{ "type": "bundle", "id": "bundle--55473e1b-e828-4fe9-ba30-dd1b950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:46:08.000Z", "modified": "2015-05-04T09:46:08.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55473e1b-e828-4fe9-ba30-dd1b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:46:08.000Z", "modified": "2015-05-04T09:46:08.000Z", "name": "OSINT Dalexis/CTB-Locker malspam campaign by SANS Internet Storm Center", "published": "2015-05-04T12:38:34Z", "object_refs": [ "observed-data--55473e28-9758-4548-a2e8-dd36950d210b", "url--55473e28-9758-4548-a2e8-dd36950d210b", "x-misp-attribute--55473e8c-b778-4465-bc47-4e7f950d210b", "x-misp-attribute--55473e8c-05bc-4de4-b271-432f950d210b", "observed-data--55473eba-6368-4f39-ab0a-40cb950d210b", "url--55473eba-6368-4f39-ab0a-40cb950d210b", "observed-data--55473eba-65e8-4bbb-b986-4d66950d210b", "url--55473eba-65e8-4bbb-b986-4d66950d210b", "observed-data--55473ebb-06dc-4738-9dff-4a52950d210b", "url--55473ebb-06dc-4738-9dff-4a52950d210b", "observed-data--55473ebb-8b04-4a74-9f89-4f61950d210b", "url--55473ebb-8b04-4a74-9f89-4f61950d210b", "indicator--55473ef3-983c-4cc0-80b5-ced1950d210b", "indicator--55473ef3-4c14-48b5-a203-ced1950d210b", "indicator--55473ef4-b074-4e67-9216-ced1950d210b", "indicator--55473ef4-ee00-4cf7-88f4-ced1950d210b", "indicator--55473ef4-b068-4793-9801-ced1950d210b", "indicator--55473ef4-47d8-4705-b461-ced1950d210b", "indicator--55473ef4-8d6c-4b13-9824-ced1950d210b", "indicator--55473f24-bb08-434a-a470-4086950d210b", "indicator--55473f24-14f0-4914-a834-4593950d210b", "indicator--55473f24-2f90-4e5d-8212-48dc950d210b", "indicator--55473f24-6b7c-46e6-8b6a-4b05950d210b", "indicator--55473f24-b8a4-4ea0-a5a4-46ae950d210b", "indicator--55473f24-7d2c-4083-9914-4723950d210b", "indicator--55473f24-8b30-4e89-b079-434a950d210b", "indicator--55473f24-d9bc-46a5-b590-4e7c950d210b", "indicator--55473f25-8c94-427d-a239-4a4f950d210b", "indicator--55473f9c-cdf0-48ef-a72e-42a0950d210b", "indicator--55473f9c-23f0-473b-82e9-4ccf950d210b", "indicator--55473f9c-3494-4232-b25c-4b45950d210b", "indicator--55473f9d-90b8-416f-9ee2-4145950d210b", "indicator--55473f9d-618c-4572-b9bf-4da8950d210b", "indicator--55473f9d-d724-4b83-9952-4301950d210b", "indicator--55473f9d-ac3c-43e8-8277-4d20950d210b", "indicator--55473f9d-02e4-48d8-a743-4614950d210b", "indicator--55473f9d-ac4c-4eaf-b76d-4e7e950d210b", "indicator--55473f9d-ef9c-4187-b836-48c6950d210b", "indicator--55473f9d-28e8-42a7-8c23-4761950d210b", "indicator--55473f9e-eec0-4c6f-80c5-4926950d210b", "indicator--55473f9e-9bd8-4c1b-ae0b-48aa950d210b", "indicator--55473f9e-938c-421c-9951-48a3950d210b", "indicator--55473f9e-d96c-4296-9fa1-460f950d210b", "indicator--55473f9e-5154-4338-82df-44f9950d210b", "indicator--55473f9e-ccd0-4d12-996a-4d5b950d210b", "indicator--55473f9e-e53c-4c6e-9eec-435e950d210b", "indicator--55473f9e-b9ec-4108-aaaa-40e2950d210b", "indicator--55473f9e-be68-4e68-b576-4841950d210b", "indicator--55473f9f-8ad4-499d-ac7f-4bc3950d210b", "indicator--55473f9f-3d38-47a3-ad33-4a70950d210b", "indicator--55473f9f-c5bc-4ca0-96ac-45bf950d210b", "indicator--55473f9f-05a8-4d12-880c-4a61950d210b", "indicator--55473fac-2268-46c8-a5b2-ce99950d210b", "indicator--55473fac-9c24-424d-8b06-ce99950d210b", "indicator--55473fac-00b8-4fd2-a9e1-ce99950d210b", "indicator--55473fac-2988-4a90-94bf-ce99950d210b", "indicator--55473fac-6e14-44d4-aea4-ce99950d210b", "indicator--55473fad-3be0-4231-a30e-ce99950d210b", "indicator--55473fad-2d68-4b6d-95ae-ce99950d210b", "indicator--55473fad-3fc8-48cc-b267-ce99950d210b", "indicator--55473fad-2e4c-431f-aaa8-ce99950d210b", "indicator--55473fad-52c8-48a2-8171-ce99950d210b", "indicator--55473fad-7e44-4180-a5be-ce99950d210b", "indicator--55473fad-8894-4f57-8cd6-ce99950d210b", "indicator--55473fad-1e5c-4904-b6b3-ce99950d210b", "indicator--55473fad-e9a8-4c3b-9cf7-ce99950d210b", "indicator--55473fae-3b78-4a2b-b89a-ce99950d210b", "indicator--55473fae-4458-49ff-9c56-ce99950d210b", "indicator--55473fae-394c-4124-94be-ce99950d210b", "indicator--55473fae-834c-4cc2-a913-ce99950d210b", "indicator--55473fae-747c-47c6-81e3-ce99950d210b", "indicator--55473fae-ea7c-45b8-8488-ce99950d210b", "indicator--55473fae-558c-4c6d-a818-ce99950d210b", "indicator--55473fae-5ffc-4df1-b7cc-ce99950d210b", "indicator--55473faf-4980-4dac-a0b5-ce99950d210b", "indicator--55473faf-1724-473b-9903-ce99950d210b", "observed-data--55473fe0-fc54-436f-a764-4d6c950d210b", "url--55473fe0-fc54-436f-a764-4d6c950d210b", "observed-data--55473fe1-29a8-4903-b16e-40c6950d210b", "url--55473fe1-29a8-4903-b16e-40c6950d210b", "observed-data--55473fe1-0294-4e87-b885-4a2c950d210b", "url--55473fe1-0294-4e87-b885-4a2c950d210b", "observed-data--55473fe1-4be4-4e68-97dc-4e38950d210b", "url--55473fe1-4be4-4e68-97dc-4e38950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473e28-9758-4548-a2e8-dd36950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:38:48.000Z", "modified": "2015-05-04T09:38:48.000Z", "first_observed": "2015-05-04T09:38:48Z", "last_observed": "2015-05-04T09:38:48Z", "number_observed": 