{ "type": "bundle", "id": "bundle--55dc126c-1580-44c0-a6bd-44ba950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:13.000Z", "modified": "2015-08-25T08:26:13.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55dc126c-1580-44c0-a6bd-44ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:13.000Z", "modified": "2015-08-25T08:26:13.000Z", "name": "OSINT Tinted CVE decoy spearphising attempt on Central Bank of Armenia employees by BlueCoat", "published": "2015-08-25T08:27:39Z", "object_refs": [ "observed-data--55dc1284-0214-4e92-b432-4aa0950d210b", "url--55dc1284-0214-4e92-b432-4aa0950d210b", "observed-data--55dc1284-4178-42eb-b4ff-4fb8950d210b", "url--55dc1284-4178-42eb-b4ff-4fb8950d210b", "indicator--55dc12b1-ef28-4244-a9c4-4b22950d210b", "indicator--55dc12b1-6b18-4f37-bc47-412e950d210b", "indicator--55dc12b1-a2bc-4bfc-825c-441a950d210b", "indicator--55dc12b2-2374-4443-941f-4680950d210b", "indicator--55dc12b2-477c-4867-b2e6-48ec950d210b", "indicator--55dc12b2-1170-4086-8dca-4d57950d210b", "indicator--55dc12b2-df8c-465d-9a2a-4f28950d210b", "indicator--55dc12b3-e9a4-4762-88d8-4f67950d210b", "indicator--55dc12b3-c9a4-4558-8504-4eb0950d210b", "indicator--55dc12b3-4638-4f10-92e9-43cc950d210b", "indicator--55dc12b3-5aa0-47d9-b839-4907950d210b", "vulnerability--55dc12b3-b42c-4196-8282-477f950d210b", "indicator--55dc12b3-0b58-4338-837d-4c68950d210b", "indicator--55dc12b4-d1e4-4c30-bdd5-42df950d210b", "indicator--55dc12b4-0f28-4fa9-96a4-4550950d210b", "indicator--55dc12b4-b46c-4980-9b10-4bf3950d210b", "indicator--55dc12b4-f614-44e2-b795-4694950d210b", "indicator--55dc12b4-d9b4-456f-8801-40ca950d210b", "indicator--55dc26a6-06a4-4164-aa04-46da950d210b", "indicator--55dc26a6-d7d0-4ed4-9ab6-4d19950d210b", "observed-data--55dc26a6-6830-4074-84b1-42fc950d210b", "url--55dc26a6-6830-4074-84b1-42fc950d210b", "indicator--55dc26a6-4f88-42e9-a03d-41fb950d210b", "indicator--55dc26a6-f378-4f5e-a873-41ed950d210b", "observed-data--55dc26a7-b5d0-49cb-a04e-4907950d210b", "url--55dc26a7-b5d0-49cb-a04e-4907950d210b", "indicator--55dc26a7-6e70-4c1f-bd2e-4f6c950d210b", "indicator--55dc26a7-876c-4530-893c-4b7c950d210b", "observed-data--55dc26a7-6cd8-4124-8389-418e950d210b", "url--55dc26a7-6cd8-4124-8389-418e950d210b", "indicator--55dc26a7-97e8-4090-a8e8-4fd6950d210b", "indicator--55dc26a8-f4ec-40dc-9dd0-403c950d210b", "observed-data--55dc26a8-e98c-4225-92fe-43a8950d210b", "url--55dc26a8-e98c-4225-92fe-43a8950d210b", "indicator--55dc26a8-9130-4142-8f5d-4a23950d210b", "indicator--55dc26a8-b198-4d73-a47e-4edc950d210b", "observed-data--55dc26a8-e41c-41d3-a50a-4cc6950d210b", "url--55dc26a8-e41c-41d3-a50a-4cc6950d210b", "indicator--55dc26a9-92a8-4331-91e3-4584950d210b", "indicator--55dc26a9-5ea4-491e-9784-4833950d210b", "observed-data--55dc26a9-e828-42cb-85ac-41f3950d210b", "url--55dc26a9-e828-42cb-85ac-41f3950d210b", "indicator--55dc26a9-8728-4e47-bd1d-4f1a950d210b", "indicator--55dc26a9-5564-4b7b-877b-4d8d950d210b", "observed-data--55dc26aa-0b64-42e3-8e41-4622950d210b", "url--55dc26aa-0b64-42e3-8e41-4622950d210b", "indicator--55dc26aa-ec74-426c-a6c4-42cc950d210b", "indicator--55dc26aa-917c-4bc8-8086-44e8950d210b", "observed-data--55dc26aa-a814-44f5-9b0d-4e81950d210b", "url--55dc26aa-a814-44f5-9b0d-4e81950d210b", "indicator--55dc26aa-1bbc-40b4-90ba-4bc0950d210b", "indicator--55dc26ab-a638-4c01-8672-405a950d210b", "observed-data--55dc26ab-0e64-4d60-beba-4869950d210b", "url--55dc26ab-0e64-4d60-beba-4869950d210b", "indicator--55dc26ab-8974-4131-851d-45d3950d210b", "indicator--55dc26ab-cc44-4546-b6b8-4c4b950d210b", "observed-data--55dc26ac-7270-49cf-b1f2-4f77950d210b", "url--55dc26ac-7270-49cf-b1f2-4f77950d210b", "indicator--55dc26ac-6f28-4fda-a10b-4579950d210b", "indicator--55dc26ac-03d0-442d-ae2f-4d88950d210b", "observed-data--55dc26ac-2144-4579-8b14-41f5950d210b", "url--55dc26ac-2144-4579-8b14-41f5950d210b", "indicator--55dc26ac-cac8-4c3b-bad3-467d950d210b", "indicator--55dc26ad-6c68-47e1-8556-4b6c950d210b", "observed-data--55dc26ad-0fac-4d01-a88d-4d47950d210b", "url--55dc26ad-0fac-4d01-a88d-4d47950d210b", "indicator--55dc26ad-787c-49be-83fc-4f05950d210b", "indicator--55dc26ad-5284-4bf2-bd8c-4d1a950d210b", "observed-data--55dc26ad-6d6c-48d3-a8cf-4a70950d210b", "url--55dc26ad-6d6c-48d3-a8cf-4a70950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1284-0214-4e92-b432-4aa0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:00:20.000Z", "modified": "2015-08-25T07:00:20.000Z", "first_observed": "2015-08-25T07:00:20Z", "last_observed": "2015-08-25T07:00:20Z", "number_observed": 1, "object_refs": [ "url--55dc1284-0214-4e92-b432-4aa0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1284-0214-4e92-b432-4aa0950d210b", "value": "https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-attempt-central-bank-armenia-employees" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1284-4178-42eb-b4ff-4fb8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:00:20.000Z", "modified": "2015-08-25T07:00:20.000Z", "first_observed": "2015-08-25T07:00:20Z", "last_observed": "2015-08-25T07:00:20Z", "number_observed": 1, "object_refs": [ "url--55dc1284-4178-42eb-b4ff-4fb8950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1284-4178-42eb-b4ff-4fb8950d210b", "value": "https://otx.alienvault.com/pulse/55d775fd67db8c7bb9cb63fb/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b1-ef28-4244-a9c4-4b22950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:05.000Z", "modified": "2015-08-25T07:01:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.52.166.66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b1-6b18-4f37-bc47-412e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:05.000Z", "modified": "2015-08-25T07:01:05.000Z", "pattern": "[file:hashes.MD5 = '2d2840b305c944c882ce5e37cd74cfbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b1-a2bc-4bfc-825c-441a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:05.000Z", "modified": "2015-08-25T07:01:05.000Z", "pattern": "[file:hashes.MD5 = '339b61c3ca3596ab6da4c2a605247fbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b2-2374-4443-941f-4680950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:06.000Z", "modified": "2015-08-25T07:01:06.000Z", "pattern": "[file:hashes.MD5 = '5322b34cb2db39d19f870b3dd17b796b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b2-477c-4867-b2e6-48ec950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:06.000Z", "modified": "2015-08-25T07:01:06.000Z", "pattern": "[file:hashes.MD5 = '554c74582f38dfe21640b3ce125238c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b2-1170-4086-8dca-4d57950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:06.000Z", "modified": "2015-08-25T07:01:06.000Z", "pattern": "[file:hashes.MD5 = '63a5aea388e454f6186fabab8cd96ff7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b2-df8c-465d-9a2a-4f28950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:06.000Z", "modified": "2015-08-25T07:01:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.128.92.112']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b3-e9a4-4762-88d8-4f67950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:07.000Z", "modified": "2015-08-25T07:01:07.000Z", "pattern": "[file:hashes.MD5 = '7f31e18efad384ed1b6f14be1860dc33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b3-c9a4-4558-8504-4eb0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:07.000Z", "modified": "2015-08-25T07:01:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.200.4.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b3-4638-4f10-92e9-43cc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:07.000Z", "modified": "2015-08-25T07:01:07.000Z", "pattern": "[file:hashes.MD5 = '8c1922960c1dd9290931079e1f56f08b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b3-5aa0-47d9-b839-4907950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:07.000Z", "modified": "2015-08-25T07:01:07.000Z", "pattern": "[file:hashes.MD5 = '95e200169e95b73c885c032796246cfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55dc12b3-b42c-4196-8282-477f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:07.000Z", "modified": "2015-08-25T07:01:07.000Z", "name": "CVE-2012-0158", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2012-0158" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b3-0b58-4338-837d-4c68950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:07.000Z", "modified": "2015-08-25T07:01:07.000Z", "pattern": "[file:hashes.MD5 = 'a680ffb948da8d801eeb4f1a2a275665']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b4-d1e4-4c30-bdd5-42df950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:08.000Z", "modified": "2015-08-25T07:01:08.000Z", "pattern": "[domain-name:value = 'adobe-dns-3-adobe.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b4-0f28-4fa9-96a4-4550950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:08.000Z", "modified": "2015-08-25T07:01:08.000Z", "pattern": "[file:hashes.MD5 = 'c16f6825fd1dc4795761c211adf4616a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b4-b46c-4980-9b10-4bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:08.000Z", "modified": "2015-08-25T07:01:08.000Z", "pattern": "[file:hashes.MD5 = 'c9b105ec2412ac0e2ace20bfa71e1450']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b4-f614-44e2-b795-4694950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:08.000Z", "modified": "2015-08-25T07:01:08.000Z", "pattern": "[file:hashes.MD5 = 'f2e407846e0937ab9184c0a9bb77aa95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc12b4-d9b4-456f-8801-40ca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:01:08.000Z", "modified": "2015-08-25T07:01:08.000Z", "pattern": "[file:hashes.MD5 = 'f5db00b0fd7a9593ed6a773a5f63b105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a6-06a4-4164-aa04-46da950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:14.000Z", "modified": "2015-08-25T08:26:14.000Z", "description": "- Xchecked via VT: f5db00b0fd7a9593ed6a773a5f63b105", "pattern": "[file:hashes.SHA256 = '83a423acb1de3676befeaf745cc3dbc975743fe64c944dbe4a609e0bb3287730']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a6-d7d0-4ed4-9ab6-4d19950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:14.000Z", "modified": "2015-08-25T08:26:14.000Z", "description": "- Xchecked via VT: f5db00b0fd7a9593ed6a773a5f63b105", "pattern": "[file:hashes.SHA1 = '850e9a10e6d20d33c8d2c765e22771e8919fc3ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26a6-6830-4074-84b1-42fc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:14.000Z", "modified": "2015-08-25T08:26:14.000Z", "first_observed": "2015-08-25T08:26:14Z", "last_observed": "2015-08-25T08:26:14Z", "number_observed": 1, "object_refs": [ "url--55dc26a6-6830-4074-84b1-42fc950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26a6-6830-4074-84b1-42fc950d210b", "value": "https://www.virustotal.com/file/83a423acb1de3676befeaf745cc3dbc975743fe64c944dbe4a609e0bb3287730/analysis/1440427821/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a6-4f88-42e9-a03d-41fb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:14.000Z", "modified": "2015-08-25T08:26:14.000Z", "description": "- Xchecked via VT: f2e407846e0937ab9184c0a9bb77aa95", "pattern": "[file:hashes.SHA256 = '69e414e970482d627fe5b808df5c719bef27bbb6276c3abb78233d21fdab1a83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a6-f378-4f5e-a873-41ed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:14.000Z", "modified": "2015-08-25T08:26:14.000Z", "description": "- Xchecked via VT: f2e407846e0937ab9184c0a9bb77aa95", "pattern": "[file:hashes.SHA1 = '905d0842cc246a772c595b8cf4a4e9e517683eb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26a7-b5d0-49cb-a04e-4907950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:15.000Z", "modified": "2015-08-25T08:26:15.000Z", "first_observed": "2015-08-25T08:26:15Z", "last_observed": "2015-08-25T08:26:15Z", "number_observed": 1, "object_refs": [ "url--55dc26a7-b5d0-49cb-a04e-4907950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26a7-b5d0-49cb-a04e-4907950d210b", "value": "https://www.virustotal.com/file/69e414e970482d627fe5b808df5c719bef27bbb6276c3abb78233d21fdab1a83/analysis/1438876521/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a7-6e70-4c1f-bd2e-4f6c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:15.000Z", "modified": "2015-08-25T08:26:15.000Z", "description": "- Xchecked via VT: c9b105ec2412ac0e2ace20bfa71e1450", "pattern": "[file:hashes.SHA256 = '9a00f0edc87a44d10369fdb9f35ebe1b1df57e01719a5b48ac3eddc068f77f87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a7-876c-4530-893c-4b7c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:15.000Z", "modified": "2015-08-25T08:26:15.000Z", "description": "- Xchecked via VT: c9b105ec2412ac0e2ace20bfa71e1450", "pattern": "[file:hashes.SHA1 = '3cef1ca36a78cba308fb29a46b20e5ca22d03289']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26a7-6cd8-4124-8389-418e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:15.000Z", "modified": "2015-08-25T08:26:15.000Z", "first_observed": "2015-08-25T08:26:15Z", "last_observed": "2015-08-25T08:26:15Z", "number_observed": 1, "object_refs": [ "url--55dc26a7-6cd8-4124-8389-418e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26a7-6cd8-4124-8389-418e950d210b", "value": "https://www.virustotal.com/file/9a00f0edc87a44d10369fdb9f35ebe1b1df57e01719a5b48ac3eddc068f77f87/analysis/1440427821/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a7-97e8-4090-a8e8-4fd6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:15.000Z", "modified": "2015-08-25T08:26:15.000Z", "description": "- Xchecked via VT: c16f6825fd1dc4795761c211adf4616a", "pattern": "[file:hashes.SHA256 = 'df0839dfaa115f8cc6dc67bde7b3ecadd31a5e0c03b500e667aa72a1f1d138ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a8-f4ec-40dc-9dd0-403c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:16.000Z", "modified": "2015-08-25T08:26:16.000Z", "description": "- Xchecked via VT: c16f6825fd1dc4795761c211adf4616a", "pattern": "[file:hashes.SHA1 = '36093a6004a9502079b054041badc43c69a0bdeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26a8-e98c-4225-92fe-43a8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:16.000Z", "modified": "2015-08-25T08:26:16.000Z", "first_observed": "2015-08-25T08:26:16Z", "last_observed": "2015-08-25T08:26:16Z", "number_observed": 1, "object_refs": [ "url--55dc26a8-e98c-4225-92fe-43a8950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26a8-e98c-4225-92fe-43a8950d210b", "value": "https://www.virustotal.com/file/df0839dfaa115f8cc6dc67bde7b3ecadd31a5e0c03b500e667aa72a1f1d138ab/analysis/1439335705/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a8-9130-4142-8f5d-4a23950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:16.000Z", "modified": "2015-08-25T08:26:16.000Z", "description": "- Xchecked via VT: a680ffb948da8d801eeb4f1a2a275665", "pattern": "[file:hashes.SHA256 = '1642dde3699c9c939b8ee34a88c722ce67083ddea16ecf0376e588c35cf32177']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a8-b198-4d73-a47e-4edc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:16.000Z", "modified": "2015-08-25T08:26:16.000Z", "description": "- Xchecked via VT: a680ffb948da8d801eeb4f1a2a275665", "pattern": "[file:hashes.SHA1 = 'a77336620df96642691c1e5b6c91511bfa76a5be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26a8-e41c-41d3-a50a-4cc6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:16.000Z", "modified": "2015-08-25T08:26:16.000Z", "first_observed": "2015-08-25T08:26:16Z", "last_observed": "2015-08-25T08:26:16Z", "number_observed": 1, "object_refs": [ "url--55dc26a8-e41c-41d3-a50a-4cc6950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26a8-e41c-41d3-a50a-4cc6950d210b", "value": "https://www.virustotal.com/file/1642dde3699c9c939b8ee34a88c722ce67083ddea16ecf0376e588c35cf32177/analysis/1440065579/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a9-92a8-4331-91e3-4584950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:17.000Z", "modified": "2015-08-25T08:26:17.000Z", "description": "- Xchecked via VT: 95e200169e95b73c885c032796246cfb", "pattern": "[file:hashes.SHA256 = '9df339e10668e549c00c84515cfbf3f943a6adfcc57883e15cec617fb24c3d8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a9-5ea4-491e-9784-4833950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:17.000Z", "modified": "2015-08-25T08:26:17.000Z", "description": "- Xchecked via VT: 95e200169e95b73c885c032796246cfb", "pattern": "[file:hashes.SHA1 = '237784574afb8868213c900c18a114d3fa528b95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26a9-e828-42cb-85ac-41f3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:17.000Z", "modified": "2015-08-25T08:26:17.000Z", "first_observed": "2015-08-25T08:26:17Z", "last_observed": "2015-08-25T08:26:17Z", "number_observed": 1, "object_refs": [ "url--55dc26a9-e828-42cb-85ac-41f3950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26a9-e828-42cb-85ac-41f3950d210b", "value": "https://www.virustotal.com/file/9df339e10668e549c00c84515cfbf3f943a6adfcc57883e15cec617fb24c3d8c/analysis/1440184658/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a9-8728-4e47-bd1d-4f1a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:17.000Z", "modified": "2015-08-25T08:26:17.000Z", "description": "- Xchecked via VT: 8c1922960c1dd9290931079e1f56f08b", "pattern": "[file:hashes.SHA256 = 'c5c5045b04714af7d9ee51b654951e4b05bbae1c4074a00c9a1d4d5008de1fbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26a9-5564-4b7b-877b-4d8d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:17.000Z", "modified": "2015-08-25T08:26:17.000Z", "description": "- Xchecked via VT: 8c1922960c1dd9290931079e1f56f08b", "pattern": "[file:hashes.SHA1 = 'ec5dadaacae763d0e55ce6a78c9a5f57b01a5135']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26aa-0b64-42e3-8e41-4622950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:18.000Z", "modified": "2015-08-25T08:26:18.000Z", "first_observed": "2015-08-25T08:26:18Z", "last_observed": "2015-08-25T08:26:18Z", "number_observed": 1, "object_refs": [ "url--55dc26aa-0b64-42e3-8e41-4622950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26aa-0b64-42e3-8e41-4622950d210b", "value": "https://www.virustotal.com/file/c5c5045b04714af7d9ee51b654951e4b05bbae1c4074a00c9a1d4d5008de1fbe/analysis/1439806800/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26aa-ec74-426c-a6c4-42cc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:18.000Z", "modified": "2015-08-25T08:26:18.000Z", "description": "- Xchecked via VT: 7f31e18efad384ed1b6f14be1860dc33", "pattern": "[file:hashes.SHA256 = '75c230b4e0f3630d36643606d83ed7490cf6bd6a77abd9c49d09ac60bb3f59db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26aa-917c-4bc8-8086-44e8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:18.000Z", "modified": "2015-08-25T08:26:18.000Z", "description": "- Xchecked via VT: 7f31e18efad384ed1b6f14be1860dc33", "pattern": "[file:hashes.SHA1 = 'efc0555418a6ed641047d29178d0da3aefa7adeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26aa-a814-44f5-9b0d-4e81950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:18.000Z", "modified": "2015-08-25T08:26:18.000Z", "first_observed": "2015-08-25T08:26:18Z", "last_observed": "2015-08-25T08:26:18Z", "number_observed": 1, "object_refs": [ "url--55dc26aa-a814-44f5-9b0d-4e81950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26aa-a814-44f5-9b0d-4e81950d210b", "value": "https://www.virustotal.com/file/75c230b4e0f3630d36643606d83ed7490cf6bd6a77abd9c49d09ac60bb3f59db/analysis/1440065567/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26aa-1bbc-40b4-90ba-4bc0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:18.000Z", "modified": "2015-08-25T08:26:18.000Z", "description": "- Xchecked via VT: 63a5aea388e454f6186fabab8cd96ff7", "pattern": "[file:hashes.SHA256 = 'bf7a6ecbf7939743563e82342b2c1a8cb9e0412c974fd6e78f936d6140961c14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ab-a638-4c01-8672-405a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:19.000Z", "modified": "2015-08-25T08:26:19.000Z", "description": "- Xchecked via VT: 63a5aea388e454f6186fabab8cd96ff7", "pattern": "[file:hashes.SHA1 = '4e8ee08ff4f8dc06aff8de2e476afafba58bdc11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26ab-0e64-4d60-beba-4869950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:19.000Z", "modified": "2015-08-25T08:26:19.000Z", "first_observed": "2015-08-25T08:26:19Z", "last_observed": "2015-08-25T08:26:19Z", "number_observed": 1, "object_refs": [ "url--55dc26ab-0e64-4d60-beba-4869950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26ab-0e64-4d60-beba-4869950d210b", "value": "https://www.virustotal.com/file/bf7a6ecbf7939743563e82342b2c1a8cb9e0412c974fd6e78f936d6140961c14/analysis/1440184641/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ab-8974-4131-851d-45d3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:19.000Z", "modified": "2015-08-25T08:26:19.000Z", "description": "- Xchecked via VT: 554c74582f38dfe21640b3ce125238c4", "pattern": "[file:hashes.SHA256 = '741440aa42b9926fad1134382316992b7a1f783e29115ef787debbb5655ed7e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ab-cc44-4546-b6b8-4c4b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:19.000Z", "modified": "2015-08-25T08:26:19.000Z", "description": "- Xchecked via VT: 554c74582f38dfe21640b3ce125238c4", "pattern": "[file:hashes.SHA1 = 'a09f520dded0d5292a5fa48e80de02f9af718d06']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26ac-7270-49cf-b1f2-4f77950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:20.000Z", "modified": "2015-08-25T08:26:20.000Z", "first_observed": "2015-08-25T08:26:20Z", "last_observed": "2015-08-25T08:26:20Z", "number_observed": 1, "object_refs": [ "url--55dc26ac-7270-49cf-b1f2-4f77950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26ac-7270-49cf-b1f2-4f77950d210b", "value": "https://www.virustotal.com/file/741440aa42b9926fad1134382316992b7a1f783e29115ef787debbb5655ed7e6/analysis/1440480192/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ac-6f28-4fda-a10b-4579950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:20.000Z", "modified": "2015-08-25T08:26:20.000Z", "description": "- Xchecked via VT: 5322b34cb2db39d19f870b3dd17b796b", "pattern": "[file:hashes.SHA256 = '5aa9c81afe8cdebae554e858c2aab25e207a65a103071f25c3564b08046e43fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ac-03d0-442d-ae2f-4d88950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:20.000Z", "modified": "2015-08-25T08:26:20.000Z", "description": "- Xchecked via VT: 5322b34cb2db39d19f870b3dd17b796b", "pattern": "[file:hashes.SHA1 = 'a734193f550dda5c1ffd9fec3a0186a0a793449c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26ac-2144-4579-8b14-41f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:20.000Z", "modified": "2015-08-25T08:26:20.000Z", "first_observed": "2015-08-25T08:26:20Z", "last_observed": "2015-08-25T08:26:20Z", "number_observed": 1, "object_refs": [ "url--55dc26ac-2144-4579-8b14-41f5950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26ac-2144-4579-8b14-41f5950d210b", "value": "https://www.virustotal.com/file/5aa9c81afe8cdebae554e858c2aab25e207a65a103071f25c3564b08046e43fc/analysis/1438340654/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ac-cac8-4c3b-bad3-467d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:20.000Z", "modified": "2015-08-25T08:26:20.000Z", "description": "- Xchecked via VT: 339b61c3ca3596ab6da4c2a605247fbb", "pattern": "[file:hashes.SHA256 = '515019bb74bed64686e43995e826ea77811d7700745350c1b24d58d88697525e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ad-6c68-47e1-8556-4b6c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:21.000Z", "modified": "2015-08-25T08:26:21.000Z", "description": "- Xchecked via VT: 339b61c3ca3596ab6da4c2a605247fbb", "pattern": "[file:hashes.SHA1 = '6090853934833d0814f9239e6746161491cccb44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26ad-0fac-4d01-a88d-4d47950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:21.000Z", "modified": "2015-08-25T08:26:21.000Z", "first_observed": "2015-08-25T08:26:21Z", "last_observed": "2015-08-25T08:26:21Z", "number_observed": 1, "object_refs": [ "url--55dc26ad-0fac-4d01-a88d-4d47950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26ad-0fac-4d01-a88d-4d47950d210b", "value": "https://www.virustotal.com/file/515019bb74bed64686e43995e826ea77811d7700745350c1b24d58d88697525e/analysis/1439556561/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ad-787c-49be-83fc-4f05950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:21.000Z", "modified": "2015-08-25T08:26:21.000Z", "description": "- Xchecked via VT: 2d2840b305c944c882ce5e37cd74cfbc", "pattern": "[file:hashes.SHA256 = 'a262dc9e5855447ebd3052b06d714c76fc0656a5b426944e3b27b4a8a2eb2a7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc26ad-5284-4bf2-bd8c-4d1a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:21.000Z", "modified": "2015-08-25T08:26:21.000Z", "description": "- Xchecked via VT: 2d2840b305c944c882ce5e37cd74cfbc", "pattern": "[file:hashes.SHA1 = 'b79e6a21d8c2813ec2279727746bdb685180751a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T08:26:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc26ad-6d6c-48d3-a8cf-4a70950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T08:26:21.000Z", "modified": "2015-08-25T08:26:21.000Z", "first_observed": "2015-08-25T08:26:21Z", "last_observed": "2015-08-25T08:26:21Z", "number_observed": 1, "object_refs": [ "url--55dc26ad-6d6c-48d3-a8cf-4a70950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc26ad-6d6c-48d3-a8cf-4a70950d210b", "value": "https://www.virustotal.com/file/a262dc9e5855447ebd3052b06d714c76fc0656a5b426944e3b27b4a8a2eb2a7c/analysis/1440427820/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }