{ "type": "bundle", "id": "bundle--5730965a-fa18-43d4-8692-4296950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-17T16:29:45.000Z", "modified": "2016-05-17T16:29:45.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5730965a-fa18-43d4-8692-4296950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-17T16:29:45.000Z", "modified": "2016-05-17T16:29:45.000Z", "name": "OSINT - Exploring CVE-2015-2545 and its users", "published": "2016-05-17T16:29:56Z", "object_refs": [ "observed-data--57309679-c764-42e3-884f-4d43950d210f", "url--57309679-c764-42e3-884f-4d43950d210f", "x-misp-attribute--5730968f-3884-40ed-af95-4b69950d210f", "indicator--573096bd-7f90-4910-a666-4618950d210f", "indicator--573096be-75c4-449c-88d6-489a950d210f", "indicator--573096be-f488-4c6d-b475-4b8e950d210f", "indicator--573096bf-d334-4dd4-9413-47f5950d210f", "indicator--573096bf-3654-46f6-a8ff-4fcf950d210f", "indicator--573096bf-685c-4432-8041-4bb4950d210f", "indicator--573096c0-e75c-4ddf-94cd-43b9950d210f", "indicator--573096c0-00cc-47e7-b21e-4594950d210f", "indicator--573096c0-bb7c-464c-8c2f-4c68950d210f", "indicator--573096c1-a634-4b37-8589-4315950d210f", "indicator--573096c1-2c24-4cf2-b662-4505950d210f", "indicator--573096c2-c7c4-4925-81c4-409a950d210f", "indicator--573096c2-4f38-4b21-835f-45e7950d210f", "indicator--573096c2-3000-440c-b9a0-4306950d210f", "indicator--573096c3-23d4-4feb-9669-4939950d210f", "indicator--573096c3-5370-4be5-9d3a-48d2950d210f", "indicator--573096c3-d954-4076-be16-43f3950d210f", "indicator--573096c4-01ec-41ec-9526-460b950d210f", "indicator--573096c4-c424-449f-93b2-43d8950d210f", "indicator--573096c4-8b60-4273-af8a-469e950d210f", "indicator--573096c5-0e24-4c4d-8c17-4f41950d210f", "indicator--573096c5-6ac8-49e4-9e03-4265950d210f", "indicator--573096c6-a3ac-49e0-ac99-4709950d210f", "indicator--573096c6-d008-4da9-9e79-4f5f950d210f", "indicator--573096c6-a2dc-4e4d-9a40-4054950d210f", "indicator--573096c6-75d0-456e-8694-4799950d210f", "indicator--573096c7-a3f0-4000-81f6-4342950d210f", "indicator--573096c7-0f6c-44e1-a170-48c7950d210f", "indicator--573096c8-4c2c-4762-9928-4f74950d210f", "indicator--573096c8-f6fc-4b24-9510-4c83950d210f", "indicator--573096c8-5f54-450b-a850-460b950d210f", "indicator--57309701-f72c-462d-ab5f-4f6c950d210f", "indicator--57309702-be28-4650-bfb6-4eeb950d210f", "indicator--57309702-642c-403f-8147-48e6950d210f", "indicator--57309702-ca04-4367-937a-4b59950d210f", "indicator--57309703-c820-4be8-b22f-4917950d210f", "indicator--57309703-d590-46de-a4a5-4120950d210f", "indicator--57309704-0f68-490f-8050-48dc950d210f", "indicator--57309704-414c-4c57-97f9-4c5d950d210f", "indicator--57309704-9144-421c-9d00-4818950d210f", "indicator--57309705-c9f0-484f-a1ed-4498950d210f", "indicator--57309705-39c8-4d2a-80e3-47f1950d210f", "observed-data--57309705-32c0-4bcd-9144-486f950d210f", "network-traffic--57309705-32c0-4bcd-9144-486f950d210f", "ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f", "indicator--57309706-c984-49d0-9ecb-471f950d210f", "indicator--57309706-6d88-45cd-9fe3-49d1950d210f", "indicator--57309707-363c-447a-afdb-4648950d210f", "indicator--5730976b-293c-4e74-b9c6-48ab02de0b81", "indicator--5730976b-aefc-414d-9070-4f4702de0b81", "observed-data--5730976c-bac8-46c6-85c3-449d02de0b81", "url--5730976c-bac8-46c6-85c3-449d02de0b81", "indicator--5730976c-b97c-4e14-87d0-445d02de0b81", "indicator--5730976c-35fc-40e0-b4a4-4fb802de0b81", "observed-data--5730976d-0a48-43e5-99d9-412602de0b81", "url--5730976d-0a48-43e5-99d9-412602de0b81", "indicator--5730976d-8dd4-4ace-90b2-480f02de0b81", "indicator--5730976d-05a0-4305-8bab-474c02de0b81", "observed-data--5730976e-ec4c-454f-bd2a-494002de0b81", "url--5730976e-ec4c-454f-bd2a-494002de0b81", "indicator--5730976e-a23c-46d8-bc2b-423402de0b81", "indicator--5730976e-1e8c-4f24-a450-44f402de0b81", "observed-data--5730976f-4df8-4a94-b44e-44f002de0b81", "url--5730976f-4df8-4a94-b44e-44f002de0b81", "indicator--5730976f-38a0-4820-ac19-488702de0b81", "indicator--5730976f-c2f8-4c19-b901-4b2f02de0b81", "observed-data--57309770-c528-4aab-9970-41b502de0b81", "url--57309770-c528-4aab-9970-41b502de0b81", "indicator--57309770-8114-4121-b83f-423902de0b81", "indicator--57309770-96e0-450a-81ae-458502de0b81", "observed-data--57309771-1a3c-4890-8205-4dda02de0b81", "url--57309771-1a3c-4890-8205-4dda02de0b81", "indicator--57309771-b89c-4cf5-b9ba-4cdc02de0b81", "indicator--57309772-49d8-4dc5-a56e-41da02de0b81", "observed-data--57309772-c6b4-42df-a565-4ed802de0b81", "url--57309772-c6b4-42df-a565-4ed802de0b81", "indicator--57309772-4fd0-4559-bb39-4cc902de0b81", "indicator--57309772-026c-4ca2-9719-436302de0b81", "observed-data--57309773-fce8-44ce-a5e1-46bb02de0b81", "url--57309773-fce8-44ce-a5e1-46bb02de0b81", "indicator--57309773-f94c-4524-b946-453c02de0b81", "indicator--57309773-d4dc-42d4-b9e4-41c002de0b81", "observed-data--57309774-9964-4d06-98a2-4def02de0b81", "url--57309774-9964-4d06-98a2-4def02de0b81", "indicator--57309774-2884-4313-afa0-4c4002de0b81", "indicator--57309774-c228-46ac-8534-4d1102de0b81", "observed-data--57309775-8ff8-4c15-8a5e-439602de0b81", "url--57309775-8ff8-4c15-8a5e-439602de0b81", "indicator--57309775-96e0-4600-b6e1-476f02de0b81", "indicator--57309775-b538-4a8e-b4a1-45f502de0b81", "observed-data--57309776-0f30-46e6-b385-4f8402de0b81", "url--57309776-0f30-46e6-b385-4f8402de0b81", "indicator--57309776-fa34-4772-8ae8-429202de0b81", "indicator--57309776-38f4-4945-8e20-4be502de0b81", "observed-data--57309777-34d8-40de-8d0e-43d602de0b81", "url--57309777-34d8-40de-8d0e-43d602de0b81", "indicator--57309777-eff0-49be-92ae-439f02de0b81", "indicator--57309777-8758-4203-ada3-431d02de0b81", "observed-data--57309778-9e68-4225-aede-497302de0b81", "url--57309778-9e68-4225-aede-497302de0b81", "indicator--57309778-8ddc-4e0e-85b5-463b02de0b81", "indicator--57309778-0c8c-46c5-a473-4f7102de0b81", "observed-data--57309779-4bb4-40c8-8a54-491e02de0b81", "url--57309779-4bb4-40c8-8a54-491e02de0b81", "indicator--57309779-0a18-47f8-bea6-419702de0b81", "indicator--57309779-9d14-4ea4-aab9-44fa02de0b81", "observed-data--5730977a-aab0-40c2-b187-469d02de0b81", "url--5730977a-aab0-40c2-b187-469d02de0b81", "indicator--5730977a-2a08-4b57-99ce-49fb02de0b81", "indicator--5730977a-eca8-4862-9306-40f202de0b81", "observed-data--5730977b-61dc-4c45-a6d2-4de702de0b81", "url--5730977b-61dc-4c45-a6d2-4de702de0b81", "indicator--5730977b-4f64-44c9-b8c0-406302de0b81", "indicator--5730977b-4b08-4167-a54d-435702de0b81", "observed-data--5730977c-c0ac-43c2-8064-4f3102de0b81", "url--5730977c-c0ac-43c2-8064-4f3102de0b81", "indicator--5730977c-fce8-4de3-8115-444a02de0b81", "indicator--5730977c-59b8-4cd8-b9b6-4e8e02de0b81", "observed-data--5730977d-dc34-4edd-a695-452602de0b81", "url--5730977d-dc34-4edd-a695-452602de0b81", "indicator--5730977d-04ec-4521-b9b3-419a02de0b81", "indicator--5730977d-88f4-44d6-be62-44f202de0b81", "observed-data--5730977e-f7dc-4fb5-ae9b-434302de0b81", "url--5730977e-f7dc-4fb5-ae9b-434302de0b81", "indicator--5730977e-5234-4c5e-940a-486902de0b81", "indicator--5730977e-de50-4099-81e7-492b02de0b81", "observed-data--5730977f-5b04-4397-9f11-4ef402de0b81", "url--5730977f-5b04-4397-9f11-4ef402de0b81", "indicator--5730977f-c860-435a-9ccf-498302de0b81", "indicator--5730977f-2af4-41d3-b2ec-41d702de0b81", "observed-data--57309780-b1d4-4395-bd91-48f102de0b81", "url--57309780-b1d4-4395-bd91-48f102de0b81", "indicator--57309780-2780-4b19-b7b8-416402de0b81", "indicator--57309780-d854-44d8-9a00-490902de0b81", "observed-data--57309781-bd38-4e6c-9f41-438802de0b81", "url--57309781-bd38-4e6c-9f41-438802de0b81", "indicator--57309781-be10-4a8b-9efb-469e02de0b81", "indicator--57309781-2a34-4d16-9a2a-42e402de0b81", "observed-data--57309782-0ebc-4115-ba61-408e02de0b81", "url--57309782-0ebc-4115-ba61-408e02de0b81", "indicator--57309782-cb60-40d2-9a30-45d602de0b81", "indicator--57309782-f2cc-4ec4-b507-42ea02de0b81", "observed-data--57309783-ef94-4cb5-9586-415902de0b81", "url--57309783-ef94-4cb5-9586-415902de0b81", "indicator--57309783-c5ac-4d1f-8cef-42d602de0b81", "indicator--57309783-262c-434f-9e6f-417c02de0b81", "observed-data--57309784-fc34-4a94-b3e2-4d8502de0b81", "url--57309784-fc34-4a94-b3e2-4d8502de0b81", "indicator--57309784-d780-48c1-b3bb-49a102de0b81", "indicator--57309784-b680-44f8-a731-428402de0b81", "observed-data--57309785-0488-4ff9-ac64-4f6402de0b81", "url--57309785-0488-4ff9-ac64-4f6402de0b81", "indicator--57309785-80c4-4018-9051-49a402de0b81", "indicator--57309785-65e4-4891-9094-448c02de0b81", "observed-data--57309786-d8c8-494f-9734-47bb02de0b81", "url--57309786-d8c8-494f-9734-47bb02de0b81", "indicator--57309786-b92c-4cc2-a847-48c902de0b81", "indicator--57309786-944c-46a8-930f-438402de0b81", "observed-data--57309786-ef68-4a7a-a586-4ca302de0b81", "url--57309786-ef68-4a7a-a586-4ca302de0b81", "indicator--57309787-32e0-40f4-b5ec-472802de0b81", "indicator--57309787-5154-454f-b255-462102de0b81", "observed-data--57309787-8b08-4087-81b3-4e9502de0b81", "url--57309787-8b08-4087-81b3-4e9502de0b81", "indicator--57309788-5864-4012-8b2f-47e002de0b81", "indicator--57309788-433c-4fb6-9ef8-4d6c02de0b81", "observed-data--57309788-8428-4c7c-9a3a-4b4e02de0b81", "url--57309788-8428-4c7c-9a3a-4b4e02de0b81", "indicator--57309789-6d6c-4440-8303-409502de0b81", "indicator--57309789-cdcc-4f20-b6b8-45a502de0b81", "observed-data--57309789-5b4c-4d7e-9637-402502de0b81", "url--57309789-5b4c-4d7e-9637-402502de0b81", "vulnerability--5730979d-28ac-4b7c-83d4-14d9950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309679-c764-42e3-884f-4d43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:54:01.000Z", "modified": "2016-05-09T13:54:01.000Z", "first_observed": "2016-05-09T13:54:01Z", "last_observed": "2016-05-09T13:54:01Z", "number_observed": 1, "object_refs": [ "url--57309679-c764-42e3-884f-4d43950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309679-c764-42e3-884f-4d43950d210f", "value": "http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5730968f-3884-40ed-af95-4b69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:54:23.000Z", "modified": "2016-05-09T13:54:23.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "This report, available at TLP:GREEN to researchers and network defenders, gives an overview of different attacks using CVE-2015-2545. Specifically we look at the different ways attackers are triggering the vulnerability, and the possibility that the exploit is shared amongst various groups. Based on overlaps in the samples analysed, our findings show that there are several clusters of documents, with the majority of the document-based builders sharing similar constructs in terms of how the final payload is discovered and executed. We also found that more recently some attackers are triggering the vulnerability through the use of MHTML files with .doc extensions." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096bd-7f90-4910-a666-4618950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:09.000Z", "modified": "2016-05-09T13:55:09.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '3fe0cbedec6969803a72b8c76a4a0a03']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096be-75c4-449c-88d6-489a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:10.000Z", "modified": "2016-05-09T13:55:10.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '50064d33625970a8145add7e3e242fe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096be-f488-4c6d-b475-4b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:10.000Z", "modified": "2016-05-09T13:55:10.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '6a6a8cb2e59439891e53b04024573d37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096bf-d334-4dd4-9413-47f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:11.000Z", "modified": "2016-05-09T13:55:11.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'e1b4a5a565fdfcec52346d3b6063c587']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096bf-3654-46f6-a8ff-4fcf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:11.000Z", "modified": "2016-05-09T13:55:11.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '9b6af5f8878a3fde32a3e8ff3cf98906']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096bf-685c-4432-8041-4bb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:11.000Z", "modified": "2016-05-09T13:55:11.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '6d55eb3ced35c7479f67167d84bf15f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c0-e75c-4ddf-94cd-43b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:12.000Z", "modified": "2016-05-09T13:55:12.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '21bb2d447247fd81c42d4262de36adb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c0-00cc-47e7-b21e-4594950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:12.000Z", "modified": "2016-05-09T13:55:12.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '375e51a989525cfec8296faaffdefa35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c0-bb7c-464c-8c2f-4c68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:12.000Z", "modified": "2016-05-09T13:55:12.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '445886e6187cb36ee33ef7e27b7d5dbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c1-a634-4b37-8589-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:13.000Z", "modified": "2016-05-09T13:55:13.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'f4c1e96717c82b14ca76384cb005fbe5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c1-2c24-4cf2-b662-4505950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:13.000Z", "modified": "2016-05-09T13:55:13.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'aae962611da956a26a76d185455f1d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c2-c7c4-4925-81c4-409a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:14.000Z", "modified": "2016-05-09T13:55:14.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'c591263d56b57dfadd06a68dd9657343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c2-4f38-4b21-835f-45e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:14.000Z", "modified": "2016-05-09T13:55:14.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '03a537ff04deaf2c30b23122d795fee2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c2-3000-440c-b9a0-4306950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:14.000Z", "modified": "2016-05-09T13:55:14.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'a4144b9bc99ab39d16c8125a19382316']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c3-23d4-4feb-9669-4939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:15.000Z", "modified": "2016-05-09T13:55:15.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'bfc4133a64a8a8a53c02f9d471c79c16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c3-5370-4be5-9d3a-48d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:15.000Z", "modified": "2016-05-09T13:55:15.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '07614906c9b0ed9cfae07306c32555b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c3-d954-4076-be16-43f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:15.000Z", "modified": "2016-05-09T13:55:15.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'e63896f2dfcc2ee2173944ef16ddc131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c4-01ec-41ec-9526-460b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:16.000Z", "modified": "2016-05-09T13:55:16.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '805a522481056441e881c46c69b808f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c4-c424-449f-93b2-43d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:16.000Z", "modified": "2016-05-09T13:55:16.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'c48521d427f40148ee6e5a953ea23622']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c4-8b60-4273-af8a-469e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:16.000Z", "modified": "2016-05-09T13:55:16.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'ebc3f26c0bfc473c840c9e4f3393671d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c5-0e24-4c4d-8c17-4f41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:17.000Z", "modified": "2016-05-09T13:55:17.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '238ca1ab29f191b767837748fb655c8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c5-6ac8-49e4-9e03-4265950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:17.000Z", "modified": "2016-05-09T13:55:17.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '2689515f0bbdf4f3fd4448d0fdc9f2a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c6-a3ac-49e0-ac99-4709950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:17.000Z", "modified": "2016-05-09T13:55:17.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'f89c4fb64edc993604d53e5fad6585d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c6-d008-4da9-9e79-4f5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:18.000Z", "modified": "2016-05-09T13:55:18.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'e95f65bfe3e54d58dcbef3275d0c3f49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c6-a2dc-4e4d-9a40-4054950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:18.000Z", "modified": "2016-05-09T13:55:18.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'e61211931319ece42ec4755a6f6fc815']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c6-75d0-456e-8694-4799950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:18.000Z", "modified": "2016-05-09T13:55:18.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'b49de68758f2c1c2f7dfe60fe67d1516']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c7-a3f0-4000-81f6-4342950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:19.000Z", "modified": "2016-05-09T13:55:19.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'd0533874d7255b881187e842e747c268']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c7-0f6c-44e1-a170-48c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:19.000Z", "modified": "2016-05-09T13:55:19.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'e560dfba68e5bd9a84aeb7b79c9b11ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c8-4c2c-4762-9928-4f74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:20.000Z", "modified": "2016-05-09T13:55:20.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = 'edde511d4872c4b2551e7ad22e746fb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c8-f6fc-4b24-9510-4c83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:20.000Z", "modified": "2016-05-09T13:55:20.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '40fdca3c932b12b6740cea1266021c6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--573096c8-5f54-450b-a850-460b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:55:20.000Z", "modified": "2016-05-09T13:55:20.000Z", "description": "Samples", "pattern": "[file:hashes.MD5 = '03726d30ebffaf5455a932dee69ce6e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309701-f72c-462d-ab5f-4f6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:17.000Z", "modified": "2016-05-09T13:56:17.000Z", "description": "C2s", "pattern": "[domain-name:value = 'sent.leeh0m.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309702-be28-4650-bfb6-4eeb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:18.000Z", "modified": "2016-05-09T13:56:18.000Z", "description": "C2s", "pattern": "[domain-name:value = 'found.leeh0m.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309702-642c-403f-8147-48e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:18.000Z", "modified": "2016-05-09T13:56:18.000Z", "description": "C2s", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.62.238.73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309702-ca04-4367-937a-4b59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:18.000Z", "modified": "2016-05-09T13:56:18.000Z", "description": "C2s", "pattern": "[domain-name:value = 'newsupdate.dynssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309703-c820-4be8-b22f-4917950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:19.000Z", "modified": "2016-05-09T13:56:19.000Z", "description": "C2s", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.127.249.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309703-d590-46de-a4a5-4120950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:19.000Z", "modified": "2016-05-09T13:56:19.000Z", "description": "C2s", "pattern": "[domain-name:value = 'carwiseplot.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309704-0f68-490f-8050-48dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:20.000Z", "modified": "2016-05-09T13:56:20.000Z", "description": "C2s", "pattern": "[domain-name:value = 'goback.strangled.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309704-414c-4c57-97f9-4c5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:20.000Z", "modified": "2016-05-09T13:56:20.000Z", "description": "C2s", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.10.71.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309704-9144-421c-9d00-4818950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:20.000Z", "modified": "2016-05-09T13:56:20.000Z", "description": "C2s", "pattern": "[domain-name:value = 'www.kashiwa-js.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309705-c9f0-484f-a1ed-4498950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:21.000Z", "modified": "2016-05-09T13:56:21.000Z", "description": "C2s", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.128.92.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309705-39c8-4d2a-80e3-47f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:21.000Z", "modified": "2016-05-09T13:56:21.000Z", "description": "C2s", "pattern": "[domain-name:value = 'news.rinpocheinfo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309705-32c0-4bcd-9144-486f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-17T16:29:45.000Z", "modified": "2016-05-17T16:29:45.000Z", "first_observed": "2016-05-17T16:29:45Z", "last_observed": "2016-05-17T16:29:45Z", "number_observed": 1, "object_refs": [ "network-traffic--57309705-32c0-4bcd-9144-486f950d210f", "ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--57309705-32c0-4bcd-9144-486f950d210f", "dst_ref": "ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f", "value": "192.168.1.114" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309706-c984-49d0-9ecb-471f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:22.000Z", "modified": "2016-05-09T13:56:22.000Z", "description": "C2s", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.13.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309706-6d88-45cd-9fe3-49d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:22.000Z", "modified": "2016-05-09T13:56:22.000Z", "description": "C2s", "pattern": "[domain-name:value = 'coffeol.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309707-363c-447a-afdb-4648950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:56:23.000Z", "modified": "2016-05-09T13:56:23.000Z", "description": "C2s", "pattern": "[domain-name:value = 'updo.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:56:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976b-293c-4e74-b9c6-48ab02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:03.000Z", "modified": "2016-05-09T13:58:03.000Z", "description": "Samples - Xchecked via VT: 03726d30ebffaf5455a932dee69ce6e7", "pattern": "[file:hashes.SHA256 = 'aaa533a2d2b9380d20ed55e4a345c5d4b5b41c7e2e6e21690898a804b1ae01f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976b-aefc-414d-9070-4f4702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:03.000Z", "modified": "2016-05-09T13:58:03.000Z", "description": "Samples - Xchecked via VT: 03726d30ebffaf5455a932dee69ce6e7", "pattern": "[file:hashes.SHA1 = '53df943e6849646dded98fbf82e9e01b8a9c27f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730976c-bac8-46c6-85c3-449d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:04.000Z", "modified": "2016-05-09T13:58:04.000Z", "first_observed": "2016-05-09T13:58:04Z", "last_observed": "2016-05-09T13:58:04Z", "number_observed": 1, "object_refs": [ "url--5730976c-bac8-46c6-85c3-449d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730976c-bac8-46c6-85c3-449d02de0b81", "value": "https://www.virustotal.com/file/aaa533a2d2b9380d20ed55e4a345c5d4b5b41c7e2e6e21690898a804b1ae01f1/analysis/1460607735/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976c-b97c-4e14-87d0-445d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:04.000Z", "modified": "2016-05-09T13:58:04.000Z", "description": "Samples - Xchecked via VT: 40fdca3c932b12b6740cea1266021c6e", "pattern": "[file:hashes.SHA256 = '56b64cfa571fc156fd59f1d91daed765e92f2283cfcec34121103d5a8f2ba40e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976c-35fc-40e0-b4a4-4fb802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:04.000Z", "modified": "2016-05-09T13:58:04.000Z", "description": "Samples - Xchecked via VT: 40fdca3c932b12b6740cea1266021c6e", "pattern": "[file:hashes.SHA1 = '1beab7b2cad893820a8fc11c45d12959695c4a0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730976d-0a48-43e5-99d9-412602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:05.000Z", "modified": "2016-05-09T13:58:05.000Z", "first_observed": "2016-05-09T13:58:05Z", "last_observed": "2016-05-09T13:58:05Z", "number_observed": 1, "object_refs": [ "url--5730976d-0a48-43e5-99d9-412602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730976d-0a48-43e5-99d9-412602de0b81", "value": "https://www.virustotal.com/file/56b64cfa571fc156fd59f1d91daed765e92f2283cfcec34121103d5a8f2ba40e/analysis/1461070877/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976d-8dd4-4ace-90b2-480f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:05.000Z", "modified": "2016-05-09T13:58:05.000Z", "description": "Samples - Xchecked via VT: edde511d4872c4b2551e7ad22e746fb6", "pattern": "[file:hashes.SHA256 = '80bcee618f35a2bdbfbd2d1281a3a49e6a347856b98789fca0aca8a236e377c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976d-05a0-4305-8bab-474c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:05.000Z", "modified": "2016-05-09T13:58:05.000Z", "description": "Samples - Xchecked via VT: edde511d4872c4b2551e7ad22e746fb6", "pattern": "[file:hashes.SHA1 = '1013008b69c2ecda1246878e9d2e58d804328502']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730976e-ec4c-454f-bd2a-494002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:06.000Z", "modified": "2016-05-09T13:58:06.000Z", "first_observed": "2016-05-09T13:58:06Z", "last_observed": "2016-05-09T13:58:06Z", "number_observed": 1, "object_refs": [ "url--5730976e-ec4c-454f-bd2a-494002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730976e-ec4c-454f-bd2a-494002de0b81", "value": "https://www.virustotal.com/file/80bcee618f35a2bdbfbd2d1281a3a49e6a347856b98789fca0aca8a236e377c9/analysis/1455499591/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976e-a23c-46d8-bc2b-423402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:06.000Z", "modified": "2016-05-09T13:58:06.000Z", "description": "Samples - Xchecked via VT: e560dfba68e5bd9a84aeb7b79c9b11ea", "pattern": "[file:hashes.SHA256 = '0ac545923dba566c3bba265a872518ccd66874dd4688d41c59bf0d89eac2f3f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976e-1e8c-4f24-a450-44f402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:06.000Z", "modified": "2016-05-09T13:58:06.000Z", "description": "Samples - Xchecked via VT: e560dfba68e5bd9a84aeb7b79c9b11ea", "pattern": "[file:hashes.SHA1 = '4a75cf32d5ca795e4d04e3022d333b0d4a3cdcd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730976f-4df8-4a94-b44e-44f002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:07.000Z", "modified": "2016-05-09T13:58:07.000Z", "first_observed": "2016-05-09T13:58:07Z", "last_observed": "2016-05-09T13:58:07Z", "number_observed": 1, "object_refs": [ "url--5730976f-4df8-4a94-b44e-44f002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730976f-4df8-4a94-b44e-44f002de0b81", "value": "https://www.virustotal.com/file/0ac545923dba566c3bba265a872518ccd66874dd4688d41c59bf0d89eac2f3f4/analysis/1454062432/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976f-38a0-4820-ac19-488702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:07.000Z", "modified": "2016-05-09T13:58:07.000Z", "description": "Samples - Xchecked via VT: d0533874d7255b881187e842e747c268", "pattern": "[file:hashes.SHA256 = 'd903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730976f-c2f8-4c19-b901-4b2f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:07.000Z", "modified": "2016-05-09T13:58:07.000Z", "description": "Samples - Xchecked via VT: d0533874d7255b881187e842e747c268", "pattern": "[file:hashes.SHA1 = '8cca13ea2381b50be9880047d504d9bc423c1102']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309770-c528-4aab-9970-41b502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:08.000Z", "modified": "2016-05-09T13:58:08.000Z", "first_observed": "2016-05-09T13:58:08Z", "last_observed": "2016-05-09T13:58:08Z", "number_observed": 1, "object_refs": [ "url--57309770-c528-4aab-9970-41b502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309770-c528-4aab-9970-41b502de0b81", "value": "https://www.virustotal.com/file/d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2/analysis/1456452590/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309770-8114-4121-b83f-423902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:08.000Z", "modified": "2016-05-09T13:58:08.000Z", "description": "Samples - Xchecked via VT: b49de68758f2c1c2f7dfe60fe67d1516", "pattern": "[file:hashes.SHA256 = 'e2f3afeddb897ebdafc20e5824e26584a2ba276acaf8616f64ead8c235af2165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309770-96e0-450a-81ae-458502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:08.000Z", "modified": "2016-05-09T13:58:08.000Z", "description": "Samples - Xchecked via VT: b49de68758f2c1c2f7dfe60fe67d1516", "pattern": "[file:hashes.SHA1 = '24bd3e2240ac578712cb10ab031dfc5e964257af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309771-1a3c-4890-8205-4dda02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:09.000Z", "modified": "2016-05-09T13:58:09.000Z", "first_observed": "2016-05-09T13:58:09Z", "last_observed": "2016-05-09T13:58:09Z", "number_observed": 1, "object_refs": [ "url--57309771-1a3c-4890-8205-4dda02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309771-1a3c-4890-8205-4dda02de0b81", "value": "https://www.virustotal.com/file/e2f3afeddb897ebdafc20e5824e26584a2ba276acaf8616f64ead8c235af2165/analysis/1459934437/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309771-b89c-4cf5-b9ba-4cdc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:09.000Z", "modified": "2016-05-09T13:58:09.000Z", "description": "Samples - Xchecked via VT: e61211931319ece42ec4755a6f6fc815", "pattern": "[file:hashes.SHA256 = '85dd599d9837aaaeb3adc4cd4c7f14dffdc0528bb654de34761fb51653dcd156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309772-49d8-4dc5-a56e-41da02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:10.000Z", "modified": "2016-05-09T13:58:10.000Z", "description": "Samples - Xchecked via VT: e61211931319ece42ec4755a6f6fc815", "pattern": "[file:hashes.SHA1 = '4868b9fe57d61d14fd3827fe63ae65f7f360075e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309772-c6b4-42df-a565-4ed802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:10.000Z", "modified": "2016-05-09T13:58:10.000Z", "first_observed": "2016-05-09T13:58:10Z", "last_observed": "2016-05-09T13:58:10Z", "number_observed": 1, "object_refs": [ "url--57309772-c6b4-42df-a565-4ed802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309772-c6b4-42df-a565-4ed802de0b81", "value": "https://www.virustotal.com/file/85dd599d9837aaaeb3adc4cd4c7f14dffdc0528bb654de34761fb51653dcd156/analysis/1456215931/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309772-4fd0-4559-bb39-4cc902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:10.000Z", "modified": "2016-05-09T13:58:10.000Z", "description": "Samples - Xchecked via VT: e95f65bfe3e54d58dcbef3275d0c3f49", "pattern": "[file:hashes.SHA256 = 'e5201b276159cca63b1b47b6521b12e7bf2ccec63e2b37d432cfb9555a060aa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309772-026c-4ca2-9719-436302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:10.000Z", "modified": "2016-05-09T13:58:10.000Z", "description": "Samples - Xchecked via VT: e95f65bfe3e54d58dcbef3275d0c3f49", "pattern": "[file:hashes.SHA1 = 'c0fc95025340b5ed4673b60e88fce3c6c0def638']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309773-fce8-44ce-a5e1-46bb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:11.000Z", "modified": "2016-05-09T13:58:11.000Z", "first_observed": "2016-05-09T13:58:11Z", "last_observed": "2016-05-09T13:58:11Z", "number_observed": 1, "object_refs": [ "url--57309773-fce8-44ce-a5e1-46bb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309773-fce8-44ce-a5e1-46bb02de0b81", "value": "https://www.virustotal.com/file/e5201b276159cca63b1b47b6521b12e7bf2ccec63e2b37d432cfb9555a060aa4/analysis/1456975485/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309773-f94c-4524-b946-453c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:11.000Z", "modified": "2016-05-09T13:58:11.000Z", "description": "Samples - Xchecked via VT: f89c4fb64edc993604d53e5fad6585d4", "pattern": "[file:hashes.SHA256 = 'ac63520803ce7f1343d4fa31588c1fef6abb0783980ad0ba613be749815c5900']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309773-d4dc-42d4-b9e4-41c002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:11.000Z", "modified": "2016-05-09T13:58:11.000Z", "description": "Samples - Xchecked via VT: f89c4fb64edc993604d53e5fad6585d4", "pattern": "[file:hashes.SHA1 = '5bac4be57cdaabe0dd2fa3e54e4d3833fd32df43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309774-9964-4d06-98a2-4def02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:12.000Z", "modified": "2016-05-09T13:58:12.000Z", "first_observed": "2016-05-09T13:58:12Z", "last_observed": "2016-05-09T13:58:12Z", "number_observed": 1, "object_refs": [ "url--57309774-9964-4d06-98a2-4def02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309774-9964-4d06-98a2-4def02de0b81", "value": "https://www.virustotal.com/file/ac63520803ce7f1343d4fa31588c1fef6abb0783980ad0ba613be749815c5900/analysis/1461728936/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309774-2884-4313-afa0-4c4002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:12.000Z", "modified": "2016-05-09T13:58:12.000Z", "description": "Samples - Xchecked via VT: 2689515f0bbdf4f3fd4448d0fdc9f2a7", "pattern": "[file:hashes.SHA256 = '23368088b183a8b7dc59f33413a760daa06fa0e027a1996677c97db2aeec22b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309774-c228-46ac-8534-4d1102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:12.000Z", "modified": "2016-05-09T13:58:12.000Z", "description": "Samples - Xchecked via VT: 2689515f0bbdf4f3fd4448d0fdc9f2a7", "pattern": "[file:hashes.SHA1 = '60e87d5c6b4af85fbcb8645a6f841c368266de16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309775-8ff8-4c15-8a5e-439602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:13.000Z", "modified": "2016-05-09T13:58:13.000Z", "first_observed": "2016-05-09T13:58:13Z", "last_observed": "2016-05-09T13:58:13Z", "number_observed": 1, "object_refs": [ "url--57309775-8ff8-4c15-8a5e-439602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309775-8ff8-4c15-8a5e-439602de0b81", "value": "https://www.virustotal.com/file/23368088b183a8b7dc59f33413a760daa06fa0e027a1996677c97db2aeec22b8/analysis/1454681156/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309775-96e0-4600-b6e1-476f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:13.000Z", "modified": "2016-05-09T13:58:13.000Z", "description": "Samples - Xchecked via VT: 238ca1ab29f191b767837748fb655c8e", "pattern": "[file:hashes.SHA256 = '743ccc54a4ef9d9b836ea3643443d142428d8743edab076074c786e2e759e205']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309775-b538-4a8e-b4a1-45f502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:13.000Z", "modified": "2016-05-09T13:58:13.000Z", "description": "Samples - Xchecked via VT: 238ca1ab29f191b767837748fb655c8e", "pattern": "[file:hashes.SHA1 = '35ac46d3df72ca3646363e5babe3d4594826a48d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309776-0f30-46e6-b385-4f8402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:14.000Z", "modified": "2016-05-09T13:58:14.000Z", "first_observed": "2016-05-09T13:58:14Z", "last_observed": "2016-05-09T13:58:14Z", "number_observed": 1, "object_refs": [ "url--57309776-0f30-46e6-b385-4f8402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309776-0f30-46e6-b385-4f8402de0b81", "value": "https://www.virustotal.com/file/743ccc54a4ef9d9b836ea3643443d142428d8743edab076074c786e2e759e205/analysis/1461733460/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309776-fa34-4772-8ae8-429202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:14.000Z", "modified": "2016-05-09T13:58:14.000Z", "description": "Samples - Xchecked via VT: ebc3f26c0bfc473c840c9e4f3393671d", "pattern": "[file:hashes.SHA256 = 'c5dc63ee97547c2d55fca3701d018bc440e4800e23d5ec05dc30493f3d42b283']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309776-38f4-4945-8e20-4be502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:14.000Z", "modified": "2016-05-09T13:58:14.000Z", "description": "Samples - Xchecked via VT: ebc3f26c0bfc473c840c9e4f3393671d", "pattern": "[file:hashes.SHA1 = 'd0ffaf60d5ecf90abeb33abafbabf92710edca6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309777-34d8-40de-8d0e-43d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:15.000Z", "modified": "2016-05-09T13:58:15.000Z", "first_observed": "2016-05-09T13:58:15Z", "last_observed": "2016-05-09T13:58:15Z", "number_observed": 1, "object_refs": [ "url--57309777-34d8-40de-8d0e-43d602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309777-34d8-40de-8d0e-43d602de0b81", "value": "https://www.virustotal.com/file/c5dc63ee97547c2d55fca3701d018bc440e4800e23d5ec05dc30493f3d42b283/analysis/1462602034/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309777-eff0-49be-92ae-439f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:15.000Z", "modified": "2016-05-09T13:58:15.000Z", "description": "Samples - Xchecked via VT: c48521d427f40148ee6e5a953ea23622", "pattern": "[file:hashes.SHA256 = '7a83fd03502bd7100af4ad86e0967e31f7d83be4aa87e3b86881d69ce836da39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309777-8758-4203-ada3-431d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:15.000Z", "modified": "2016-05-09T13:58:15.000Z", "description": "Samples - Xchecked via VT: c48521d427f40148ee6e5a953ea23622", "pattern": "[file:hashes.SHA1 = '9435c15bc317ba840a7d3c9583f1bebb3f475156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309778-9e68-4225-aede-497302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:16.000Z", "modified": "2016-05-09T13:58:16.000Z", "first_observed": "2016-05-09T13:58:16Z", "last_observed": "2016-05-09T13:58:16Z", "number_observed": 1, "object_refs": [ "url--57309778-9e68-4225-aede-497302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309778-9e68-4225-aede-497302de0b81", "value": "https://www.virustotal.com/file/7a83fd03502bd7100af4ad86e0967e31f7d83be4aa87e3b86881d69ce836da39/analysis/1461387439/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309778-8ddc-4e0e-85b5-463b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:16.000Z", "modified": "2016-05-09T13:58:16.000Z", "description": "Samples - Xchecked via VT: 805a522481056441e881c46c69b808f6", "pattern": "[file:hashes.SHA256 = 'eac735b85c8c2eac47ca94a8e0eb821d0c7c2e7d18c35c95b54c34dfccf0612d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309778-0c8c-46c5-a473-4f7102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:16.000Z", "modified": "2016-05-09T13:58:16.000Z", "description": "Samples - Xchecked via VT: 805a522481056441e881c46c69b808f6", "pattern": "[file:hashes.SHA1 = 'cc14506801e9fc34d6029824b145522b72c9168a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309779-4bb4-40c8-8a54-491e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:17.000Z", "modified": "2016-05-09T13:58:17.000Z", "first_observed": "2016-05-09T13:58:17Z", "last_observed": "2016-05-09T13:58:17Z", "number_observed": 1, "object_refs": [ "url--57309779-4bb4-40c8-8a54-491e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309779-4bb4-40c8-8a54-491e02de0b81", "value": "https://www.virustotal.com/file/eac735b85c8c2eac47ca94a8e0eb821d0c7c2e7d18c35c95b54c34dfccf0612d/analysis/1459150575/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309779-0a18-47f8-bea6-419702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:17.000Z", "modified": "2016-05-09T13:58:17.000Z", "description": "Samples - Xchecked via VT: e63896f2dfcc2ee2173944ef16ddc131", "pattern": "[file:hashes.SHA256 = '9d01edd648ff54ea32b35284e87df50f780a56e418476b90a27c03c0657514b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309779-9d14-4ea4-aab9-44fa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:17.000Z", "modified": "2016-05-09T13:58:17.000Z", "description": "Samples - Xchecked via VT: e63896f2dfcc2ee2173944ef16ddc131", "pattern": "[file:hashes.SHA1 = '2546cdd0c25a8b9e232801f5d43cb034940dfc19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730977a-aab0-40c2-b187-469d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:18.000Z", "modified": "2016-05-09T13:58:18.000Z", "first_observed": "2016-05-09T13:58:18Z", "last_observed": "2016-05-09T13:58:18Z", "number_observed": 1, "object_refs": [ "url--5730977a-aab0-40c2-b187-469d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730977a-aab0-40c2-b187-469d02de0b81", "value": "https://www.virustotal.com/file/9d01edd648ff54ea32b35284e87df50f780a56e418476b90a27c03c0657514b8/analysis/1458029251/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977a-2a08-4b57-99ce-49fb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:18.000Z", "modified": "2016-05-09T13:58:18.000Z", "description": "Samples - Xchecked via VT: 07614906c9b0ed9cfae07306c32555b9", "pattern": "[file:hashes.SHA256 = 'b60811048dfeb1e91d53f22a1f7039838e4b07771b8c4ce89e5a34a28cb654ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977a-eca8-4862-9306-40f202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:18.000Z", "modified": "2016-05-09T13:58:18.000Z", "description": "Samples - Xchecked via VT: 07614906c9b0ed9cfae07306c32555b9", "pattern": "[file:hashes.SHA1 = '41622884178754e75b2624999c82c8b75bf5b239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730977b-61dc-4c45-a6d2-4de702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:19.000Z", "modified": "2016-05-09T13:58:19.000Z", "first_observed": "2016-05-09T13:58:19Z", "last_observed": "2016-05-09T13:58:19Z", "number_observed": 1, "object_refs": [ "url--5730977b-61dc-4c45-a6d2-4de702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730977b-61dc-4c45-a6d2-4de702de0b81", "value": "https://www.virustotal.com/file/b60811048dfeb1e91d53f22a1f7039838e4b07771b8c4ce89e5a34a28cb654ce/analysis/1462614475/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977b-4f64-44c9-b8c0-406302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:19.000Z", "modified": "2016-05-09T13:58:19.000Z", "description": "Samples - Xchecked via VT: bfc4133a64a8a8a53c02f9d471c79c16", "pattern": "[file:hashes.SHA256 = '6653e699576c27622aac6a497b2988fcdc8f8d0a2aedc5d98a2b6eb046626ed9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977b-4b08-4167-a54d-435702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:19.000Z", "modified": "2016-05-09T13:58:19.000Z", "description": "Samples - Xchecked via VT: bfc4133a64a8a8a53c02f9d471c79c16", "pattern": "[file:hashes.SHA1 = 'f375da91fc83a0b18098b1468cb239848cb8990f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730977c-c0ac-43c2-8064-4f3102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:20.000Z", "modified": "2016-05-09T13:58:20.000Z", "first_observed": "2016-05-09T13:58:20Z", "last_observed": "2016-05-09T13:58:20Z", "number_observed": 1, "object_refs": [ "url--5730977c-c0ac-43c2-8064-4f3102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730977c-c0ac-43c2-8064-4f3102de0b81", "value": "https://www.virustotal.com/file/6653e699576c27622aac6a497b2988fcdc8f8d0a2aedc5d98a2b6eb046626ed9/analysis/1461735365/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977c-fce8-4de3-8115-444a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:20.000Z", "modified": "2016-05-09T13:58:20.000Z", "description": "Samples - Xchecked via VT: a4144b9bc99ab39d16c8125a19382316", "pattern": "[file:hashes.SHA256 = '2eeacd8527fb9031d6d1c2be2e1cb17ae5209f799044adbdde16a67a10aed1e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977c-59b8-4cd8-b9b6-4e8e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:20.000Z", "modified": "2016-05-09T13:58:20.000Z", "description": "Samples - Xchecked via VT: a4144b9bc99ab39d16c8125a19382316", "pattern": "[file:hashes.SHA1 = '1dd15ff218619f5a2b9795f028bd4081f852d743']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730977d-dc34-4edd-a695-452602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:21.000Z", "modified": "2016-05-09T13:58:21.000Z", "first_observed": "2016-05-09T13:58:21Z", "last_observed": "2016-05-09T13:58:21Z", "number_observed": 1, "object_refs": [ "url--5730977d-dc34-4edd-a695-452602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730977d-dc34-4edd-a695-452602de0b81", "value": "https://www.virustotal.com/file/2eeacd8527fb9031d6d1c2be2e1cb17ae5209f799044adbdde16a67a10aed1e2/analysis/1461381011/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977d-04ec-4521-b9b3-419a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:21.000Z", "modified": "2016-05-09T13:58:21.000Z", "description": "Samples - Xchecked via VT: 03a537ff04deaf2c30b23122d795fee2", "pattern": "[file:hashes.SHA256 = '29b72c37dc3a947dc43381cf1f7e1c17b2e14abdef30074bcbcbba4d3a20cae1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977d-88f4-44d6-be62-44f202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:21.000Z", "modified": "2016-05-09T13:58:21.000Z", "description": "Samples - Xchecked via VT: 03a537ff04deaf2c30b23122d795fee2", "pattern": "[file:hashes.SHA1 = 'f72ef5db65184a85e6e25f0678a42efc60b6c5ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730977e-f7dc-4fb5-ae9b-434302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:22.000Z", "modified": "2016-05-09T13:58:22.000Z", "first_observed": "2016-05-09T13:58:22Z", "last_observed": "2016-05-09T13:58:22Z", "number_observed": 1, "object_refs": [ "url--5730977e-f7dc-4fb5-ae9b-434302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730977e-f7dc-4fb5-ae9b-434302de0b81", "value": "https://www.virustotal.com/file/29b72c37dc3a947dc43381cf1f7e1c17b2e14abdef30074bcbcbba4d3a20cae1/analysis/1459674663/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977e-5234-4c5e-940a-486902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:22.000Z", "modified": "2016-05-09T13:58:22.000Z", "description": "Samples - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "pattern": "[file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977e-de50-4099-81e7-492b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:22.000Z", "modified": "2016-05-09T13:58:22.000Z", "description": "Samples - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "pattern": "[file:hashes.SHA1 = '8c248daec675cb873a9ee850336e871dd4642c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5730977f-5b04-4397-9f11-4ef402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:23.000Z", "modified": "2016-05-09T13:58:23.000Z", "first_observed": "2016-05-09T13:58:23Z", "last_observed": "2016-05-09T13:58:23Z", "number_observed": 1, "object_refs": [ "url--5730977f-5b04-4397-9f11-4ef402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5730977f-5b04-4397-9f11-4ef402de0b81", "value": "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1460020341/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977f-c860-435a-9ccf-498302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:23.000Z", "modified": "2016-05-09T13:58:23.000Z", "description": "Samples - Xchecked via VT: aae962611da956a26a76d185455f1d44", "pattern": "[file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5730977f-2af4-41d3-b2ec-41d702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:23.000Z", "modified": "2016-05-09T13:58:23.000Z", "description": "Samples - Xchecked via VT: aae962611da956a26a76d185455f1d44", "pattern": "[file:hashes.SHA1 = '8bed9000c2f6347e683beadb1a5d4dedaccbd21f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309780-b1d4-4395-bd91-48f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:24.000Z", "modified": "2016-05-09T13:58:24.000Z", "first_observed": "2016-05-09T13:58:24Z", "last_observed": "2016-05-09T13:58:24Z", "number_observed": 1, "object_refs": [ "url--57309780-b1d4-4395-bd91-48f102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309780-b1d4-4395-bd91-48f102de0b81", "value": "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1457340727/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309780-2780-4b19-b7b8-416402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:24.000Z", "modified": "2016-05-09T13:58:24.000Z", "description": "Samples - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "pattern": "[file:hashes.SHA256 = '5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309780-d854-44d8-9a00-490902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:24.000Z", "modified": "2016-05-09T13:58:24.000Z", "description": "Samples - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "pattern": "[file:hashes.SHA1 = 'c4830ed7558cff7abebc15e13fb0a9ad8d1edb71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309781-bd38-4e6c-9f41-438802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:25.000Z", "modified": "2016-05-09T13:58:25.000Z", "first_observed": "2016-05-09T13:58:25Z", "last_observed": "2016-05-09T13:58:25Z", "number_observed": 1, "object_refs": [ "url--57309781-bd38-4e6c-9f41-438802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309781-bd38-4e6c-9f41-438802de0b81", "value": "https://www.virustotal.com/file/5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b/analysis/1462540391/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309781-be10-4a8b-9efb-469e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:25.000Z", "modified": "2016-05-09T13:58:25.000Z", "description": "Samples - Xchecked via VT: 445886e6187cb36ee33ef7e27b7d5dbe", "pattern": "[file:hashes.SHA256 = 'e1f1315a6bd13d5d7a7fa94f504f83e476015d09eaf465d2443825ee9e6816ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309781-2a34-4d16-9a2a-42e402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:25.000Z", "modified": "2016-05-09T13:58:25.000Z", "description": "Samples - Xchecked via VT: 445886e6187cb36ee33ef7e27b7d5dbe", "pattern": "[file:hashes.SHA1 = '51badda607d683c2c1e5df4864628efb49d0e583']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309782-0ebc-4115-ba61-408e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:26.000Z", "modified": "2016-05-09T13:58:26.000Z", "first_observed": "2016-05-09T13:58:26Z", "last_observed": "2016-05-09T13:58:26Z", "number_observed": 1, "object_refs": [ "url--57309782-0ebc-4115-ba61-408e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309782-0ebc-4115-ba61-408e02de0b81", "value": "https://www.virustotal.com/file/e1f1315a6bd13d5d7a7fa94f504f83e476015d09eaf465d2443825ee9e6816ff/analysis/1459263191/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309782-cb60-40d2-9a30-45d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:26.000Z", "modified": "2016-05-09T13:58:26.000Z", "description": "Samples - Xchecked via VT: 375e51a989525cfec8296faaffdefa35", "pattern": "[file:hashes.SHA256 = '1f9b7d8e692a1c9fadbdd05b794e8c49502323b073b44becaae5eee5e2186fc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309782-f2cc-4ec4-b507-42ea02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:26.000Z", "modified": "2016-05-09T13:58:26.000Z", "description": "Samples - Xchecked via VT: 375e51a989525cfec8296faaffdefa35", "pattern": "[file:hashes.SHA1 = 'ca5dc32d6ebfb897e2320af1aa459002dff49ba8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309783-ef94-4cb5-9586-415902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:27.000Z", "modified": "2016-05-09T13:58:27.000Z", "first_observed": "2016-05-09T13:58:27Z", "last_observed": "2016-05-09T13:58:27Z", "number_observed": 1, "object_refs": [ "url--57309783-ef94-4cb5-9586-415902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309783-ef94-4cb5-9586-415902de0b81", "value": "https://www.virustotal.com/file/1f9b7d8e692a1c9fadbdd05b794e8c49502323b073b44becaae5eee5e2186fc4/analysis/1462376467/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309783-c5ac-4d1f-8cef-42d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:27.000Z", "modified": "2016-05-09T13:58:27.000Z", "description": "Samples - Xchecked via VT: 21bb2d447247fd81c42d4262de36adb6", "pattern": "[file:hashes.SHA256 = '0257d713e8c3890e9a3ff961ca56fbb7e0fff8a5632ebcd8efcc2a543d47ac74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309783-262c-434f-9e6f-417c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:27.000Z", "modified": "2016-05-09T13:58:27.000Z", "description": "Samples - Xchecked via VT: 21bb2d447247fd81c42d4262de36adb6", "pattern": "[file:hashes.SHA1 = '7698e9d0fdbdd1ade128bd945f15fe3d1f2411cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309784-fc34-4a94-b3e2-4d8502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:28.000Z", "modified": "2016-05-09T13:58:28.000Z", "first_observed": "2016-05-09T13:58:28Z", "last_observed": "2016-05-09T13:58:28Z", "number_observed": 1, "object_refs": [ "url--57309784-fc34-4a94-b3e2-4d8502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309784-fc34-4a94-b3e2-4d8502de0b81", "value": "https://www.virustotal.com/file/0257d713e8c3890e9a3ff961ca56fbb7e0fff8a5632ebcd8efcc2a543d47ac74/analysis/1454681156/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309784-d780-48c1-b3bb-49a102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:28.000Z", "modified": "2016-05-09T13:58:28.000Z", "description": "Samples - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "pattern": "[file:hashes.SHA256 = '7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309784-b680-44f8-a731-428402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:28.000Z", "modified": "2016-05-09T13:58:28.000Z", "description": "Samples - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "pattern": "[file:hashes.SHA1 = 'd12324a522b404b7949a971fbe767ae06b03c576']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309785-0488-4ff9-ac64-4f6402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:29.000Z", "modified": "2016-05-09T13:58:29.000Z", "first_observed": "2016-05-09T13:58:29Z", "last_observed": "2016-05-09T13:58:29Z", "number_observed": 1, "object_refs": [ "url--57309785-0488-4ff9-ac64-4f6402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309785-0488-4ff9-ac64-4f6402de0b81", "value": "https://www.virustotal.com/file/7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a/analysis/1459222882/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309785-80c4-4018-9051-49a402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:29.000Z", "modified": "2016-05-09T13:58:29.000Z", "description": "Samples - Xchecked via VT: 9b6af5f8878a3fde32a3e8ff3cf98906", "pattern": "[file:hashes.SHA256 = '93c9ad08ee30554d9244c0184ee99ace88e800247e7f54b864ffb2f44954eade']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309785-65e4-4891-9094-448c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:29.000Z", "modified": "2016-05-09T13:58:29.000Z", "description": "Samples - Xchecked via VT: 9b6af5f8878a3fde32a3e8ff3cf98906", "pattern": "[file:hashes.SHA1 = '4c152c09b81a54377da3b1a63199a343744d8807']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309786-d8c8-494f-9734-47bb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:30.000Z", "modified": "2016-05-09T13:58:30.000Z", "first_observed": "2016-05-09T13:58:30Z", "last_observed": "2016-05-09T13:58:30Z", "number_observed": 1, "object_refs": [ "url--57309786-d8c8-494f-9734-47bb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309786-d8c8-494f-9734-47bb02de0b81", "value": "https://www.virustotal.com/file/93c9ad08ee30554d9244c0184ee99ace88e800247e7f54b864ffb2f44954eade/analysis/1456992898/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309786-b92c-4cc2-a847-48c902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:30.000Z", "modified": "2016-05-09T13:58:30.000Z", "description": "Samples - Xchecked via VT: e1b4a5a565fdfcec52346d3b6063c587", "pattern": "[file:hashes.SHA256 = '4d38d4ee5b625e09b61a253a52eb29fcf9c506ee9329b3a90a0b3911e59174f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309786-944c-46a8-930f-438402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:30.000Z", "modified": "2016-05-09T13:58:30.000Z", "description": "Samples - Xchecked via VT: e1b4a5a565fdfcec52346d3b6063c587", "pattern": "[file:hashes.SHA1 = 'c3ed7bd750192bd43e7fb30d515a109850fb6342']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309786-ef68-4a7a-a586-4ca302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:30.000Z", "modified": "2016-05-09T13:58:30.000Z", "first_observed": "2016-05-09T13:58:30Z", "last_observed": "2016-05-09T13:58:30Z", "number_observed": 1, "object_refs": [ "url--57309786-ef68-4a7a-a586-4ca302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309786-ef68-4a7a-a586-4ca302de0b81", "value": "https://www.virustotal.com/file/4d38d4ee5b625e09b61a253a52eb29fcf9c506ee9329b3a90a0b3911e59174f2/analysis/1462362985/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309787-32e0-40f4-b5ec-472802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:31.000Z", "modified": "2016-05-09T13:58:31.000Z", "description": "Samples - Xchecked via VT: 6a6a8cb2e59439891e53b04024573d37", "pattern": "[file:hashes.SHA256 = '72036a5ab16f6d50ea870c402c394fbee08f10cce694e6b6d324d54334286917']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309787-5154-454f-b255-462102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:31.000Z", "modified": "2016-05-09T13:58:31.000Z", "description": "Samples - Xchecked via VT: 6a6a8cb2e59439891e53b04024573d37", "pattern": "[file:hashes.SHA1 = '74d6fc611521f65174150d0f5af2aed72943619e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309787-8b08-4087-81b3-4e9502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:31.000Z", "modified": "2016-05-09T13:58:31.000Z", "first_observed": "2016-05-09T13:58:31Z", "last_observed": "2016-05-09T13:58:31Z", "number_observed": 1, "object_refs": [ "url--57309787-8b08-4087-81b3-4e9502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309787-8b08-4087-81b3-4e9502de0b81", "value": "https://www.virustotal.com/file/72036a5ab16f6d50ea870c402c394fbee08f10cce694e6b6d324d54334286917/analysis/1459434792/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309788-5864-4012-8b2f-47e002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:32.000Z", "modified": "2016-05-09T13:58:32.000Z", "description": "Samples - Xchecked via VT: 50064d33625970a8145add7e3e242fe3", "pattern": "[file:hashes.SHA256 = '9c6dc1c2ea5b2370b58b0ac11fde8287cd49aee3e089dbdf589cc8d51c1f7a9e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309788-433c-4fb6-9ef8-4d6c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:32.000Z", "modified": "2016-05-09T13:58:32.000Z", "description": "Samples - Xchecked via VT: 50064d33625970a8145add7e3e242fe3", "pattern": "[file:hashes.SHA1 = '0e06e99c8f1c8882fd1f35793c50213f1905494f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309788-8428-4c7c-9a3a-4b4e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:32.000Z", "modified": "2016-05-09T13:58:32.000Z", "first_observed": "2016-05-09T13:58:32Z", "last_observed": "2016-05-09T13:58:32Z", "number_observed": 1, "object_refs": [ "url--57309788-8428-4c7c-9a3a-4b4e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309788-8428-4c7c-9a3a-4b4e02de0b81", "value": "https://www.virustotal.com/file/9c6dc1c2ea5b2370b58b0ac11fde8287cd49aee3e089dbdf589cc8d51c1f7a9e/analysis/1462480505/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309789-6d6c-4440-8303-409502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:33.000Z", "modified": "2016-05-09T13:58:33.000Z", "description": "Samples - Xchecked via VT: 3fe0cbedec6969803a72b8c76a4a0a03", "pattern": "[file:hashes.SHA256 = '13bdc52c2066e4b02bae5cc42bc9ec7dfcc1f19fbf35007aea93e9d62e3e3fd0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57309789-cdcc-4f20-b6b8-45a502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:33.000Z", "modified": "2016-05-09T13:58:33.000Z", "description": "Samples - Xchecked via VT: 3fe0cbedec6969803a72b8c76a4a0a03", "pattern": "[file:hashes.SHA1 = '12627ba5fea1f00d6ac0704d053c519db93f9122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-05-09T13:58:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57309789-5b4c-4d7e-9637-402502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:33.000Z", "modified": "2016-05-09T13:58:33.000Z", "first_observed": "2016-05-09T13:58:33Z", "last_observed": "2016-05-09T13:58:33Z", "number_observed": 1, "object_refs": [ "url--57309789-5b4c-4d7e-9637-402502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57309789-5b4c-4d7e-9637-402502de0b81", "value": "https://www.virustotal.com/file/13bdc52c2066e4b02bae5cc42bc9ec7dfcc1f19fbf35007aea93e9d62e3e3fd0/analysis/1461331255/" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5730979d-28ac-4b7c-83d4-14d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-05-09T13:58:53.000Z", "modified": "2016-05-09T13:58:53.000Z", "name": "CVE-2015-2545", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-2545" } ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }