{ "type": "bundle", "id": "bundle--55c7524c-e510-453a-93dc-c2c9950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T19:59:05.000Z", "modified": "2017-06-22T19:59:05.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55c7524c-e510-453a-93dc-c2c9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T19:59:05.000Z", "modified": "2017-06-22T19:59:05.000Z", "name": "OSINT Operation Molerats: Middle East Cyber Attacks Using Poison Ivy by Fire Eye", "published": "2017-06-22T19:59:26Z", "object_refs": [ "observed-data--55c7525e-d474-4ed0-a478-c2c9950d210b", "url--55c7525e-d474-4ed0-a478-c2c9950d210b", "indicator--55d2ebcc-0278-4b56-8b29-7c5e950d210b", "indicator--55d2ebd8-092c-48cc-a41d-966f950d210b", "x-misp-attribute--55d2ebe7-30a8-486a-83f9-9675950d210b", "indicator--55d2ec2a-a434-4f1d-b1e2-9804950d210b", "indicator--55d2ec2b-4958-4ca6-9c55-9804950d210b", "indicator--55d2ec2b-08cc-438a-973c-9804950d210b", "indicator--55d2ec2b-b49c-4e7e-aaa9-9804950d210b", "indicator--55d2ec3a-84b8-4b12-88ea-7c5e950d210b", "indicator--55d2ec3a-b1e4-436b-a630-7c5e950d210b", "indicator--55d2ec3a-d668-4526-be3a-7c5e950d210b", "indicator--55d2ec3a-f498-428a-84c1-7c5e950d210b", "indicator--55d2ec3a-f1b0-4307-930f-7c5e950d210b", "indicator--55d2ec5c-4a24-422c-895c-9673950d210b", "indicator--55d2ec5d-c21c-43ad-822a-9673950d210b", "indicator--55d2ec5d-c4e4-43fb-9584-9673950d210b", "indicator--55d2ec5d-c8e0-4024-96bd-9673950d210b", "indicator--55d2ec5d-8ef8-420d-931a-9673950d210b", "indicator--55d2ec5d-36c0-4e7f-86ca-9673950d210b", "indicator--55d2ec7e-be34-4690-ba35-966f950d210b", "indicator--55d2ecb3-aba8-4a4e-a1e9-876d950d210b", "indicator--55d2ecb3-ede8-46c1-ada5-876d950d210b", "indicator--55d2ecb3-d644-402a-98d5-876d950d210b", "indicator--55d2ecb4-cbbc-4cba-9aeb-876d950d210b", "indicator--55d2ecb4-443c-42fa-b9dc-876d950d210b", "indicator--55d2ecb4-20d8-4a64-b332-876d950d210b", "indicator--55d2ecb4-5fd4-4777-b900-876d950d210b", "indicator--55d2ecb4-cee0-4dc1-b27e-876d950d210b", "indicator--55d2ecb5-23b4-4842-be8d-876d950d210b", "indicator--56c673ef-24a8-47b3-b427-4249950d210f", "indicator--56c673f1-b2dc-42aa-b601-599c950d210f", "indicator--56c673f2-ed28-4341-be11-5f51950d210f", "indicator--56c673f4-a5c4-4f07-ab2f-c650950d210f", "indicator--56c673f5-bf90-4d53-9f6d-5f51950d210f", "indicator--56c673f7-1394-4e3b-a50c-59a1950d210f", "indicator--56c673f8-76c8-4d94-b222-4bdb950d210f", "indicator--56c673f9-79d4-4d33-93c3-c650950d210f", "indicator--56c673fa-57f0-4ce3-980b-c652950d210f", "indicator--56c673fc-f658-4f61-a69c-c653950d210f", "indicator--56c673f0-e658-4060-a4b0-599f950d210f", "indicator--56c673f2-de38-4262-92c5-c654950d210f", "indicator--56c673f3-c984-4362-b914-5ca1950d210f", "indicator--56c673f4-4f5c-4a34-904c-59a3950d210f", "indicator--56c673f6-698c-4590-8c77-4556950d210f", "indicator--56c673f7-164c-44e8-8ec5-5ca1950d210f", "indicator--56c673f9-1d4c-4328-ade7-c653950d210f", "indicator--56c673fa-2610-4a95-b832-599d950d210f", "indicator--56c673fb-e8a8-4807-a7a3-4cd5950d210f", "indicator--56c673fc-74b8-4e7a-8b7c-59a3950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55c7525e-d474-4ed0-a478-c2c9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-09T13:15:09.000Z", "modified": "2015-08-09T13:15:09.000Z", "first_observed": "2015-08-09T13:15:09Z", "last_observed": "2015-08-09T13:15:09Z", "number_observed": 1, "object_refs": [ "url--55c7525e-d474-4ed0-a478-c2c9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55c7525e-d474-4ed0-a478-c2c9950d210b", "value": "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ebcc-0278-4b56-8b29-7c5e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:55.000Z", "modified": "2015-08-18T08:28:55.000Z", "pattern": "[file:hashes.MD5 = '7084f3a2d63a16a191b7fcb2b19f0e0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ebd8-092c-48cc-a41d-966f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:24:56.000Z", "modified": "2015-08-18T08:24:56.000Z", "pattern": "[mutex:name = 'gdfgdfgdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:24:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55d2ebe7-30a8-486a-83f9-9675950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:25:11.000Z", "modified": "2015-08-18T08:25:11.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Password used", "x_misp_type": "text", "x_misp_value": "!@#GooD#@!" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec2a-a434-4f1d-b1e2-9804950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:18.000Z", "modified": "2015-08-18T08:26:18.000Z", "pattern": "[file:hashes.MD5 = '16346b95e6deef9da7fe796c31b9dec4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec2b-4958-4ca6-9c55-9804950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:19.000Z", "modified": "2015-08-18T08:26:19.000Z", "pattern": "[file:hashes.MD5 = 'fc554a0ad7cf9d4f47ec4f297dbde375']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec2b-08cc-438a-973c-9804950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:19.000Z", "modified": "2015-08-18T08:26:19.000Z", "pattern": "[file:hashes.MD5 = 'a8714aac274a18f1724d9702d40030bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec2b-b49c-4e7e-aaa9-9804950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:19.000Z", "modified": "2015-08-18T08:26:19.000Z", "pattern": "[file:hashes.MD5 = 'd9a7c4a100cfefef995785f707be895c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec3a-84b8-4b12-88ea-7c5e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:34.000Z", "modified": "2015-08-18T08:26:34.000Z", "pattern": "[domain-name:value = 'toornt.servegame.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec3a-b1e4-436b-a630-7c5e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:34.000Z", "modified": "2015-08-18T08:26:34.000Z", "pattern": "[domain-name:value = 'updateo.servegame.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec3a-d668-4526-be3a-7c5e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:34.000Z", "modified": "2015-08-18T08:26:34.000Z", "pattern": "[domain-name:value = 'egypttv.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec3a-f498-428a-84c1-7c5e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:34.000Z", "modified": "2015-08-18T08:26:34.000Z", "pattern": "[domain-name:value = 'skype.servemp3.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec3a-f1b0-4307-930f-7c5e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:26:34.000Z", "modified": "2015-08-18T08:26:34.000Z", "pattern": "[domain-name:value = 'natco2.no-ip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:26:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec5c-4a24-422c-895c-9673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:27:08.000Z", "modified": "2015-08-18T08:27:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:27:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec5d-c21c-43ad-822a-9673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:27:09.000Z", "modified": "2015-08-18T08:27:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec5d-c4e4-43fb-9584-9673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:27:09.000Z", "modified": "2015-08-18T08:27:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec5d-c8e0-4024-96bd-9673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:27:09.000Z", "modified": "2015-08-18T08:27:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec5d-8ef8-420d-931a-9673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:27:09.000Z", "modified": "2015-08-18T08:27:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec5d-36c0-4e7f-86ca-9673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:27:09.000Z", "modified": "2015-08-18T08:27:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ec7e-be34-4690-ba35-966f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T19:59:05.000Z", "modified": "2017-06-22T19:59:05.000Z", "pattern": "[rule Molerats_certs\n{\nmeta:\n author = \"FireEye Labs\"\n description = \"this rule detections code signed with certificates used by the Molerats actor\"\n\nstrings:\n $cert1 = {06 50 11 A5 BC BF 83 C0 93 28 16 5E 7E 85 27 75}\n $cert2 = {03 e1 e1 aa a5 bc a1 9f ba 8c 42 05 8b 4a bf 28}\n $cert3 = {0c c0 35 9c 9c 3c da 00 d7 e9 da 2d c6 ba 7b 6d}\n\ncondition:\n 1 of ($cert*)\n}]", "pattern_type": "yara", "valid_from": "2017-06-22T19:59:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb3-aba8-4a4e-a1e9-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:35.000Z", "modified": "2015-08-18T08:28:35.000Z", "pattern": "[file:hashes.MD5 = '9dff139bbbe476770294fb86f4e156ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb3-ede8-46c1-ada5-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:35.000Z", "modified": "2015-08-18T08:28:35.000Z", "pattern": "[file:hashes.MD5 = '6350d1039742b87b7917a5e26de2c25c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb3-d644-402a-98d5-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:35.000Z", "modified": "2015-08-18T08:28:35.000Z", "pattern": "[file:hashes.MD5 = 'b0a9abc76a2b4335074a13939c59bfc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb4-cbbc-4cba-9aeb-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:36.000Z", "modified": "2015-08-18T08:28:36.000Z", "pattern": "[file:hashes.MD5 = '5b740b4623b2d1049c0036a6aae684b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb4-443c-42fa-b9dc-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:36.000Z", "modified": "2015-08-18T08:28:36.000Z", "pattern": "[file:hashes.MD5 = 'cf31aea415e7013e85d1687a1c0f5daa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb4-20d8-4a64-b332-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:36.000Z", "modified": "2015-08-18T08:28:36.000Z", "pattern": "[file:hashes.MD5 = '973b5f2a5608d243e7305ee4f9249302']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb4-5fd4-4777-b900-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:36.000Z", "modified": "2015-08-18T08:28:36.000Z", "pattern": "[file:hashes.MD5 = 'e85fc76362c2e9dc7329fddda8acc89e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb4-cee0-4dc1-b27e-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:36.000Z", "modified": "2015-08-18T08:28:36.000Z", "pattern": "[file:hashes.MD5 = 'b05603938a888018d4dcdc551c4be8ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d2ecb5-23b4-4842-be8d-876d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-18T08:28:37.000Z", "modified": "2015-08-18T08:28:37.000Z", "pattern": "[file:hashes.MD5 = '9ef9a631160b96322010a5238defc673']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-18T08:28:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673ef-24a8-47b3-b427-4249950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:23.000Z", "modified": "2016-02-19T01:46:23.000Z", "description": "Automatically added (via 16346b95e6deef9da7fe796c31b9dec4)", "pattern": "[file:hashes.SHA1 = '4662aa7b63d4377c38c38c6ed092b88e13883150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f1-b2dc-42aa-b601-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:25.000Z", "modified": "2016-02-19T01:46:25.000Z", "description": "Automatically added (via a8714aac274a18f1724d9702d40030bf)", "pattern": "[file:hashes.SHA1 = 'd5da2c4e6024056ca07958d8b6336d17f7109cf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f2-ed28-4341-be11-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:26.000Z", "modified": "2016-02-19T01:46:26.000Z", "description": "Automatically added (via d9a7c4a100cfefef995785f707be895c)", "pattern": "[file:hashes.SHA1 = '2ae0ba3873b44d2bacf026ad547e65b69fbbb641']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f4-a5c4-4f07-ab2f-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:28.000Z", "modified": "2016-02-19T01:46:28.000Z", "description": "Automatically added (via 9dff139bbbe476770294fb86f4e156ac)", "pattern": "[file:hashes.SHA1 = 'cbd95c2d6209e7db9cb5af62b986d6fdf3b0b032']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f5-bf90-4d53-9f6d-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:29.000Z", "modified": "2016-02-19T01:46:29.000Z", "description": "Automatically added (via 6350d1039742b87b7917a5e26de2c25c)", "pattern": "[file:hashes.SHA1 = '336151283faff1cd5bd9ced42b8cf9e15c3bffc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f7-1394-4e3b-a50c-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:31.000Z", "modified": "2016-02-19T01:46:31.000Z", "description": "Automatically added (via 5b740b4623b2d1049c0036a6aae684b0)", "pattern": "[file:hashes.SHA1 = 'a684da91db91fe1b8b4c1d842d739da85e065e45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f8-76c8-4d94-b222-4bdb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:32.000Z", "modified": "2016-02-19T01:46:32.000Z", "description": "Automatically added (via 973b5f2a5608d243e7305ee4f9249302)", "pattern": "[file:hashes.SHA1 = 'e27729038d209e9b67577387f8164d5e7c5b921d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f9-79d4-4d33-93c3-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:33.000Z", "modified": "2016-02-19T01:46:33.000Z", "description": "Automatically added (via e85fc76362c2e9dc7329fddda8acc89e)", "pattern": "[file:hashes.SHA1 = 'eebf9abe5c8aea61bc083e44089accb5dca36041']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673fa-57f0-4ce3-980b-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:34.000Z", "modified": "2016-02-19T01:46:34.000Z", "description": "Automatically added (via b05603938a888018d4dcdc551c4be8ac)", "pattern": "[file:hashes.SHA1 = '52fae7e11829a4e3979ae719c92f44ffd102b4d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673fc-f658-4f61-a69c-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:36.000Z", "modified": "2016-02-19T01:46:36.000Z", "description": "Automatically added (via 9ef9a631160b96322010a5238defc673)", "pattern": "[file:hashes.SHA1 = 'a2c051fac0f5f5b42a5b7ec94411a70c16dc239c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f0-e658-4060-a4b0-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:24.000Z", "modified": "2016-02-19T01:46:24.000Z", "description": "Automatically added (via 16346b95e6deef9da7fe796c31b9dec4)", "pattern": "[file:hashes.SHA256 = 'b745cf098e8643fb92723dedaef3343ec659baa288fffe847e961a8e62c2075f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f2-de38-4262-92c5-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:26.000Z", "modified": "2016-02-19T01:46:26.000Z", "description": "Automatically added (via a8714aac274a18f1724d9702d40030bf)", "pattern": "[file:hashes.SHA256 = '4f3bd6a74ddb04a5c4ae2f0b7290e1fe06123fbb681039962b3b291d143ebbc3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f3-c984-4362-b914-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:27.000Z", "modified": "2016-02-19T01:46:27.000Z", "description": "Automatically added (via d9a7c4a100cfefef995785f707be895c)", "pattern": "[file:hashes.SHA256 = 'bc2c1e2d23058a9277e8f3550fb7b0dfbb2c6e8a19e7981e24a72ea725682ecf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f4-4f5c-4a34-904c-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:28.000Z", "modified": "2016-02-19T01:46:28.000Z", "description": "Automatically added (via 9dff139bbbe476770294fb86f4e156ac)", "pattern": "[file:hashes.SHA256 = 'faf73608255525a2a62825178f79d592a7a7a2597385d7887178d89cc67e7265']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f6-698c-4590-8c77-4556950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:30.000Z", "modified": "2016-02-19T01:46:30.000Z", "description": "Automatically added (via 6350d1039742b87b7917a5e26de2c25c)", "pattern": "[file:hashes.SHA256 = '48d671f419d957e4a1cd1a0cc54a0cd72b259b9558c2e95cf6d06850bf12e0f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f7-164c-44e8-8ec5-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:31.000Z", "modified": "2016-02-19T01:46:31.000Z", "description": "Automatically added (via 5b740b4623b2d1049c0036a6aae684b0)", "pattern": "[file:hashes.SHA256 = '34c13f37fa7f31b0143509b1545ab5b248def00827880708103ce427621fdfa6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673f9-1d4c-4328-ade7-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:33.000Z", "modified": "2016-02-19T01:46:33.000Z", "description": "Automatically added (via 973b5f2a5608d243e7305ee4f9249302)", "pattern": "[file:hashes.SHA256 = '4754fb852c5c82c8b94ae6a0cbb2edd1e82b369b0fdbc3bf8a04bed293b0f4fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673fa-2610-4a95-b832-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:34.000Z", "modified": "2016-02-19T01:46:34.000Z", "description": "Automatically added (via e85fc76362c2e9dc7329fddda8acc89e)", "pattern": "[file:hashes.SHA256 = '23aa514a00838624795a13bcc0b7ff54d462a3cf12c53a00ee877424a180dd81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673fb-e8a8-4807-a7a3-4cd5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:35.000Z", "modified": "2016-02-19T01:46:35.000Z", "description": "Automatically added (via b05603938a888018d4dcdc551c4be8ac)", "pattern": "[file:hashes.SHA256 = '9bdbfd5a70750f02b094786710fefb50ba839ed50ca3546dedd39cb92cc5156b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c673fc-74b8-4e7a-8b7c-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T01:46:36.000Z", "modified": "2016-02-19T01:46:36.000Z", "description": "Automatically added (via 9ef9a631160b96322010a5238defc673)", "pattern": "[file:hashes.SHA256 = '6766177387cd1deda85fcda715fa6ffac3216c206e11857ac5d719ff408d930d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T01:46:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }