modified": "2015-09-17T08:03:23.000Z",
            "description": "CosmicDuke - Xchecked via VT: 9700c8a41a929449cfba6567a648e9c5e4a14e70",
            "pattern": "[file:hashes.SHA256 = '4fc0bbb90aeecd3229aa932437273ba59f887a6eac569b56693602b957e205e2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cb-fe38-4fa7-aa06-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:23.000Z",
            "modified": "2015-09-17T08:03:23.000Z",
            "description": "CosmicDuke - Xchecked via VT: 9700c8a41a929449cfba6567a648e9c5e4a14e70",
            "pattern": "[file:hashes.MD5 = '608b22fcd2d067730176e335d3c6454b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73cb-8d6c-4edd-97d9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:23.000Z",
            "modified": "2015-09-17T08:03:23.000Z",
            "first_observed": "2015-09-17T08:03:23Z",
            "last_observed": "2015-09-17T08:03:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73cb-8d6c-4edd-97d9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73cb-8d6c-4edd-97d9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4fc0bbb90aeecd3229aa932437273ba59f887a6eac569b56693602b957e205e2/analysis/1440570687/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cc-0608-4058-9098-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:24.000Z",
            "modified": "2015-09-17T08:03:24.000Z",
            "description": "CosmicDuke - Xchecked via VT: 926046f0c727358d1a6fbdd6ff3e28bc67d5e2f6",
            "pattern": "[file:hashes.SHA256 = 'f6af08e31471c98adcc26f9916e26d41aa0c47ff94949d3174d55c320032be26']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cc-6e8c-41c4-94be-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:24.000Z",
            "modified": "2015-09-17T08:03:24.000Z",
            "description": "CosmicDuke - Xchecked via VT: 926046f0c727358d1a6fbdd6ff3e28bc67d5e2f6",
            "pattern": "[file:hashes.MD5 = '2bd46a980dde8eaa13e3defffb87e1e0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73cc-8b50-4d63-8eff-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:24.000Z",
            "modified": "2015-09-17T08:03:24.000Z",
            "first_observed": "2015-09-17T08:03:24Z",
            "last_observed": "2015-09-17T08:03:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73cc-8b50-4d63-8eff-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73cc-8b50-4d63-8eff-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f6af08e31471c98adcc26f9916e26d41aa0c47ff94949d3174d55c320032be26/analysis/1353747588/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cd-3d60-4d8b-be3f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:25.000Z",
            "modified": "2015-09-17T08:03:25.000Z",
            "description": "CosmicDuke - Xchecked via VT: 91fd13a6b44e99f7235697ab5fe520d540279741",
            "pattern": "[file:hashes.SHA256 = '0dc70c0f2ed18c813a89c59686f375787ba683b549b1e6bb9aee6ca33be64bfb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cd-9130-453f-8037-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:25.000Z",
            "modified": "2015-09-17T08:03:25.000Z",
            "description": "CosmicDuke - Xchecked via VT: 91fd13a6b44e99f7235697ab5fe520d540279741",
            "pattern": "[file:hashes.MD5 = 'd34c6d5875f5d2aab929d1f7ce968860']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73cd-bdcc-4e51-8f90-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:25.000Z",
            "modified": "2015-09-17T08:03:25.000Z",
            "first_observed": "2015-09-17T08:03:25Z",
            "last_observed": "2015-09-17T08:03:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73cd-bdcc-4e51-8f90-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73cd-bdcc-4e51-8f90-d2c4950d210b",
            "value": "https://www.virustotal.com/file/0dc70c0f2ed18c813a89c59686f375787ba683b549b1e6bb9aee6ca33be64bfb/analysis/1402109006/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ce-cd30-4981-91f7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:26.000Z",
            "modified": "2015-09-17T08:03:26.000Z",
            "description": "CosmicDuke - Xchecked via VT: 9090de286ce9126e8e9c1c3a175a70ab4656ca09",
            "pattern": "[file:hashes.SHA256 = 'cb0d78c79ad46c04e7ab66ca95588db8ccde4d2710a171585b0276736aa4e059']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ce-2cf8-4312-bcd6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:26.000Z",
            "modified": "2015-09-17T08:03:26.000Z",
            "description": "CosmicDuke - Xchecked via VT: 9090de286ce9126e8e9c1c3a175a70ab4656ca09",
            "pattern": "[file:hashes.MD5 = 'baffad69d3ce95853a6db80711b74a38']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ce-1f14-47c5-9dfd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:26.000Z",
            "modified": "2015-09-17T08:03:26.000Z",
            "first_observed": "2015-09-17T08:03:26Z",
            "last_observed": "2015-09-17T08:03:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ce-1f14-47c5-9dfd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ce-1f14-47c5-9dfd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/cb0d78c79ad46c04e7ab66ca95588db8ccde4d2710a171585b0276736aa4e059/analysis/1401811760/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cf-009c-460e-9755-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:27.000Z",
            "modified": "2015-09-17T08:03:27.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8f4138e9588ef329b5cf5bc945dee4ad9fec1dff",
            "pattern": "[file:hashes.SHA256 = '1005b40f977b92cbc01b7a66558ff0621cbaf36f7b4b2ab2ca3c3a267891bc8d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73cf-0684-43dc-94c0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:27.000Z",
            "modified": "2015-09-17T08:03:27.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8f4138e9588ef329b5cf5bc945dee4ad9fec1dff",
            "pattern": "[file:hashes.MD5 = '50a56d98be79a1e6f04a1964e170a5d7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73cf-cc54-444c-99da-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:27.000Z",
            "modified": "2015-09-17T08:03:27.000Z",
            "first_observed": "2015-09-17T08:03:27Z",
            "last_observed": "2015-09-17T08:03:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73cf-cc54-444c-99da-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73cf-cc54-444c-99da-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1005b40f977b92cbc01b7a66558ff0621cbaf36f7b4b2ab2ca3c3a267891bc8d/analysis/1425886920/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d0-dbe0-495d-a784-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:28.000Z",
            "modified": "2015-09-17T08:03:28.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8ab7f806fa18dd9a9c2dc43db0ad3ee79060b6e8",
            "pattern": "[file:hashes.SHA256 = '9ce93f04dbb6a3b833f1146a54dadfdc224fdf24e3cca1f8a1eb4e902d597ff6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d0-4cc8-4f3c-8c0e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:28.000Z",
            "modified": "2015-09-17T08:03:28.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8ab7f806fa18dd9a9c2dc43db0ad3ee79060b6e8",
            "pattern": "[file:hashes.MD5 = 'd729fbb50665932fe529f7073acca9c1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d0-2884-4466-be6a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:28.000Z",
            "modified": "2015-09-17T08:03:28.000Z",
            "first_observed": "2015-09-17T08:03:28Z",
            "last_observed": "2015-09-17T08:03:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d0-2884-4466-be6a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d0-2884-4466-be6a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/9ce93f04dbb6a3b833f1146a54dadfdc224fdf24e3cca1f8a1eb4e902d597ff6/analysis/1432209261/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d1-b198-4cde-b6e4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:29.000Z",
            "modified": "2015-09-17T08:03:29.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8aa9f5d426428ec360229f4cb9f722388f0e535c",
            "pattern": "[file:hashes.SHA256 = '51b4e69183f3d02124f3314cc64a7869425f053d8021c74c12f21d7c2afe2163']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d1-9d94-4c2f-88b6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:29.000Z",
            "modified": "2015-09-17T08:03:29.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8aa9f5d426428ec360229f4cb9f722388f0e535c",
            "pattern": "[file:hashes.MD5 = '1a874e5ecd67dffab45e17e9b730daed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d2-a27c-419e-8af2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:30.000Z",
            "modified": "2015-09-17T08:03:30.000Z",
            "first_observed": "2015-09-17T08:03:30Z",
            "last_observed": "2015-09-17T08:03:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d2-a27c-419e-8af2-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d2-a27c-419e-8af2-d2c4950d210b",
            "value": "https://www.virustotal.com/file/51b4e69183f3d02124f3314cc64a7869425f053d8021c74c12f21d7c2afe2163/analysis/1440569163/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d2-acac-4eb4-9753-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:30.000Z",
            "modified": "2015-09-17T08:03:30.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8a2227cafa5713297313844344d6b6d9e0885093",
            "pattern": "[file:hashes.SHA256 = '008beba8635e24baa50beee2e98654f73c04476a06fdcb893655f0a8201932d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d2-30a8-4782-b617-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:30.000Z",
            "modified": "2015-09-17T08:03:30.000Z",
            "description": "CosmicDuke - Xchecked via VT: 8a2227cafa5713297313844344d6b6d9e0885093",
            "pattern": "[file:hashes.MD5 = '2a998ce2750335079d73e6b2eb2bd011']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d3-e858-409c-82aa-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:31.000Z",
            "modified": "2015-09-17T08:03:31.000Z",
            "first_observed": "2015-09-17T08:03:31Z",
            "last_observed": "2015-09-17T08:03:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d3-e858-409c-82aa-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d3-e858-409c-82aa-d2c4950d210b",
            "value": "https://www.virustotal.com/file/008beba8635e24baa50beee2e98654f73c04476a06fdcb893655f0a8201932d2/analysis/1421529047/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d3-bf60-4edf-a2e0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:31.000Z",
            "modified": "2015-09-17T08:03:31.000Z",
            "description": "CosmicDuke - Xchecked via VT: 88b7ead7c0bf8b3d8a54b4a9c8871f44d1577ce7",
            "pattern": "[file:hashes.SHA256 = '4f9b6a88245f782d81e9eec9315b9444c83d68941f9fc23641e3909c8da9db9d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d3-14e0-43ac-90e3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:31.000Z",
            "modified": "2015-09-17T08:03:31.000Z",
            "description": "CosmicDuke - Xchecked via VT: 88b7ead7c0bf8b3d8a54b4a9c8871f44d1577ce7",
            "pattern": "[file:hashes.MD5 = '664b149ae8469cbda7fd7ed48c7dc9b6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d4-97cc-4562-8829-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:32.000Z",
            "modified": "2015-09-17T08:03:32.000Z",
            "first_observed": "2015-09-17T08:03:32Z",
            "last_observed": "2015-09-17T08:03:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d4-97cc-4562-8829-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d4-97cc-4562-8829-d2c4950d210b",
            "value": "https://www.virustotal.com/file/4f9b6a88245f782d81e9eec9315b9444c83d68941f9fc23641e3909c8da9db9d/analysis/1414740655/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d4-4a78-41fa-829d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:32.000Z",
            "modified": "2015-09-17T08:03:32.000Z",
            "description": "CosmicDuke - Xchecked via VT: 807c3db7385972a78b6d217a379dab67e68a3cf5",
            "pattern": "[file:hashes.SHA256 = '1c348f1582385bfbf030abe20caabbd289d0f48a4076b1b6ccc417864070e9fe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d4-20c0-441d-98b8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:32.000Z",
            "modified": "2015-09-17T08:03:32.000Z",
            "description": "CosmicDuke - Xchecked via VT: 807c3db7385972a78b6d217a379dab67e68a3cf5",
            "pattern": "[file:hashes.MD5 = 'fa3b44b8a4a2a2b473cd5d934d1ec4bc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d5-4f34-4969-8520-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:33.000Z",
            "modified": "2015-09-17T08:03:33.000Z",
            "first_observed": "2015-09-17T08:03:33Z",
            "last_observed": "2015-09-17T08:03:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d5-4f34-4969-8520-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d5-4f34-4969-8520-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1c348f1582385bfbf030abe20caabbd289d0f48a4076b1b6ccc417864070e9fe/analysis/1347791318/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d5-bb2c-4e7b-b0d1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:33.000Z",
            "modified": "2015-09-17T08:03:33.000Z",
            "description": "CosmicDuke - Xchecked via VT: 7ad1bef0ba61dbed98d76d4207676d08c893fc13",
            "pattern": "[file:hashes.SHA256 = '29585bb17b28e8b15b2a250be9516f416fa7cac84cc24aa4e004f6987323147e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d5-eb0c-4d33-9cf2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:33.000Z",
            "modified": "2015-09-17T08:03:33.000Z",
            "description": "CosmicDuke - Xchecked via VT: 7ad1bef0ba61dbed98d76d4207676d08c893fc13",
            "pattern": "[file:hashes.MD5 = '925b37a936304a5914941ac4584e346c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d6-07c8-46a7-be18-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:34.000Z",
            "modified": "2015-09-17T08:03:34.000Z",
            "first_observed": "2015-09-17T08:03:34Z",
            "last_observed": "2015-09-17T08:03:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d6-07c8-46a7-be18-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d6-07c8-46a7-be18-d2c4950d210b",
            "value": "https://www.virustotal.com/file/29585bb17b28e8b15b2a250be9516f416fa7cac84cc24aa4e004f6987323147e/analysis/1438095584/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d6-b178-466e-afd4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:34.000Z",
            "modified": "2015-09-17T08:03:34.000Z",
            "description": "CosmicDuke - Xchecked via VT: 78d1c1e11ebae22849bccb3eb154ec986d992364",
            "pattern": "[file:hashes.SHA256 = 'f6c62f9f846b3d100d60b1f2ae57a71c91dd8dc215dce652e2c85dff60c0197f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d6-0af4-4517-9950-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:34.000Z",
            "modified": "2015-09-17T08:03:34.000Z",
            "description": "CosmicDuke - Xchecked via VT: 78d1c1e11ebae22849bccb3eb154ec986d992364",
            "pattern": "[file:hashes.MD5 = '23273a83bfd7aed10b9403e23a8bcba9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d7-0918-4081-9bea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:35.000Z",
            "modified": "2015-09-17T08:03:35.000Z",
            "first_observed": "2015-09-17T08:03:35Z",
            "last_observed": "2015-09-17T08:03:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d7-0918-4081-9bea-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d7-0918-4081-9bea-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f6c62f9f846b3d100d60b1f2ae57a71c91dd8dc215dce652e2c85dff60c0197f/analysis/1440679501/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d7-4ff4-4483-a4d3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:35.000Z",
            "modified": "2015-09-17T08:03:35.000Z",
            "description": "CosmicDuke - Xchecked via VT: 7803f160af428bcfb4b9ea2aba07886f232cde4e",
            "pattern": "[file:hashes.SHA256 = '5b50e26a01b320f05d66727e9d220d5858cdac203ff62e4b9ced1cafc2683637']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d7-2ef8-4b1d-bc01-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:35.000Z",
            "modified": "2015-09-17T08:03:35.000Z",
            "description": "CosmicDuke - Xchecked via VT: 7803f160af428bcfb4b9ea2aba07886f232cde4e",
            "pattern": "[file:hashes.MD5 = 'b59199877e0d68a5e93fc8ea76374ed1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d8-45a0-41eb-97a6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:36.000Z",
            "modified": "2015-09-17T08:03:36.000Z",
            "first_observed": "2015-09-17T08:03:36Z",
            "last_observed": "2015-09-17T08:03:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d8-45a0-41eb-97a6-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d8-45a0-41eb-97a6-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5b50e26a01b320f05d66727e9d220d5858cdac203ff62e4b9ced1cafc2683637/analysis/1417350114/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d8-127c-4d5f-bc50-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:36.000Z",
            "modified": "2015-09-17T08:03:36.000Z",
            "description": "CosmicDuke - Xchecked via VT: 764add69922342b8c4200d64652fbee1376adf1c",
            "pattern": "[file:hashes.SHA256 = '2146da9bc0e27d7eb10983b7dd89f250fa0015ce284dde8f0bb6a79626d34a2a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d8-cde8-4dc7-9666-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:36.000Z",
            "modified": "2015-09-17T08:03:36.000Z",
            "description": "CosmicDuke - Xchecked via VT: 764add69922342b8c4200d64652fbee1376adf1c",
            "pattern": "[file:hashes.MD5 = 'e175be029dd2b78c059278a567b3ada1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73d9-7c74-4cef-a784-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:37.000Z",
            "modified": "2015-09-17T08:03:37.000Z",
            "first_observed": "2015-09-17T08:03:37Z",
            "last_observed": "2015-09-17T08:03:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73d9-7c74-4cef-a784-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73d9-7c74-4cef-a784-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2146da9bc0e27d7eb10983b7dd89f250fa0015ce284dde8f0bb6a79626d34a2a/analysis/1440569202/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d9-bc84-4c4e-abbe-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:37.000Z",
            "modified": "2015-09-17T08:03:37.000Z",
            "description": "CosmicDuke - Xchecked via VT: 7631f1db92e61504596790057ce674ee90570755",
            "pattern": "[file:hashes.SHA256 = 'd5f1d8d2629b91744fe812207cb3f0bebfd1aec9937b7744a263d1a4e3421063']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73d9-5470-455e-b9d0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:37.000Z",
            "modified": "2015-09-17T08:03:37.000Z",
            "description": "CosmicDuke - Xchecked via VT: 7631f1db92e61504596790057ce674ee90570755",
            "pattern": "[file:hashes.MD5 = '20d86cb4ebbffb739faa47f7354ee134']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73da-afe8-4a98-a5dd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:38.000Z",
            "modified": "2015-09-17T08:03:38.000Z",
            "first_observed": "2015-09-17T08:03:38Z",
            "last_observed": "2015-09-17T08:03:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73da-afe8-4a98-a5dd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73da-afe8-4a98-a5dd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/d5f1d8d2629b91744fe812207cb3f0bebfd1aec9937b7744a263d1a4e3421063/analysis/1440570756/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73da-d720-40d1-b378-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:38.000Z",
            "modified": "2015-09-17T08:03:38.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6db1151eeb4339fc72d6d094e2d6c2572de89470",
            "pattern": "[file:hashes.SHA256 = '334ed05005ce829224d0dd4cc5baab6b837cf02ac0e321c8f97d11b3ba1c77a7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73da-87bc-434d-88c7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:38.000Z",
            "modified": "2015-09-17T08:03:38.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6db1151eeb4339fc72d6d094e2d6c2572de89470",
            "pattern": "[file:hashes.MD5 = '5a7659b691a3caf107e6636d8906dcb0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73db-c0d8-4a6e-9f9c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:39.000Z",
            "modified": "2015-09-17T08:03:39.000Z",
            "first_observed": "2015-09-17T08:03:39Z",
            "last_observed": "2015-09-17T08:03:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73db-c0d8-4a6e-9f9c-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73db-c0d8-4a6e-9f9c-d2c4950d210b",
            "value": "https://www.virustotal.com/file/334ed05005ce829224d0dd4cc5baab6b837cf02ac0e321c8f97d11b3ba1c77a7/analysis/1440570773/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73db-1c94-4e63-bb2a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:39.000Z",
            "modified": "2015-09-17T08:03:39.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6b7a4ccd5a411c03e3f1e86f86b273965991eb85",
            "pattern": "[file:hashes.SHA256 = '92172ff7bfeee332409a145bc626bebf732225d006877168f35c046368e5118c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73dc-6be0-445a-86b3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:40.000Z",
            "modified": "2015-09-17T08:03:40.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6b7a4ccd5a411c03e3f1e86f86b273965991eb85",
            "pattern": "[file:hashes.MD5 = 'cd012e8f5340d2e148d2c2cbac4270a1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73dc-6e70-400d-9d93-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:40.000Z",
            "modified": "2015-09-17T08:03:40.000Z",
            "first_observed": "2015-09-17T08:03:40Z",
            "last_observed": "2015-09-17T08:03:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73dc-6e70-400d-9d93-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73dc-6e70-400d-9d93-d2c4950d210b",
            "value": "https://www.virustotal.com/file/92172ff7bfeee332409a145bc626bebf732225d006877168f35c046368e5118c/analysis/1414758879/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73dc-b54c-4b10-99a0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:40.000Z",
            "modified": "2015-09-17T08:03:40.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6a43ada6a3741892b56b0ef38cdf48df1ace236d",
            "pattern": "[file:hashes.SHA256 = '3d37e753812687fb7287cf8644d13fe2673ea7c3b540637c1ce1c6819f1c521b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73dd-588c-425f-a6f0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:41.000Z",
            "modified": "2015-09-17T08:03:41.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6a43ada6a3741892b56b0ef38cdf48df1ace236d",
            "pattern": "[file:hashes.MD5 = 'dc92eba92885f2e937cb6f694647eb71']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73dd-08e4-4430-bc83-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:41.000Z",
            "modified": "2015-09-17T08:03:41.000Z",
            "first_observed": "2015-09-17T08:03:41Z",
            "last_observed": "2015-09-17T08:03:41Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73dd-08e4-4430-bc83-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73dd-08e4-4430-bc83-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3d37e753812687fb7287cf8644d13fe2673ea7c3b540637c1ce1c6819f1c521b/analysis/1440569233/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73dd-b5cc-4dad-b9ea-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:41.000Z",
            "modified": "2015-09-17T08:03:41.000Z",
            "description": "CosmicDuke - Xchecked via VT: 658db78c0ce62e08e86b51988a222b5fb5fbb913",
            "pattern": "[file:hashes.SHA256 = '38c0252f75b1c6b3980e40bb69cb932773a6e0b189fc8a80efc2dcb455209eab']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73de-94fc-4dfb-bcd3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:42.000Z",
            "modified": "2015-09-17T08:03:42.000Z",
            "description": "CosmicDuke - Xchecked via VT: 658db78c0ce62e08e86b51988a222b5fb5fbb913",
            "pattern": "[file:hashes.MD5 = '18edd6bc785e56990f6721cd553c24ad']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73de-0b0c-4f53-b988-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:42.000Z",
            "modified": "2015-09-17T08:03:42.000Z",
            "first_observed": "2015-09-17T08:03:42Z",
            "last_observed": "2015-09-17T08:03:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73de-0b0c-4f53-b988-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73de-0b0c-4f53-b988-d2c4950d210b",
            "value": "https://www.virustotal.com/file/38c0252f75b1c6b3980e40bb69cb932773a6e0b189fc8a80efc2dcb455209eab/analysis/1436418201/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73de-6210-48c1-bbfb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:42.000Z",
            "modified": "2015-09-17T08:03:42.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6483ed51bd244c7b2cf97db62602b19c27fa3059",
            "pattern": "[file:hashes.SHA256 = '8290b324f5cdb5c3ea17fa48a74bc11c856f0da0b049d07d9316d161f71f26a5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73df-e394-4b0d-b662-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:43.000Z",
            "modified": "2015-09-17T08:03:43.000Z",
            "description": "CosmicDuke - Xchecked via VT: 6483ed51bd244c7b2cf97db62602b19c27fa3059",
            "pattern": "[file:hashes.MD5 = '1e417aa350346731f6e0c936d725f1a5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73df-a67c-4f2a-b742-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:43.000Z",
            "modified": "2015-09-17T08:03:43.000Z",
            "first_observed": "2015-09-17T08:03:43Z",
            "last_observed": "2015-09-17T08:03:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73df-a67c-4f2a-b742-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73df-a67c-4f2a-b742-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8290b324f5cdb5c3ea17fa48a74bc11c856f0da0b049d07d9316d161f71f26a5/analysis/1432191473/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73df-9d84-4aff-8443-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:43.000Z",
            "modified": "2015-09-17T08:03:43.000Z",
            "description": "CosmicDuke - Xchecked via VT: 63aedcd38fe947404dda4fbaddb1da539d632417",
            "pattern": "[file:hashes.SHA256 = '027c9da59c77e83b42535a0c965c4994a144715e796453fc2a5b189f0036c4b4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e0-8c4c-4300-861b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:44.000Z",
            "modified": "2015-09-17T08:03:44.000Z",
            "description": "CosmicDuke - Xchecked via VT: 63aedcd38fe947404dda4fbaddb1da539d632417",
            "pattern": "[file:hashes.MD5 = '89c6c5439a2747d7f2a7305521dddcbb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e0-7850-4042-bb0b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:44.000Z",
            "modified": "2015-09-17T08:03:44.000Z",
            "first_observed": "2015-09-17T08:03:44Z",
            "last_observed": "2015-09-17T08:03:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e0-7850-4042-bb0b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e0-7850-4042-bb0b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/027c9da59c77e83b42535a0c965c4994a144715e796453fc2a5b189f0036c4b4/analysis/1405570202/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e0-23b4-497d-8f4f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:44.000Z",
            "modified": "2015-09-17T08:03:44.000Z",
            "description": "CosmicDuke - Xchecked via VT: 5c5ec0b5112a74a95edc23ef093792eb3698320e",
            "pattern": "[file:hashes.SHA256 = '64e3a2bba82027dd6ff631fa5890a7ba8331b62a0a4c0b1ca24d143c2b61c323']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e1-0534-4caa-8334-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:45.000Z",
            "modified": "2015-09-17T08:03:45.000Z",
            "description": "CosmicDuke - Xchecked via VT: 5c5ec0b5112a74a95edc23ef093792eb3698320e",
            "pattern": "[file:hashes.MD5 = '3729a14be6b3a92265cf6d8e14c79abe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e1-a0a4-44aa-ac82-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:45.000Z",
            "modified": "2015-09-17T08:03:45.000Z",
            "first_observed": "2015-09-17T08:03:45Z",
            "last_observed": "2015-09-17T08:03:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e1-a0a4-44aa-ac82-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e1-a0a4-44aa-ac82-d2c4950d210b",
            "value": "https://www.virustotal.com/file/64e3a2bba82027dd6ff631fa5890a7ba8331b62a0a4c0b1ca24d143c2b61c323/analysis/1440569260/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e1-c770-40d7-a89f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:45.000Z",
            "modified": "2015-09-17T08:03:45.000Z",
            "description": "CosmicDuke - Xchecked via VT: 5a199a75411047903b7ba7851bf705ec545f6da9",
            "pattern": "[file:hashes.SHA256 = 'fe5bc1248fc79fc15663ef169f0a269c1abe847d00b01e9571fe5c0d760d68f0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e2-24f0-4b9e-8cde-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:46.000Z",
            "modified": "2015-09-17T08:03:46.000Z",
            "description": "CosmicDuke - Xchecked via VT: 5a199a75411047903b7ba7851bf705ec545f6da9",
            "pattern": "[file:hashes.MD5 = 'f22606385080d35551e7f8e8f49b7de9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e2-aa1c-4f25-9bd1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:46.000Z",
            "modified": "2015-09-17T08:03:46.000Z",
            "first_observed": "2015-09-17T08:03:46Z",
            "last_observed": "2015-09-17T08:03:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e2-aa1c-4f25-9bd1-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e2-aa1c-4f25-9bd1-d2c4950d210b",
            "value": "https://www.virustotal.com/file/fe5bc1248fc79fc15663ef169f0a269c1abe847d00b01e9571fe5c0d760d68f0/analysis/1440569274/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e2-77e0-487f-ad86-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:46.000Z",
            "modified": "2015-09-17T08:03:46.000Z",
            "description": "CosmicDuke - Xchecked via VT: 580eca9e36dcd1a2deb9075bcae90afee46aace2",
            "pattern": "[file:hashes.SHA256 = '1590bdbaff2c178387e924b689b030057b4cbd2865e9c4dd3886a8791ac8e4ee']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e3-da5c-4b5c-9545-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:47.000Z",
            "modified": "2015-09-17T08:03:47.000Z",
            "description": "CosmicDuke - Xchecked via VT: 580eca9e36dcd1a2deb9075bcae90afee46aace2",
            "pattern": "[file:hashes.MD5 = '351c913e4120081d8f04317121654a39']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e3-3330-4558-b032-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:47.000Z",
            "modified": "2015-09-17T08:03:47.000Z",
            "first_observed": "2015-09-17T08:03:47Z",
            "last_observed": "2015-09-17T08:03:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e3-3330-4558-b032-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e3-3330-4558-b032-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1590bdbaff2c178387e924b689b030057b4cbd2865e9c4dd3886a8791ac8e4ee/analysis/1440569281/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e4-dbcc-40ea-acc4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:48.000Z",
            "modified": "2015-09-17T08:03:48.000Z",
            "description": "CosmicDuke - Xchecked via VT: 55f83ff166ab8978d6ce38e80fde858cf29e660b",
            "pattern": "[file:hashes.SHA256 = '7e371cd323898e403df7a80add34d791e160e443bcd2d02f27ddc0c04ba1bdab']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e4-fcb8-48a0-b881-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:48.000Z",
            "modified": "2015-09-17T08:03:48.000Z",
            "description": "CosmicDuke - Xchecked via VT: 55f83ff166ab8978d6ce38e80fde858cf29e660b",
            "pattern": "[file:hashes.MD5 = '8e5106565fd96df1308d208d1e3426a3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e4-e1a0-455c-9e9f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:48.000Z",
            "modified": "2015-09-17T08:03:48.000Z",
            "first_observed": "2015-09-17T08:03:48Z",
            "last_observed": "2015-09-17T08:03:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e4-e1a0-455c-9e9f-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e4-e1a0-455c-9e9f-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7e371cd323898e403df7a80add34d791e160e443bcd2d02f27ddc0c04ba1bdab/analysis/1440569285/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e5-b070-4b43-bc95-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:49.000Z",
            "modified": "2015-09-17T08:03:49.000Z",
            "description": "CosmicDuke - Xchecked via VT: 558f1d400be521f8286b6a51f56d362d64278132",
            "pattern": "[file:hashes.SHA256 = 'fede980fc70a86f949828b834edc0847490d497efcbd3a1155b7d3afe7c32543']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e5-cfdc-479b-9ceb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:49.000Z",
            "modified": "2015-09-17T08:03:49.000Z",
            "description": "CosmicDuke - Xchecked via VT: 558f1d400be521f8286b6a51f56d362d64278132",
            "pattern": "[file:hashes.MD5 = '5400d3db044befebbc39087ee1fe9533']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e5-f91c-4d79-9ff8-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:49.000Z",
            "modified": "2015-09-17T08:03:49.000Z",
            "first_observed": "2015-09-17T08:03:49Z",
            "last_observed": "2015-09-17T08:03:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e5-f91c-4d79-9ff8-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e5-f91c-4d79-9ff8-d2c4950d210b",
            "value": "https://www.virustotal.com/file/fede980fc70a86f949828b834edc0847490d497efcbd3a1155b7d3afe7c32543/analysis/1412847318/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e6-0114-4589-adc3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:50.000Z",
            "modified": "2015-09-17T08:03:50.000Z",
            "description": "CosmicDuke - Xchecked via VT: 541816260c71535cfebc743b9e2770a3a601acdf",
            "pattern": "[file:hashes.SHA256 = '831267e0977becf098b5064aac6fd39b5f8e6fd975c06d4b8540cea71d402317']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e6-13b8-40bc-908a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:50.000Z",
            "modified": "2015-09-17T08:03:50.000Z",
            "description": "CosmicDuke - Xchecked via VT: 541816260c71535cfebc743b9e2770a3a601acdf",
            "pattern": "[file:hashes.MD5 = '6629b432266d78f9eb74d2d1a71d0d32']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e6-07a4-4ba2-8d88-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:50.000Z",
            "modified": "2015-09-17T08:03:50.000Z",
            "first_observed": "2015-09-17T08:03:50Z",
            "last_observed": "2015-09-17T08:03:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e6-07a4-4ba2-8d88-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e6-07a4-4ba2-8d88-d2c4950d210b",
            "value": "https://www.virustotal.com/file/831267e0977becf098b5064aac6fd39b5f8e6fd975c06d4b8540cea71d402317/analysis/1426773939/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e7-7e1c-450a-a555-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:51.000Z",
            "modified": "2015-09-17T08:03:51.000Z",
            "description": "CosmicDuke - Xchecked via VT: 524aaf596dc12b1bb479cd69c620914fd4c3f9c9",
            "pattern": "[file:hashes.SHA256 = '75e8567e7667eb02eec661134ecc07a7970d9448fc5b7dc021b5bcb039953a47']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e7-428c-459b-be3c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:51.000Z",
            "modified": "2015-09-17T08:03:51.000Z",
            "description": "CosmicDuke - Xchecked via VT: 524aaf596dc12b1bb479cd69c620914fd4c3f9c9",
            "pattern": "[file:hashes.MD5 = '3c0ca0ab63a76dbf836725c95e2a5b7a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e7-337c-499b-8c75-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:51.000Z",
            "modified": "2015-09-17T08:03:51.000Z",
            "first_observed": "2015-09-17T08:03:51Z",
            "last_observed": "2015-09-17T08:03:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e7-337c-499b-8c75-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e7-337c-499b-8c75-d2c4950d210b",
            "value": "https://www.virustotal.com/file/75e8567e7667eb02eec661134ecc07a7970d9448fc5b7dc021b5bcb039953a47/analysis/1386582745/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e8-3278-4df3-92d9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:52.000Z",
            "modified": "2015-09-17T08:03:52.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4fd46c30fb1b6f5431c12a38430d684ed1ff5a75",
            "pattern": "[file:hashes.SHA256 = 'a1176b60ca96cfeb37dde61bde935f645a64fabd8e300f072fc355434b711dcf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e8-e558-4401-a6be-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:52.000Z",
            "modified": "2015-09-17T08:03:52.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4fd46c30fb1b6f5431c12a38430d684ed1ff5a75",
            "pattern": "[file:hashes.MD5 = '75d15f552aba5ed0df80ec2c16ab683e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e8-6c0c-4ff3-86a7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:52.000Z",
            "modified": "2015-09-17T08:03:52.000Z",
            "first_observed": "2015-09-17T08:03:52Z",
            "last_observed": "2015-09-17T08:03:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e8-6c0c-4ff3-86a7-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e8-6c0c-4ff3-86a7-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a1176b60ca96cfeb37dde61bde935f645a64fabd8e300f072fc355434b711dcf/analysis/1410378904/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e9-3484-4527-9b53-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:53.000Z",
            "modified": "2015-09-17T08:03:53.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4fbc518df60df395ea27224cb85c4da2ff327e98",
            "pattern": "[file:hashes.SHA256 = 'b7c4b998d7ebea62b81f2a12c5e8608a21079a0bcecdef81c0f5818a80b0c7eb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73e9-9efc-4478-892c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:53.000Z",
            "modified": "2015-09-17T08:03:53.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4fbc518df60df395ea27224cb85c4da2ff327e98",
            "pattern": "[file:hashes.MD5 = 'ad02edae5173d0b7ba39a3065c9d5d63']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73e9-0014-4738-b906-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:53.000Z",
            "modified": "2015-09-17T08:03:53.000Z",
            "first_observed": "2015-09-17T08:03:53Z",
            "last_observed": "2015-09-17T08:03:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73e9-0014-4738-b906-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73e9-0014-4738-b906-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b7c4b998d7ebea62b81f2a12c5e8608a21079a0bcecdef81c0f5818a80b0c7eb/analysis/1271154606/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ea-2940-4997-83b4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:54.000Z",
            "modified": "2015-09-17T08:03:54.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4e3c9d7eb8302739e6931a3b5b605efe8f211e51",
            "pattern": "[file:hashes.SHA256 = '3c5d2fcacafc21d9f43c595ddf03bec801ccb958b8641018612c21bc741800d0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ea-a7d0-4e84-85fb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:54.000Z",
            "modified": "2015-09-17T08:03:54.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4e3c9d7eb8302739e6931a3b5b605efe8f211e51",
            "pattern": "[file:hashes.MD5 = '9d95c8f09f991a5fc37b79c45ebd2043']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:54Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ea-c160-4a4d-a418-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:54.000Z",
            "modified": "2015-09-17T08:03:54.000Z",
            "first_observed": "2015-09-17T08:03:54Z",
            "last_observed": "2015-09-17T08:03:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ea-c160-4a4d-a418-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ea-c160-4a4d-a418-d2c4950d210b",
            "value": "https://www.virustotal.com/file/3c5d2fcacafc21d9f43c595ddf03bec801ccb958b8641018612c21bc741800d0/analysis/1440569310/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73eb-a4b8-4a98-be0a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:55.000Z",
            "modified": "2015-09-17T08:03:55.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4aaac99607013b21863728b9453e4ffee67b902e",
            "pattern": "[file:hashes.SHA256 = 'f61cdc7f68f47d23c4571b517ab4cdcfd984cf3f6f8f91dec99dfd7dc5a2dcff']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73eb-7dfc-479f-99e3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:55.000Z",
            "modified": "2015-09-17T08:03:55.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4aaac99607013b21863728b9453e4ffee67b902e",
            "pattern": "[file:hashes.MD5 = 'd22c02dafb1ee0ef8d4ea90ac48a6988']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73eb-e124-46dc-b0a9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:55.000Z",
            "modified": "2015-09-17T08:03:55.000Z",
            "first_observed": "2015-09-17T08:03:55Z",
            "last_observed": "2015-09-17T08:03:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73eb-e124-46dc-b0a9-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73eb-e124-46dc-b0a9-d2c4950d210b",
            "value": "https://www.virustotal.com/file/f61cdc7f68f47d23c4571b517ab4cdcfd984cf3f6f8f91dec99dfd7dc5a2dcff/analysis/1413597212/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ec-b998-45fd-8e2f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:56.000Z",
            "modified": "2015-09-17T08:03:56.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4a9875f646c5410f8317191ef2a91f934ce76f57",
            "pattern": "[file:hashes.SHA256 = '5ef73d904cf5dcbec5919fba0b640168d6feb8f7021507568297e3da1a7e47a5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ec-27ec-404b-88fc-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:56.000Z",
            "modified": "2015-09-17T08:03:56.000Z",
            "description": "CosmicDuke - Xchecked via VT: 4a9875f646c5410f8317191ef2a91f934ce76f57",
            "pattern": "[file:hashes.MD5 = '68f6d84ac9a28c2fea59ff5e04577911']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ed-2eac-4c60-9caf-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:57.000Z",
            "modified": "2015-09-17T08:03:57.000Z",
            "first_observed": "2015-09-17T08:03:57Z",
            "last_observed": "2015-09-17T08:03:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ed-2eac-4c60-9caf-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ed-2eac-4c60-9caf-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5ef73d904cf5dcbec5919fba0b640168d6feb8f7021507568297e3da1a7e47a5/analysis/1416390827/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ed-3338-48dd-9ef7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:57.000Z",
            "modified": "2015-09-17T08:03:57.000Z",
            "description": "CosmicDuke - Xchecked via VT: 42dbfbedd813e6dbea1398323f085a88fa014293",
            "pattern": "[file:hashes.SHA256 = '47f3405ab0da5af125bcc6ebb6d17a1573b090c54d7a0a00630ec170ccc4b9d1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ed-bfd4-46ed-8fda-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:57.000Z",
            "modified": "2015-09-17T08:03:57.000Z",
            "description": "CosmicDuke - Xchecked via VT: 42dbfbedd813e6dbea1398323f085a88fa014293",
            "pattern": "[file:hashes.MD5 = '933b3c5d3728ef6e08af4ae579c00d11']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ee-43bc-4a80-ac49-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:58.000Z",
            "modified": "2015-09-17T08:03:58.000Z",
            "first_observed": "2015-09-17T08:03:58Z",
            "last_observed": "2015-09-17T08:03:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ee-43bc-4a80-ac49-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ee-43bc-4a80-ac49-d2c4950d210b",
            "value": "https://www.virustotal.com/file/47f3405ab0da5af125bcc6ebb6d17a1573b090c54d7a0a00630ec170ccc4b9d1/analysis/1439688255/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ee-4bac-4829-8e86-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:58.000Z",
            "modified": "2015-09-17T08:03:58.000Z",
            "description": "CosmicDuke - Xchecked via VT: 3f4a5bf72a15b7a8638655b24eb3359e229b9aea",
            "pattern": "[file:hashes.SHA256 = '82670519b8d63d36967c611bc94659e5bff867837129ac93bcffe7589af46384']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ee-998c-4894-97cc-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:58.000Z",
            "modified": "2015-09-17T08:03:58.000Z",
            "description": "CosmicDuke - Xchecked via VT: 3f4a5bf72a15b7a8638655b24eb3359e229b9aea",
            "pattern": "[file:hashes.MD5 = '8019dea970331823a504baaa90d3470f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ef-5378-4fc8-bb81-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:59.000Z",
            "modified": "2015-09-17T08:03:59.000Z",
            "first_observed": "2015-09-17T08:03:59Z",
            "last_observed": "2015-09-17T08:03:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ef-5378-4fc8-bb81-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ef-5378-4fc8-bb81-d2c4950d210b",
            "value": "https://www.virustotal.com/file/82670519b8d63d36967c611bc94659e5bff867837129ac93bcffe7589af46384/analysis/1436421128/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ef-44a4-4835-8847-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:59.000Z",
            "modified": "2015-09-17T08:03:59.000Z",
            "description": "CosmicDuke - Xchecked via VT: 3980f0e3fe80b2e7378325ab64ecbe725ae5eca9",
            "pattern": "[file:hashes.SHA256 = '2e8aa9dac584a51c7d960baccf76747c858175573f5c013b7c44328f0871da04']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ef-f5e0-4717-b43b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:03:59.000Z",
            "modified": "2015-09-17T08:03:59.000Z",
            "description": "CosmicDuke - Xchecked via VT: 3980f0e3fe80b2e7378325ab64ecbe725ae5eca9",
            "pattern": "[file:hashes.MD5 = '52c73a7801a186077ed27a4cb7c7f887']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:03:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f0-f8d4-4a57-a137-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:00.000Z",
            "modified": "2015-09-17T08:04:00.000Z",
            "first_observed": "2015-09-17T08:04:00Z",
            "last_observed": "2015-09-17T08:04:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f0-f8d4-4a57-a137-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f0-f8d4-4a57-a137-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2e8aa9dac584a51c7d960baccf76747c858175573f5c013b7c44328f0871da04/analysis/1310884374/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f0-3438-4a12-98a0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:00.000Z",
            "modified": "2015-09-17T08:04:00.000Z",
            "description": "CosmicDuke - Xchecked via VT: 365f61c7886ca82bfdf8ee19ce0f92c4f7d0901e",
            "pattern": "[file:hashes.SHA256 = 'cae1277446cb62f1ed3674e7ea87063a28b9d364e3638fa779fe8e3d6e1fb15f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f0-adac-4eee-a667-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:00.000Z",
            "modified": "2015-09-17T08:04:00.000Z",
            "description": "CosmicDuke - Xchecked via VT: 365f61c7886ca82bfdf8ee19ce0f92c4f7d0901e",
            "pattern": "[file:hashes.MD5 = '0295fb28f715a19e2b0c497b5dd55629']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f1-85cc-4c12-8857-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:01.000Z",
            "modified": "2015-09-17T08:04:01.000Z",
            "first_observed": "2015-09-17T08:04:01Z",
            "last_observed": "2015-09-17T08:04:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f1-85cc-4c12-8857-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f1-85cc-4c12-8857-d2c4950d210b",
            "value": "https://www.virustotal.com/file/cae1277446cb62f1ed3674e7ea87063a28b9d364e3638fa779fe8e3d6e1fb15f/analysis/1425262391/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f1-7b00-4ff4-90d2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:01.000Z",
            "modified": "2015-09-17T08:04:01.000Z",
            "description": "CosmicDuke - Xchecked via VT: 332aac7bdb0f697fd96e35c31c54d15e548061f4",
            "pattern": "[file:hashes.SHA256 = 'ffc6a96b542196dbe322de199ee7b2621966d4c0d32ab43f78b9516a3576da09']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f1-1384-4c74-9d1c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:01.000Z",
            "modified": "2015-09-17T08:04:01.000Z",
            "description": "CosmicDuke - Xchecked via VT: 332aac7bdb0f697fd96e35c31c54d15e548061f4",
            "pattern": "[file:hashes.MD5 = 'dee4b9c620a390be143a79f555225c85']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f2-ed94-443f-88a0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:02.000Z",
            "modified": "2015-09-17T08:04:02.000Z",
            "first_observed": "2015-09-17T08:04:02Z",
            "last_observed": "2015-09-17T08:04:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f2-ed94-443f-88a0-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f2-ed94-443f-88a0-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ffc6a96b542196dbe322de199ee7b2621966d4c0d32ab43f78b9516a3576da09/analysis/1375957667/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f2-6d00-4895-9d84-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:02.000Z",
            "modified": "2015-09-17T08:04:02.000Z",
            "description": "CosmicDuke - Xchecked via VT: 322e042cf1cb43a8072c4a4cbf6e37004a88d6f7",
            "pattern": "[file:hashes.SHA256 = '55ba0c04d488903e07f0747407ed56319f0d9aac113c7f9c62287442f1f78c45']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f2-2d14-4189-89ba-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:02.000Z",
            "modified": "2015-09-17T08:04:02.000Z",
            "description": "CosmicDuke - Xchecked via VT: 322e042cf1cb43a8072c4a4cbf6e37004a88d6f7",
            "pattern": "[file:hashes.MD5 = 'b5304f94cd5baae6fb5dad19c2759d2c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f3-d448-4b4d-b654-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:03.000Z",
            "modified": "2015-09-17T08:04:03.000Z",
            "first_observed": "2015-09-17T08:04:03Z",
            "last_observed": "2015-09-17T08:04:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f3-d448-4b4d-b654-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f3-d448-4b4d-b654-d2c4950d210b",
            "value": "https://www.virustotal.com/file/55ba0c04d488903e07f0747407ed56319f0d9aac113c7f9c62287442f1f78c45/analysis/1439381618/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f3-8488-46db-a0f0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:03.000Z",
            "modified": "2015-09-17T08:04:03.000Z",
            "description": "CosmicDuke - Xchecked via VT: 2b1e7d54723cf9ee2fd133b8f17fa99470d7a51a",
            "pattern": "[file:hashes.SHA256 = '182ab7eb1dce2827a05aff0d83a13dd8346bd3b8ab2dfb681817a0d3aab05b15']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f3-cab4-448b-a3ed-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:03.000Z",
            "modified": "2015-09-17T08:04:03.000Z",
            "description": "CosmicDuke - Xchecked via VT: 2b1e7d54723cf9ee2fd133b8f17fa99470d7a51a",
            "pattern": "[file:hashes.MD5 = '2c6a49568e1733b66ef9dd2fa659aedb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f4-4c2c-4624-bf01-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:04.000Z",
            "modified": "2015-09-17T08:04:04.000Z",
            "first_observed": "2015-09-17T08:04:04Z",
            "last_observed": "2015-09-17T08:04:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f4-4c2c-4624-bf01-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f4-4c2c-4624-bf01-d2c4950d210b",
            "value": "https://www.virustotal.com/file/182ab7eb1dce2827a05aff0d83a13dd8346bd3b8ab2dfb681817a0d3aab05b15/analysis/1410335048/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f4-9e6c-46df-8b86-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:04.000Z",
            "modified": "2015-09-17T08:04:04.000Z",
            "description": "CosmicDuke - Xchecked via VT: 2345cd5c112e55ba631dac539c8efab850c536b2",
            "pattern": "[file:hashes.SHA256 = '2c480399bff7d05736caa1858fd43d9223df3fd531ae574dc3c9eb06cc3579ef']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f4-9740-4d25-a732-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:04.000Z",
            "modified": "2015-09-17T08:04:04.000Z",
            "description": "CosmicDuke - Xchecked via VT: 2345cd5c112e55ba631dac539c8efab850c536b2",
            "pattern": "[file:hashes.MD5 = '0b78ad10bb56a3f69f13297e427806cf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f5-3628-4935-918a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:05.000Z",
            "modified": "2015-09-17T08:04:05.000Z",
            "first_observed": "2015-09-17T08:04:05Z",
            "last_observed": "2015-09-17T08:04:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f5-3628-4935-918a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f5-3628-4935-918a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/2c480399bff7d05736caa1858fd43d9223df3fd531ae574dc3c9eb06cc3579ef/analysis/1276620639/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f5-56b4-4c59-91e7-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:05.000Z",
            "modified": "2015-09-17T08:04:05.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1e5c6d3f64295cb36d364f7fa183177a3f5e6b7e",
            "pattern": "[file:hashes.SHA256 = '1c86bcc74684c2533026a8b4d9463ad4b5a1f30f6915ca19197b41e0cb893b77']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f5-24a4-4a88-b89f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:05.000Z",
            "modified": "2015-09-17T08:04:05.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1e5c6d3f64295cb36d364f7fa183177a3f5e6b7e",
            "pattern": "[file:hashes.MD5 = '868915de8b23cfc87765525efbdb4fa0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f6-3f90-484f-acf0-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:06.000Z",
            "modified": "2015-09-17T08:04:06.000Z",
            "first_observed": "2015-09-17T08:04:06Z",
            "last_observed": "2015-09-17T08:04:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f6-3f90-484f-acf0-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f6-3f90-484f-acf0-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1c86bcc74684c2533026a8b4d9463ad4b5a1f30f6915ca19197b41e0cb893b77/analysis/1417489355/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f6-d66c-4760-be16-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:06.000Z",
            "modified": "2015-09-17T08:04:06.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1df78a1dc0aa3382fcc6fac172b70aafd0ed8d3d",
            "pattern": "[file:hashes.SHA256 = '52d1b5387739dcf6a68efb21e8ccf83b9b29fb29724091d7a8084d2315f81d80']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f7-6904-46e6-b8e3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:07.000Z",
            "modified": "2015-09-17T08:04:07.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1df78a1dc0aa3382fcc6fac172b70aafd0ed8d3d",
            "pattern": "[file:hashes.MD5 = '39e1b41b4118f4ea3ce2119c054b29e8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f7-f878-4cbc-8cca-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:07.000Z",
            "modified": "2015-09-17T08:04:07.000Z",
            "first_observed": "2015-09-17T08:04:07Z",
            "last_observed": "2015-09-17T08:04:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f7-f878-4cbc-8cca-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f7-f878-4cbc-8cca-d2c4950d210b",
            "value": "https://www.virustotal.com/file/52d1b5387739dcf6a68efb21e8ccf83b9b29fb29724091d7a8084d2315f81d80/analysis/1358357774/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f7-0434-4dcc-a712-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:07.000Z",
            "modified": "2015-09-17T08:04:07.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1ce049522c4df595a1c4c9e9ca24be72dc5c6b28",
            "pattern": "[file:hashes.SHA256 = '0a013787f9c1731213059f2d8e1a7514f610783aaaea8fa5736063ab7793c0d7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f8-ba90-4d2b-8c0f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:08.000Z",
            "modified": "2015-09-17T08:04:08.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1ce049522c4df595a1c4c9e9ca24be72dc5c6b28",
            "pattern": "[file:hashes.MD5 = '1270217794b67491365048584a27a5ed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f8-d8a0-4558-8e28-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:08.000Z",
            "modified": "2015-09-17T08:04:08.000Z",
            "first_observed": "2015-09-17T08:04:08Z",
            "last_observed": "2015-09-17T08:04:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f8-d8a0-4558-8e28-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f8-d8a0-4558-8e28-d2c4950d210b",
            "value": "https://www.virustotal.com/file/0a013787f9c1731213059f2d8e1a7514f610783aaaea8fa5736063ab7793c0d7/analysis/1425950803/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f8-1b34-454e-bba1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:08.000Z",
            "modified": "2015-09-17T08:04:08.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1a31245e943b131d81375d70b489d8e4bf3d6dce",
            "pattern": "[file:hashes.SHA256 = '0314ed09890d5aa2dba659fe1343be93d48c3875a89e261484967fea7ea6c7eb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f9-2ff8-4235-aae9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:09.000Z",
            "modified": "2015-09-17T08:04:09.000Z",
            "description": "CosmicDuke - Xchecked via VT: 1a31245e943b131d81375d70b489d8e4bf3d6dce",
            "pattern": "[file:hashes.MD5 = 'cce1577e03093dcf195449d208e544d7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73f9-ee88-400a-9fbd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:09.000Z",
            "modified": "2015-09-17T08:04:09.000Z",
            "first_observed": "2015-09-17T08:04:09Z",
            "last_observed": "2015-09-17T08:04:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73f9-ee88-400a-9fbd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73f9-ee88-400a-9fbd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/0314ed09890d5aa2dba659fe1343be93d48c3875a89e261484967fea7ea6c7eb/analysis/1284501555/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73f9-c17c-4771-a57a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:09.000Z",
            "modified": "2015-09-17T08:04:09.000Z",
            "description": "CosmicDuke - Xchecked via VT: 18d983ba09da695ce704ab8093296366b543996a",
            "pattern": "[file:hashes.SHA256 = '05637ef950feaeb0944d9fccca38eeff38e366c24a137ef08c9f1442aeb6afb7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fa-21b8-499a-b43f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:10.000Z",
            "modified": "2015-09-17T08:04:10.000Z",
            "description": "CosmicDuke - Xchecked via VT: 18d983ba09da695ce704ab8093296366b543996a",
            "pattern": "[file:hashes.MD5 = '9dc3d5da2f68b4ed9336c5b78b955780']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73fa-f7dc-43fa-afbd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:10.000Z",
            "modified": "2015-09-17T08:04:10.000Z",
            "first_observed": "2015-09-17T08:04:10Z",
            "last_observed": "2015-09-17T08:04:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73fa-f7dc-43fa-afbd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73fa-f7dc-43fa-afbd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/05637ef950feaeb0944d9fccca38eeff38e366c24a137ef08c9f1442aeb6afb7/analysis/1406391412/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fa-03d8-4fbd-9044-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:10.000Z",
            "modified": "2015-09-17T08:04:10.000Z",
            "description": "CosmicDuke - Xchecked via VT: 174373ab44cf6e7355f9dbb8469453519cb61a44",
            "pattern": "[file:hashes.SHA256 = '1dbb96c130b12eacfe2956b536ca8e8ef59691f513816011866320e0e77daab2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fb-9d64-4543-a7fb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:11.000Z",
            "modified": "2015-09-17T08:04:11.000Z",
            "description": "CosmicDuke - Xchecked via VT: 174373ab44cf6e7355f9dbb8469453519cb61a44",
            "pattern": "[file:hashes.MD5 = '78c6245367e6ef00ca76b8106eb73816']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73fb-c3fc-4ab9-9816-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:11.000Z",
            "modified": "2015-09-17T08:04:11.000Z",
            "first_observed": "2015-09-17T08:04:11Z",
            "last_observed": "2015-09-17T08:04:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73fb-c3fc-4ab9-9816-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73fb-c3fc-4ab9-9816-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1dbb96c130b12eacfe2956b536ca8e8ef59691f513816011866320e0e77daab2/analysis/1271264125/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fb-099c-4de1-8295-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:11.000Z",
            "modified": "2015-09-17T08:04:11.000Z",
            "description": "CosmicDuke - Xchecked via VT: 151362502d569b16453e84a2f5d277d8e4e878c2",
            "pattern": "[file:hashes.SHA256 = '70a7248b90573ba2edde5d9e8f0acd478235054480d98b0531d85725555f3a5c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fc-a4c0-4a3f-a947-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:12.000Z",
            "modified": "2015-09-17T08:04:12.000Z",
            "description": "CosmicDuke - Xchecked via VT: 151362502d569b16453e84a2f5d277d8e4e878c2",
            "pattern": "[file:hashes.MD5 = '685d678b3ffd72fce3f8b48d82a76f60']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73fc-607c-45e0-bd26-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:12.000Z",
            "modified": "2015-09-17T08:04:12.000Z",
            "first_observed": "2015-09-17T08:04:12Z",
            "last_observed": "2015-09-17T08:04:12Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73fc-607c-45e0-bd26-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73fc-607c-45e0-bd26-d2c4950d210b",
            "value": "https://www.virustotal.com/file/70a7248b90573ba2edde5d9e8f0acd478235054480d98b0531d85725555f3a5c/analysis/1362812005/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fc-55f4-4b44-8341-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:12.000Z",
            "modified": "2015-09-17T08:04:12.000Z",
            "description": "CosmicDuke - Xchecked via VT: 11b5cfb37efb45d2c721cbf20cab7c1f5c1aa44b",
            "pattern": "[file:hashes.SHA256 = '620da58f80640661ccec202a3b20f138b8a0c9f374fb1fb5525dd3fe00ac5a8c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fd-1008-47e1-97b6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:13.000Z",
            "modified": "2015-09-17T08:04:13.000Z",
            "description": "CosmicDuke - Xchecked via VT: 11b5cfb37efb45d2c721cbf20cab7c1f5c1aa44b",
            "pattern": "[file:hashes.MD5 = '51a96f279e790d2f861bb0ff843a7328']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73fd-e838-4945-8a13-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:13.000Z",
            "modified": "2015-09-17T08:04:13.000Z",
            "first_observed": "2015-09-17T08:04:13Z",
            "last_observed": "2015-09-17T08:04:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73fd-e838-4945-8a13-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73fd-e838-4945-8a13-d2c4950d210b",
            "value": "https://www.virustotal.com/file/620da58f80640661ccec202a3b20f138b8a0c9f374fb1fb5525dd3fe00ac5a8c/analysis/1427494377/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fd-9334-4f8c-837e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:13.000Z",
            "modified": "2015-09-17T08:04:13.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0ff7ce34841c03c876b141c1f46d0ff2519889cc",
            "pattern": "[file:hashes.SHA256 = 'a31551902d2cbb7110a9f5f04bfba7269410850155dc6163c7bf8cad171ed68c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fe-02ac-49b3-a557-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:14.000Z",
            "modified": "2015-09-17T08:04:14.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0ff7ce34841c03c876b141c1f46d0ff2519889cc",
            "pattern": "[file:hashes.MD5 = 'fa52383868abf82d027b971e799a599a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73fe-ae9c-47d1-bb6d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:14.000Z",
            "modified": "2015-09-17T08:04:14.000Z",
            "first_observed": "2015-09-17T08:04:14Z",
            "last_observed": "2015-09-17T08:04:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73fe-ae9c-47d1-bb6d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73fe-ae9c-47d1-bb6d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a31551902d2cbb7110a9f5f04bfba7269410850155dc6163c7bf8cad171ed68c/analysis/1362387916/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73fe-495c-4b3f-8f66-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:14.000Z",
            "modified": "2015-09-17T08:04:14.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0e5f55676e01d8e41d77cdc43489da8381b68086",
            "pattern": "[file:hashes.SHA256 = '41d63d293a6e2722fcf82f8bf67b8f566bd4d3f669ede146ccc286f0228d8f62']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa73ff-e674-4928-8c6c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:15.000Z",
            "modified": "2015-09-17T08:04:15.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0e5f55676e01d8e41d77cdc43489da8381b68086",
            "pattern": "[file:hashes.MD5 = 'dc6cc442c0900104a5601a6049354fad']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa73ff-f8a8-48e1-b67d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:15.000Z",
            "modified": "2015-09-17T08:04:15.000Z",
            "first_observed": "2015-09-17T08:04:15Z",
            "last_observed": "2015-09-17T08:04:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa73ff-f8a8-48e1-b67d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa73ff-f8a8-48e1-b67d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/41d63d293a6e2722fcf82f8bf67b8f566bd4d3f669ede146ccc286f0228d8f62/analysis/1440569452/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7400-dcc0-409a-87ee-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:16.000Z",
            "modified": "2015-09-17T08:04:16.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0d8f41fe09dbd75ab953f9e64a6cdbbbc198bf2b",
            "pattern": "[file:hashes.SHA256 = 'a8200a476f72ef77f4cd6bd71ebae9f473e923b140600b9da0bbaf1f22e1cecb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7400-732c-4b72-b78f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:16.000Z",
            "modified": "2015-09-17T08:04:16.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0d8f41fe09dbd75ab953f9e64a6cdbbbc198bf2b",
            "pattern": "[file:hashes.MD5 = '0ee0f7fd55843d1ef7c9d6396bbcb99b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7400-b4e4-4284-931c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:16.000Z",
            "modified": "2015-09-17T08:04:16.000Z",
            "first_observed": "2015-09-17T08:04:16Z",
            "last_observed": "2015-09-17T08:04:16Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7400-b4e4-4284-931c-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7400-b4e4-4284-931c-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a8200a476f72ef77f4cd6bd71ebae9f473e923b140600b9da0bbaf1f22e1cecb/analysis/1417094157/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7401-a170-41ea-9564-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:17.000Z",
            "modified": "2015-09-17T08:04:17.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0c8db6542172de98fa16c9bacfef9ed4099fd872",
            "pattern": "[file:hashes.SHA256 = 'ccd3c69710977360459c0d2539d5e7e7defce097bcfee3ae62e564de7c938f17']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7401-ec0c-4beb-874f-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:17.000Z",
            "modified": "2015-09-17T08:04:17.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0c8db6542172de98fa16c9bacfef9ed4099fd872",
            "pattern": "[file:hashes.MD5 = '91a50a90cb31fad48908d5c6294e92ba']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7401-3c98-420e-9989-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:17.000Z",
            "modified": "2015-09-17T08:04:17.000Z",
            "first_observed": "2015-09-17T08:04:17Z",
            "last_observed": "2015-09-17T08:04:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7401-3c98-420e-9989-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7401-3c98-420e-9989-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ccd3c69710977360459c0d2539d5e7e7defce097bcfee3ae62e564de7c938f17/analysis/1374204334/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7402-4914-411f-a7ee-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:18.000Z",
            "modified": "2015-09-17T08:04:18.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0bc8485ce6c24bb888e2329d479c9b7303bb98b4",
            "pattern": "[file:hashes.SHA256 = 'dad4c4aea24f2bd3e2f4b93bf782ebef70e8fdf930aff25a3e1b85a717314aa0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7402-e9d8-4583-bc0c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:18.000Z",
            "modified": "2015-09-17T08:04:18.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0bc8485ce6c24bb888e2329d479c9b7303bb98b4",
            "pattern": "[file:hashes.MD5 = '8988f29396515f47de0457f9daa1dd62']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7402-7530-4620-9514-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:18.000Z",
            "modified": "2015-09-17T08:04:18.000Z",
            "first_observed": "2015-09-17T08:04:18Z",
            "last_observed": "2015-09-17T08:04:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7402-7530-4620-9514-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7402-7530-4620-9514-d2c4950d210b",
            "value": "https://www.virustotal.com/file/dad4c4aea24f2bd3e2f4b93bf782ebef70e8fdf930aff25a3e1b85a717314aa0/analysis/1432201572/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7403-4d5c-4295-a7b1-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:19.000Z",
            "modified": "2015-09-17T08:04:19.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0653a8f06b140f4fac44acb3be723d7bb2602558",
            "pattern": "[file:hashes.SHA256 = '7c14761d20617ab7f408d6c63367f16026377d7c13f3e3c67525e034fc0c6d7c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7403-7610-4bdf-bbf2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:19.000Z",
            "modified": "2015-09-17T08:04:19.000Z",
            "description": "CosmicDuke - Xchecked via VT: 0653a8f06b140f4fac44acb3be723d7bb2602558",
            "pattern": "[file:hashes.MD5 = '5dabff44971cc53bef7d8e17e85dda73']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7403-ff6c-49aa-8b3b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:19.000Z",
            "modified": "2015-09-17T08:04:19.000Z",
            "first_observed": "2015-09-17T08:04:19Z",
            "last_observed": "2015-09-17T08:04:19Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7403-ff6c-49aa-8b3b-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7403-ff6c-49aa-8b3b-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7c14761d20617ab7f408d6c63367f16026377d7c13f3e3c67525e034fc0c6d7c/analysis/1436420116/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7404-88b0-4e75-a65a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:20.000Z",
            "modified": "2015-09-17T08:04:20.000Z",
            "description": "CosmicDuke - Xchecked via VT: 03c5690728b7dffb2f4ab947fe390264751428aa",
            "pattern": "[file:hashes.SHA256 = '246543cc4a538472bed0626c159715a963e39dfc69d79f60c3ab227c62277016']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7404-e390-42eb-ac83-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:20.000Z",
            "modified": "2015-09-17T08:04:20.000Z",
            "description": "CosmicDuke - Xchecked via VT: 03c5690728b7dffb2f4ab947fe390264751428aa",
            "pattern": "[file:hashes.MD5 = '3a2ba475bf6a60dbe3ed59330c53c3f7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7404-45b0-4100-a28a-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:20.000Z",
            "modified": "2015-09-17T08:04:20.000Z",
            "first_observed": "2015-09-17T08:04:20Z",
            "last_observed": "2015-09-17T08:04:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7404-45b0-4100-a28a-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7404-45b0-4100-a28a-d2c4950d210b",
            "value": "https://www.virustotal.com/file/246543cc4a538472bed0626c159715a963e39dfc69d79f60c3ab227c62277016/analysis/1430503520/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7405-de30-4222-9515-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:21.000Z",
            "modified": "2015-09-17T08:04:21.000Z",
            "description": "CosmicDuke - Xchecked via VT: 02f55947402689ec755356ab6b0345a592446da7",
            "pattern": "[file:hashes.SHA256 = '187b1cc7264c04c3158f835546cad0be74e6411bb50cb8899179a71018f0b4b9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7405-49dc-4539-b315-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:21.000Z",
            "modified": "2015-09-17T08:04:21.000Z",
            "description": "CosmicDuke - Xchecked via VT: 02f55947402689ec755356ab6b0345a592446da7",
            "pattern": "[file:hashes.MD5 = 'cb8624999aa959b873e9bdb60ee65c0f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7405-37ec-41b6-8605-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:21.000Z",
            "modified": "2015-09-17T08:04:21.000Z",
            "first_observed": "2015-09-17T08:04:21Z",
            "last_observed": "2015-09-17T08:04:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7405-37ec-41b6-8605-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7405-37ec-41b6-8605-d2c4950d210b",
            "value": "https://www.virustotal.com/file/187b1cc7264c04c3158f835546cad0be74e6411bb50cb8899179a71018f0b4b9/analysis/1409005027/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7406-256c-45a6-b5d6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:22.000Z",
            "modified": "2015-09-17T08:04:22.000Z",
            "description": "CosmicDuke - Xchecked via VT: 01e5080b832c6e4fcb7b9d06caffe03dab8d95da",
            "pattern": "[file:hashes.SHA256 = 'aecb468db5cebcfa25deadeb3b12fbc48b05a485b44deb500b4002521bc3e685']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7406-4618-4d8b-980c-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:22.000Z",
            "modified": "2015-09-17T08:04:22.000Z",
            "description": "CosmicDuke - Xchecked via VT: 01e5080b832c6e4fcb7b9d06caffe03dab8d95da",
            "pattern": "[file:hashes.MD5 = 'a4008cf300fd22f470c38489da9e25cf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7406-5afc-4450-97cd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:22.000Z",
            "modified": "2015-09-17T08:04:22.000Z",
            "first_observed": "2015-09-17T08:04:22Z",
            "last_observed": "2015-09-17T08:04:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7406-5afc-4450-97cd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7406-5afc-4450-97cd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/aecb468db5cebcfa25deadeb3b12fbc48b05a485b44deb500b4002521bc3e685/analysis/1430551876/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7407-d720-44f6-a60e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:23.000Z",
            "modified": "2015-09-17T08:04:23.000Z",
            "description": "GeminiDuke - Xchecked via VT: c011552d61ac5a87d95e43b90f2bf13077856def",
            "pattern": "[file:hashes.SHA256 = '7b9e542426408aa384d0394820f82f330e615a1ad17a777d04720458b33b08a3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7407-78bc-4615-a25d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:23.000Z",
            "modified": "2015-09-17T08:04:23.000Z",
            "description": "GeminiDuke - Xchecked via VT: c011552d61ac5a87d95e43b90f2bf13077856def",
            "pattern": "[file:hashes.MD5 = '6f5a73931c6c109bd6504a5ee0476ae7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7407-4820-4a39-9551-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:23.000Z",
            "modified": "2015-09-17T08:04:23.000Z",
            "first_observed": "2015-09-17T08:04:23Z",
            "last_observed": "2015-09-17T08:04:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7407-4820-4a39-9551-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7407-4820-4a39-9551-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7b9e542426408aa384d0394820f82f330e615a1ad17a777d04720458b33b08a3/analysis/1417096491/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7408-f530-470f-a718-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:24.000Z",
            "modified": "2015-09-17T08:04:24.000Z",
            "description": "GeminiDuke - Xchecked via VT: b14b9241197c667f00f86d096d71c47d6fa9aca6",
            "pattern": "[file:hashes.SHA256 = 'ce2c4dd21b99407bfa7066a6a57d180c00527e7db8ee52558c597550ac8b5d7c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7408-e484-4817-bddd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:24.000Z",
            "modified": "2015-09-17T08:04:24.000Z",
            "description": "GeminiDuke - Xchecked via VT: b14b9241197c667f00f86d096d71c47d6fa9aca6",
            "pattern": "[file:hashes.MD5 = '6d45f34e6d29391ee6f0e91bf344a7d0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7409-71ec-4db2-b6f6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:25.000Z",
            "modified": "2015-09-17T08:04:25.000Z",
            "first_observed": "2015-09-17T08:04:25Z",
            "last_observed": "2015-09-17T08:04:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7409-71ec-4db2-b6f6-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7409-71ec-4db2-b6f6-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ce2c4dd21b99407bfa7066a6a57d180c00527e7db8ee52558c597550ac8b5d7c/analysis/1410439795/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7409-95e8-40b1-853e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:25.000Z",
            "modified": "2015-09-17T08:04:25.000Z",
            "description": "GeminiDuke - Xchecked via VT: a3653091334892cf97a55715c7555c8881230bc4",
            "pattern": "[file:hashes.SHA256 = 'a8b01a219a9fe565aadf82bc28b60048c60b640e780386c7a84a425049df5af9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7409-7eb8-47c3-908b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:25.000Z",
            "modified": "2015-09-17T08:04:25.000Z",
            "description": "GeminiDuke - Xchecked via VT: a3653091334892cf97a55715c7555c8881230bc4",
            "pattern": "[file:hashes.MD5 = 'f1583641033d66873ed1604e2f1bea1b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa740a-ed7c-4ddf-9deb-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:26.000Z",
            "modified": "2015-09-17T08:04:26.000Z",
            "first_observed": "2015-09-17T08:04:26Z",
            "last_observed": "2015-09-17T08:04:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa740a-ed7c-4ddf-9deb-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa740a-ed7c-4ddf-9deb-d2c4950d210b",
            "value": "https://www.virustotal.com/file/a8b01a219a9fe565aadf82bc28b60048c60b640e780386c7a84a425049df5af9/analysis/1411297527/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740a-c7dc-4213-a392-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:26.000Z",
            "modified": "2015-09-17T08:04:26.000Z",
            "description": "GeminiDuke - Xchecked via VT: 6b0b8ad038c7ae2efbad066b8ba22de859b81f98",
            "pattern": "[file:hashes.SHA256 = 'bc54acf4e60688ea668ef40ef965f2bad41dcf260ddae26d28b5551461c4b402']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740a-3f64-4b56-b86e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:26.000Z",
            "modified": "2015-09-17T08:04:26.000Z",
            "description": "GeminiDuke - Xchecked via VT: 6b0b8ad038c7ae2efbad066b8ba22de859b81f98",
            "pattern": "[file:hashes.MD5 = '7ad50c9e4a4bab73bba38860906220b6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa740b-7cf0-4fb6-b323-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:27.000Z",
            "modified": "2015-09-17T08:04:27.000Z",
            "first_observed": "2015-09-17T08:04:27Z",
            "last_observed": "2015-09-17T08:04:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa740b-7cf0-4fb6-b323-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa740b-7cf0-4fb6-b323-d2c4950d210b",
            "value": "https://www.virustotal.com/file/bc54acf4e60688ea668ef40ef965f2bad41dcf260ddae26d28b5551461c4b402/analysis/1408726382/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740b-4b54-447d-a7ee-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:27.000Z",
            "modified": "2015-09-17T08:04:27.000Z",
            "description": "GeminiDuke - Xchecked via VT: 3ed561786ca07c8e9862f4f682c1828a039d6dd4",
            "pattern": "[file:hashes.SHA256 = '1323e3d7656a427733663f03b3037326ffa9c57c68fa8e014a5bf7cb1455359a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740b-178c-43b4-baf9-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:27.000Z",
            "modified": "2015-09-17T08:04:27.000Z",
            "description": "GeminiDuke - Xchecked via VT: 3ed561786ca07c8e9862f4f682c1828a039d6dd4",
            "pattern": "[file:hashes.MD5 = 'e36d73c6c8e832b7955c442b484472e5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:27Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa740c-6798-428c-a2c4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:28.000Z",
            "modified": "2015-09-17T08:04:28.000Z",
            "first_observed": "2015-09-17T08:04:28Z",
            "last_observed": "2015-09-17T08:04:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa740c-6798-428c-a2c4-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa740c-6798-428c-a2c4-d2c4950d210b",
            "value": "https://www.virustotal.com/file/1323e3d7656a427733663f03b3037326ffa9c57c68fa8e014a5bf7cb1455359a/analysis/1426778821/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740c-0314-47ea-a853-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:28.000Z",
            "modified": "2015-09-17T08:04:28.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: f1f1ace3906080cef52ca4948185b665d1d7b13e",
            "pattern": "[file:hashes.SHA256 = 'e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740c-0770-41d9-a117-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:28.000Z",
            "modified": "2015-09-17T08:04:28.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: f1f1ace3906080cef52ca4948185b665d1d7b13e",
            "pattern": "[file:hashes.MD5 = '84137c8e7509a0e9cf7ff71ba060cdb5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa740d-ee5c-4b4e-bb8d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:29.000Z",
            "modified": "2015-09-17T08:04:29.000Z",
            "first_observed": "2015-09-17T08:04:29Z",
            "last_observed": "2015-09-17T08:04:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa740d-ee5c-4b4e-bb8d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa740d-ee5c-4b4e-bb8d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83/analysis/1437032619/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740d-25b4-46ef-ac62-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:29.000Z",
            "modified": "2015-09-17T08:04:29.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: c671786abd87d214a28d136b6bafd4e33ee66951",
            "pattern": "[file:hashes.SHA256 = 'ba35aa14ccc0e4fa8e47b621ea1d1efe1b012b623afd469e56015c0857fec646']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740d-9f68-42b1-bca6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:29.000Z",
            "modified": "2015-09-17T08:04:29.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: c671786abd87d214a28d136b6bafd4e33ee66951",
            "pattern": "[file:hashes.MD5 = '2aa2a6e004159b9e3a590c63a0cc47b3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa740e-8660-4a47-ae40-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:30.000Z",
            "modified": "2015-09-17T08:04:30.000Z",
            "first_observed": "2015-09-17T08:04:30Z",
            "last_observed": "2015-09-17T08:04:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa740e-8660-4a47-ae40-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa740e-8660-4a47-ae40-d2c4950d210b",
            "value": "https://www.virustotal.com/file/ba35aa14ccc0e4fa8e47b621ea1d1efe1b012b623afd469e56015c0857fec646/analysis/1440569069/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740e-e574-4844-b5e6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:30.000Z",
            "modified": "2015-09-17T08:04:30.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 8949c1d82dda5c2ead0a73b532c4b2e1fbb58a0e",
            "pattern": "[file:hashes.SHA256 = '7e9c0bda27bbc80d947bc0c6ce29a19c824288d2b481f92a1637b7b8dfc8b81c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740e-fa60-47ab-8036-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:30.000Z",
            "modified": "2015-09-17T08:04:30.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 8949c1d82dda5c2ead0a73b532c4b2e1fbb58a0e",
            "pattern": "[file:hashes.MD5 = '23d2592db15c251382706515cf4fd37e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa740f-6e68-4111-bffd-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:31.000Z",
            "modified": "2015-09-17T08:04:31.000Z",
            "first_observed": "2015-09-17T08:04:31Z",
            "last_observed": "2015-09-17T08:04:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa740f-6e68-4111-bffd-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa740f-6e68-4111-bffd-d2c4950d210b",
            "value": "https://www.virustotal.com/file/7e9c0bda27bbc80d947bc0c6ce29a19c824288d2b481f92a1637b7b8dfc8b81c/analysis/1440569164/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740f-377c-4b47-b7a6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:31.000Z",
            "modified": "2015-09-17T08:04:31.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 74bc93107b1bbae2d98fca6d819c2f0bbe8c9f8a",
            "pattern": "[file:hashes.SHA256 = 'b3236d1d0924cd9a17babd13209fe6706fd3a9228f22fe658eb4eb0c71360b73']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa740f-6420-4f88-9ea6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:31.000Z",
            "modified": "2015-09-17T08:04:31.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 74bc93107b1bbae2d98fca6d819c2f0bbe8c9f8a",
            "pattern": "[file:hashes.MD5 = 'fc0e380447be2bbdf9f06fc3358f8648']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7410-e3ac-44fb-8657-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:32.000Z",
            "modified": "2015-09-17T08:04:32.000Z",
            "first_observed": "2015-09-17T08:04:32Z",
            "last_observed": "2015-09-17T08:04:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7410-e3ac-44fb-8657-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7410-e3ac-44fb-8657-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b3236d1d0924cd9a17babd13209fe6706fd3a9228f22fe658eb4eb0c71360b73/analysis/1440570759/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7410-875c-46f1-a2e4-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:32.000Z",
            "modified": "2015-09-17T08:04:32.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 65681390d203871e9c21c68075dbf38944e782e8",
            "pattern": "[file:hashes.SHA256 = '880ae80fdc874002a6d9c807802794d4a35c384551d73bb36277b2f1e63d67e2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7410-e748-4143-8e0d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:32.000Z",
            "modified": "2015-09-17T08:04:32.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 65681390d203871e9c21c68075dbf38944e782e8",
            "pattern": "[file:hashes.MD5 = '6542cd548182d6adc08a63c942f9bc54']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7411-4990-40db-9144-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:33.000Z",
            "modified": "2015-09-17T08:04:33.000Z",
            "first_observed": "2015-09-17T08:04:33Z",
            "last_observed": "2015-09-17T08:04:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7411-4990-40db-9144-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7411-4990-40db-9144-d2c4950d210b",
            "value": "https://www.virustotal.com/file/880ae80fdc874002a6d9c807802794d4a35c384551d73bb36277b2f1e63d67e2/analysis/1440569235/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7411-51e8-48e8-9776-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:33.000Z",
            "modified": "2015-09-17T08:04:33.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 5295b09592d5a651ca3f748f0e6401bd48fe7bda",
            "pattern": "[file:hashes.SHA256 = '8c6c57f7e9c81fcf194d17a752f8da4295fab5dad8eb79bd289256b9cdb7415e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7412-e268-4cce-a003-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:34.000Z",
            "modified": "2015-09-17T08:04:34.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 5295b09592d5a651ca3f748f0e6401bd48fe7bda",
            "pattern": "[file:hashes.MD5 = '6571a2d3892ca937697e96f8bb795e42']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7412-74a4-4817-b577-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:34.000Z",
            "modified": "2015-09-17T08:04:34.000Z",
            "first_observed": "2015-09-17T08:04:34Z",
            "last_observed": "2015-09-17T08:04:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7412-74a4-4817-b577-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7412-74a4-4817-b577-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8c6c57f7e9c81fcf194d17a752f8da4295fab5dad8eb79bd289256b9cdb7415e/analysis/1436821135/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7412-cff0-43ea-8a04-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:34.000Z",
            "modified": "2015-09-17T08:04:34.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 412d488e88deef81225d15959f48479fc8d387b3",
            "pattern": "[file:hashes.SHA256 = 'afbd1f13132c2f047861b2ea90c18d546a326dbfca4dfeffd8b4ebf852204275']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7413-9640-42af-949b-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:35.000Z",
            "modified": "2015-09-17T08:04:35.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 412d488e88deef81225d15959f48479fc8d387b3",
            "pattern": "[file:hashes.MD5 = '335160cad23e28d4597c1546458042c4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7413-f70c-4b1c-a7b3-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:35.000Z",
            "modified": "2015-09-17T08:04:35.000Z",
            "first_observed": "2015-09-17T08:04:35Z",
            "last_observed": "2015-09-17T08:04:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7413-f70c-4b1c-a7b3-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7413-f70c-4b1c-a7b3-d2c4950d210b",
            "value": "https://www.virustotal.com/file/afbd1f13132c2f047861b2ea90c18d546a326dbfca4dfeffd8b4ebf852204275/analysis/1432193507/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7413-ac74-455c-a6c2-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:35.000Z",
            "modified": "2015-09-17T08:04:35.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 353540c6619f2bba2351babad736599811d3392e",
            "pattern": "[file:hashes.SHA256 = '8cad0a40dd87e5d77e5c939bd7ea838c3549c44b525e2f4a1227d53c4af925be']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7414-6f7c-48b5-b916-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:36.000Z",
            "modified": "2015-09-17T08:04:36.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 353540c6619f2bba2351babad736599811d3392e",
            "pattern": "[file:hashes.MD5 = 'ab7a66ed3c6de1b7449d6054a8b46d7f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7414-bbc4-47aa-ba0e-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:36.000Z",
            "modified": "2015-09-17T08:04:36.000Z",
            "first_observed": "2015-09-17T08:04:36Z",
            "last_observed": "2015-09-17T08:04:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7414-bbc4-47aa-ba0e-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7414-bbc4-47aa-ba0e-d2c4950d210b",
            "value": "https://www.virustotal.com/file/8cad0a40dd87e5d77e5c939bd7ea838c3549c44b525e2f4a1227d53c4af925be/analysis/1436821660/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7414-8b38-40b6-a061-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:36.000Z",
            "modified": "2015-09-17T08:04:36.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 1e770f2a17664e7d7687c53860b1c0dc0da7157e",
            "pattern": "[file:hashes.SHA256 = 'b219c95fac620b25fdaed082a0bc93644443d236e9173829214d587d17a32a87']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7415-85e4-49d3-99ee-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:37.000Z",
            "modified": "2015-09-17T08:04:37.000Z",
            "description": "CosmicDuke Exploit file - Xchecked via VT: 1e770f2a17664e7d7687c53860b1c0dc0da7157e",
            "pattern": "[file:hashes.MD5 = 'f81f858335b253d4708fbdfa6ca92ee9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7415-d738-47a0-b558-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:37.000Z",
            "modified": "2015-09-17T08:04:37.000Z",
            "first_observed": "2015-09-17T08:04:37Z",
            "last_observed": "2015-09-17T08:04:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7415-d738-47a0-b558-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7415-d738-47a0-b558-d2c4950d210b",
            "value": "https://www.virustotal.com/file/b219c95fac620b25fdaed082a0bc93644443d236e9173829214d587d17a32a87/analysis/1430196331/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7415-001c-4da2-9ad6-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:37.000Z",
            "modified": "2015-09-17T08:04:37.000Z",
            "description": "PinchDuke exploit - Xchecked via VT: 9fae684a130c052ad2b55ebaf7f6e513c0e62abe",
            "pattern": "[file:hashes.SHA256 = '98018bc52e1b82160e435acda5b9a9ca725b3328254b957b6cc2c38addbfad53']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7416-af3c-425c-89ed-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:38.000Z",
            "modified": "2015-09-17T08:04:38.000Z",
            "description": "PinchDuke exploit - Xchecked via VT: 9fae684a130c052ad2b55ebaf7f6e513c0e62abe",
            "pattern": "[file:hashes.MD5 = 'c8cab28e550f60468099f60a0b6ccb81']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7416-88b4-4af3-a87d-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:38.000Z",
            "modified": "2015-09-17T08:04:38.000Z",
            "first_observed": "2015-09-17T08:04:38Z",
            "last_observed": "2015-09-17T08:04:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7416-88b4-4af3-a87d-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7416-88b4-4af3-a87d-d2c4950d210b",
            "value": "https://www.virustotal.com/file/98018bc52e1b82160e435acda5b9a9ca725b3328254b957b6cc2c38addbfad53/analysis/1238686770/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7416-87b8-444c-81ce-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:38.000Z",
            "modified": "2015-09-17T08:04:38.000Z",
            "description": "PinchDuke exploit - Xchecked via VT: 50f8ea7eb685656c02a83420b3910d14ac588c8b",
            "pattern": "[file:hashes.SHA256 = '5704c7e80eb4b35e05970558918f3268a9287cead8e20a63063ed4f231263f9a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--55fa7417-5ec8-4c68-aa67-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:39.000Z",
            "modified": "2015-09-17T08:04:39.000Z",
            "description": "PinchDuke exploit - Xchecked via VT: 50f8ea7eb685656c02a83420b3910d14ac588c8b",
            "pattern": "[file:hashes.MD5 = '75368a54b28acb89b2705b636ed5ec61']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-09-17T08:04:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--55fa7417-0054-4241-a003-d2c4950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:04:39.000Z",
            "modified": "2015-09-17T08:04:39.000Z",
            "first_observed": "2015-09-17T08:04:39Z",
            "last_observed": "2015-09-17T08:04:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--55fa7417-0054-4241-a003-d2c4950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--55fa7417-0054-4241-a003-d2c4950d210b",
            "value": "https://www.virustotal.com/file/5704c7e80eb4b35e05970558918f3268a9287cead8e20a63063ed4f231263f9a/analysis/1240937065/"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7f1d-4ca0-4271-8d4c-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:51:41.000Z",
            "modified": "2015-09-17T08:51:41.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "CosmicDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7f1d-dc94-404e-a08e-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:51:41.000Z",
            "modified": "2015-09-17T08:51:41.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Cosmic Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7f1d-5e14-4048-8ea6-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:51:41.000Z",
            "modified": "2015-09-17T08:51:41.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Gemini Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7f1d-29f8-48b1-9554-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:51:41.000Z",
            "modified": "2015-09-17T08:51:41.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Pinch Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7f1d-3170-45fa-89e5-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:51:41.000Z",
            "modified": "2015-09-17T08:51:41.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "PinchDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7ec5-732c-494b-b83f-e0ad950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:50:13.000Z",
            "modified": "2015-09-17T08:50:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Hammer Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7f1d-a53c-41d8-bc95-ca65950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:51:41.000Z",
            "modified": "2015-09-17T08:51:41.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "GeminiDuke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7ec4-93d0-4cf5-b5ef-e0ad950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:50:12.000Z",
            "modified": "2015-09-17T08:50:12.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "APT29"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7ec5-cc90-48b4-9881-e0ad950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:50:13.000Z",
            "modified": "2015-09-17T08:50:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Sea Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7ec5-5af4-4e66-a375-e0ad950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:50:13.000Z",
            "modified": "2015-09-17T08:50:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Mini Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7ec5-0330-473f-bc51-e0ad950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:50:13.000Z",
            "modified": "2015-09-17T08:50:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Cloud Duke"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--55fa7ec5-445c-49cb-93f8-e0ad950d210b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2015-09-17T08:50:13.000Z",
            "modified": "2015-09-17T08:50:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Mini Dionis"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c46-e1a0-4799-8aa4-4bab02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:46.000Z",
            "modified": "2016-03-08T00:26:46.000Z",
            "first_observed": "2016-03-08T00:26:46Z",
            "last_observed": "2016-03-08T00:26:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c46-e1a0-4799-8aa4-4bab02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c46-e1a0-4799-8aa4-4bab02de0b81",
            "value": "https://www.virustotal.com/file/1323e3d7656a427733663f03b3037326ffa9c57c68fa8e014a5bf7cb1455359a/analysis/1442496179/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c46-f6c4-43d2-abab-461f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:46.000Z",
            "modified": "2016-03-08T00:26:46.000Z",
            "first_observed": "2016-03-08T00:26:46Z",
            "last_observed": "2016-03-08T00:26:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c46-f6c4-43d2-abab-461f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c46-f6c4-43d2-abab-461f02de0b81",
            "value": "https://www.virustotal.com/file/bc54acf4e60688ea668ef40ef965f2bad41dcf260ddae26d28b5551461c4b402/analysis/1442496179/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c47-68d8-471c-add7-492602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:47.000Z",
            "modified": "2016-03-08T00:26:47.000Z",
            "first_observed": "2016-03-08T00:26:47Z",
            "last_observed": "2016-03-08T00:26:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c47-68d8-471c-add7-492602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c47-68d8-471c-add7-492602de0b81",
            "value": "https://www.virustotal.com/file/a8b01a219a9fe565aadf82bc28b60048c60b640e780386c7a84a425049df5af9/analysis/1443646753/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c47-6340-4c57-8988-4fa302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:47.000Z",
            "modified": "2016-03-08T00:26:47.000Z",
            "first_observed": "2016-03-08T00:26:47Z",
            "last_observed": "2016-03-08T00:26:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c47-6340-4c57-8988-4fa302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c47-6340-4c57-8988-4fa302de0b81",
            "value": "https://www.virustotal.com/file/ce2c4dd21b99407bfa7066a6a57d180c00527e7db8ee52558c597550ac8b5d7c/analysis/1442496180/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c47-822c-4ba1-96a8-4ae502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:47.000Z",
            "modified": "2016-03-08T00:26:47.000Z",
            "first_observed": "2016-03-08T00:26:47Z",
            "last_observed": "2016-03-08T00:26:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c47-822c-4ba1-96a8-4ae502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c47-822c-4ba1-96a8-4ae502de0b81",
            "value": "https://www.virustotal.com/file/7b9e542426408aa384d0394820f82f330e615a1ad17a777d04720458b33b08a3/analysis/1442496180/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c48-4ad0-46d0-959a-43d102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:48.000Z",
            "modified": "2016-03-08T00:26:48.000Z",
            "first_observed": "2016-03-08T00:26:48Z",
            "last_observed": "2016-03-08T00:26:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c48-4ad0-46d0-959a-43d102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c48-4ad0-46d0-959a-43d102de0b81",
            "value": "https://www.virustotal.com/file/aecb468db5cebcfa25deadeb3b12fbc48b05a485b44deb500b4002521bc3e685/analysis/1444376957/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c48-ee28-4deb-b495-459b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:48.000Z",
            "modified": "2016-03-08T00:26:48.000Z",
            "first_observed": "2016-03-08T00:26:48Z",
            "last_observed": "2016-03-08T00:26:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c48-ee28-4deb-b495-459b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c48-ee28-4deb-b495-459b02de0b81",
            "value": "https://www.virustotal.com/file/187b1cc7264c04c3158f835546cad0be74e6411bb50cb8899179a71018f0b4b9/analysis/1444377047/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c48-a3b4-4fe0-9da1-4d1802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:48.000Z",
            "modified": "2016-03-08T00:26:48.000Z",
            "first_observed": "2016-03-08T00:26:48Z",
            "last_observed": "2016-03-08T00:26:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c48-a3b4-4fe0-9da1-4d1802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c48-a3b4-4fe0-9da1-4d1802de0b81",
            "value": "https://www.virustotal.com/file/7c14761d20617ab7f408d6c63367f16026377d7c13f3e3c67525e034fc0c6d7c/analysis/1442496172/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c49-bfc4-40ec-bbed-4ed102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:49.000Z",
            "modified": "2016-03-08T00:26:49.000Z",
            "first_observed": "2016-03-08T00:26:49Z",
            "last_observed": "2016-03-08T00:26:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c49-bfc4-40ec-bbed-4ed102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c49-bfc4-40ec-bbed-4ed102de0b81",
            "value": "https://www.virustotal.com/file/dad4c4aea24f2bd3e2f4b93bf782ebef70e8fdf930aff25a3e1b85a717314aa0/analysis/1442496172/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c49-e954-4ad0-81f7-452d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:49.000Z",
            "modified": "2016-03-08T00:26:49.000Z",
            "first_observed": "2016-03-08T00:26:49Z",
            "last_observed": "2016-03-08T00:26:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c49-e954-4ad0-81f7-452d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c49-e954-4ad0-81f7-452d02de0b81",
            "value": "https://www.virustotal.com/file/ccd3c69710977360459c0d2539d5e7e7defce097bcfee3ae62e564de7c938f17/analysis/1444376919/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c49-e3bc-40cb-a15e-459502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:49.000Z",
            "modified": "2016-03-08T00:26:49.000Z",
            "first_observed": "2016-03-08T00:26:49Z",
            "last_observed": "2016-03-08T00:26:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c49-e3bc-40cb-a15e-459502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c49-e3bc-40cb-a15e-459502de0b81",
            "value": "https://www.virustotal.com/file/a8200a476f72ef77f4cd6bd71ebae9f473e923b140600b9da0bbaf1f22e1cecb/analysis/1445882182/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4a-763c-4cda-895b-473402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:50.000Z",
            "modified": "2016-03-08T00:26:50.000Z",
            "first_observed": "2016-03-08T00:26:50Z",
            "last_observed": "2016-03-08T00:26:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4a-763c-4cda-895b-473402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4a-763c-4cda-895b-473402de0b81",
            "value": "https://www.virustotal.com/file/41d63d293a6e2722fcf82f8bf67b8f566bd4d3f669ede146ccc286f0228d8f62/analysis/1448883014/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4a-417c-402a-b1df-41c602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:50.000Z",
            "modified": "2016-03-08T00:26:50.000Z",
            "first_observed": "2016-03-08T00:26:50Z",
            "last_observed": "2016-03-08T00:26:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4a-417c-402a-b1df-41c602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4a-417c-402a-b1df-41c602de0b81",
            "value": "https://www.virustotal.com/file/a31551902d2cbb7110a9f5f04bfba7269410850155dc6163c7bf8cad171ed68c/analysis/1442496173/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4b-e25c-421e-a13a-4e3f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:51.000Z",
            "modified": "2016-03-08T00:26:51.000Z",
            "first_observed": "2016-03-08T00:26:51Z",
            "last_observed": "2016-03-08T00:26:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4b-e25c-421e-a13a-4e3f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4b-e25c-421e-a13a-4e3f02de0b81",
            "value": "https://www.virustotal.com/file/620da58f80640661ccec202a3b20f138b8a0c9f374fb1fb5525dd3fe00ac5a8c/analysis/1444376728/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4b-9aa4-4c1a-8735-468702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:51.000Z",
            "modified": "2016-03-08T00:26:51.000Z",
            "first_observed": "2016-03-08T00:26:51Z",
            "last_observed": "2016-03-08T00:26:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4b-9aa4-4c1a-8735-468702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4b-9aa4-4c1a-8735-468702de0b81",
            "value": "https://www.virustotal.com/file/70a7248b90573ba2edde5d9e8f0acd478235054480d98b0531d85725555f3a5c/analysis/1442496173/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4b-c3ac-45df-bd71-451a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:51.000Z",
            "modified": "2016-03-08T00:26:51.000Z",
            "first_observed": "2016-03-08T00:26:51Z",
            "last_observed": "2016-03-08T00:26:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4b-c3ac-45df-bd71-451a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4b-c3ac-45df-bd71-451a02de0b81",
            "value": "https://www.virustotal.com/file/1dbb96c130b12eacfe2956b536ca8e8ef59691f513816011866320e0e77daab2/analysis/1444376849/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4c-9450-4c5c-be2e-4df402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:52.000Z",
            "modified": "2016-03-08T00:26:52.000Z",
            "first_observed": "2016-03-08T00:26:52Z",
            "last_observed": "2016-03-08T00:26:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4c-9450-4c5c-be2e-4df402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4c-9450-4c5c-be2e-4df402de0b81",
            "value": "https://www.virustotal.com/file/05637ef950feaeb0944d9fccca38eeff38e366c24a137ef08c9f1442aeb6afb7/analysis/1442496173/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4c-4720-4c82-b0b4-4daf02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:52.000Z",
            "modified": "2016-03-08T00:26:52.000Z",
            "first_observed": "2016-03-08T00:26:52Z",
            "last_observed": "2016-03-08T00:26:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4c-4720-4c82-b0b4-4daf02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4c-4720-4c82-b0b4-4daf02de0b81",
            "value": "https://www.virustotal.com/file/0314ed09890d5aa2dba659fe1343be93d48c3875a89e261484967fea7ea6c7eb/analysis/1444377048/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4c-cad8-4f52-8ff9-446f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:52.000Z",
            "modified": "2016-03-08T00:26:52.000Z",
            "first_observed": "2016-03-08T00:26:52Z",
            "last_observed": "2016-03-08T00:26:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4c-cad8-4f52-8ff9-446f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4c-cad8-4f52-8ff9-446f02de0b81",
            "value": "https://www.virustotal.com/file/52d1b5387739dcf6a68efb21e8ccf83b9b29fb29724091d7a8084d2315f81d80/analysis/1442496175/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4d-2d1c-4b15-8432-483902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:53.000Z",
            "modified": "2016-03-08T00:26:53.000Z",
            "first_observed": "2016-03-08T00:26:53Z",
            "last_observed": "2016-03-08T00:26:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4d-2d1c-4b15-8432-483902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4d-2d1c-4b15-8432-483902de0b81",
            "value": "https://www.virustotal.com/file/1c86bcc74684c2533026a8b4d9463ad4b5a1f30f6915ca19197b41e0cb893b77/analysis/1444376893/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4d-d654-4586-a17d-458d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:53.000Z",
            "modified": "2016-03-08T00:26:53.000Z",
            "first_observed": "2016-03-08T00:26:53Z",
            "last_observed": "2016-03-08T00:26:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4d-d654-4586-a17d-458d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4d-d654-4586-a17d-458d02de0b81",
            "value": "https://www.virustotal.com/file/2c480399bff7d05736caa1858fd43d9223df3fd531ae574dc3c9eb06cc3579ef/analysis/1444376561/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4d-2180-454f-a022-493502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:53.000Z",
            "modified": "2016-03-08T00:26:53.000Z",
            "first_observed": "2016-03-08T00:26:53Z",
            "last_observed": "2016-03-08T00:26:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4d-2180-454f-a022-493502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4d-2180-454f-a022-493502de0b81",
            "value": "https://www.virustotal.com/file/182ab7eb1dce2827a05aff0d83a13dd8346bd3b8ab2dfb681817a0d3aab05b15/analysis/1444376646/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4e-053c-4494-8a33-4cb702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:54.000Z",
            "modified": "2016-03-08T00:26:54.000Z",
            "first_observed": "2016-03-08T00:26:54Z",
            "last_observed": "2016-03-08T00:26:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4e-053c-4494-8a33-4cb702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4e-053c-4494-8a33-4cb702de0b81",
            "value": "https://www.virustotal.com/file/55ba0c04d488903e07f0747407ed56319f0d9aac113c7f9c62287442f1f78c45/analysis/1444376987/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4e-ce90-4de1-bf8f-4fc302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:54.000Z",
            "modified": "2016-03-08T00:26:54.000Z",
            "first_observed": "2016-03-08T00:26:54Z",
            "last_observed": "2016-03-08T00:26:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4e-ce90-4de1-bf8f-4fc302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4e-ce90-4de1-bf8f-4fc302de0b81",
            "value": "https://www.virustotal.com/file/ffc6a96b542196dbe322de199ee7b2621966d4c0d32ab43f78b9516a3576da09/analysis/1444377084/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4e-81bc-4abe-888f-409402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:54.000Z",
            "modified": "2016-03-08T00:26:54.000Z",
            "first_observed": "2016-03-08T00:26:54Z",
            "last_observed": "2016-03-08T00:26:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4e-81bc-4abe-888f-409402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4e-81bc-4abe-888f-409402de0b81",
            "value": "https://www.virustotal.com/file/cae1277446cb62f1ed3674e7ea87063a28b9d364e3638fa779fe8e3d6e1fb15f/analysis/1443176201/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4f-045c-4eb8-af23-49c102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:55.000Z",
            "modified": "2016-03-08T00:26:55.000Z",
            "first_observed": "2016-03-08T00:26:55Z",
            "last_observed": "2016-03-08T00:26:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4f-045c-4eb8-af23-49c102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4f-045c-4eb8-af23-49c102de0b81",
            "value": "https://www.virustotal.com/file/2e8aa9dac584a51c7d960baccf76747c858175573f5c013b7c44328f0871da04/analysis/1444376743/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4f-c2ec-4851-85db-407b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:55.000Z",
            "modified": "2016-03-08T00:26:55.000Z",
            "first_observed": "2016-03-08T00:26:55Z",
            "last_observed": "2016-03-08T00:26:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4f-c2ec-4851-85db-407b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4f-c2ec-4851-85db-407b02de0b81",
            "value": "https://www.virustotal.com/file/47f3405ab0da5af125bcc6ebb6d17a1573b090c54d7a0a00630ec170ccc4b9d1/analysis/1450704515/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c4f-7238-4cfc-81e9-448f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:55.000Z",
            "modified": "2016-03-08T00:26:55.000Z",
            "first_observed": "2016-03-08T00:26:55Z",
            "last_observed": "2016-03-08T00:26:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c4f-7238-4cfc-81e9-448f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c4f-7238-4cfc-81e9-448f02de0b81",
            "value": "https://www.virustotal.com/file/5ef73d904cf5dcbec5919fba0b640168d6feb8f7021507568297e3da1a7e47a5/analysis/1442496176/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c50-68c0-4955-931a-4b2b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:56.000Z",
            "modified": "2016-03-08T00:26:56.000Z",
            "first_observed": "2016-03-08T00:26:56Z",
            "last_observed": "2016-03-08T00:26:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c50-68c0-4955-931a-4b2b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c50-68c0-4955-931a-4b2b02de0b81",
            "value": "https://www.virustotal.com/file/b7c4b998d7ebea62b81f2a12c5e8608a21079a0bcecdef81c0f5818a80b0c7eb/analysis/1444376981/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c50-065c-49f9-985a-42b602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:56.000Z",
            "modified": "2016-03-08T00:26:56.000Z",
            "first_observed": "2016-03-08T00:26:56Z",
            "last_observed": "2016-03-08T00:26:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c50-065c-49f9-985a-42b602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c50-065c-49f9-985a-42b602de0b81",
            "value": "https://www.virustotal.com/file/a1176b60ca96cfeb37dde61bde935f645a64fabd8e300f072fc355434b711dcf/analysis/1442496177/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c50-3f94-4899-99de-46b602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:56.000Z",
            "modified": "2016-03-08T00:26:56.000Z",
            "first_observed": "2016-03-08T00:26:56Z",
            "last_observed": "2016-03-08T00:26:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c50-3f94-4899-99de-46b602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c50-3f94-4899-99de-46b602de0b81",
            "value": "https://www.virustotal.com/file/fede980fc70a86f949828b834edc0847490d497efcbd3a1155b7d3afe7c32543/analysis/1444633451/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c51-2a1c-44d3-8806-477802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:57.000Z",
            "modified": "2016-03-08T00:26:57.000Z",
            "first_observed": "2016-03-08T00:26:57Z",
            "last_observed": "2016-03-08T00:26:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c51-2a1c-44d3-8806-477802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c51-2a1c-44d3-8806-477802de0b81",
            "value": "https://www.virustotal.com/file/7e371cd323898e403df7a80add34d791e160e443bcd2d02f27ddc0c04ba1bdab/analysis/1455262763/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c51-90e8-493b-9182-4a8b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:57.000Z",
            "modified": "2016-03-08T00:26:57.000Z",
            "first_observed": "2016-03-08T00:26:57Z",
            "last_observed": "2016-03-08T00:26:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c51-90e8-493b-9182-4a8b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c51-90e8-493b-9182-4a8b02de0b81",
            "value": "https://www.virustotal.com/file/1590bdbaff2c178387e924b689b030057b4cbd2865e9c4dd3886a8791ac8e4ee/analysis/1457223067/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c52-a160-4d91-bd3e-4af602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:58.000Z",
            "modified": "2016-03-08T00:26:58.000Z",
            "first_observed": "2016-03-08T00:26:58Z",
            "last_observed": "2016-03-08T00:26:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c52-a160-4d91-bd3e-4af602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c52-a160-4d91-bd3e-4af602de0b81",
            "value": "https://www.virustotal.com/file/fe5bc1248fc79fc15663ef169f0a269c1abe847d00b01e9571fe5c0d760d68f0/analysis/1442496178/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c52-4478-4852-80bc-470902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:58.000Z",
            "modified": "2016-03-08T00:26:58.000Z",
            "first_observed": "2016-03-08T00:26:58Z",
            "last_observed": "2016-03-08T00:26:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c52-4478-4852-80bc-470902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c52-4478-4852-80bc-470902de0b81",
            "value": "https://www.virustotal.com/file/64e3a2bba82027dd6ff631fa5890a7ba8331b62a0a4c0b1ca24d143c2b61c323/analysis/1445257334/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c52-b95c-42d6-a113-477402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:58.000Z",
            "modified": "2016-03-08T00:26:58.000Z",
            "first_observed": "2016-03-08T00:26:58Z",
            "last_observed": "2016-03-08T00:26:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c52-b95c-42d6-a113-477402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c52-b95c-42d6-a113-477402de0b81",
            "value": "https://www.virustotal.com/file/027c9da59c77e83b42535a0c965c4994a144715e796453fc2a5b189f0036c4b4/analysis/1456286157/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c53-9e88-4196-9949-40b002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:59.000Z",
            "modified": "2016-03-08T00:26:59.000Z",
            "first_observed": "2016-03-08T00:26:59Z",
            "last_observed": "2016-03-08T00:26:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c53-9e88-4196-9949-40b002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c53-9e88-4196-9949-40b002de0b81",
            "value": "https://www.virustotal.com/file/8290b324f5cdb5c3ea17fa48a74bc11c856f0da0b049d07d9316d161f71f26a5/analysis/1442496178/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c53-a7ec-42d9-9eb8-4eb802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:59.000Z",
            "modified": "2016-03-08T00:26:59.000Z",
            "first_observed": "2016-03-08T00:26:59Z",
            "last_observed": "2016-03-08T00:26:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c53-a7ec-42d9-9eb8-4eb802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c53-a7ec-42d9-9eb8-4eb802de0b81",
            "value": "https://www.virustotal.com/file/38c0252f75b1c6b3980e40bb69cb932773a6e0b189fc8a80efc2dcb455209eab/analysis/1442496178/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c53-0fc4-43f7-b686-456402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:26:59.000Z",
            "modified": "2016-03-08T00:26:59.000Z",
            "first_observed": "2016-03-08T00:26:59Z",
            "last_observed": "2016-03-08T00:26:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c53-0fc4-43f7-b686-456402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c53-0fc4-43f7-b686-456402de0b81",
            "value": "https://www.virustotal.com/file/3d37e753812687fb7287cf8644d13fe2673ea7c3b540637c1ce1c6819f1c521b/analysis/1444808162/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c54-b4b4-464d-9dea-476602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:00.000Z",
            "modified": "2016-03-08T00:27:00.000Z",
            "first_observed": "2016-03-08T00:27:00Z",
            "last_observed": "2016-03-08T00:27:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c54-b4b4-464d-9dea-476602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c54-b4b4-464d-9dea-476602de0b81",
            "value": "https://www.virustotal.com/file/334ed05005ce829224d0dd4cc5baab6b837cf02ac0e321c8f97d11b3ba1c77a7/analysis/1454023565/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c54-4190-4249-b2cc-406502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:00.000Z",
            "modified": "2016-03-08T00:27:00.000Z",
            "first_observed": "2016-03-08T00:27:00Z",
            "last_observed": "2016-03-08T00:27:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c54-4190-4249-b2cc-406502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c54-4190-4249-b2cc-406502de0b81",
            "value": "https://www.virustotal.com/file/2146da9bc0e27d7eb10983b7dd89f250fa0015ce284dde8f0bb6a79626d34a2a/analysis/1457223103/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c54-2270-4ab0-881d-45f802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:00.000Z",
            "modified": "2016-03-08T00:27:00.000Z",
            "first_observed": "2016-03-08T00:27:00Z",
            "last_observed": "2016-03-08T00:27:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c54-2270-4ab0-881d-45f802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c54-2270-4ab0-881d-45f802de0b81",
            "value": "https://www.virustotal.com/file/5b50e26a01b320f05d66727e9d220d5858cdac203ff62e4b9ced1cafc2683637/analysis/1445257811/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c55-c044-4821-8585-412602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:01.000Z",
            "modified": "2016-03-08T00:27:01.000Z",
            "first_observed": "2016-03-08T00:27:01Z",
            "last_observed": "2016-03-08T00:27:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c55-c044-4821-8585-412602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c55-c044-4821-8585-412602de0b81",
            "value": "https://www.virustotal.com/file/f6c62f9f846b3d100d60b1f2ae57a71c91dd8dc215dce652e2c85dff60c0197f/analysis/1454023567/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c55-ba3c-4f3d-88d0-4ee802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:01.000Z",
            "modified": "2016-03-08T00:27:01.000Z",
            "first_observed": "2016-03-08T00:27:01Z",
            "last_observed": "2016-03-08T00:27:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c55-ba3c-4f3d-88d0-4ee802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c55-ba3c-4f3d-88d0-4ee802de0b81",
            "value": "https://www.virustotal.com/file/29585bb17b28e8b15b2a250be9516f416fa7cac84cc24aa4e004f6987323147e/analysis/1452769402/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c55-b89c-436e-a317-48c502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:01.000Z",
            "modified": "2016-03-08T00:27:01.000Z",
            "first_observed": "2016-03-08T00:27:01Z",
            "last_observed": "2016-03-08T00:27:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c55-b89c-436e-a317-48c502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c55-b89c-436e-a317-48c502de0b81",
            "value": "https://www.virustotal.com/file/1c348f1582385bfbf030abe20caabbd289d0f48a4076b1b6ccc417864070e9fe/analysis/1444377162/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c56-4574-4988-9a1d-45f202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:02.000Z",
            "modified": "2016-03-08T00:27:02.000Z",
            "first_observed": "2016-03-08T00:27:02Z",
            "last_observed": "2016-03-08T00:27:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c56-4574-4988-9a1d-45f202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c56-4574-4988-9a1d-45f202de0b81",
            "value": "https://www.virustotal.com/file/4f9b6a88245f782d81e9eec9315b9444c83d68941f9fc23641e3909c8da9db9d/analysis/1442496165/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c56-0d24-4df0-a32d-4d7202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:02.000Z",
            "modified": "2016-03-08T00:27:02.000Z",
            "first_observed": "2016-03-08T00:27:02Z",
            "last_observed": "2016-03-08T00:27:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c56-0d24-4df0-a32d-4d7202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c56-0d24-4df0-a32d-4d7202de0b81",
            "value": "https://www.virustotal.com/file/008beba8635e24baa50beee2e98654f73c04476a06fdcb893655f0a8201932d2/analysis/1454969010/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c56-8790-4277-b16f-489602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:02.000Z",
            "modified": "2016-03-08T00:27:02.000Z",
            "first_observed": "2016-03-08T00:27:02Z",
            "last_observed": "2016-03-08T00:27:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c56-8790-4277-b16f-489602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c56-8790-4277-b16f-489602de0b81",
            "value": "https://www.virustotal.com/file/9ce93f04dbb6a3b833f1146a54dadfdc224fdf24e3cca1f8a1eb4e902d597ff6/analysis/1442496166/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c57-87a4-43e0-af0e-454302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:03.000Z",
            "modified": "2016-03-08T00:27:03.000Z",
            "first_observed": "2016-03-08T00:27:03Z",
            "last_observed": "2016-03-08T00:27:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c57-87a4-43e0-af0e-454302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c57-87a4-43e0-af0e-454302de0b81",
            "value": "https://www.virustotal.com/file/cb0d78c79ad46c04e7ab66ca95588db8ccde4d2710a171585b0276736aa4e059/analysis/1444377007/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c57-85ec-4350-9462-4a5202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:03.000Z",
            "modified": "2016-03-08T00:27:03.000Z",
            "first_observed": "2016-03-08T00:27:03Z",
            "last_observed": "2016-03-08T00:27:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c57-85ec-4350-9462-4a5202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c57-85ec-4350-9462-4a5202de0b81",
            "value": "https://www.virustotal.com/file/0dc70c0f2ed18c813a89c59686f375787ba683b549b1e6bb9aee6ca33be64bfb/analysis/1454121219/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c58-71b0-47f8-8fa8-4a4802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:04.000Z",
            "modified": "2016-03-08T00:27:04.000Z",
            "first_observed": "2016-03-08T00:27:04Z",
            "last_observed": "2016-03-08T00:27:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c58-71b0-47f8-8fa8-4a4802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c58-71b0-47f8-8fa8-4a4802de0b81",
            "value": "https://www.virustotal.com/file/f6af08e31471c98adcc26f9916e26d41aa0c47ff94949d3174d55c320032be26/analysis/1442496166/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c58-f170-4e7b-bbbc-428502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:04.000Z",
            "modified": "2016-03-08T00:27:04.000Z",
            "first_observed": "2016-03-08T00:27:04Z",
            "last_observed": "2016-03-08T00:27:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c58-f170-4e7b-bbbc-428502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c58-f170-4e7b-bbbc-428502de0b81",
            "value": "https://www.virustotal.com/file/4fc0bbb90aeecd3229aa932437273ba59f887a6eac569b56693602b957e205e2/analysis/1445257508/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c58-c820-42e9-aad2-43d302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:04.000Z",
            "modified": "2016-03-08T00:27:04.000Z",
            "first_observed": "2016-03-08T00:27:04Z",
            "last_observed": "2016-03-08T00:27:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c58-c820-42e9-aad2-43d302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c58-c820-42e9-aad2-43d302de0b81",
            "value": "https://www.virustotal.com/file/ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8/analysis/1445919812/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c59-3140-4908-87b1-431402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:05.000Z",
            "modified": "2016-03-08T00:27:05.000Z",
            "first_observed": "2016-03-08T00:27:05Z",
            "last_observed": "2016-03-08T00:27:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c59-3140-4908-87b1-431402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c59-3140-4908-87b1-431402de0b81",
            "value": "https://www.virustotal.com/file/4e9942bddfeb3369897c58d9b8fe2478c1df96e5b13733bfb24d975282685c29/analysis/1442496167/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c59-898c-4ad6-af25-485e02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:05.000Z",
            "modified": "2016-03-08T00:27:05.000Z",
            "first_observed": "2016-03-08T00:27:05Z",
            "last_observed": "2016-03-08T00:27:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c59-898c-4ad6-af25-485e02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c59-898c-4ad6-af25-485e02de0b81",
            "value": "https://www.virustotal.com/file/a7b230593aa43c701c30862d3054b4510ed1dea1fd5f219b1c3bc11321bab73b/analysis/1444376824/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c59-4e48-45f2-ba77-4a1b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:05.000Z",
            "modified": "2016-03-08T00:27:05.000Z",
            "first_observed": "2016-03-08T00:27:05Z",
            "last_observed": "2016-03-08T00:27:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c59-4e48-45f2-ba77-4a1b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c59-4e48-45f2-ba77-4a1b02de0b81",
            "value": "https://www.virustotal.com/file/30b24935c8537c51ce56a69510019d8481ac78e6c5ccdbe792c625c69c5358f9/analysis/1444377065/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5a-d738-46f5-bc3e-4a7f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:06.000Z",
            "modified": "2016-03-08T00:27:06.000Z",
            "first_observed": "2016-03-08T00:27:06Z",
            "last_observed": "2016-03-08T00:27:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5a-d738-46f5-bc3e-4a7f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5a-d738-46f5-bc3e-4a7f02de0b81",
            "value": "https://www.virustotal.com/file/7d9296ac474b991780b41f654b557e01ba93ae932ba717146e60c1b9ed579539/analysis/1448343481/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5a-0f28-471d-9179-465c02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:06.000Z",
            "modified": "2016-03-08T00:27:06.000Z",
            "first_observed": "2016-03-08T00:27:06Z",
            "last_observed": "2016-03-08T00:27:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5a-0f28-471d-9179-465c02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5a-0f28-471d-9179-465c02de0b81",
            "value": "https://www.virustotal.com/file/16870c6b572934f5a106d5f632b6d41bb23924c12ddf172be24c6dfca25226b1/analysis/1456013080/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5a-8d6c-43fb-b717-475602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:06.000Z",
            "modified": "2016-03-08T00:27:06.000Z",
            "first_observed": "2016-03-08T00:27:06Z",
            "last_observed": "2016-03-08T00:27:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5a-8d6c-43fb-b717-475602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5a-8d6c-43fb-b717-475602de0b81",
            "value": "https://www.virustotal.com/file/73aac0b568f83746c9a54a2a6fdd2984c3e6f8d0c77a681c219abb9480859197/analysis/1442496169/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5b-fcd4-499d-aeb8-4cae02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:07.000Z",
            "modified": "2016-03-08T00:27:07.000Z",
            "first_observed": "2016-03-08T00:27:07Z",
            "last_observed": "2016-03-08T00:27:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5b-fcd4-499d-aeb8-4cae02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5b-fcd4-499d-aeb8-4cae02de0b81",
            "value": "https://www.virustotal.com/file/910a016a7b6e0a76bc7ddf12f9135090e0b23d00c382d70084b46bea4bbbcae7/analysis/1444376636/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5b-c7b8-44f9-8d61-448c02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:07.000Z",
            "modified": "2016-03-08T00:27:07.000Z",
            "first_observed": "2016-03-08T00:27:07Z",
            "last_observed": "2016-03-08T00:27:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5b-c7b8-44f9-8d61-448c02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5b-c7b8-44f9-8d61-448c02de0b81",
            "value": "https://www.virustotal.com/file/bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab/analysis/1442496169/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5b-60f8-4a75-aa6a-490402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:07.000Z",
            "modified": "2016-03-08T00:27:07.000Z",
            "first_observed": "2016-03-08T00:27:07Z",
            "last_observed": "2016-03-08T00:27:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5b-60f8-4a75-aa6a-490402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5b-60f8-4a75-aa6a-490402de0b81",
            "value": "https://www.virustotal.com/file/a38e41831d495ceb07dd232506447c62203ab05fe9e15e2b2a6a74aa9b0b0e96/analysis/1442496169/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5c-5f84-4a86-a742-4a2f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:08.000Z",
            "modified": "2016-03-08T00:27:08.000Z",
            "first_observed": "2016-03-08T00:27:08Z",
            "last_observed": "2016-03-08T00:27:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5c-5f84-4a86-a742-4a2f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5c-5f84-4a86-a742-4a2f02de0b81",
            "value": "https://www.virustotal.com/file/04819cde7e928e6ff376daeb73b894959f672a85b363753c227416fc0f4a8acd/analysis/1457223015/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5c-6244-48fe-8919-45ff02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:08.000Z",
            "modified": "2016-03-08T00:27:08.000Z",
            "first_observed": "2016-03-08T00:27:08Z",
            "last_observed": "2016-03-08T00:27:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5c-6244-48fe-8919-45ff02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5c-6244-48fe-8919-45ff02de0b81",
            "value": "https://www.virustotal.com/file/4bc8280a99d07165055fabed11049d8da275f27f5d8cffc4ed10a68be2d0cb84/analysis/1444376677/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5c-d92c-4226-aead-43bf02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:08.000Z",
            "modified": "2016-03-08T00:27:08.000Z",
            "first_observed": "2016-03-08T00:27:08Z",
            "last_observed": "2016-03-08T00:27:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5c-d92c-4226-aead-43bf02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5c-d92c-4226-aead-43bf02de0b81",
            "value": "https://www.virustotal.com/file/c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665/analysis/1448955191/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5d-a164-4d51-9119-4c1502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:09.000Z",
            "modified": "2016-03-08T00:27:09.000Z",
            "first_observed": "2016-03-08T00:27:09Z",
            "last_observed": "2016-03-08T00:27:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5d-a164-4d51-9119-4c1502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5d-a164-4d51-9119-4c1502de0b81",
            "value": "https://www.virustotal.com/file/2eafc64769c500d635b7225c9b1411db8f50db8618e4d5807e1640b641a2f5ee/analysis/1444376776/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5d-fdbc-4da9-96a1-4fc502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:09.000Z",
            "modified": "2016-03-08T00:27:09.000Z",
            "first_observed": "2016-03-08T00:27:09Z",
            "last_observed": "2016-03-08T00:27:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5d-fdbc-4da9-96a1-4fc502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5d-fdbc-4da9-96a1-4fc502de0b81",
            "value": "https://www.virustotal.com/file/6322e8bbb5a7cc542a7da0fb33a60fc7443bcbd8601b828c9c7f138c71cce090/analysis/1456426320/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5d-f998-4148-a7fa-40d702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:09.000Z",
            "modified": "2016-03-08T00:27:09.000Z",
            "first_observed": "2016-03-08T00:27:09Z",
            "last_observed": "2016-03-08T00:27:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5d-f998-4148-a7fa-40d702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5d-f998-4148-a7fa-40d702de0b81",
            "value": "https://www.virustotal.com/file/9c2562e05eb940ae8d73c9baa7cfe85cb3ec619689227f65e4fbeeb3fec598ad/analysis/1445257785/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5e-9724-46ff-8686-44a502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:10.000Z",
            "modified": "2016-03-08T00:27:10.000Z",
            "first_observed": "2016-03-08T00:27:10Z",
            "last_observed": "2016-03-08T00:27:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5e-9724-46ff-8686-44a502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5e-9724-46ff-8686-44a502de0b81",
            "value": "https://www.virustotal.com/file/68355d29ce79a5177084fe6292f0f8b9daa2018c571b552fff9f4a0815b432ce/analysis/1452492024/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5e-0cd0-4b34-aeac-4b6402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:10.000Z",
            "modified": "2016-03-08T00:27:10.000Z",
            "first_observed": "2016-03-08T00:27:10Z",
            "last_observed": "2016-03-08T00:27:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5e-0cd0-4b34-aeac-4b6402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5e-0cd0-4b34-aeac-4b6402de0b81",
            "value": "https://www.virustotal.com/file/3d0b1f970eaeeabf9372ffc1ad7e61226632904cf0311ea8f872ddbfd34a3a2a/analysis/1456890256/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5f-c488-4c5f-b2e1-4b7b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:11.000Z",
            "modified": "2016-03-08T00:27:11.000Z",
            "first_observed": "2016-03-08T00:27:11Z",
            "last_observed": "2016-03-08T00:27:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5f-c488-4c5f-b2e1-4b7b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5f-c488-4c5f-b2e1-4b7b02de0b81",
            "value": "https://www.virustotal.com/file/6e57c69963562d28a3a9da9f9103c199c909d0baa185a5d21e1b200a5a14ab72/analysis/1455262867/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5f-2e74-4e0a-9a75-4c7c02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:11.000Z",
            "modified": "2016-03-08T00:27:11.000Z",
            "first_observed": "2016-03-08T00:27:11Z",
            "last_observed": "2016-03-08T00:27:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5f-2e74-4e0a-9a75-4c7c02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5f-2e74-4e0a-9a75-4c7c02de0b81",
            "value": "https://www.virustotal.com/file/e961202d84aad7fa9faaeb63651735416612d25c611a7a025e2eaab67c79e272/analysis/1455263453/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c5f-35a4-470f-a97d-4f7802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:11.000Z",
            "modified": "2016-03-08T00:27:11.000Z",
            "first_observed": "2016-03-08T00:27:11Z",
            "last_observed": "2016-03-08T00:27:11Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c5f-35a4-470f-a97d-4f7802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c5f-35a4-470f-a97d-4f7802de0b81",
            "value": "https://www.virustotal.com/file/abfffd23c81b6301675567622ccee08cf578ce91f372fce68cff8fc1dbc3053d/analysis/1455263091/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c60-20a4-43c2-aac8-467502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:12.000Z",
            "modified": "2016-03-08T00:27:12.000Z",
            "first_observed": "2016-03-08T00:27:12Z",
            "last_observed": "2016-03-08T00:27:12Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c60-20a4-43c2-aac8-467502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c60-20a4-43c2-aac8-467502de0b81",
            "value": "https://www.virustotal.com/file/55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468/analysis/1442496156/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c60-467c-4ee8-987e-4a0402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:12.000Z",
            "modified": "2016-03-08T00:27:12.000Z",
            "first_observed": "2016-03-08T00:27:12Z",
            "last_observed": "2016-03-08T00:27:12Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c60-467c-4ee8-987e-4a0402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c60-467c-4ee8-987e-4a0402de0b81",
            "value": "https://www.virustotal.com/file/7889fbd40f65cfe21d0c7486b29eb4c5042abff4ac660c12c7936831445cfd6e/analysis/1455262889/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c60-1020-4d39-9433-40cb02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:12.000Z",
            "modified": "2016-03-08T00:27:12.000Z",
            "first_observed": "2016-03-08T00:27:12Z",
            "last_observed": "2016-03-08T00:27:12Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c60-1020-4d39-9433-40cb02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c60-1020-4d39-9433-40cb02de0b81",
            "value": "https://www.virustotal.com/file/c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295/analysis/1455262254/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c61-9794-4739-88f3-416202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:13.000Z",
            "modified": "2016-03-08T00:27:13.000Z",
            "first_observed": "2016-03-08T00:27:13Z",
            "last_observed": "2016-03-08T00:27:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c61-9794-4739-88f3-416202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c61-9794-4739-88f3-416202de0b81",
            "value": "https://www.virustotal.com/file/dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741/analysis/1442496157/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c61-a5c4-4001-8a89-422e02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:13.000Z",
            "modified": "2016-03-08T00:27:13.000Z",
            "first_observed": "2016-03-08T00:27:13Z",
            "last_observed": "2016-03-08T00:27:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c61-a5c4-4001-8a89-422e02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c61-a5c4-4001-8a89-422e02de0b81",
            "value": "https://www.virustotal.com/file/15101f74f974e3e80cc37805ebe5cc2efed77bb5745d82e1b44b1da4f0c83691/analysis/1455262632/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c61-f8f4-4b51-841b-43be02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:13.000Z",
            "modified": "2016-03-08T00:27:13.000Z",
            "first_observed": "2016-03-08T00:27:13Z",
            "last_observed": "2016-03-08T00:27:13Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c61-f8f4-4b51-841b-43be02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c61-f8f4-4b51-841b-43be02de0b81",
            "value": "https://www.virustotal.com/file/f151f5a656d43a76a07fa03166906d51f9683b27b0e9b86464e3a68e9dba1fac/analysis/1442496158/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c62-23e8-4bb1-ab38-47de02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:14.000Z",
            "modified": "2016-03-08T00:27:14.000Z",
            "first_observed": "2016-03-08T00:27:14Z",
            "last_observed": "2016-03-08T00:27:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c62-23e8-4bb1-ab38-47de02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c62-23e8-4bb1-ab38-47de02de0b81",
            "value": "https://www.virustotal.com/file/62a2df9d001d3e0f222d77b6781eb279761f1354570773ef1929a86557a11454/analysis/1444633427/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c62-e41c-48b6-8e27-4da502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:14.000Z",
            "modified": "2016-03-08T00:27:14.000Z",
            "first_observed": "2016-03-08T00:27:14Z",
            "last_observed": "2016-03-08T00:27:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c62-e41c-48b6-8e27-4da502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c62-e41c-48b6-8e27-4da502de0b81",
            "value": "https://www.virustotal.com/file/acd886fa7b9117807f1e11f0f38b9fad1afce51aa9cfbe3810a39d883d0ca663/analysis/1444633462/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c62-f570-489e-acd6-4edb02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:14.000Z",
            "modified": "2016-03-08T00:27:14.000Z",
            "first_observed": "2016-03-08T00:27:14Z",
            "last_observed": "2016-03-08T00:27:14Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c62-f570-489e-acd6-4edb02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c62-f570-489e-acd6-4edb02de0b81",
            "value": "https://www.virustotal.com/file/ecc5e2526ca32a447c862612b71c1db5675a759897e680573fa143ac0a8e662a/analysis/1455263305/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c63-2cf4-4db4-af05-4ce002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:15.000Z",
            "modified": "2016-03-08T00:27:15.000Z",
            "first_observed": "2016-03-08T00:27:15Z",
            "last_observed": "2016-03-08T00:27:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c63-2cf4-4db4-af05-4ce002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c63-2cf4-4db4-af05-4ce002de0b81",
            "value": "https://www.virustotal.com/file/f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109/analysis/1455262573/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c63-c5fc-4509-80b2-465802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:15.000Z",
            "modified": "2016-03-08T00:27:15.000Z",
            "first_observed": "2016-03-08T00:27:15Z",
            "last_observed": "2016-03-08T00:27:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c63-c5fc-4509-80b2-465802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c63-c5fc-4509-80b2-465802de0b81",
            "value": "https://www.virustotal.com/file/6a95d2895362fc8657bc90d73d77e32f09b86699eb625905ddeb45ccd6b13c71/analysis/1455262261/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c63-a678-4eec-a5aa-4c4c02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:15.000Z",
            "modified": "2016-03-08T00:27:15.000Z",
            "first_observed": "2016-03-08T00:27:15Z",
            "last_observed": "2016-03-08T00:27:15Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c63-a678-4eec-a5aa-4c4c02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c63-a678-4eec-a5aa-4c4c02de0b81",
            "value": "https://www.virustotal.com/file/c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982/analysis/1442496159/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c64-0824-4cd5-a888-4d6802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:16.000Z",
            "modified": "2016-03-08T00:27:16.000Z",
            "first_observed": "2016-03-08T00:27:16Z",
            "last_observed": "2016-03-08T00:27:16Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c64-0824-4cd5-a888-4d6802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c64-0824-4cd5-a888-4d6802de0b81",
            "value": "https://www.virustotal.com/file/bf210e54c65ea69ebda418f701c2c6b8aff840f31c1072d641a726cef8c7b5ad/analysis/1455263263/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c64-a834-4b75-986b-4eff02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:16.000Z",
            "modified": "2016-03-08T00:27:16.000Z",
            "first_observed": "2016-03-08T00:27:16Z",
            "last_observed": "2016-03-08T00:27:16Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c64-a834-4b75-986b-4eff02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c64-a834-4b75-986b-4eff02de0b81",
            "value": "https://www.virustotal.com/file/8d457e4189017712917c5c8f900bb9072c5910c9f975c50337115f952d885635/analysis/1455262109/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c65-1aac-4cd0-9bef-4d5b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:17.000Z",
            "modified": "2016-03-08T00:27:17.000Z",
            "first_observed": "2016-03-08T00:27:17Z",
            "last_observed": "2016-03-08T00:27:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c65-1aac-4cd0-9bef-4d5b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c65-1aac-4cd0-9bef-4d5b02de0b81",
            "value": "https://www.virustotal.com/file/1db9187b7b0e5bc97aca233f29b96295c0bc4058fdcff50df543c1f044e58836/analysis/1455262182/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c65-37f4-4272-80d4-4ccc02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:17.000Z",
            "modified": "2016-03-08T00:27:17.000Z",
            "first_observed": "2016-03-08T00:27:17Z",
            "last_observed": "2016-03-08T00:27:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c65-37f4-4272-80d4-4ccc02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c65-37f4-4272-80d4-4ccc02de0b81",
            "value": "https://www.virustotal.com/file/94d39845ec228ff1c84668207c4591ae0e2b6605bdf11e84916534ab09744736/analysis/1444633462/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c65-45f4-4843-b87b-42c902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:17.000Z",
            "modified": "2016-03-08T00:27:17.000Z",
            "first_observed": "2016-03-08T00:27:17Z",
            "last_observed": "2016-03-08T00:27:17Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c65-45f4-4843-b87b-42c902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c65-45f4-4843-b87b-42c902de0b81",
            "value": "https://www.virustotal.com/file/5b96b07528f762dfcb9d6936995ed4e358d29542ae756f6e5547fa3b5b7797b6/analysis/1455262903/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c66-8cf4-4f68-ac3c-4b7a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:18.000Z",
            "modified": "2016-03-08T00:27:18.000Z",
            "first_observed": "2016-03-08T00:27:18Z",
            "last_observed": "2016-03-08T00:27:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c66-8cf4-4f68-ac3c-4b7a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c66-8cf4-4f68-ac3c-4b7a02de0b81",
            "value": "https://www.virustotal.com/file/2ae4cc6834e3679e99fc93d2f5fba02167a31cf5b68a5a9ca7aa1a4b9f7cb4ae/analysis/1442496168/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c66-a470-4abc-a2ff-479402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:18.000Z",
            "modified": "2016-03-08T00:27:18.000Z",
            "first_observed": "2016-03-08T00:27:18Z",
            "last_observed": "2016-03-08T00:27:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c66-a470-4abc-a2ff-479402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c66-a470-4abc-a2ff-479402de0b81",
            "value": "https://www.virustotal.com/file/415f88765b88dd90e5b0502e4fa1408e06ac9552c7c8974a510e6e23a9756a45/analysis/1455263295/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c66-cc28-4db5-bbf3-431602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:18.000Z",
            "modified": "2016-03-08T00:27:18.000Z",
            "first_observed": "2016-03-08T00:27:18Z",
            "last_observed": "2016-03-08T00:27:18Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c66-cc28-4db5-bbf3-431602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c66-cc28-4db5-bbf3-431602de0b81",
            "value": "https://www.virustotal.com/file/91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7/analysis/1455262176/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c67-01f8-45ff-9192-4cd102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:19.000Z",
            "modified": "2016-03-08T00:27:19.000Z",
            "first_observed": "2016-03-08T00:27:19Z",
            "last_observed": "2016-03-08T00:27:19Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c67-01f8-45ff-9192-4cd102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c67-01f8-45ff-9192-4cd102de0b81",
            "value": "https://www.virustotal.com/file/23486eedb5fe8a026f602507f490b4df4721e8befa65007b84c4f5b1ed95e1bd/analysis/1444633446/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c67-16dc-465f-9b0c-4cda02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:19.000Z",
            "modified": "2016-03-08T00:27:19.000Z",
            "first_observed": "2016-03-08T00:27:19Z",
            "last_observed": "2016-03-08T00:27:19Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c67-16dc-465f-9b0c-4cda02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c67-16dc-465f-9b0c-4cda02de0b81",
            "value": "https://www.virustotal.com/file/6c2409d415e66faebf0a031350b44d5a014ab4f62f2c1a3115982d452b7f97b9/analysis/1455262464/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c68-7ac8-439a-9607-4d2902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:20.000Z",
            "modified": "2016-03-08T00:27:20.000Z",
            "first_observed": "2016-03-08T00:27:20Z",
            "last_observed": "2016-03-08T00:27:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c68-7ac8-439a-9607-4d2902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c68-7ac8-439a-9607-4d2902de0b81",
            "value": "https://www.virustotal.com/file/2f9834f7b7fe09d98ef7b27d3828691ed4b361d1ccbbf8e10703f9ec03b05259/analysis/1442496161/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c68-1f00-44a3-8838-48bd02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:20.000Z",
            "modified": "2016-03-08T00:27:20.000Z",
            "first_observed": "2016-03-08T00:27:20Z",
            "last_observed": "2016-03-08T00:27:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c68-1f00-44a3-8838-48bd02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c68-1f00-44a3-8838-48bd02de0b81",
            "value": "https://www.virustotal.com/file/7815e5275ea849a9ed1f193abd8781ff7ae6b88ef6282f6a0900175a4bb59131/analysis/1455262704/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c68-5524-47d5-82d3-4ae302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:20.000Z",
            "modified": "2016-03-08T00:27:20.000Z",
            "first_observed": "2016-03-08T00:27:20Z",
            "last_observed": "2016-03-08T00:27:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c68-5524-47d5-82d3-4ae302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c68-5524-47d5-82d3-4ae302de0b81",
            "value": "https://www.virustotal.com/file/56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84/analysis/1455262237/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c69-f63c-47c3-9d93-456702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:21.000Z",
            "modified": "2016-03-08T00:27:21.000Z",
            "first_observed": "2016-03-08T00:27:21Z",
            "last_observed": "2016-03-08T00:27:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c69-f63c-47c3-9d93-456702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c69-f63c-47c3-9d93-456702de0b81",
            "value": "https://www.virustotal.com/file/e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85/analysis/1445922871/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c69-4f50-4dbd-8174-4d9102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:21.000Z",
            "modified": "2016-03-08T00:27:21.000Z",
            "first_observed": "2016-03-08T00:27:21Z",
            "last_observed": "2016-03-08T00:27:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c69-4f50-4dbd-8174-4d9102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c69-4f50-4dbd-8174-4d9102de0b81",
            "value": "https://www.virustotal.com/file/12a057ca7c92cda3cd0e09efc5bff2ebd3f7d2991e999038c7f31a6ac6a95c3d/analysis/1444633462/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c69-d424-4ed2-b81b-436702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:21.000Z",
            "modified": "2016-03-08T00:27:21.000Z",
            "first_observed": "2016-03-08T00:27:21Z",
            "last_observed": "2016-03-08T00:27:21Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c69-d424-4ed2-b81b-436702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c69-d424-4ed2-b81b-436702de0b81",
            "value": "https://www.virustotal.com/file/fe2672737205351df003e1969ef1ef0df9e13a9a31bf77f844236857ed0b0bf5/analysis/1444633458/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6a-6b74-4733-80b1-43ba02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:22.000Z",
            "modified": "2016-03-08T00:27:22.000Z",
            "first_observed": "2016-03-08T00:27:22Z",
            "last_observed": "2016-03-08T00:27:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6a-6b74-4733-80b1-43ba02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6a-6b74-4733-80b1-43ba02de0b81",
            "value": "https://www.virustotal.com/file/a962ea9027514712ba3949dc3ca54559d1d42e116837dda5f9809d6523a41255/analysis/1444633459/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6a-3aac-4098-99f8-4b5f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:22.000Z",
            "modified": "2016-03-08T00:27:22.000Z",
            "first_observed": "2016-03-08T00:27:22Z",
            "last_observed": "2016-03-08T00:27:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6a-3aac-4098-99f8-4b5f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6a-3aac-4098-99f8-4b5f02de0b81",
            "value": "https://www.virustotal.com/file/637cabc343e3ed5b447dccb13aa7caf4d3a3eb3cd617d360167f270ec34596ea/analysis/1442488909/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6a-edcc-44e9-a42c-4ea902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:22.000Z",
            "modified": "2016-03-08T00:27:22.000Z",
            "first_observed": "2016-03-08T00:27:22Z",
            "last_observed": "2016-03-08T00:27:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6a-edcc-44e9-a42c-4ea902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6a-edcc-44e9-a42c-4ea902de0b81",
            "value": "https://www.virustotal.com/file/4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8/analysis/1442488929/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6a-9334-43e7-935d-434e02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:22.000Z",
            "modified": "2016-03-08T00:27:22.000Z",
            "first_observed": "2016-03-08T00:27:22Z",
            "last_observed": "2016-03-08T00:27:22Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6a-9334-43e7-935d-434e02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6a-9334-43e7-935d-434e02de0b81",
            "value": "https://www.virustotal.com/file/b9ea2cc39808780ade1fe51287072e958448be7e3a7b32bfd48438453592018c/analysis/1446019536/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6b-1a44-4c54-8f35-49f002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:23.000Z",
            "modified": "2016-03-08T00:27:23.000Z",
            "first_observed": "2016-03-08T00:27:23Z",
            "last_observed": "2016-03-08T00:27:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6b-1a44-4c54-8f35-49f002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6b-1a44-4c54-8f35-49f002de0b81",
            "value": "https://www.virustotal.com/file/5f827730c7bd155997121f023ca9775077a37a58111738fcb3213757170bd860/analysis/1442488964/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6b-a630-4031-bd64-4e2602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:23.000Z",
            "modified": "2016-03-08T00:27:23.000Z",
            "first_observed": "2016-03-08T00:27:23Z",
            "last_observed": "2016-03-08T00:27:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6b-a630-4031-bd64-4e2602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6b-a630-4031-bd64-4e2602de0b81",
            "value": "https://www.virustotal.com/file/d469000ca9e6af92876334e3a460ea4ac8a61c1a6ee819eefbfd0c79ea4fb315/analysis/1442496150/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6b-75ac-431c-a119-4b9f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:23.000Z",
            "modified": "2016-03-08T00:27:23.000Z",
            "first_observed": "2016-03-08T00:27:23Z",
            "last_observed": "2016-03-08T00:27:23Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6b-75ac-431c-a119-4b9f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6b-75ac-431c-a119-4b9f02de0b81",
            "value": "https://www.virustotal.com/file/c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be/analysis/1456299781/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6c-05e4-4c48-a9e3-49c202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:24.000Z",
            "modified": "2016-03-08T00:27:24.000Z",
            "first_observed": "2016-03-08T00:27:24Z",
            "last_observed": "2016-03-08T00:27:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6c-05e4-4c48-a9e3-49c202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6c-05e4-4c48-a9e3-49c202de0b81",
            "value": "https://www.virustotal.com/file/dc70d3046b59785b2b9b7091e26f2484ba7a488dba420a8a05be388a337c399e/analysis/1456300123/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6c-4568-49dd-9a99-4fb202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:24.000Z",
            "modified": "2016-03-08T00:27:24.000Z",
            "first_observed": "2016-03-08T00:27:24Z",
            "last_observed": "2016-03-08T00:27:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6c-4568-49dd-9a99-4fb202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6c-4568-49dd-9a99-4fb202de0b81",
            "value": "https://www.virustotal.com/file/f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039/analysis/1453941246/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6c-5224-4236-84da-469702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:24.000Z",
            "modified": "2016-03-08T00:27:24.000Z",
            "first_observed": "2016-03-08T00:27:24Z",
            "last_observed": "2016-03-08T00:27:24Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6c-5224-4236-84da-469702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6c-5224-4236-84da-469702de0b81",
            "value": "https://www.virustotal.com/file/bc7bcb663477238508ce8ad366cc9a77811c7f5eabaec47175858fe972639f40/analysis/1456299762/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6d-9a10-4a1c-8e56-4e5202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:25.000Z",
            "modified": "2016-03-08T00:27:25.000Z",
            "first_observed": "2016-03-08T00:27:25Z",
            "last_observed": "2016-03-08T00:27:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6d-9a10-4a1c-8e56-4e5202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6d-9a10-4a1c-8e56-4e5202de0b81",
            "value": "https://www.virustotal.com/file/89996b66d5a339939b2072d29675ec3ca6d793f42a5d335a8ea7dab8773321ef/analysis/1442489062/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6d-a35c-457e-bfb1-497802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:25.000Z",
            "modified": "2016-03-08T00:27:25.000Z",
            "first_observed": "2016-03-08T00:27:25Z",
            "last_observed": "2016-03-08T00:27:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6d-a35c-457e-bfb1-497802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6d-a35c-457e-bfb1-497802de0b81",
            "value": "https://www.virustotal.com/file/bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b/analysis/1445905149/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6d-821c-4c2c-bdbb-417202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:25.000Z",
            "modified": "2016-03-08T00:27:25.000Z",
            "first_observed": "2016-03-08T00:27:25Z",
            "last_observed": "2016-03-08T00:27:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6d-821c-4c2c-bdbb-417202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6d-821c-4c2c-bdbb-417202de0b81",
            "value": "https://www.virustotal.com/file/a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41/analysis/1445909502/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6e-2b58-4c57-91fd-445702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:26.000Z",
            "modified": "2016-03-08T00:27:26.000Z",
            "first_observed": "2016-03-08T00:27:26Z",
            "last_observed": "2016-03-08T00:27:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6e-2b58-4c57-91fd-445702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6e-2b58-4c57-91fd-445702de0b81",
            "value": "https://www.virustotal.com/file/f6d52c5608931cdf66d71502fcf012b6781edde64ba1f956c1868f7e36d8c8d2/analysis/1444362186/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6e-0180-4b45-8eb8-40ec02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:26.000Z",
            "modified": "2016-03-08T00:27:26.000Z",
            "first_observed": "2016-03-08T00:27:26Z",
            "last_observed": "2016-03-08T00:27:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6e-0180-4b45-8eb8-40ec02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6e-0180-4b45-8eb8-40ec02de0b81",
            "value": "https://www.virustotal.com/file/1233cca912fb61873c7388f299a4a1b78054e681941beb31f0a48f8c6d7a182b/analysis/1456300085/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6f-1d14-4ff0-8005-415502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:27.000Z",
            "modified": "2016-03-08T00:27:27.000Z",
            "first_observed": "2016-03-08T00:27:27Z",
            "last_observed": "2016-03-08T00:27:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6f-1d14-4ff0-8005-415502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6f-1d14-4ff0-8005-415502de0b81",
            "value": "https://www.virustotal.com/file/30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73/analysis/1448401236/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6f-4d40-4ef7-aeca-430702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:27.000Z",
            "modified": "2016-03-08T00:27:27.000Z",
            "first_observed": "2016-03-08T00:27:27Z",
            "last_observed": "2016-03-08T00:27:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6f-4d40-4ef7-aeca-430702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6f-4d40-4ef7-aeca-430702de0b81",
            "value": "https://www.virustotal.com/file/01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9/analysis/1456299879/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c6f-9bd0-492f-aab8-48ae02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:27.000Z",
            "modified": "2016-03-08T00:27:27.000Z",
            "first_observed": "2016-03-08T00:27:27Z",
            "last_observed": "2016-03-08T00:27:27Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c6f-9bd0-492f-aab8-48ae02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c6f-9bd0-492f-aab8-48ae02de0b81",
            "value": "https://www.virustotal.com/file/18c0b02776487babbf6219cdaf97cbf2b534e0cf87a527228dda2d4a468a257f/analysis/1442489147/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c70-8414-44b1-a72e-44f802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:28.000Z",
            "modified": "2016-03-08T00:27:28.000Z",
            "first_observed": "2016-03-08T00:27:28Z",
            "last_observed": "2016-03-08T00:27:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c70-8414-44b1-a72e-44f802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c70-8414-44b1-a72e-44f802de0b81",
            "value": "https://www.virustotal.com/file/ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf/analysis/1442489154/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c70-2648-42ce-8b27-475002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:28.000Z",
            "modified": "2016-03-08T00:27:28.000Z",
            "first_observed": "2016-03-08T00:27:28Z",
            "last_observed": "2016-03-08T00:27:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c70-2648-42ce-8b27-475002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c70-2648-42ce-8b27-475002de0b81",
            "value": "https://www.virustotal.com/file/ac4ffc7a2ba8840a20f6b07aa44328f1802b79ced6a56b3ac7e78fa1178ba65a/analysis/1442489156/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c70-0c10-4c34-bb98-40ac02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:28.000Z",
            "modified": "2016-03-08T00:27:28.000Z",
            "first_observed": "2016-03-08T00:27:28Z",
            "last_observed": "2016-03-08T00:27:28Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c70-0c10-4c34-bb98-40ac02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c70-0c10-4c34-bb98-40ac02de0b81",
            "value": "https://www.virustotal.com/file/7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522/analysis/1456300145/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c71-4484-435d-b4fc-4db402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:29.000Z",
            "modified": "2016-03-08T00:27:29.000Z",
            "first_observed": "2016-03-08T00:27:29Z",
            "last_observed": "2016-03-08T00:27:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c71-4484-435d-b4fc-4db402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c71-4484-435d-b4fc-4db402de0b81",
            "value": "https://www.virustotal.com/file/036c5c0075d67f67fee546321f5b9c4f00d37aa9249ffe1627e71946bad4a3d1/analysis/1456300413/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c71-9040-4b44-9e87-493a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:29.000Z",
            "modified": "2016-03-08T00:27:29.000Z",
            "first_observed": "2016-03-08T00:27:29Z",
            "last_observed": "2016-03-08T00:27:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c71-9040-4b44-9e87-493a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c71-9040-4b44-9e87-493a02de0b81",
            "value": "https://www.virustotal.com/file/4bcb2a5d99297b30f8ff00e08cf7330d5e2f69fc602bb317bf8e9f703a137a99/analysis/1442489181/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c71-6bc4-486c-980f-447402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:29.000Z",
            "modified": "2016-03-08T00:27:29.000Z",
            "first_observed": "2016-03-08T00:27:29Z",
            "last_observed": "2016-03-08T00:27:29Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c71-6bc4-486c-980f-447402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c71-6bc4-486c-980f-447402de0b81",
            "value": "https://www.virustotal.com/file/418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda/analysis/1456324676/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c72-3f20-4d9d-91b8-44c902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:30.000Z",
            "modified": "2016-03-08T00:27:30.000Z",
            "first_observed": "2016-03-08T00:27:30Z",
            "last_observed": "2016-03-08T00:27:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c72-3f20-4d9d-91b8-44c902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c72-3f20-4d9d-91b8-44c902de0b81",
            "value": "https://www.virustotal.com/file/3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d/analysis/1442488892/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c72-2188-4426-b174-424d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:30.000Z",
            "modified": "2016-03-08T00:27:30.000Z",
            "first_observed": "2016-03-08T00:27:30Z",
            "last_observed": "2016-03-08T00:27:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c72-2188-4426-b174-424d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c72-2188-4426-b174-424d02de0b81",
            "value": "https://www.virustotal.com/file/2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541/analysis/1445909210/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c72-a054-453e-8b1e-4d5002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:30.000Z",
            "modified": "2016-03-08T00:27:30.000Z",
            "first_observed": "2016-03-08T00:27:30Z",
            "last_observed": "2016-03-08T00:27:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c72-a054-453e-8b1e-4d5002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c72-a054-453e-8b1e-4d5002de0b81",
            "value": "https://www.virustotal.com/file/9891b5586cede16aa1e1b87380621f68e8956b991cf7675bbe18d2ec61a7522f/analysis/1456300138/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c73-78c0-468a-9552-4ef702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:31.000Z",
            "modified": "2016-03-08T00:27:31.000Z",
            "first_observed": "2016-03-08T00:27:31Z",
            "last_observed": "2016-03-08T00:27:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c73-78c0-468a-9552-4ef702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c73-78c0-468a-9552-4ef702de0b81",
            "value": "https://www.virustotal.com/file/262dbadca239e5259161130ac9f0f5ef50691fd9dc3e3490b6c0d7b76e7ee34e/analysis/1456300188/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c73-1814-4b69-82d4-4d0b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:31.000Z",
            "modified": "2016-03-08T00:27:31.000Z",
            "first_observed": "2016-03-08T00:27:31Z",
            "last_observed": "2016-03-08T00:27:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c73-1814-4b69-82d4-4d0b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c73-1814-4b69-82d4-4d0b02de0b81",
            "value": "https://www.virustotal.com/file/3f0ebe892ab87ea24db172ae96cfc216b591d3967821c9d2581a9e11faccde28/analysis/1442496153/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c74-b170-46cf-82f3-42b102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:32.000Z",
            "modified": "2016-03-08T00:27:32.000Z",
            "first_observed": "2016-03-08T00:27:32Z",
            "last_observed": "2016-03-08T00:27:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c74-b170-46cf-82f3-42b102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c74-b170-46cf-82f3-42b102de0b81",
            "value": "https://www.virustotal.com/file/86056f462d5783604b7f050047db210ecf698e72f3664b27d58265663ff5b324/analysis/1442489214/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c74-d514-40e5-aaaa-4ea002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:32.000Z",
            "modified": "2016-03-08T00:27:32.000Z",
            "first_observed": "2016-03-08T00:27:32Z",
            "last_observed": "2016-03-08T00:27:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c74-d514-40e5-aaaa-4ea002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c74-d514-40e5-aaaa-4ea002de0b81",
            "value": "https://www.virustotal.com/file/f44bead117d2cf34b8e50b81c82fbd1b938b94387cdf84386ace46b1f3b5df1a/analysis/1442489216/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c74-ed8c-4b93-809a-44b602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:32.000Z",
            "modified": "2016-03-08T00:27:32.000Z",
            "first_observed": "2016-03-08T00:27:32Z",
            "last_observed": "2016-03-08T00:27:32Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c74-ed8c-4b93-809a-44b602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c74-ed8c-4b93-809a-44b602de0b81",
            "value": "https://www.virustotal.com/file/6eeffe540693418a107db3e7d2d9b72a54b2354aa6886b571272aa41f8cc8e0c/analysis/1442496153/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c75-aae8-4603-a9a3-473d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:33.000Z",
            "modified": "2016-03-08T00:27:33.000Z",
            "first_observed": "2016-03-08T00:27:33Z",
            "last_observed": "2016-03-08T00:27:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c75-aae8-4603-a9a3-473d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c75-aae8-4603-a9a3-473d02de0b81",
            "value": "https://www.virustotal.com/file/099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e/analysis/1445905271/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c75-c07c-4170-ab0f-49f802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:33.000Z",
            "modified": "2016-03-08T00:27:33.000Z",
            "first_observed": "2016-03-08T00:27:33Z",
            "last_observed": "2016-03-08T00:27:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c75-c07c-4170-ab0f-49f802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c75-c07c-4170-ab0f-49f802de0b81",
            "value": "https://www.virustotal.com/file/f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db/analysis/1442488849/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c75-575c-4e31-8a7a-478702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:33.000Z",
            "modified": "2016-03-08T00:27:33.000Z",
            "first_observed": "2016-03-08T00:27:33Z",
            "last_observed": "2016-03-08T00:27:33Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c75-575c-4e31-8a7a-478702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c75-575c-4e31-8a7a-478702de0b81",
            "value": "https://www.virustotal.com/file/1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16/analysis/1456300210/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c76-76d8-4787-afea-4fd402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:34.000Z",
            "modified": "2016-03-08T00:27:34.000Z",
            "first_observed": "2016-03-08T00:27:34Z",
            "last_observed": "2016-03-08T00:27:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c76-76d8-4787-afea-4fd402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c76-76d8-4787-afea-4fd402de0b81",
            "value": "https://www.virustotal.com/file/8a5d8d103cb175d7dc41932ef9a890997e25dbe15f94ecd2105835fe49779354/analysis/1442488851/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c76-fae4-4761-8a62-4e2602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:34.000Z",
            "modified": "2016-03-08T00:27:34.000Z",
            "first_observed": "2016-03-08T00:27:34Z",
            "last_observed": "2016-03-08T00:27:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c76-fae4-4761-8a62-4e2602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c76-fae4-4761-8a62-4e2602de0b81",
            "value": "https://www.virustotal.com/file/65fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4e/analysis/1456300067/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c76-2670-4a80-b40d-492202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:34.000Z",
            "modified": "2016-03-08T00:27:34.000Z",
            "first_observed": "2016-03-08T00:27:34Z",
            "last_observed": "2016-03-08T00:27:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c76-2670-4a80-b40d-492202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c76-2670-4a80-b40d-492202de0b81",
            "value": "https://www.virustotal.com/file/7ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261/analysis/1456300171/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c77-b94c-4464-9226-4d2802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:35.000Z",
            "modified": "2016-03-08T00:27:35.000Z",
            "first_observed": "2016-03-08T00:27:35Z",
            "last_observed": "2016-03-08T00:27:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c77-b94c-4464-9226-4d2802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c77-b94c-4464-9226-4d2802de0b81",
            "value": "https://www.virustotal.com/file/0474111e44b9aa56d6e6024c6f278e915d57b7862ceb927672fc3417f76a3ba3/analysis/1442496142/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c77-9300-4393-b0f6-480a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:35.000Z",
            "modified": "2016-03-08T00:27:35.000Z",
            "first_observed": "2016-03-08T00:27:35Z",
            "last_observed": "2016-03-08T00:27:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c77-9300-4393-b0f6-480a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c77-9300-4393-b0f6-480a02de0b81",
            "value": "https://www.virustotal.com/file/930939256e2c2fa30e7260897d96859c08cf767664e4bd3cedf156b6765b5413/analysis/1442496142/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c77-9360-4a8f-bc66-46a502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:35.000Z",
            "modified": "2016-03-08T00:27:35.000Z",
            "first_observed": "2016-03-08T00:27:35Z",
            "last_observed": "2016-03-08T00:27:35Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c77-9360-4a8f-bc66-46a502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c77-9360-4a8f-bc66-46a502de0b81",
            "value": "https://www.virustotal.com/file/ef0fab7757a6b5e842297fa2e0dc7a7ce084278c5d12b878bba7d90759a0e22b/analysis/1447079768/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c78-4ea4-48a5-b377-4fe702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:36.000Z",
            "modified": "2016-03-08T00:27:36.000Z",
            "first_observed": "2016-03-08T00:27:36Z",
            "last_observed": "2016-03-08T00:27:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c78-4ea4-48a5-b377-4fe702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c78-4ea4-48a5-b377-4fe702de0b81",
            "value": "https://www.virustotal.com/file/3877a522c924f834e442ef19d9b11ab6d3385849e60d5f310f6320e2d9e42804/analysis/1442496142/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c78-7824-4e9e-b4f4-4d6502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:36.000Z",
            "modified": "2016-03-08T00:27:36.000Z",
            "first_observed": "2016-03-08T00:27:36Z",
            "last_observed": "2016-03-08T00:27:36Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c78-7824-4e9e-b4f4-4d6502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c78-7824-4e9e-b4f4-4d6502de0b81",
            "value": "https://www.virustotal.com/file/bd589360b299dc4803aa35abca527137a51feadae2b1e3bc2b5a301bb5b245da/analysis/1442496143/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c79-c02c-4948-beff-41bc02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:37.000Z",
            "modified": "2016-03-08T00:27:37.000Z",
            "first_observed": "2016-03-08T00:27:37Z",
            "last_observed": "2016-03-08T00:27:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c79-c02c-4948-beff-41bc02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c79-c02c-4948-beff-41bc02de0b81",
            "value": "https://www.virustotal.com/file/65a2ca760bfce4762cd1cb3623c7d5d0ff86187d3bf3ba8fdea1339585a57ec2/analysis/1442496143/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c79-90f4-4458-b316-4f2802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:37.000Z",
            "modified": "2016-03-08T00:27:37.000Z",
            "first_observed": "2016-03-08T00:27:37Z",
            "last_observed": "2016-03-08T00:27:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c79-90f4-4458-b316-4f2802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c79-90f4-4458-b316-4f2802de0b81",
            "value": "https://www.virustotal.com/file/d07a802eb6d2c296c3f1bc726b5a716c4a7d8e97053c53e81658a31f969e6ce7/analysis/1442496143/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c79-2730-456c-b129-44fc02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:37.000Z",
            "modified": "2016-03-08T00:27:37.000Z",
            "first_observed": "2016-03-08T00:27:37Z",
            "last_observed": "2016-03-08T00:27:37Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c79-2730-456c-b129-44fc02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c79-2730-456c-b129-44fc02de0b81",
            "value": "https://www.virustotal.com/file/540913b3647c28a14418a6f288be9e4d8f99048227efea8ca1b13877269002eb/analysis/1442496144/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7a-8c34-456e-9e37-491002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:38.000Z",
            "modified": "2016-03-08T00:27:38.000Z",
            "first_observed": "2016-03-08T00:27:38Z",
            "last_observed": "2016-03-08T00:27:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7a-8c34-456e-9e37-491002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7a-8c34-456e-9e37-491002de0b81",
            "value": "https://www.virustotal.com/file/c218b779461d83d70791e0578175503cd69128c9723f2c5d7d36b85073b0f2f9/analysis/1442496144/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7a-98cc-4c5e-914e-4f8d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:38.000Z",
            "modified": "2016-03-08T00:27:38.000Z",
            "first_observed": "2016-03-08T00:27:38Z",
            "last_observed": "2016-03-08T00:27:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7a-98cc-4c5e-914e-4f8d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7a-98cc-4c5e-914e-4f8d02de0b81",
            "value": "https://www.virustotal.com/file/97afcd01e00d32dc4d1161d7a127933593cfc092ec635af5dc7a775a088b6091/analysis/1442496145/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7a-156c-4314-8936-448c02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:38.000Z",
            "modified": "2016-03-08T00:27:38.000Z",
            "first_observed": "2016-03-08T00:27:38Z",
            "last_observed": "2016-03-08T00:27:38Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7a-156c-4314-8936-448c02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7a-156c-4314-8936-448c02de0b81",
            "value": "https://www.virustotal.com/file/df818c2dccacc532ba0205749329b7e46d1f6616b40da55e0d994105bd988bd2/analysis/1450454830/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7b-4bd8-4c8f-a4d0-45fd02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:39.000Z",
            "modified": "2016-03-08T00:27:39.000Z",
            "first_observed": "2016-03-08T00:27:39Z",
            "last_observed": "2016-03-08T00:27:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7b-4bd8-4c8f-a4d0-45fd02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7b-4bd8-4c8f-a4d0-45fd02de0b81",
            "value": "https://www.virustotal.com/file/8d86c0985530271618a342579afd1a9ecb27dfb080866e3b888bd3e45e1eb8f5/analysis/1444224682/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7b-39f8-4fa5-9188-4f7102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:39.000Z",
            "modified": "2016-03-08T00:27:39.000Z",
            "first_observed": "2016-03-08T00:27:39Z",
            "last_observed": "2016-03-08T00:27:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7b-39f8-4fa5-9188-4f7102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7b-39f8-4fa5-9188-4f7102de0b81",
            "value": "https://www.virustotal.com/file/3af9cfb2797bed22e1d12970d068d794270a0f07d3f3dcfdcdb9abfc3a80e0f8/analysis/1442496145/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7b-8294-47d1-bc55-4fa702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:39.000Z",
            "modified": "2016-03-08T00:27:39.000Z",
            "first_observed": "2016-03-08T00:27:39Z",
            "last_observed": "2016-03-08T00:27:39Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7b-8294-47d1-bc55-4fa702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7b-8294-47d1-bc55-4fa702de0b81",
            "value": "https://www.virustotal.com/file/49dca913ff5c4782e8f8fa2dfd161110bc5c8cd36c9ce8aa0efd1860ab668e6e/analysis/1442931428/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7c-c83c-4b1a-8563-428a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:40.000Z",
            "modified": "2016-03-08T00:27:40.000Z",
            "first_observed": "2016-03-08T00:27:40Z",
            "last_observed": "2016-03-08T00:27:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7c-c83c-4b1a-8563-428a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7c-c83c-4b1a-8563-428a02de0b81",
            "value": "https://www.virustotal.com/file/489d448514a3ddf30144cc1634e6623e529dd3aee54a050a920a3d4342b4b96a/analysis/1442496146/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7c-b7ec-495a-8776-4fa802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:40.000Z",
            "modified": "2016-03-08T00:27:40.000Z",
            "first_observed": "2016-03-08T00:27:40Z",
            "last_observed": "2016-03-08T00:27:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7c-b7ec-495a-8776-4fa802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7c-b7ec-495a-8776-4fa802de0b81",
            "value": "https://www.virustotal.com/file/19972cc87c7653aff9620461ce459b996b1f9b030d7c8031df0c8265b73f670d/analysis/1456296496/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7c-ac8c-4471-8cd7-4b2702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:40.000Z",
            "modified": "2016-03-08T00:27:40.000Z",
            "first_observed": "2016-03-08T00:27:40Z",
            "last_observed": "2016-03-08T00:27:40Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7c-ac8c-4471-8cd7-4b2702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7c-ac8c-4471-8cd7-4b2702de0b81",
            "value": "https://www.virustotal.com/file/ac9c7ac457a605ff836eb6fe127eabc7a251dd73ea0a1fa59a591de30fa75d3f/analysis/1442496147/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7d-c5c8-495b-9b4a-4dac02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:41.000Z",
            "modified": "2016-03-08T00:27:41.000Z",
            "first_observed": "2016-03-08T00:27:41Z",
            "last_observed": "2016-03-08T00:27:41Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7d-c5c8-495b-9b4a-4dac02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7d-c5c8-495b-9b4a-4dac02de0b81",
            "value": "https://www.virustotal.com/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/1456819261/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7d-38c8-4e9b-9335-45f802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:41.000Z",
            "modified": "2016-03-08T00:27:41.000Z",
            "first_observed": "2016-03-08T00:27:41Z",
            "last_observed": "2016-03-08T00:27:41Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7d-38c8-4e9b-9335-45f802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7d-38c8-4e9b-9335-45f802de0b81",
            "value": "https://www.virustotal.com/file/6271c4909f39e1f29dcc79cde0f526cbde45d906726e73bd3b52d041a34eda38/analysis/1442496147/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7d-0abc-4e3e-bc53-4aa502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:41.000Z",
            "modified": "2016-03-08T00:27:41.000Z",
            "first_observed": "2016-03-08T00:27:41Z",
            "last_observed": "2016-03-08T00:27:41Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7d-0abc-4e3e-bc53-4aa502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7d-0abc-4e3e-bc53-4aa502de0b81",
            "value": "https://www.virustotal.com/file/ddce4b5e1c03d04bb82780a2d0f08469bb589b6fe8f0d4cc2a140b16344f5bd1/analysis/1446561404/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7e-e874-4ee9-ad16-464a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:42.000Z",
            "modified": "2016-03-08T00:27:42.000Z",
            "first_observed": "2016-03-08T00:27:42Z",
            "last_observed": "2016-03-08T00:27:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7e-e874-4ee9-ad16-464a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7e-e874-4ee9-ad16-464a02de0b81",
            "value": "https://www.virustotal.com/file/0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade/analysis/1456923691/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7e-2fe4-4c04-a1cf-414102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:42.000Z",
            "modified": "2016-03-08T00:27:42.000Z",
            "first_observed": "2016-03-08T00:27:42Z",
            "last_observed": "2016-03-08T00:27:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7e-2fe4-4c04-a1cf-414102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7e-2fe4-4c04-a1cf-414102de0b81",
            "value": "https://www.virustotal.com/file/df03f0ae0622f5040bf449ab8b7559a97da7f746cc2ce24a8ad5336b18699296/analysis/1442496147/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7e-0950-4fff-be21-408d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:42.000Z",
            "modified": "2016-03-08T00:27:42.000Z",
            "first_observed": "2016-03-08T00:27:42Z",
            "last_observed": "2016-03-08T00:27:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7e-0950-4fff-be21-408d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7e-0950-4fff-be21-408d02de0b81",
            "value": "https://www.virustotal.com/file/d04bef6765408d528fdf82a46c157b44e8b5e7762a15b0264033c9558ccc48dd/analysis/1442496148/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7f-5948-40f0-8675-41d002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:43.000Z",
            "modified": "2016-03-08T00:27:43.000Z",
            "first_observed": "2016-03-08T00:27:43Z",
            "last_observed": "2016-03-08T00:27:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7f-5948-40f0-8675-41d002de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7f-5948-40f0-8675-41d002de0b81",
            "value": "https://www.virustotal.com/file/316528ade312cc5ed76f0b44c7f2c2fc84f60ae215992d9393f57431383cf776/analysis/1445275870/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7f-c9fc-49fa-9cb9-467502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:43.000Z",
            "modified": "2016-03-08T00:27:43.000Z",
            "first_observed": "2016-03-08T00:27:43Z",
            "last_observed": "2016-03-08T00:27:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7f-c9fc-49fa-9cb9-467502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7f-c9fc-49fa-9cb9-467502de0b81",
            "value": "https://www.virustotal.com/file/56531cc133e7a760b238aadc5b7a622cd11c835a3e6b78079d825d417fb02198/analysis/1456315268/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c7f-cf28-43f1-9096-435802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:43.000Z",
            "modified": "2016-03-08T00:27:43.000Z",
            "first_observed": "2016-03-08T00:27:43Z",
            "last_observed": "2016-03-08T00:27:43Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c7f-cf28-43f1-9096-435802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c7f-cf28-43f1-9096-435802de0b81",
            "value": "https://www.virustotal.com/file/ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145/analysis/1454911131/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c80-6d5c-4c0a-952f-4b5702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:44.000Z",
            "modified": "2016-03-08T00:27:44.000Z",
            "first_observed": "2016-03-08T00:27:44Z",
            "last_observed": "2016-03-08T00:27:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c80-6d5c-4c0a-952f-4b5702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c80-6d5c-4c0a-952f-4b5702de0b81",
            "value": "https://www.virustotal.com/file/1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7/analysis/1456297651/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c80-19e4-438c-bce2-467202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:44.000Z",
            "modified": "2016-03-08T00:27:44.000Z",
            "first_observed": "2016-03-08T00:27:44Z",
            "last_observed": "2016-03-08T00:27:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c80-19e4-438c-bce2-467202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c80-19e4-438c-bce2-467202de0b81",
            "value": "https://www.virustotal.com/file/e1490d6e5ce4c2cddef0815c55bf8946cb830ce0ac7f586cf1ae16ef66f1bd8b/analysis/1448444218/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c80-f274-4ebd-acf8-4b6802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:44.000Z",
            "modified": "2016-03-08T00:27:44.000Z",
            "first_observed": "2016-03-08T00:27:44Z",
            "last_observed": "2016-03-08T00:27:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c80-f274-4ebd-acf8-4b6802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c80-f274-4ebd-acf8-4b6802de0b81",
            "value": "https://www.virustotal.com/file/5d695ff02202808805da942e484caa7c1dc68e6d9c3d77dc383cfa0617e61e48/analysis/1456317277/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c81-c050-4cd5-866d-4f6602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:45.000Z",
            "modified": "2016-03-08T00:27:45.000Z",
            "first_observed": "2016-03-08T00:27:45Z",
            "last_observed": "2016-03-08T00:27:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c81-c050-4cd5-866d-4f6602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c81-c050-4cd5-866d-4f6602de0b81",
            "value": "https://www.virustotal.com/file/56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e/analysis/1456315377/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c81-e75c-4deb-9223-469d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:45.000Z",
            "modified": "2016-03-08T00:27:45.000Z",
            "first_observed": "2016-03-08T00:27:45Z",
            "last_observed": "2016-03-08T00:27:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c81-e75c-4deb-9223-469d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c81-e75c-4deb-9223-469d02de0b81",
            "value": "https://www.virustotal.com/file/c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3/analysis/1450425147/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c81-e334-4192-8c39-427b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:45.000Z",
            "modified": "2016-03-08T00:27:45.000Z",
            "first_observed": "2016-03-08T00:27:45Z",
            "last_observed": "2016-03-08T00:27:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c81-e334-4192-8c39-427b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c81-e334-4192-8c39-427b02de0b81",
            "value": "https://www.virustotal.com/file/97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7/analysis/1454912105/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c82-7014-4e73-ad25-42a502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:46.000Z",
            "modified": "2016-03-08T00:27:46.000Z",
            "first_observed": "2016-03-08T00:27:46Z",
            "last_observed": "2016-03-08T00:27:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c82-7014-4e73-ad25-42a502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c82-7014-4e73-ad25-42a502de0b81",
            "value": "https://www.virustotal.com/file/0f7d64f514e99a2abdc10dc85e7e6f57c210a0f35472f7b897a19b73be36bece/analysis/1454123631/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c82-51bc-4189-9e75-429902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:46.000Z",
            "modified": "2016-03-08T00:27:46.000Z",
            "first_observed": "2016-03-08T00:27:46Z",
            "last_observed": "2016-03-08T00:27:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c82-51bc-4189-9e75-429902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c82-51bc-4189-9e75-429902de0b81",
            "value": "https://www.virustotal.com/file/51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57/analysis/1456314037/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c82-17a8-44bf-bfa7-4d1a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:46.000Z",
            "modified": "2016-03-08T00:27:46.000Z",
            "first_observed": "2016-03-08T00:27:46Z",
            "last_observed": "2016-03-08T00:27:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c82-17a8-44bf-bfa7-4d1a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c82-17a8-44bf-bfa7-4d1a02de0b81",
            "value": "https://www.virustotal.com/file/d3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36/analysis/1449472809/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c83-ab54-4467-af9a-42f702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:47.000Z",
            "modified": "2016-03-08T00:27:47.000Z",
            "first_observed": "2016-03-08T00:27:47Z",
            "last_observed": "2016-03-08T00:27:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c83-ab54-4467-af9a-42f702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c83-ab54-4467-af9a-42f702de0b81",
            "value": "https://www.virustotal.com/file/a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004/analysis/1454911871/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c83-39c8-473a-997f-476b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:47.000Z",
            "modified": "2016-03-08T00:27:47.000Z",
            "first_observed": "2016-03-08T00:27:47Z",
            "last_observed": "2016-03-08T00:27:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c83-39c8-473a-997f-476b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c83-39c8-473a-997f-476b02de0b81",
            "value": "https://www.virustotal.com/file/ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46/analysis/1454912250/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c83-a72c-4335-89b2-48f802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:47.000Z",
            "modified": "2016-03-08T00:27:47.000Z",
            "first_observed": "2016-03-08T00:27:47Z",
            "last_observed": "2016-03-08T00:27:47Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c83-a72c-4335-89b2-48f802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c83-a72c-4335-89b2-48f802de0b81",
            "value": "https://www.virustotal.com/file/85c5ba695992ed59269ea7f7a58f3453f6047729d1f68a444d450439bbccc1f4/analysis/1448444930/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c84-2b14-49cd-93b7-458202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:48.000Z",
            "modified": "2016-03-08T00:27:48.000Z",
            "first_observed": "2016-03-08T00:27:48Z",
            "last_observed": "2016-03-08T00:27:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c84-2b14-49cd-93b7-458202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c84-2b14-49cd-93b7-458202de0b81",
            "value": "https://www.virustotal.com/file/12f58639a883b0fcfe3d2e8bcb0330b978731975c9dfa2f8e583adbafc4d534e/analysis/1456294286/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c84-abdc-4a8e-a2de-4eea02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:48.000Z",
            "modified": "2016-03-08T00:27:48.000Z",
            "first_observed": "2016-03-08T00:27:48Z",
            "last_observed": "2016-03-08T00:27:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c84-abdc-4a8e-a2de-4eea02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c84-abdc-4a8e-a2de-4eea02de0b81",
            "value": "https://www.virustotal.com/file/d4d79be85dc98f74088d6393a8fdf2b5d947ae4f279909af2aed0221dcecfe94/analysis/1448445314/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c84-cb60-4e99-a4a2-48ff02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:48.000Z",
            "modified": "2016-03-08T00:27:48.000Z",
            "first_observed": "2016-03-08T00:27:48Z",
            "last_observed": "2016-03-08T00:27:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c84-cb60-4e99-a4a2-48ff02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c84-cb60-4e99-a4a2-48ff02de0b81",
            "value": "https://www.virustotal.com/file/6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720/analysis/1456321429/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c85-46c0-4011-bc26-49ef02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:49.000Z",
            "modified": "2016-03-08T00:27:49.000Z",
            "first_observed": "2016-03-08T00:27:49Z",
            "last_observed": "2016-03-08T00:27:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c85-46c0-4011-bc26-49ef02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c85-46c0-4011-bc26-49ef02de0b81",
            "value": "https://www.virustotal.com/file/88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f/analysis/1454911027/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c85-bcf4-467a-a64c-4e1502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:49.000Z",
            "modified": "2016-03-08T00:27:49.000Z",
            "first_observed": "2016-03-08T00:27:49Z",
            "last_observed": "2016-03-08T00:27:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c85-bcf4-467a-a64c-4e1502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c85-bcf4-467a-a64c-4e1502de0b81",
            "value": "https://www.virustotal.com/file/80cb4007b9756246404c260bc69abf5d4938a1cc217d40ecbfdd6171b02b9e24/analysis/1450425223/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c85-9b44-43a1-baa1-42e302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:49.000Z",
            "modified": "2016-03-08T00:27:49.000Z",
            "first_observed": "2016-03-08T00:27:49Z",
            "last_observed": "2016-03-08T00:27:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c85-9b44-43a1-baa1-42e302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c85-9b44-43a1-baa1-42e302de0b81",
            "value": "https://www.virustotal.com/file/bfc1bafd9b01178037226fa55546d7ed7e9203c13e1b66419e887fee704d5196/analysis/1442488395/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c86-3824-4057-83ed-455902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:50.000Z",
            "modified": "2016-03-08T00:27:50.000Z",
            "first_observed": "2016-03-08T00:27:50Z",
            "last_observed": "2016-03-08T00:27:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c86-3824-4057-83ed-455902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c86-3824-4057-83ed-455902de0b81",
            "value": "https://www.virustotal.com/file/ecd0ce1973500c27bb5d70f326d115fba84c0b1680a726a041ed57b42063e7b1/analysis/1448445442/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c86-4460-4960-8376-4f9d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:50.000Z",
            "modified": "2016-03-08T00:27:50.000Z",
            "first_observed": "2016-03-08T00:27:50Z",
            "last_observed": "2016-03-08T00:27:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c86-4460-4960-8376-4f9d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c86-4460-4960-8376-4f9d02de0b81",
            "value": "https://www.virustotal.com/file/c3ea57eea9f522cfc70ef8c3b614f7e44903293a2e8354359b99efbf4cd436df/analysis/1448445099/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c86-f7b0-4361-9985-439802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:50.000Z",
            "modified": "2016-03-08T00:27:50.000Z",
            "first_observed": "2016-03-08T00:27:50Z",
            "last_observed": "2016-03-08T00:27:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c86-f7b0-4361-9985-439802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c86-f7b0-4361-9985-439802de0b81",
            "value": "https://www.virustotal.com/file/6c7e768e48b9b225b7b9f84528c53c2e6f9b639ce2e7919fe0dff9aad07ea4f5/analysis/1456321412/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c87-ac78-4668-952f-4a9902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:51.000Z",
            "modified": "2016-03-08T00:27:51.000Z",
            "first_observed": "2016-03-08T00:27:51Z",
            "last_observed": "2016-03-08T00:27:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c87-ac78-4668-952f-4a9902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c87-ac78-4668-952f-4a9902de0b81",
            "value": "https://www.virustotal.com/file/c0b939598bf5913885b1837637f166fda09d932f3484525c8cbcc0b1efba2520/analysis/1442840448/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c87-5a90-44a8-886f-448602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:51.000Z",
            "modified": "2016-03-08T00:27:51.000Z",
            "first_observed": "2016-03-08T00:27:51Z",
            "last_observed": "2016-03-08T00:27:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c87-5a90-44a8-886f-448602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c87-5a90-44a8-886f-448602de0b81",
            "value": "https://www.virustotal.com/file/c11212ff6474a15402ac848d1e4b9c6ced3deafb959b59837f14b834e5d0ad15/analysis/1442840440/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c87-b5d8-4d59-abd5-47ea02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:51.000Z",
            "modified": "2016-03-08T00:27:51.000Z",
            "first_observed": "2016-03-08T00:27:51Z",
            "last_observed": "2016-03-08T00:27:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c87-b5d8-4d59-abd5-47ea02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c87-b5d8-4d59-abd5-47ea02de0b81",
            "value": "https://www.virustotal.com/file/3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0d/analysis/1452075851/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c88-0bcc-4069-867f-4b6102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:52.000Z",
            "modified": "2016-03-08T00:27:52.000Z",
            "first_observed": "2016-03-08T00:27:52Z",
            "last_observed": "2016-03-08T00:27:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c88-0bcc-4069-867f-4b6102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c88-0bcc-4069-867f-4b6102de0b81",
            "value": "https://www.virustotal.com/file/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96/analysis/1456819323/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c88-b60c-410f-a8b1-494e02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:52.000Z",
            "modified": "2016-03-08T00:27:52.000Z",
            "first_observed": "2016-03-08T00:27:52Z",
            "last_observed": "2016-03-08T00:27:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c88-b60c-410f-a8b1-494e02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c88-b60c-410f-a8b1-494e02de0b81",
            "value": "https://www.virustotal.com/file/b06285f7a30f4905801572deda68afa4e1f8dfa733ce9ff985ecbf1847f78db6/analysis/1444215500/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c88-5e58-4eee-84e4-4a1602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:52.000Z",
            "modified": "2016-03-08T00:27:52.000Z",
            "first_observed": "2016-03-08T00:27:52Z",
            "last_observed": "2016-03-08T00:27:52Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c88-5e58-4eee-84e4-4a1602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c88-5e58-4eee-84e4-4a1602de0b81",
            "value": "https://www.virustotal.com/file/52ba22dc22f5a85f66e2a9a530a8f848eabeff19b02edda7a88c68f519bf91a8/analysis/1442496181/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c89-614c-4109-b795-4d7702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:53.000Z",
            "modified": "2016-03-08T00:27:53.000Z",
            "first_observed": "2016-03-08T00:27:53Z",
            "last_observed": "2016-03-08T00:27:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c89-614c-4109-b795-4d7702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c89-614c-4109-b795-4d7702de0b81",
            "value": "https://www.virustotal.com/file/b9c723575b7798f7ac14f7e03b8b2ae047d5d37900a27793972e512abfecdb07/analysis/1442496181/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c89-27f8-49ba-80a9-473b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:53.000Z",
            "modified": "2016-03-08T00:27:53.000Z",
            "first_observed": "2016-03-08T00:27:53Z",
            "last_observed": "2016-03-08T00:27:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c89-27f8-49ba-80a9-473b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c89-27f8-49ba-80a9-473b02de0b81",
            "value": "https://www.virustotal.com/file/98cd87a544ca06ae249e4f3c9790efbd63d8954e0ff695d2404e92f2383871bf/analysis/1453570698/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8a-488c-46d3-ac5d-46c302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:54.000Z",
            "modified": "2016-03-08T00:27:54.000Z",
            "first_observed": "2016-03-08T00:27:54Z",
            "last_observed": "2016-03-08T00:27:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8a-488c-46d3-ac5d-46c302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8a-488c-46d3-ac5d-46c302de0b81",
            "value": "https://www.virustotal.com/file/98eca1c2b6db3224ca1790fba1b1d5915f5448ae85dc4ec553718a0d0dd443a2/analysis/1442496181/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8a-2cd8-4dcb-9f5a-43e202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:54.000Z",
            "modified": "2016-03-08T00:27:54.000Z",
            "first_observed": "2016-03-08T00:27:54Z",
            "last_observed": "2016-03-08T00:27:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8a-2cd8-4dcb-9f5a-43e202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8a-2cd8-4dcb-9f5a-43e202de0b81",
            "value": "https://www.virustotal.com/file/28f1940e63b6fde028dd1ae55979296daa4f7b081df5e3e251b7f98825415a86/analysis/1442496182/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8a-078c-433c-b623-42da02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:54.000Z",
            "modified": "2016-03-08T00:27:54.000Z",
            "first_observed": "2016-03-08T00:27:54Z",
            "last_observed": "2016-03-08T00:27:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8a-078c-433c-b623-42da02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8a-078c-433c-b623-42da02de0b81",
            "value": "https://www.virustotal.com/file/7abf424fd57e49756307cc07e05627470a0d1f000a3c8fcc422ea4391981f6a2/analysis/1444215382/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8a-ca14-4aac-a6ac-4f6602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:54.000Z",
            "modified": "2016-03-08T00:27:54.000Z",
            "first_observed": "2016-03-08T00:27:54Z",
            "last_observed": "2016-03-08T00:27:54Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8a-ca14-4aac-a6ac-4f6602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8a-ca14-4aac-a6ac-4f6602de0b81",
            "value": "https://www.virustotal.com/file/d9cfcd9e64cdd0a4beba9da2b1cfdf7b5af9480bc19d6fdf95ec5b1f07fceb1d/analysis/1442496182/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8b-b71c-488a-9c17-4b9e02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:55.000Z",
            "modified": "2016-03-08T00:27:55.000Z",
            "first_observed": "2016-03-08T00:27:55Z",
            "last_observed": "2016-03-08T00:27:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8b-b71c-488a-9c17-4b9e02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8b-b71c-488a-9c17-4b9e02de0b81",
            "value": "https://www.virustotal.com/file/d88bd6947eef00bd3baadc55ff1c55b3cdcff5ba8fd145d5b5bf8894c42a7fd3/analysis/1442496182/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8b-742c-499b-b6e9-423502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:55.000Z",
            "modified": "2016-03-08T00:27:55.000Z",
            "first_observed": "2016-03-08T00:27:55Z",
            "last_observed": "2016-03-08T00:27:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8b-742c-499b-b6e9-423502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8b-742c-499b-b6e9-423502de0b81",
            "value": "https://www.virustotal.com/file/4e31304e1ea66c267b5882f9335a2384eea18a6617a49308846ce624b68e7489/analysis/1444215266/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8b-08d4-4ac1-b716-45c702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:55.000Z",
            "modified": "2016-03-08T00:27:55.000Z",
            "first_observed": "2016-03-08T00:27:55Z",
            "last_observed": "2016-03-08T00:27:55Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8b-08d4-4ac1-b716-45c702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8b-08d4-4ac1-b716-45c702de0b81",
            "value": "https://www.virustotal.com/file/b2417de25ad9e6bed08229561eb96d4f2e83ab63b4407c7601a0113ed193fe84/analysis/1442496183/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8c-0f44-433b-85b3-485902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:56.000Z",
            "modified": "2016-03-08T00:27:56.000Z",
            "first_observed": "2016-03-08T00:27:56Z",
            "last_observed": "2016-03-08T00:27:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8c-0f44-433b-85b3-485902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8c-0f44-433b-85b3-485902de0b81",
            "value": "https://www.virustotal.com/file/51eda4521b3ee9d6917832e4e04a4f58891867b8f7b0ade61725fd124ba40f82/analysis/1444215217/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8c-1760-4319-86ff-46f302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:56.000Z",
            "modified": "2016-03-08T00:27:56.000Z",
            "first_observed": "2016-03-08T00:27:56Z",
            "last_observed": "2016-03-08T00:27:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8c-1760-4319-86ff-46f302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8c-1760-4319-86ff-46f302de0b81",
            "value": "https://www.virustotal.com/file/005630f7e82ffa8f17261e4321184a15a15bd960e7ac3e584be2a27de88838d4/analysis/1444377037/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8c-5a30-4929-a184-457e02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:56.000Z",
            "modified": "2016-03-08T00:27:56.000Z",
            "first_observed": "2016-03-08T00:27:56Z",
            "last_observed": "2016-03-08T00:27:56Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8c-5a30-4929-a184-457e02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8c-5a30-4929-a184-457e02de0b81",
            "value": "https://www.virustotal.com/file/ded70a8fc7074ea0ceb7f489b2ebb1198154a2507538fc73cbb74712d5fc6d19/analysis/1442496183/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8d-764c-454a-b16b-4c7702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:57.000Z",
            "modified": "2016-03-08T00:27:57.000Z",
            "first_observed": "2016-03-08T00:27:57Z",
            "last_observed": "2016-03-08T00:27:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8d-764c-454a-b16b-4c7702de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8d-764c-454a-b16b-4c7702de0b81",
            "value": "https://www.virustotal.com/file/0ce3bfa972ced61884ae7c1d77c7d4c45e17c7d767e669610cf2ef72b636b464/analysis/1442496183/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8d-c1d0-4c17-99ea-4a7202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:57.000Z",
            "modified": "2016-03-08T00:27:57.000Z",
            "first_observed": "2016-03-08T00:27:57Z",
            "last_observed": "2016-03-08T00:27:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8d-c1d0-4c17-99ea-4a7202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8d-c1d0-4c17-99ea-4a7202de0b81",
            "value": "https://www.virustotal.com/file/0f47573093859737935aa5ff31cde058718a816b321b0250451b99d04730cc10/analysis/1444215437/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8d-8258-44dd-ad4c-4aa802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:57.000Z",
            "modified": "2016-03-08T00:27:57.000Z",
            "first_observed": "2016-03-08T00:27:57Z",
            "last_observed": "2016-03-08T00:27:57Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8d-8258-44dd-ad4c-4aa802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8d-8258-44dd-ad4c-4aa802de0b81",
            "value": "https://www.virustotal.com/file/236ee4d1a9ba8f24dfe905235ee45d133a7c71928ad9f90b29334dae1c7ff594/analysis/1444993668/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8e-8230-4246-beb7-483502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:58.000Z",
            "modified": "2016-03-08T00:27:58.000Z",
            "first_observed": "2016-03-08T00:27:58Z",
            "last_observed": "2016-03-08T00:27:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8e-8230-4246-beb7-483502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8e-8230-4246-beb7-483502de0b81",
            "value": "https://www.virustotal.com/file/35f911365d14ff533acce7367c2ab74167a9beb7b4e8fd487f25b9db4d68f627/analysis/1442496184/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8e-82ac-4730-ad9d-4cc202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:58.000Z",
            "modified": "2016-03-08T00:27:58.000Z",
            "first_observed": "2016-03-08T00:27:58Z",
            "last_observed": "2016-03-08T00:27:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8e-82ac-4730-ad9d-4cc202de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8e-82ac-4730-ad9d-4cc202de0b81",
            "value": "https://www.virustotal.com/file/28b56f4245bd2081a8d0885bcd0cad7b384ee4a927d87ce8532c5650ac532916/analysis/1442496184/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8e-313c-46a0-afdc-45ee02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:58.000Z",
            "modified": "2016-03-08T00:27:58.000Z",
            "first_observed": "2016-03-08T00:27:58Z",
            "last_observed": "2016-03-08T00:27:58Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8e-313c-46a0-afdc-45ee02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8e-313c-46a0-afdc-45ee02de0b81",
            "value": "https://www.virustotal.com/file/56f87c2b24a502fbda0ae9cee8f21615b1ba39737d70d2f4f4011fa6fdd174a1/analysis/1444215553/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8f-9428-4ef3-8348-455f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:59.000Z",
            "modified": "2016-03-08T00:27:59.000Z",
            "first_observed": "2016-03-08T00:27:59Z",
            "last_observed": "2016-03-08T00:27:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8f-9428-4ef3-8348-455f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8f-9428-4ef3-8348-455f02de0b81",
            "value": "https://www.virustotal.com/file/dd29a6b5c62d8726a3073b6f7d20e6f34d00616de61fc55d04bda9e7824cd598/analysis/1444376771/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c8f-d068-4c25-a783-4ad402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:27:59.000Z",
            "modified": "2016-03-08T00:27:59.000Z",
            "first_observed": "2016-03-08T00:27:59Z",
            "last_observed": "2016-03-08T00:27:59Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c8f-d068-4c25-a783-4ad402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c8f-d068-4c25-a783-4ad402de0b81",
            "value": "https://www.virustotal.com/file/a607fa51662afdc089dd3f80bf6863d4cc00a73d74d4ddb9d7b74ed1b0337bf1/analysis/1444993854/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c90-1d84-4369-bd86-4c6a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:28:00.000Z",
            "modified": "2016-03-08T00:28:00.000Z",
            "first_observed": "2016-03-08T00:28:00Z",
            "last_observed": "2016-03-08T00:28:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c90-1d84-4369-bd86-4c6a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c90-1d84-4369-bd86-4c6a02de0b81",
            "value": "https://www.virustotal.com/file/8b7427620d6537aa905727af48f7dec1e003a8b7c74d417f0a5ded7926a7d590/analysis/1442496185/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c90-ef44-4451-8805-466d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:28:00.000Z",
            "modified": "2016-03-08T00:28:00.000Z",
            "first_observed": "2016-03-08T00:28:00Z",
            "last_observed": "2016-03-08T00:28:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c90-ef44-4451-8805-466d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c90-ef44-4451-8805-466d02de0b81",
            "value": "https://www.virustotal.com/file/5704c7e80eb4b35e05970558918f3268a9287cead8e20a63063ed4f231263f9a/analysis/1442496180/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c90-5fa0-450c-b74f-475f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:28:00.000Z",
            "modified": "2016-03-08T00:28:00.000Z",
            "first_observed": "2016-03-08T00:28:00Z",
            "last_observed": "2016-03-08T00:28:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c90-5fa0-450c-b74f-475f02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c90-5fa0-450c-b74f-475f02de0b81",
            "value": "https://www.virustotal.com/file/98018bc52e1b82160e435acda5b9a9ca725b3328254b957b6cc2c38addbfad53/analysis/1442496180/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c91-c768-4a96-85ef-402602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:28:01.000Z",
            "modified": "2016-03-08T00:28:01.000Z",
            "first_observed": "2016-03-08T00:28:01Z",
            "last_observed": "2016-03-08T00:28:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c91-c768-4a96-85ef-402602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c91-c768-4a96-85ef-402602de0b81",
            "value": "https://www.virustotal.com/file/b219c95fac620b25fdaed082a0bc93644443d236e9173829214d587d17a32a87/analysis/1442496163/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c91-8684-4175-a2d1-491602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:28:01.000Z",
            "modified": "2016-03-08T00:28:01.000Z",
            "first_observed": "2016-03-08T00:28:01Z",
            "last_observed": "2016-03-08T00:28:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c91-8684-4175-a2d1-491602de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c91-8684-4175-a2d1-491602de0b81",
            "value": "https://www.virustotal.com/file/afbd1f13132c2f047861b2ea90c18d546a326dbfca4dfeffd8b4ebf852204275/analysis/1442496164/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56de1c91-90c4-4aa2-8c44-4e6502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-03-08T00:28:01.000Z",
            "modified": "2016-03-08T00:28:01.000Z",
            "first_observed": "2016-03-08T00:28:01Z",
            "last_observed": "2016-03-08T00:28:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--56de1c91-90c4-4aa2-8c44-4e6502de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56de1c91-90c4-4aa2-8c44-4e6502de0b81",
            "value": "https://www.virustotal.com/file/e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83/analysis/1453779434/"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}