1, "object_refs": [ "url--55473e28-9758-4548-a2e8-dd36950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473e28-9758-4548-a2e8-dd36950d210b", "value": "https://isc.sans.edu/diary/DalexisCTB-Locker+malspam+campaign/19641" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55473e8c-b778-4465-bc47-4e7f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:40:28.000Z", "modified": "2015-05-04T09:40:28.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Dalexis" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55473e8c-05bc-4de4-b271-432f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:40:28.000Z", "modified": "2015-05-04T09:40:28.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "CTB-Locker" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473eba-6368-4f39-ab0a-40cb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:41:14.000Z", "modified": "2015-05-04T09:41:14.000Z", "first_observed": "2015-05-04T09:41:14Z", "last_observed": "2015-05-04T09:41:14Z", "number_observed": 1, "object_refs": [ "url--55473eba-6368-4f39-ab0a-40cb950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473eba-6368-4f39-ab0a-40cb950d210b", "value": "https://malwr.com/analysis/OTVjMzRjZDFjNWYwNDlmYzk4MTVmOWRlM2IzMmVkN2Y/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473eba-65e8-4bbb-b986-4d66950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:41:14.000Z", "modified": "2015-05-04T09:41:14.000Z", "first_observed": "2015-05-04T09:41:14Z", "last_observed": "2015-05-04T09:41:14Z", "number_observed": 1, "object_refs": [ "url--55473eba-65e8-4bbb-b986-4d66950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473eba-65e8-4bbb-b986-4d66950d210b", "value": "https://malwr.com/analysis/M2NlYmU3YmIwMzM0NGY1NTk4MTBjMzM0ZmZmZmZmZTE/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473ebb-06dc-4738-9dff-4a52950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:41:15.000Z", "modified": "2015-05-04T09:41:15.000Z", "first_observed": "2015-05-04T09:41:15Z", "last_observed": "2015-05-04T09:41:15Z", "number_observed": 1, "object_refs": [ "url--55473ebb-06dc-4738-9dff-4a52950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473ebb-06dc-4738-9dff-4a52950d210b", "value": "http://www.malware-traffic-analysis.net/2015/04/28/2015-04-28-Dalexis-and-CTB-Locker-traffic.pcap" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473ebb-8b04-4a74-9f89-4f61950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:41:15.000Z", "modified": "2015-05-04T09:41:15.000Z", "first_observed": "2015-05-04T09:41:15Z", "last_observed": "2015-05-04T09:41:15Z", "number_observed": 1, "object_refs": [ "url--55473ebb-8b04-4a74-9f89-4f61950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473ebb-8b04-4a74-9f89-4f61950d210b", "value": "http://www.malware-traffic-analysis.net/2015/04/28/2015-04-28-Dalexis-samples.zip" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef3-983c-4cc0-80b5-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:11.000Z", "modified": "2015-05-04T09:42:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.160.229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef3-4c14-48b5-a203-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:11.000Z", "modified": "2015-05-04T09:42:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.162.163']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef4-b074-4e67-9216-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:12.000Z", "modified": "2015-05-04T09:42:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.187.72.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef4-ee00-4cf7-88f4-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:12.000Z", "modified": "2015-05-04T09:42:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.19.37.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef4-b068-4793-9801-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:12.000Z", "modified": "2015-05-04T09:42:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.149.140.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef4-47d8-4705-b461-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:12.000Z", "modified": "2015-05-04T09:42:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.10.55.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473ef4-8d6c-4b13-9824-ced1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:42:12.000Z", "modified": "2015-05-04T09:42:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.224.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-bb08-434a-a470-4086950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'earthfromspace.host56.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-14f0-4914-a834-4593950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'gkl.net76.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-2f90-4e5d-8212-48dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'volcanoscreens.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-6b7c-46e6-8b6a-4b05950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'ip.telize.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-b8a4-4ea0-a5a4-46ae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'www.gaglianico74.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-7d2c-4083-9914-4723950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'lancia.hr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-8b30-4e89-b079-434a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'bdfschool.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f24-d9bc-46a5-b590-4e7c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:00.000Z", "modified": "2015-05-04T09:43:00.000Z", "pattern": "[domain-name:value = 'fizxfsi3cad3kn7v.tor2web.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f25-8c94-427d-a239-4a4f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:43:01.000Z", "modified": "2015-05-04T09:43:01.000Z", "pattern": "[domain-name:value = 'fizxfsi3cad3kn7v.onion.cab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:43:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9c-cdf0-48ef-a72e-42a0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:00.000Z", "modified": "2015-05-04T09:45:00.000Z", "pattern": "[file:hashes.MD5 = '1a9fdce6b6efd094af354a389b0e04da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9c-23f0-473b-82e9-4ccf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:00.000Z", "modified": "2015-05-04T09:45:00.000Z", "pattern": "[file:hashes.MD5 = 'a1b066361440a5ff6125f15b1ba2e1b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9c-3494-4232-b25c-4b45950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:00.000Z", "modified": "2015-05-04T09:45:00.000Z", "pattern": "[file:hashes.MD5 = '01f8976034223337915e4900b76f9f26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-90b8-416f-9ee2-4145950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = 'ab9a07054a985c6ce31c7d53eee90fbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-618c-4572-b9bf-4da8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = '899689538df49556197bf1bac52f1b84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-d724-4b83-9952-4301950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = 'eea0fd780ecad755940110fc7ee6d727']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-ac3c-43e8-8277-4d20950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = 'f236e637e17bc44764e43a8041749e6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-02e4-48d8-a743-4614950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = 'eda8075438646c617419eda13700c43a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-ac4c-4eaf-b76d-4e7e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = 'd00861c5066289ea9cca3f0076f97681']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-ef9c-4187-b836-48c6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = '657e3d615bb1b6e7168319e1f9c5039f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9d-28e8-42a7-8c23-4761950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = 'b7fe085962dc7aa7622bd15c3a303b41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-eec0-4c6f-80c5-4926950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:01.000Z", "modified": "2015-05-04T09:45:01.000Z", "pattern": "[file:hashes.MD5 = '2ba4d511e07090937b5d6305af13db68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-9bd8-4c1b-ae0b-48aa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = '24698aa84b14c42121f96a22fb107d00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-938c-421c-9951-48a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = '04abf53d3b4d7bb7941a5c8397594db7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-d96c-4296-9fa1-460f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = 'b2ca48afbc0eb578a9908af8241f2ae8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-5154-4338-82df-44f9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = 'fa43842bda650c44db99f5789ef314e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-ccd0-4d12-996a-4d5b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = '802d9abf21c812501400320f2efe7040']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-e53c-4c6e-9eec-435e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = '0687f63ce92e57a76b990a8bd5500b69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-b9ec-4108-aaaa-40e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = '0918c8bfed6daac6b63145545d911c72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9e-be68-4e68-b576-4841950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:02.000Z", "modified": "2015-05-04T09:45:02.000Z", "pattern": "[file:hashes.MD5 = '2e90e6d71e665b2a079b80979ab0e2cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9f-8ad4-499d-ac7f-4bc3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:03.000Z", "modified": "2015-05-04T09:45:03.000Z", "pattern": "[file:hashes.MD5 = '5b8a27e6f366f40cda9c2167d501552e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9f-3d38-47a3-ad33-4a70950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:03.000Z", "modified": "2015-05-04T09:45:03.000Z", "pattern": "[file:hashes.MD5 = '9c1acc3f27d7007a44fc0da8fceba120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9f-c5bc-4ca0-96ac-45bf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:03.000Z", "modified": "2015-05-04T09:45:03.000Z", "pattern": "[file:hashes.MD5 = '1a6b20a5636115ac8ed3c4c4dd73f6aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473f9f-05a8-4d12-880c-4a61950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:03.000Z", "modified": "2015-05-04T09:45:03.000Z", "pattern": "[file:hashes.MD5 = 'b9d19a68205f2a7e2321ca3228aa74d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fac-2268-46c8-a5b2-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:16.000Z", "modified": "2015-05-04T09:45:16.000Z", "pattern": "[file:hashes.MD5 = '46838a76fbf59e9b78d684699417b216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fac-9c24-424d-8b06-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:16.000Z", "modified": "2015-05-04T09:45:16.000Z", "pattern": "[file:hashes.MD5 = '8f5df86fdf5f3c8e475357bab7bc38e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fac-00b8-4fd2-a9e1-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:16.000Z", "modified": "2015-05-04T09:45:16.000Z", "pattern": "[file:hashes.MD5 = '59f71ef10861d1339e9765fb512d991c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fac-2988-4a90-94bf-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:16.000Z", "modified": "2015-05-04T09:45:16.000Z", "pattern": "[file:hashes.MD5 = '0baa21fab10c7d8c64157ede39453ae5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fac-6e14-44d4-aea4-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:16.000Z", "modified": "2015-05-04T09:45:16.000Z", "pattern": "[file:hashes.MD5 = 'f953b4c8093276fbde3cfa5e63f990eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-3be0-4231-a30e-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = '6580e4ee7d718421128476a1f2f09951']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-2d68-4b6d-95ae-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = '6a15d6fa9f00d931ca95632697e5ba70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-3fc8-48cc-b267-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = '54c1ac0d5e8fa05255ae594adfe5706e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-2e4c-431f-aaa8-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = '08a0c2aaf7653530322f4d7ec738a3df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-52c8-48a2-8171-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = '1aaecdfd929725c195a7a67fc6be9b4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-7e44-4180-a5be-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = 'f51fcf418c973a94a7d208c3a8a30f19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-8894-4f57-8cd6-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = 'dbea4b3fb5341ce3ca37272e2b8052ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-1e5c-4904-b6b3-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = 'c0dc49296b0aec09c5bfefcf4129c29b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fad-e9a8-4c3b-9cf7-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:17.000Z", "modified": "2015-05-04T09:45:17.000Z", "pattern": "[file:hashes.MD5 = '9239ec6fe6703279e959f498919fdfb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-3b78-4a2b-b89a-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = 'a9d11a69c692b35235ce9c69175f0796']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-4458-49ff-9c56-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = 'bcaf9ce1881f0f282cec5489ec303585']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-394c-4124-94be-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = '70a63f45eb84cb10ab1cc3dfb4ac8a3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-834c-4cc2-a913-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = 'd1b1e371aebfc3d500919e9e33bcd6c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-747c-47c6-81e3-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = '15a5acfbccbb80b01e6d270ea8af3789']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-ea7c-45b8-8488-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = 'fa0fe28ffe83ef3dcc5c667bf2127d4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-558c-4c6d-a818-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = '646640f63f327296df0767fd0c9454d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473fae-5ffc-4df1-b7cc-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:18.000Z", "modified": "2015-05-04T09:45:18.000Z", "pattern": "[file:hashes.MD5 = 'ec872872bff91040d2bc1e4c4619cbbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473faf-4980-4dac-a0b5-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:19.000Z", "modified": "2015-05-04T09:45:19.000Z", "pattern": "[file:hashes.MD5 = 'b8e8e3ec7f4d6efee311e36613193b8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55473faf-1724-473b-9903-ce99950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:45:19.000Z", "modified": "2015-05-04T09:45:19.000Z", "pattern": "[file:hashes.MD5 = '36abcedd5fb6d17038bd7069808574e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-04T09:45:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473fe0-fc54-436f-a764-4d6c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:46:08.000Z", "modified": "2015-05-04T09:46:08.000Z", "first_observed": "2015-05-04T09:46:08Z", "last_observed": "2015-05-04T09:46:08Z", "number_observed": 1, "object_refs": [ "url--55473fe0-fc54-436f-a764-4d6c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473fe0-fc54-436f-a764-4d6c950d210b", "value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Dalexis#tab=2" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473fe1-29a8-4903-b16e-40c6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:46:09.000Z", "modified": "2015-05-04T09:46:09.000Z", "first_observed": "2015-05-04T09:46:09Z", "last_observed": "2015-05-04T09:46:09Z", "number_observed": 1, "object_refs": [ "url--55473fe1-29a8-4903-b16e-40c6950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473fe1-29a8-4903-b16e-40c6950d210b", "value": "https://heimdalsecurity.com/blog/ctb-locker-ransomware/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473fe1-0294-4e87-b885-4a2c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:46:09.000Z", "modified": "2015-05-04T09:46:09.000Z", "first_observed": "2015-05-04T09:46:09Z", "last_observed": "2015-05-04T09:46:09Z", "number_observed": 1, "object_refs": [ "url--55473fe1-0294-4e87-b885-4a2c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473fe1-0294-4e87-b885-4a2c950d210b", "value": "https://blogs.mcafee.com/mcafee-labs/rise-backdoor-fckq-ctb-locker" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55473fe1-4be4-4e68-97dc-4e38950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-04T09:46:09.000Z", "modified": "2015-05-04T09:46:09.000Z", "first_observed": "2015-05-04T09:46:09Z", "last_observed": "2015-05-04T09:46:09Z", "number_observed": 1, "object_refs": [ "url--55473fe1-4be4-4e68-97dc-4e38950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55473fe1-4be4-4e68-97dc-4e38950d210b", "value": "https://techhelplist.com/index.php/spam-list/796-your-account-has-been-something-bad-various-malware" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }