{ "type": "bundle", "id": "bundle--574efbb3-e924-4d54-a701-43a1950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:12.000Z", "modified": "2016-06-01T19:27:12.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--574efbb3-e924-4d54-a701-43a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:12.000Z", "modified": "2016-06-01T19:27:12.000Z", "name": "OSINT - \u00d0\u2018\u00d0\u00b0\u00d0\u00bd\u00d0\u00ba\u00d0\u00be\u00d0\u00b2\u00d1\u0081\u00d0\u00ba\u00d0\u00b8\u00d0\u00b9 \u00d1\u201a\u00d1\u20ac\u00d0\u00be\u00d1\u008f\u00d0\u00bd\u00d0\u00b5\u00d1\u2020 Lurk: \u00d1\u0081\u00d0\u00bf\u00d0\u00b5\u00d1\u2020\u00d0\u00b8\u00d0\u00b0\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be \u00d0\u00b4\u00d0\u00bb\u00d1\u008f \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 (Banking Trojan Lurk: specially for Russia)", "published": "2016-06-01T19:42:23Z", "object_refs": [ "observed-data--574efbd4-f9b8-4aa2-b31f-48f1950d210f", "url--574efbd4-f9b8-4aa2-b31f-48f1950d210f", "indicator--574efbff-2ef4-45f6-b455-4990950d210f", "indicator--574efbff-994c-473b-b7a1-4ae0950d210f", "indicator--574efc00-c2e8-4190-9e4c-40e8950d210f", "indicator--574efc00-a578-4a72-bb53-482f950d210f", "indicator--574efc00-57fc-4cf3-9f44-4f4e950d210f", "indicator--574efc01-303c-4f04-89f6-4426950d210f", "indicator--574efc01-d3a0-4ffe-9c5c-4bb1950d210f", "indicator--574efc02-d4e4-4068-92b2-4b78950d210f", "indicator--574efc02-3138-4e80-8bb2-49c4950d210f", "indicator--574efc02-63e0-467c-a215-4407950d210f", "indicator--574efc03-3734-473e-9db2-4f11950d210f", "indicator--574efc03-3560-4486-941b-4b93950d210f", "indicator--574efc03-3864-4d45-814f-4ec1950d210f", "indicator--574efc04-10f4-4f06-9a2c-43f1950d210f", "indicator--574efc04-21b0-4079-bb67-45a8950d210f", "indicator--574efc05-bf10-44c2-aa32-4efc950d210f", "indicator--574efc05-45e8-4d65-ba1c-480d950d210f", "indicator--574efc05-882c-4ce1-89fb-45ec950d210f", "indicator--574efc06-4430-411c-996e-4641950d210f", "indicator--574efc06-47c8-49b5-ab5b-43a3950d210f", "indicator--574efc07-9e1c-42db-a479-4634950d210f", "indicator--574efc07-b754-4de4-97b9-4c1d950d210f", "indicator--574efc2b-1b88-40a7-a601-42a7950d210f", "indicator--574f35bf-19ac-45a6-bc81-4958950d210f", "indicator--574f35bf-5010-4a41-8d93-4b73950d210f", "indicator--574f35c0-6688-4bea-885c-4958950d210f", "indicator--574f35c0-0fb0-4ac7-84c0-4dcc950d210f", "indicator--574f35c0-1cac-472f-8b82-4799950d210f", "indicator--574f35c0-8b00-4f4e-aae7-483b950d210f", "indicator--574f35c0-8268-4442-8d81-4bd5950d210f", "indicator--574f35c0-28ac-4651-bb0d-4f24950d210f", "indicator--574f35c1-b764-4f09-994c-4126950d210f", "indicator--574f35c1-eb58-4dc5-b57d-48d3950d210f", "indicator--574f35c1-7cf0-4c4b-a535-43c3950d210f", "indicator--574f35c1-d868-49f8-bca7-4e28950d210f", "indicator--574f35c1-7a28-4a02-8529-44c3950d210f", "indicator--574f35c2-c4e8-42e2-a102-44cd950d210f", "indicator--574f35c2-f084-4457-b58d-4f2a950d210f", "indicator--574f35c2-3a8c-4fe0-968d-4ea5950d210f", "indicator--574f35d1-128c-470f-a915-4039950d210f", "indicator--574f35e0-d160-4649-ad3d-4911950d210f", "indicator--574f35e1-8cbc-40c9-afa0-49eb950d210f", "indicator--574f35f1-c740-420e-a270-4b22950d210f", "indicator--574f35f1-4614-4a5f-8901-4b52950d210f", "indicator--574f35f1-2ac4-4ba2-b223-487a950d210f", "indicator--574f35f1-3200-4f87-b837-4923950d210f", "indicator--574f360b-ac64-421d-853f-3834950d210f", "indicator--574f360b-fc0c-4304-b0e4-3834950d210f", "indicator--574f360b-985c-46fc-82e3-3834950d210f", "indicator--574f361b-4e08-4b0d-970b-45c0950d210f", "indicator--574f361b-f084-4bbc-b9d4-4f20950d210f", "indicator--574f365c-3784-4835-81bf-9bee950d210f", "indicator--574f365d-d9b8-4fd3-a62f-9bee950d210f", "indicator--574f365d-dc1c-41b7-988c-9bee950d210f", "indicator--574f365d-db00-4686-a808-9bee950d210f", "indicator--574f365d-9db4-4f72-a516-9bee950d210f", "indicator--574f365d-af2c-413c-9b91-9bee950d210f", "indicator--574f365e-96a4-4dbd-854b-9bee950d210f", "indicator--574f365e-9204-40a5-a8c7-9bee950d210f", "indicator--574f365e-85b8-4139-879f-9bee950d210f", "indicator--574f365e-e6e8-47cf-86e4-9bee950d210f", "indicator--574f365e-83e8-468a-b709-9bee950d210f", "indicator--574f365f-2f90-4390-b60f-9bee950d210f", "indicator--574f365f-1c60-45e9-abfb-9bee950d210f", "indicator--574f365f-2a9c-450d-a3ff-9bee950d210f", "indicator--574f365f-f604-40f2-9ff6-9bee950d210f", "indicator--574f36a8-4628-4ceb-8f71-483c950d210f", "indicator--574f36a9-c108-484f-b638-450b950d210f", "indicator--574f36a9-e55c-4242-9415-485d950d210f", "indicator--574f36a9-5270-41fb-ba5d-474b950d210f", "indicator--574f36a9-b548-49fa-b8fe-4022950d210f", "indicator--574f36a9-a0ac-41ee-a1f3-4cf9950d210f", "indicator--574f36a9-2f0c-42d3-8b04-4abb950d210f", "indicator--574f36aa-b4d0-4940-93b3-45a5950d210f", "indicator--574f36aa-f5c4-4955-9c09-41be950d210f", "indicator--574f36aa-0570-45cc-8930-4bcb950d210f", "indicator--574f36aa-ea00-4f8d-ba2d-4793950d210f", "indicator--574f36aa-6668-4576-9fc9-481a950d210f", "indicator--574f36aa-4ecc-4266-8d4f-49df950d210f", "indicator--574f36ab-01a8-4cb5-91dc-4ee0950d210f", "indicator--574f36ab-4d24-4350-bed4-4f72950d210f", "indicator--574f36ab-55a0-489c-acf0-4be1950d210f", "indicator--574f36ab-825c-455b-bd9b-4fb0950d210f", "indicator--574f36ab-2204-459c-a10e-40fb950d210f", "indicator--574f36ab-b518-415f-8162-4015950d210f", "indicator--574f36ac-f478-4c48-960f-48ca950d210f", "observed-data--574f36c5-6f2c-4b7d-ace5-4be6950d210f", "windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f", "observed-data--574f36c6-39c8-4b44-b2ed-463d950d210f", "windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f", "observed-data--574f36c6-c4d8-4d45-9bb1-4717950d210f", "windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f", "observed-data--574f36c6-f690-4b74-a78a-40d8950d210f", "windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f", "indicator--574f3711-4f90-44e0-ba54-9bee02de0b81", "indicator--574f3711-1b5c-4f61-8e1f-9bee02de0b81", "observed-data--574f3711-dfb0-4a01-840a-9bee02de0b81", "url--574f3711-dfb0-4a01-840a-9bee02de0b81", "indicator--574f3711-1ab8-4aae-8df6-9bee02de0b81", "indicator--574f3711-7518-456d-847e-9bee02de0b81", "observed-data--574f3711-6b50-4350-9da8-9bee02de0b81", "url--574f3711-6b50-4350-9da8-9bee02de0b81", "indicator--574f3712-96a0-4400-b793-9bee02de0b81", "indicator--574f3712-59dc-4956-80f7-9bee02de0b81", "observed-data--574f3712-bc1c-42c3-a004-9bee02de0b81", "url--574f3712-bc1c-42c3-a004-9bee02de0b81", "indicator--574f3712-d2d8-43fe-9f3b-9bee02de0b81", "indicator--574f3712-7054-487d-a64a-9bee02de0b81", "observed-data--574f3712-230c-4b42-b048-9bee02de0b81", "url--574f3712-230c-4b42-b048-9bee02de0b81", "indicator--574f3713-154c-4a09-83a3-9bee02de0b81", "indicator--574f3713-9f40-42d8-a3c9-9bee02de0b81", "observed-data--574f3713-d628-4a92-bf99-9bee02de0b81", "url--574f3713-d628-4a92-bf99-9bee02de0b81", "indicator--574f3713-9590-4e27-b1d5-9bee02de0b81", "indicator--574f3713-504c-401f-ae58-9bee02de0b81", "observed-data--574f3713-0444-48a0-a52b-9bee02de0b81", "url--574f3713-0444-48a0-a52b-9bee02de0b81", "indicator--574f3714-4be0-462b-8e7c-9bee02de0b81", "indicator--574f3714-04cc-4a52-adc6-9bee02de0b81", "observed-data--574f3714-8e68-4f32-a906-9bee02de0b81", "url--574f3714-8e68-4f32-a906-9bee02de0b81", "indicator--574f3714-7b44-46a4-aa25-9bee02de0b81", "indicator--574f3714-dc44-40c7-b8e3-9bee02de0b81", "observed-data--574f3714-5124-4259-bf2d-9bee02de0b81", "url--574f3714-5124-4259-bf2d-9bee02de0b81", "indicator--574f3715-0344-4573-8920-9bee02de0b81", "indicator--574f3715-0fd4-4a9f-b632-9bee02de0b81", "observed-data--574f3715-1220-4311-86c9-9bee02de0b81", "url--574f3715-1220-4311-86c9-9bee02de0b81", "indicator--574f3715-1694-4a51-b3e2-9bee02de0b81", "indicator--574f3715-7654-46f1-acae-9bee02de0b81", "observed-data--574f3715-a540-4403-8b03-9bee02de0b81", "url--574f3715-a540-4403-8b03-9bee02de0b81", "indicator--574f3716-b01c-42fa-9200-9bee02de0b81", "indicator--574f3716-7bc8-4050-b2eb-9bee02de0b81", "observed-data--574f3716-d86c-4cfb-8549-9bee02de0b81", "url--574f3716-d86c-4cfb-8549-9bee02de0b81", "indicator--574f3716-5db0-4532-97de-9bee02de0b81", "indicator--574f3716-c6a4-4360-bd4d-9bee02de0b81", "observed-data--574f3716-cba4-424c-b9d6-9bee02de0b81", "url--574f3716-cba4-424c-b9d6-9bee02de0b81", "indicator--574f3717-6058-46cb-b329-9bee02de0b81", "indicator--574f3717-c13c-4d0f-96fd-9bee02de0b81", "observed-data--574f3717-ca98-49a2-b654-9bee02de0b81", "url--574f3717-ca98-49a2-b654-9bee02de0b81", "indicator--574f3717-692c-4098-9822-9bee02de0b81", "indicator--574f3717-c25c-40d9-bd0a-9bee02de0b81", "observed-data--574f3717-8824-4571-a417-9bee02de0b81", "url--574f3717-8824-4571-a417-9bee02de0b81", "indicator--574f3718-2420-4139-a231-9bee02de0b81", "indicator--574f3718-eefc-48c6-b20d-9bee02de0b81", "observed-data--574f3718-faa8-4b8c-aa4d-9bee02de0b81", "url--574f3718-faa8-4b8c-aa4d-9bee02de0b81", "indicator--574f3718-1a68-436c-b666-9bee02de0b81", "indicator--574f3718-d260-4817-8f62-9bee02de0b81", "observed-data--574f3718-7bac-4d99-9325-9bee02de0b81", "url--574f3718-7bac-4d99-9325-9bee02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "circl:topic=\"finance\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574efbd4-f9b8-4aa2-b31f-48f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:14:28.000Z", "modified": "2016-06-01T15:14:28.000Z", "first_observed": "2016-06-01T15:14:28Z", "last_observed": "2016-06-01T15:14:28Z", "number_observed": 1, "object_refs": [ "url--574efbd4-f9b8-4aa2-b31f-48f1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574efbd4-f9b8-4aa2-b31f-48f1950d210f", "value": "https://securelist.ru/featured/28708/bankovskij-troyanec-lurk-specialno-dlya-rossii/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efbff-2ef4-45f6-b455-4990950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:11.000Z", "modified": "2016-06-01T15:15:11.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = '3d4vzfh68.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efbff-994c-473b-b7a1-4ae0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:11.000Z", "modified": "2016-06-01T15:15:11.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = '43xkchcoljx.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc00-c2e8-4190-9e4c-40e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:12.000Z", "modified": "2016-06-01T15:15:12.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'carlton69f.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc00-a578-4a72-bb53-482f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:12.000Z", "modified": "2016-06-01T15:15:12.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'diameter40i.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc00-57fc-4cf3-9f44-4f4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:12.000Z", "modified": "2016-06-01T15:15:12.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'elijah69valery.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc01-303c-4f04-89f6-4426950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:13.000Z", "modified": "2016-06-01T15:15:13.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'embassy96k.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc01-d3a0-4ffe-9c5c-4bb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:13.000Z", "modified": "2016-06-01T15:15:13.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'evince76lambert.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc02-d4e4-4068-92b2-4b78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:14.000Z", "modified": "2016-06-01T15:15:14.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'globe79stanhope.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc02-3138-4e80-8bb2-49c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:14.000Z", "modified": "2016-06-01T15:15:14.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'groom58queasy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc02-63e0-467c-a215-4407950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:14.000Z", "modified": "2016-06-01T15:15:14.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'hackle14strand.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc03-3734-473e-9db2-4f11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:15.000Z", "modified": "2016-06-01T15:15:15.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'hotbed89internal.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc03-3560-4486-941b-4b93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:15.000Z", "modified": "2016-06-01T15:15:15.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'mechanic17a.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc03-3864-4d45-814f-4ec1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:15.000Z", "modified": "2016-06-01T15:15:15.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'paper17cried.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc04-10f4-4f06-9a2c-43f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:16.000Z", "modified": "2016-06-01T15:15:16.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'plaguey42u.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc04-21b0-4079-bb67-45a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:16.000Z", "modified": "2016-06-01T15:15:16.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'possum89hilarity.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc05-bf10-44c2-aa32-4efc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:17.000Z", "modified": "2016-06-01T15:15:17.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'rhythmic81o.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc05-45e8-4d65-ba1c-480d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:17.000Z", "modified": "2016-06-01T15:15:17.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'ri493hfkzrb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc05-882c-4ce1-89fb-45ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:17.000Z", "modified": "2016-06-01T15:15:17.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'roomful44e.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc06-4430-411c-996e-4641950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:18.000Z", "modified": "2016-06-01T15:15:18.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 's8f40ocjv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc06-47c8-49b5-ab5b-43a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:18.000Z", "modified": "2016-06-01T15:15:18.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'scale57banana.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc07-9e1c-42db-a479-4634950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:19.000Z", "modified": "2016-06-01T15:15:19.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'wing97pyroxene.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc07-b754-4de4-97b9-4c1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:19.000Z", "modified": "2016-06-01T15:15:19.000Z", "description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server", "pattern": "[domain-name:value = 'yf3zf90kz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T15:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574efc2b-1b88-40a7-a601-42a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T15:15:55.000Z", "modified": "2016-06-01T15:15:55.000Z", "pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\u00c2\u00bbBot.Lurk.HTTP.C&C\u00c2\u00bb; flow:established,to_server; content:\u00c2\u00bbPOST\u00c2\u00bb; pcre:\u00c2\u00bb/\\?hl=[a-z]+&source=[^\\r\\n&]+&q=[^\\r\\n&]+/msi\u00c2\u00bb;)]", "pattern_type": "snort", "valid_from": "2016-06-01T15:15:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35bf-19ac-45a6-bc81-4958950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:35.000Z", "modified": "2016-06-01T19:21:35.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '185c8ffa99ba1e9b06d1a5effae7b842']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35bf-5010-4a41-8d93-4b73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:35.000Z", "modified": "2016-06-01T19:21:35.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '2f3259f58a33176d938cbd9bc342fddd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c0-6688-4bea-885c-4958950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:36.000Z", "modified": "2016-06-01T19:21:36.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '217dab08b62b6f892a7d33e05e7f788c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c0-0fb0-4ac7-84c0-4dcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:36.000Z", "modified": "2016-06-01T19:21:36.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '3387e820f0f67ff00cf0c6d0f5ea2b75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c0-1cac-472f-8b82-4799950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:36.000Z", "modified": "2016-06-01T19:21:36.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '36db67ccadc59d27cd4adf5f0944330d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c0-8b00-4f4e-aae7-483b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:36.000Z", "modified": "2016-06-01T19:21:36.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '6548d3304e5da11ed2bed0551c3d6922']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c0-8268-4442-8d81-4bd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:36.000Z", "modified": "2016-06-01T19:21:36.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '72d272a8198f1e5849207bc03024922d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c0-28ac-4651-bb0d-4f24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:36.000Z", "modified": "2016-06-01T19:21:36.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = '85b66824a7f2787e87079903f0adebdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c1-b764-4f09-994c-4126950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:37.000Z", "modified": "2016-06-01T19:21:37.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'b4ffad760a52760fbd4ce25d7422a07b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c1-eb58-4dc5-b57d-48d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:37.000Z", "modified": "2016-06-01T19:21:37.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'c461706e084880a9f0409e3a6b1f1ecd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c1-7cf0-4c4b-a535-43c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:37.000Z", "modified": "2016-06-01T19:21:37.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'd0b4c0b43f539384bbdc103182e7ff42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c1-d868-49f8-bca7-4e28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:37.000Z", "modified": "2016-06-01T19:21:37.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'e006469ea4b34c757fd1aa38e6bdaa72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c1-7a28-4a02-8529-44c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:37.000Z", "modified": "2016-06-01T19:21:37.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'e305b5d37b04a2d5d9aa8499bbf88940']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c2-c4e8-42e2-a102-44cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:38.000Z", "modified": "2016-06-01T19:21:38.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'e9cab9097e7f847b388b1c27425d6e9a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c2-f084-4457-b58d-4f2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:38.000Z", "modified": "2016-06-01T19:21:38.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'e9da19440fca6f0747bdee8c7985917f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35c2-3a8c-4fe0-968d-4ea5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:38.000Z", "modified": "2016-06-01T19:21:38.000Z", "description": "mini", "pattern": "[file:hashes.MD5 = 'f5022eae8004458174c10cb80cce5317']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35d1-128c-470f-a915-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:21:53.000Z", "modified": "2016-06-01T19:21:53.000Z", "description": "prescanner", "pattern": "[file:hashes.MD5 = 'a802968403162f6979d72e04597b6d1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:21:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35e0-d160-4649-ad3d-4911950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:08.000Z", "modified": "2016-06-01T19:22:08.000Z", "description": "core", "pattern": "[file:hashes.MD5 = 'c15e18aff4cdc76e99c7cb34d4782dda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35e1-8cbc-40c9-afa0-49eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:09.000Z", "modified": "2016-06-01T19:22:09.000Z", "description": "core", "pattern": "[file:hashes.MD5 = '8643e70f8c639c6a9db527285aa3bdf7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35f1-c740-420e-a270-4b22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:25.000Z", "modified": "2016-06-01T19:22:25.000Z", "description": "ibank.dll", "pattern": "[file:hashes.MD5 = 'a6c032b192a8edef236b30f13bbff204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35f1-4614-4a5f-8901-4b52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:25.000Z", "modified": "2016-06-01T19:22:25.000Z", "description": "ibank.dll", "pattern": "[file:hashes.MD5 = '4cb6ca447c130554ff16787a56a1e278']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35f1-2ac4-4ba2-b223-487a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:25.000Z", "modified": "2016-06-01T19:22:25.000Z", "description": "ibank.dll", "pattern": "[file:hashes.MD5 = 'bfe73de645c4d65d15228bd9a3eba1b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f35f1-3200-4f87-b837-4923950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:25.000Z", "modified": "2016-06-01T19:22:25.000Z", "description": "ibank.dll", "pattern": "[file:hashes.MD5 = 'cc891b715c4d81143491164bff23bf27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f360b-ac64-421d-853f-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:51.000Z", "modified": "2016-06-01T19:22:51.000Z", "description": "module_vnc", "pattern": "[file:hashes.MD5 = '601f0691d03cd81d94ad7be13a10a4db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f360b-fc0c-4304-b0e4-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:51.000Z", "modified": "2016-06-01T19:22:51.000Z", "description": "module_vnc", "pattern": "[file:hashes.MD5 = '6e5adf6246c5f8a4d5f4f6bbfc5033b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f360b-985c-46fc-82e3-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:22:51.000Z", "modified": "2016-06-01T19:22:51.000Z", "description": "module_vnc", "pattern": "[file:hashes.MD5 = '78edd93cea9bedb90e55de6d71cea9c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f361b-4e08-4b0d-970b-45c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:23:07.000Z", "modified": "2016-06-01T19:23:07.000Z", "description": "w3bank.dll", "pattern": "[file:hashes.MD5 = '1b84e30d4df8675dc971ccb9bee7fdf5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:23:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f361b-f084-4bbc-b9d4-4f20950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:23:07.000Z", "modified": "2016-06-01T19:23:07.000Z", "description": "w3bank.dll", "pattern": "[file:hashes.MD5 = '3a078d5d595b0f41ad74e1d5a05f7896']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:23:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365c-3784-4835-81bf-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:12.000Z", "modified": "2016-06-01T19:24:12.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ddd2.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365d-d9b8-4fd3-a62f-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:13.000Z", "modified": "2016-06-01T19:24:13.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\pdk2.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365d-dc1c-41b7-988c-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:13.000Z", "modified": "2016-06-01T19:24:13.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\km48.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365d-db00-4686-a808-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:13.000Z", "modified": "2016-06-01T19:24:13.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\9llq.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365d-9db4-4f72-a516-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:13.000Z", "modified": "2016-06-01T19:24:13.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ddqq.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365d-af2c-413c-9b91-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:13.000Z", "modified": "2016-06-01T19:24:13.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\834r.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365e-96a4-4dbd-854b-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:14.000Z", "modified": "2016-06-01T19:24:14.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\gi4q.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365e-9204-40a5-a8c7-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:14.000Z", "modified": "2016-06-01T19:24:14.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\wu3w.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365e-85b8-4139-879f-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:14.000Z", "modified": "2016-06-01T19:24:14.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\qq34.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365e-e6e8-47cf-86e4-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:14.000Z", "modified": "2016-06-01T19:24:14.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\dqd6.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365e-83e8-468a-b709-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:14.000Z", "modified": "2016-06-01T19:24:14.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\w4ff.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365f-2f90-4390-b60f-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:15.000Z", "modified": "2016-06-01T19:24:15.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ok4l.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365f-1c60-45e9-abfb-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:15.000Z", "modified": "2016-06-01T19:24:15.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\kfii.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365f-2a9c-450d-a3ff-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:15.000Z", "modified": "2016-06-01T19:24:15.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ie31.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f365f-f604-40f2-9ff6-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:24:15.000Z", "modified": "2016-06-01T19:24:15.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\4433.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:24:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a8-4628-4ceb-8f71-483c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:28.000Z", "modified": "2016-06-01T19:25:28.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\API32.DLL']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a9-c108-484f-b638-450b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:29.000Z", "modified": "2016-06-01T19:25:29.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\dlg.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a9-e55c-4242-9415-485d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:29.000Z", "modified": "2016-06-01T19:25:29.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\mm.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a9-5270-41fb-ba5d-474b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:29.000Z", "modified": "2016-06-01T19:25:29.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\setup.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a9-b548-49fa-b8fe-4022950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:29.000Z", "modified": "2016-06-01T19:25:29.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\help.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a9-a0ac-41ee-a1f3-4cf9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:29.000Z", "modified": "2016-06-01T19:25:29.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\mi.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36a9-2f0c-42d3-8b04-4abb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:29.000Z", "modified": "2016-06-01T19:25:29.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\http.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36aa-b4d0-4940-93b3-45a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:30.000Z", "modified": "2016-06-01T19:25:30.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\wapi.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36aa-f5c4-4955-9c09-41be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:30.000Z", "modified": "2016-06-01T19:25:30.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ER32.DLL']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36aa-0570-45cc-8930-4bcb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:30.000Z", "modified": "2016-06-01T19:25:30.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\core.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36aa-ea00-4f8d-ba2d-4793950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:30.000Z", "modified": "2016-06-01T19:25:30.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\theme.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36aa-6668-4576-9fc9-481a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:30.000Z", "modified": "2016-06-01T19:25:30.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\vw.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36aa-4ecc-4266-8d4f-49df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:30.000Z", "modified": "2016-06-01T19:25:30.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\el32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ab-01a8-4cb5-91dc-4ee0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:31.000Z", "modified": "2016-06-01T19:25:31.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\sta.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ab-4d24-4350-bed4-4f72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:31.000Z", "modified": "2016-06-01T19:25:31.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\p10.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ab-55a0-489c-acf0-4be1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:31.000Z", "modified": "2016-06-01T19:25:31.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\fc.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ab-825c-455b-bd9b-4fb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:31.000Z", "modified": "2016-06-01T19:25:31.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\in_32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ab-2204-459c-a10e-40fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:31.000Z", "modified": "2016-06-01T19:25:31.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\pool.drv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ab-b518-415f-8162-4015950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:31.000Z", "modified": "2016-06-01T19:25:31.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\env.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f36ac-f478-4c48-960f-48ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:32.000Z", "modified": "2016-06-01T19:25:32.000Z", "description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\man.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:25:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f36c5-6f2c-4b7d-ace5-4be6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:57.000Z", "modified": "2016-06-01T19:25:57.000Z", "first_observed": "2016-06-01T19:25:57Z", "last_observed": "2016-06-01T19:25:57Z", "number_observed": 1, "object_refs": [ "windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f", "key": "HKCU\\Software\\Classes\\CLSID\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f36c6-39c8-4b44-b2ed-463d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:58.000Z", "modified": "2016-06-01T19:25:58.000Z", "first_observed": "2016-06-01T19:25:58Z", "last_observed": "2016-06-01T19:25:58Z", "number_observed": 1, "object_refs": [ "windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f", "key": "HKLM\\Software\\Classes\\CLSID\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f36c6-c4d8-4d45-9bb1-4717950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:58.000Z", "modified": "2016-06-01T19:25:58.000Z", "first_observed": "2016-06-01T19:25:58Z", "last_observed": "2016-06-01T19:25:58Z", "number_observed": 1, "object_refs": [ "windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f", "key": "HKCU\\Software\\Classes\\Drive\\ShellEx\\FolderExtensions\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f36c6-f690-4b74-a78a-40d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:25:58.000Z", "modified": "2016-06-01T19:25:58.000Z", "first_observed": "2016-06-01T19:25:58Z", "last_observed": "2016-06-01T19:25:58Z", "number_observed": 1, "object_refs": [ "windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f", "key": "HKLM\\Software\\Classes\\Drive\\ShellEx\\FolderExtensions\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3711-4f90-44e0-ba54-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:13.000Z", "modified": "2016-06-01T19:27:13.000Z", "description": "ibank.dll - Xchecked via VT: bfe73de645c4d65d15228bd9a3eba1b6", "pattern": "[file:hashes.SHA256 = '28ea842ac685057d44aebf577f11cc4435d354c2df9a1d13a06da7bcd3a6ad4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3711-1b5c-4f61-8e1f-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:13.000Z", "modified": "2016-06-01T19:27:13.000Z", "description": "ibank.dll - Xchecked via VT: bfe73de645c4d65d15228bd9a3eba1b6", "pattern": "[file:hashes.SHA1 = '0aafd9da1f28bcd5111cb1cbff1ea2f1f2f9b1c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3711-dfb0-4a01-840a-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:13.000Z", "modified": "2016-06-01T19:27:13.000Z", "first_observed": "2016-06-01T19:27:13Z", "last_observed": "2016-06-01T19:27:13Z", "number_observed": 1, "object_refs": [ "url--574f3711-dfb0-4a01-840a-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3711-dfb0-4a01-840a-9bee02de0b81", "value": "https://www.virustotal.com/file/28ea842ac685057d44aebf577f11cc4435d354c2df9a1d13a06da7bcd3a6ad4b/analysis/1427919750/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3711-1ab8-4aae-8df6-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:13.000Z", "modified": "2016-06-01T19:27:13.000Z", "description": "ibank.dll - Xchecked via VT: 4cb6ca447c130554ff16787a56a1e278", "pattern": "[file:hashes.SHA256 = '557f4c79bb48103a6b7863e33691c32701cbb6d62ece8e2ad099328d371c4216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3711-7518-456d-847e-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:13.000Z", "modified": "2016-06-01T19:27:13.000Z", "description": "ibank.dll - Xchecked via VT: 4cb6ca447c130554ff16787a56a1e278", "pattern": "[file:hashes.SHA1 = '213c19798e5573e40e8e1d0c9330ca37b52eb70d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3711-6b50-4350-9da8-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:13.000Z", "modified": "2016-06-01T19:27:13.000Z", "first_observed": "2016-06-01T19:27:13Z", "last_observed": "2016-06-01T19:27:13Z", "number_observed": 1, "object_refs": [ "url--574f3711-6b50-4350-9da8-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3711-6b50-4350-9da8-9bee02de0b81", "value": "https://www.virustotal.com/file/557f4c79bb48103a6b7863e33691c32701cbb6d62ece8e2ad099328d371c4216/analysis/1438407850/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3712-96a0-4400-b793-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:14.000Z", "modified": "2016-06-01T19:27:14.000Z", "description": "ibank.dll - Xchecked via VT: a6c032b192a8edef236b30f13bbff204", "pattern": "[file:hashes.SHA256 = 'fdb92cf1c168cabd8d25299e7a7fac2a1af80da51d5977433f5b1e00d84a12ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3712-59dc-4956-80f7-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:14.000Z", "modified": "2016-06-01T19:27:14.000Z", "description": "ibank.dll - Xchecked via VT: a6c032b192a8edef236b30f13bbff204", "pattern": "[file:hashes.SHA1 = '550c531ce140e374f2b9d0dd34385fa387dcecaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3712-bc1c-42c3-a004-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:14.000Z", "modified": "2016-06-01T19:27:14.000Z", "first_observed": "2016-06-01T19:27:14Z", "last_observed": "2016-06-01T19:27:14Z", "number_observed": 1, "object_refs": [ "url--574f3712-bc1c-42c3-a004-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3712-bc1c-42c3-a004-9bee02de0b81", "value": "https://www.virustotal.com/file/fdb92cf1c168cabd8d25299e7a7fac2a1af80da51d5977433f5b1e00d84a12ec/analysis/1448994203/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3712-d2d8-43fe-9f3b-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:14.000Z", "modified": "2016-06-01T19:27:14.000Z", "description": "mini - Xchecked via VT: f5022eae8004458174c10cb80cce5317", "pattern": "[file:hashes.SHA256 = 'ce1c1976ba1e91eeb9d73f04b33b8032ef8572598063eb57da4d81517fc9389f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3712-7054-487d-a64a-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:14.000Z", "modified": "2016-06-01T19:27:14.000Z", "description": "mini - Xchecked via VT: f5022eae8004458174c10cb80cce5317", "pattern": "[file:hashes.SHA1 = 'd6faa77e9021b9429d04c0582010fc7146bd63b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3712-230c-4b42-b048-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:14.000Z", "modified": "2016-06-01T19:27:14.000Z", "first_observed": "2016-06-01T19:27:14Z", "last_observed": "2016-06-01T19:27:14Z", "number_observed": 1, "object_refs": [ "url--574f3712-230c-4b42-b048-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3712-230c-4b42-b048-9bee02de0b81", "value": "https://www.virustotal.com/file/ce1c1976ba1e91eeb9d73f04b33b8032ef8572598063eb57da4d81517fc9389f/analysis/1425258524/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3713-154c-4a09-83a3-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:15.000Z", "modified": "2016-06-01T19:27:15.000Z", "description": "mini - Xchecked via VT: e9da19440fca6f0747bdee8c7985917f", "pattern": "[file:hashes.SHA256 = '607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3713-9f40-42d8-a3c9-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:15.000Z", "modified": "2016-06-01T19:27:15.000Z", "description": "mini - Xchecked via VT: e9da19440fca6f0747bdee8c7985917f", "pattern": "[file:hashes.SHA1 = '05446c67ff8c0baffa969fc5cc4dd62edcad46f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3713-d628-4a92-bf99-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:15.000Z", "modified": "2016-06-01T19:27:15.000Z", "first_observed": "2016-06-01T19:27:15Z", "last_observed": "2016-06-01T19:27:15Z", "number_observed": 1, "object_refs": [ "url--574f3713-d628-4a92-bf99-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3713-d628-4a92-bf99-9bee02de0b81", "value": "https://www.virustotal.com/file/607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b/analysis/1464792130/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3713-9590-4e27-b1d5-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:15.000Z", "modified": "2016-06-01T19:27:15.000Z", "description": "mini - Xchecked via VT: e9cab9097e7f847b388b1c27425d6e9a", "pattern": "[file:hashes.SHA256 = '79c6599e73a1b2016081c216674fefb204df315a123776bc8ab3d7274c10f790']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3713-504c-401f-ae58-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:15.000Z", "modified": "2016-06-01T19:27:15.000Z", "description": "mini - Xchecked via VT: e9cab9097e7f847b388b1c27425d6e9a", "pattern": "[file:hashes.SHA1 = '0cc0b7aa2e39d4575a18a3b02966f1f6ca32722d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3713-0444-48a0-a52b-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:15.000Z", "modified": "2016-06-01T19:27:15.000Z", "first_observed": "2016-06-01T19:27:15Z", "last_observed": "2016-06-01T19:27:15Z", "number_observed": 1, "object_refs": [ "url--574f3713-0444-48a0-a52b-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3713-0444-48a0-a52b-9bee02de0b81", "value": "https://www.virustotal.com/file/79c6599e73a1b2016081c216674fefb204df315a123776bc8ab3d7274c10f790/analysis/1449068959/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3714-4be0-462b-8e7c-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:16.000Z", "modified": "2016-06-01T19:27:16.000Z", "description": "mini - Xchecked via VT: e305b5d37b04a2d5d9aa8499bbf88940", "pattern": "[file:hashes.SHA256 = '5a37aa0e6ff79c90837052ff429a0c6361b59f3ba0b30733212d720467a17e04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3714-04cc-4a52-adc6-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:16.000Z", "modified": "2016-06-01T19:27:16.000Z", "description": "mini - Xchecked via VT: e305b5d37b04a2d5d9aa8499bbf88940", "pattern": "[file:hashes.SHA1 = '9df4c611a01ff352e6516bce78eedb33ddeaa782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3714-8e68-4f32-a906-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:16.000Z", "modified": "2016-06-01T19:27:16.000Z", "first_observed": "2016-06-01T19:27:16Z", "last_observed": "2016-06-01T19:27:16Z", "number_observed": 1, "object_refs": [ "url--574f3714-8e68-4f32-a906-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3714-8e68-4f32-a906-9bee02de0b81", "value": "https://www.virustotal.com/file/5a37aa0e6ff79c90837052ff429a0c6361b59f3ba0b30733212d720467a17e04/analysis/1447115062/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3714-7b44-46a4-aa25-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:16.000Z", "modified": "2016-06-01T19:27:16.000Z", "description": "mini - Xchecked via VT: e006469ea4b34c757fd1aa38e6bdaa72", "pattern": "[file:hashes.SHA256 = '7aa4371015d484e8d27aa32297184853acb7c7bea7711beac396a73c82cfaa64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3714-dc44-40c7-b8e3-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:16.000Z", "modified": "2016-06-01T19:27:16.000Z", "description": "mini - Xchecked via VT: e006469ea4b34c757fd1aa38e6bdaa72", "pattern": "[file:hashes.SHA1 = '0fe481b4c8c12003b2af3c08d9e127044c6d8197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3714-5124-4259-bf2d-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:16.000Z", "modified": "2016-06-01T19:27:16.000Z", "first_observed": "2016-06-01T19:27:16Z", "last_observed": "2016-06-01T19:27:16Z", "number_observed": 1, "object_refs": [ "url--574f3714-5124-4259-bf2d-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3714-5124-4259-bf2d-9bee02de0b81", "value": "https://www.virustotal.com/file/7aa4371015d484e8d27aa32297184853acb7c7bea7711beac396a73c82cfaa64/analysis/1444892452/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3715-0344-4573-8920-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:17.000Z", "modified": "2016-06-01T19:27:17.000Z", "description": "mini - Xchecked via VT: d0b4c0b43f539384bbdc103182e7ff42", "pattern": "[file:hashes.SHA256 = '51cc680c8889a1210e829df23ce0cbae5c4c9d61fafa0c85adc35b262e509a52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3715-0fd4-4a9f-b632-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:17.000Z", "modified": "2016-06-01T19:27:17.000Z", "description": "mini - Xchecked via VT: d0b4c0b43f539384bbdc103182e7ff42", "pattern": "[file:hashes.SHA1 = '1a5a66b606f4d34f9a612cdf2b23b39f1db2f13d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3715-1220-4311-86c9-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:17.000Z", "modified": "2016-06-01T19:27:17.000Z", "first_observed": "2016-06-01T19:27:17Z", "last_observed": "2016-06-01T19:27:17Z", "number_observed": 1, "object_refs": [ "url--574f3715-1220-4311-86c9-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3715-1220-4311-86c9-9bee02de0b81", "value": "https://www.virustotal.com/file/51cc680c8889a1210e829df23ce0cbae5c4c9d61fafa0c85adc35b262e509a52/analysis/1440087528/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3715-1694-4a51-b3e2-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:17.000Z", "modified": "2016-06-01T19:27:17.000Z", "description": "mini - Xchecked via VT: c461706e084880a9f0409e3a6b1f1ecd", "pattern": "[file:hashes.SHA256 = 'f998e96c3d8241c7b44b39369f6b08962c33a2a8a3b92d005e42c22caf7a52d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3715-7654-46f1-acae-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:17.000Z", "modified": "2016-06-01T19:27:17.000Z", "description": "mini - Xchecked via VT: c461706e084880a9f0409e3a6b1f1ecd", "pattern": "[file:hashes.SHA1 = '590dc34726b769ffec2fefcb6c7adfa12577d428']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3715-a540-4403-8b03-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:17.000Z", "modified": "2016-06-01T19:27:17.000Z", "first_observed": "2016-06-01T19:27:17Z", "last_observed": "2016-06-01T19:27:17Z", "number_observed": 1, "object_refs": [ "url--574f3715-a540-4403-8b03-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3715-a540-4403-8b03-9bee02de0b81", "value": "https://www.virustotal.com/file/f998e96c3d8241c7b44b39369f6b08962c33a2a8a3b92d005e42c22caf7a52d5/analysis/1425102122/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3716-b01c-42fa-9200-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:18.000Z", "modified": "2016-06-01T19:27:18.000Z", "description": "mini - Xchecked via VT: 85b66824a7f2787e87079903f0adebdf", "pattern": "[file:hashes.SHA256 = '3a01a354b0e704a78ab22c2b45eb1feb2e06350fd057040937fc16c9640cb41b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3716-7bc8-4050-b2eb-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:18.000Z", "modified": "2016-06-01T19:27:18.000Z", "description": "mini - Xchecked via VT: 85b66824a7f2787e87079903f0adebdf", "pattern": "[file:hashes.SHA1 = 'bb41a1a2b92eec2ed448a598561351c1e38b17b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3716-d86c-4cfb-8549-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:18.000Z", "modified": "2016-06-01T19:27:18.000Z", "first_observed": "2016-06-01T19:27:18Z", "last_observed": "2016-06-01T19:27:18Z", "number_observed": 1, "object_refs": [ "url--574f3716-d86c-4cfb-8549-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3716-d86c-4cfb-8549-9bee02de0b81", "value": "https://www.virustotal.com/file/3a01a354b0e704a78ab22c2b45eb1feb2e06350fd057040937fc16c9640cb41b/analysis/1445871158/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3716-5db0-4532-97de-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:18.000Z", "modified": "2016-06-01T19:27:18.000Z", "description": "mini - Xchecked via VT: 6548d3304e5da11ed2bed0551c3d6922", "pattern": "[file:hashes.SHA256 = 'b895aa0c449901481ea50171e6a8d5bef5b9531252611a4433dba00cf4487c54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3716-c6a4-4360-bd4d-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:18.000Z", "modified": "2016-06-01T19:27:18.000Z", "description": "mini - Xchecked via VT: 6548d3304e5da11ed2bed0551c3d6922", "pattern": "[file:hashes.SHA1 = '5e30bba7651ce919d6fd93cef365bcd492090f14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3716-cba4-424c-b9d6-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:18.000Z", "modified": "2016-06-01T19:27:18.000Z", "first_observed": "2016-06-01T19:27:18Z", "last_observed": "2016-06-01T19:27:18Z", "number_observed": 1, "object_refs": [ "url--574f3716-cba4-424c-b9d6-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3716-cba4-424c-b9d6-9bee02de0b81", "value": "https://www.virustotal.com/file/b895aa0c449901481ea50171e6a8d5bef5b9531252611a4433dba00cf4487c54/analysis/1464735155/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3717-6058-46cb-b329-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:19.000Z", "modified": "2016-06-01T19:27:19.000Z", "description": "mini - Xchecked via VT: 36db67ccadc59d27cd4adf5f0944330d", "pattern": "[file:hashes.SHA256 = 'e5e815354870289991aed1523bbb48d23d5c0a9491cf781914ae27cc67cc9c12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3717-c13c-4d0f-96fd-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:19.000Z", "modified": "2016-06-01T19:27:19.000Z", "description": "mini - Xchecked via VT: 36db67ccadc59d27cd4adf5f0944330d", "pattern": "[file:hashes.SHA1 = '51e0da300047d9925710806163ed5e318a84e3b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3717-ca98-49a2-b654-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:19.000Z", "modified": "2016-06-01T19:27:19.000Z", "first_observed": "2016-06-01T19:27:19Z", "last_observed": "2016-06-01T19:27:19Z", "number_observed": 1, "object_refs": [ "url--574f3717-ca98-49a2-b654-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3717-ca98-49a2-b654-9bee02de0b81", "value": "https://www.virustotal.com/file/e5e815354870289991aed1523bbb48d23d5c0a9491cf781914ae27cc67cc9c12/analysis/1458048090/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3717-692c-4098-9822-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:19.000Z", "modified": "2016-06-01T19:27:19.000Z", "description": "mini - Xchecked via VT: 3387e820f0f67ff00cf0c6d0f5ea2b75", "pattern": "[file:hashes.SHA256 = '7d214f5f0065f0c0c0a6c22e9f4b9c5211e86e15ca3fe6eeb9e53d521b9118d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3717-c25c-40d9-bd0a-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:19.000Z", "modified": "2016-06-01T19:27:19.000Z", "description": "mini - Xchecked via VT: 3387e820f0f67ff00cf0c6d0f5ea2b75", "pattern": "[file:hashes.SHA1 = '4ddb5a210d80635f9aa543337af662c01e2a8275']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3717-8824-4571-a417-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:19.000Z", "modified": "2016-06-01T19:27:19.000Z", "first_observed": "2016-06-01T19:27:19Z", "last_observed": "2016-06-01T19:27:19Z", "number_observed": 1, "object_refs": [ "url--574f3717-8824-4571-a417-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3717-8824-4571-a417-9bee02de0b81", "value": "https://www.virustotal.com/file/7d214f5f0065f0c0c0a6c22e9f4b9c5211e86e15ca3fe6eeb9e53d521b9118d8/analysis/1442001535/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3718-2420-4139-a231-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:20.000Z", "modified": "2016-06-01T19:27:20.000Z", "description": "mini - Xchecked via VT: 2f3259f58a33176d938cbd9bc342fddd", "pattern": "[file:hashes.SHA256 = '56b931219a9705de9b7f6075a6437f906d6c6c71be37f57259d7040eeb02b75d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3718-eefc-48c6-b20d-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:20.000Z", "modified": "2016-06-01T19:27:20.000Z", "description": "mini - Xchecked via VT: 2f3259f58a33176d938cbd9bc342fddd", "pattern": "[file:hashes.SHA1 = '79403e2f7c808a977dd087ce8bf63f95ff7fd182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3718-faa8-4b8c-aa4d-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:20.000Z", "modified": "2016-06-01T19:27:20.000Z", "first_observed": "2016-06-01T19:27:20Z", "last_observed": "2016-06-01T19:27:20Z", "number_observed": 1, "object_refs": [ "url--574f3718-faa8-4b8c-aa4d-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3718-faa8-4b8c-aa4d-9bee02de0b81", "value": "https://www.virustotal.com/file/56b931219a9705de9b7f6075a6437f906d6c6c71be37f57259d7040eeb02b75d/analysis/1459933447/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3718-1a68-436c-b666-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:20.000Z", "modified": "2016-06-01T19:27:20.000Z", "description": "mini - Xchecked via VT: 185c8ffa99ba1e9b06d1a5effae7b842", "pattern": "[file:hashes.SHA256 = 'eb4d6a9e52c8a278c14c2cb51f7928d1df9dd93763e046159d34b4bf593e7415']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574f3718-d260-4817-8f62-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:20.000Z", "modified": "2016-06-01T19:27:20.000Z", "description": "mini - Xchecked via VT: 185c8ffa99ba1e9b06d1a5effae7b842", "pattern": "[file:hashes.SHA1 = '185d9a2978cf70fb94f6c33064fefacb2ecabceb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T19:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574f3718-7bac-4d99-9325-9bee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T19:27:20.000Z", "modified": "2016-06-01T19:27:20.000Z", "first_observed": "2016-06-01T19:27:20Z", "last_observed": "2016-06-01T19:27:20Z", "number_observed": 1, "object_refs": [ "url--574f3718-7bac-4d99-9325-9bee02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574f3718-7bac-4d99-9325-9bee02de0b81", "value": "https://www.virustotal.com/file/eb4d6a9e52c8a278c14c2cb51f7928d1df9dd93763e046159d34b4bf593e7415/analysis/1440398179/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }