{ "type": "bundle", "id": "bundle--574ed4d9-83c0-4422-a492-423e950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:24.000Z", "modified": "2016-06-01T12:37:24.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--574ed4d9-83c0-4422-a492-423e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:24.000Z", "modified": "2016-06-01T12:37:24.000Z", "name": "OSINT - DRIDEX\u00e2\u20ac\u2122s New Tricks Lead to Global Spam Outbreak", "published": "2016-06-01T12:39:16Z", "object_refs": [ "observed-data--574ed4ee-70e8-4fe7-bebd-4e72950d210f", "url--574ed4ee-70e8-4fe7-bebd-4e72950d210f", "observed-data--574ed4fc-6f68-4c18-bb78-4310950d210f", "url--574ed4fc-6f68-4c18-bb78-4310950d210f", "x-misp-attribute--574ed511-bd28-4c6f-a32f-46bd950d210f", "indicator--574ed533-1e64-4b94-a9dd-3834950d210f", "indicator--574ed534-9eb0-4144-b0ac-3834950d210f", "indicator--574ed534-ce38-4de0-8284-3834950d210f", "indicator--574ed534-0bbc-475a-8b94-3834950d210f", "indicator--574ed535-cc84-4eb5-beab-3834950d210f", "indicator--574ed535-c3b4-46c2-8fc1-3834950d210f", "indicator--574ed536-3608-4ddd-89cb-3834950d210f", "indicator--574ed536-7e50-464a-b537-3834950d210f", "indicator--574ed536-7e2c-408e-ab57-3834950d210f", "indicator--574ed537-715c-4870-be31-3834950d210f", "indicator--574ed537-15dc-43fe-94c4-3834950d210f", "indicator--574ed537-cca0-48ee-b31e-3834950d210f", "indicator--574ed538-eb30-4ec6-992e-3834950d210f", "indicator--574ed538-fee0-4fd3-9dae-3834950d210f", "indicator--574ed539-a0b4-48e4-9fb8-3834950d210f", "indicator--574ed539-02fc-42f0-8c57-3834950d210f", "indicator--574ed539-2848-4f22-b279-3834950d210f", "indicator--574ed566-3ff4-4341-83a7-9bee950d210f", "indicator--574ed567-2708-4f36-8476-9bee950d210f", "indicator--574ed567-92b8-4fd1-aee4-9bee950d210f", "indicator--574ed567-8be4-43e5-a15f-9bee950d210f", "indicator--574ed568-ef6c-4bbf-8e3c-9bee950d210f", "indicator--574ed568-c23c-4f7f-8f10-9bee950d210f", "indicator--574ed569-83ec-40b7-b1f2-9bee950d210f", "indicator--574ed569-390c-4911-b668-9bee950d210f", "indicator--574ed569-6514-4b5a-ade9-9bee950d210f", "indicator--574ed56a-16b8-476c-95b9-9bee950d210f", "indicator--574ed56a-04bc-4a84-97d4-9bee950d210f", "indicator--574ed56b-004c-4f8c-860e-9bee950d210f", "indicator--574ed56b-4cf0-4f0d-b8e2-9bee950d210f", "indicator--574ed56b-8c8c-4fc3-b5bc-9bee950d210f", "indicator--574ed56c-e8dc-486d-a0c6-9bee950d210f", "indicator--574ed56c-252c-4273-aa1f-9bee950d210f", "indicator--574ed56d-5a74-4570-a8bc-9bee950d210f", "indicator--574ed56d-0de8-4919-bdb6-9bee950d210f", "indicator--574ed56e-e208-4eda-b006-9bee950d210f", "indicator--574ed56e-9330-4d6c-899b-9bee950d210f", "indicator--574ed56e-5460-440a-9850-9bee950d210f", "indicator--574ed5bd-ecb8-4757-a379-46c4950d210f", "indicator--574ed5be-cec0-41a4-ad9b-4734950d210f", "indicator--574ed5be-5358-4711-aaa5-4974950d210f", "indicator--574ed5be-8528-4ec1-b768-41a9950d210f", "indicator--574ed5bf-9d00-4178-9199-46b4950d210f", "indicator--574ed5bf-621c-4eb6-be42-426f950d210f", "indicator--574ed5c0-da54-41d1-a3c7-418b950d210f", "indicator--574ed5c0-6174-48e7-97de-4579950d210f", "indicator--574ed5c0-9f6c-4f74-9f82-44eb950d210f", "indicator--574ed5c1-91bc-4272-8e48-417f950d210f", "indicator--574ed5c1-87e0-40f3-87f8-4a5b950d210f", "indicator--574ed5c2-5434-4320-a56d-42d8950d210f", "indicator--574ed5c2-a24c-46a6-b405-4637950d210f", "indicator--574ed5c3-11fc-4786-add5-4d5d950d210f", "indicator--574ed5c3-5ac4-49ea-97aa-4ee0950d210f", "indicator--574ed5c3-1cc4-45f2-aba5-4ec6950d210f", "indicator--574ed5c4-0cb8-4b6b-bd7a-41b5950d210f", "indicator--574ed5c4-9624-4b46-94f3-4f47950d210f", "indicator--574ed5c5-7c00-4e1e-adc0-4a27950d210f", "indicator--574ed5c5-6eb4-40ed-82fc-4cd4950d210f", "indicator--574ed5c5-e72c-4f92-b916-41ce950d210f", "indicator--574ed5c6-eb40-41f0-80f3-4223950d210f", "indicator--574ed5de-3ea8-403f-9133-4c72950d210f", "indicator--574ed5de-c5a4-416f-af1b-46bd950d210f", "indicator--574ed5f0-fec4-4326-9431-4ec9950d210f", "indicator--574ed602-3f18-467f-9654-4f00950d210f", "indicator--574ed602-8a54-4fc7-8f51-4f17950d210f", "indicator--574ed602-0ef0-4a7f-b750-406b950d210f", "indicator--574ed603-eb94-4ab0-8676-4224950d210f", "indicator--574ed603-3aec-48c4-a423-40b5950d210f", "indicator--574ed603-abb8-4f45-8421-459d950d210f", "indicator--574ed604-041c-46d2-920a-411b950d210f", "indicator--574ed604-0564-4dc2-b336-4ec4950d210f", "indicator--574ed604-656c-4f34-8761-4038950d210f", "indicator--574ed605-d734-400e-8b54-449d950d210f", "indicator--574ed617-1ffc-4758-95e5-4a3b950d210f", "indicator--574ed618-c908-4d7a-a1c1-4634950d210f", "indicator--574ed618-8758-4c8d-9eed-4d3b950d210f", "indicator--574ed619-881c-49e3-b19b-48b4950d210f", "indicator--574ed619-e088-4d5b-88f2-4d38950d210f", "indicator--574ed619-7b70-4c82-a108-4453950d210f", "indicator--574ed61a-12e8-42c3-87e3-4b1d950d210f", "indicator--574ed61a-a2ac-4061-b5e2-4b05950d210f", "indicator--574ed636-01a8-45e0-9eb2-420f950d210f", "indicator--574ed636-d81c-4386-ac68-426c950d210f", "indicator--574ed637-963c-48f7-bd18-4a13950d210f", "indicator--574ed637-df08-4cb8-a90c-4499950d210f", "indicator--574ed667-8cd4-4097-aec7-4c0e950d210f", "indicator--574ed667-132c-4421-8b3a-4a46950d210f", "indicator--574ed667-f3d8-479e-9a21-412d950d210f", "indicator--574ed668-82ac-41c5-8fa6-44b9950d210f", "indicator--574ed668-5290-4c5f-9aa1-4a46950d210f", "indicator--574ed669-d254-4d39-89e9-4369950d210f", "indicator--574ed669-5e70-48f4-be59-4038950d210f", "indicator--574ed669-fc88-4936-a528-49c9950d210f", "indicator--574ed669-20f4-4fbc-97a4-4f19950d210f", "indicator--574ed669-a45c-452e-995c-4a2b950d210f", "indicator--574ed669-a114-4a1a-97b5-4855950d210f", "indicator--574ed66a-7898-4a6a-a568-438f950d210f", "indicator--574ed66a-6390-4023-8c0d-47ed950d210f", "indicator--574ed66a-f1e8-430e-967a-48a2950d210f", "indicator--574ed66a-8cbc-400b-b433-436b950d210f", "indicator--574ed66a-2884-4c9d-a612-4d41950d210f", "indicator--574ed66a-6cb0-4411-8a60-4133950d210f", "indicator--574ed66b-0ebc-47a0-8463-43c0950d210f", "indicator--574ed66b-2fb0-4b3f-a30e-4842950d210f", "indicator--574ed66b-e010-48d7-8901-4754950d210f", "indicator--574ed66b-9864-433e-bd03-4ddf950d210f", "indicator--574ed66b-8614-4de4-9d60-4fae950d210f", "indicator--574ed66c-c504-45cc-9197-4e9d950d210f", "indicator--574ed691-e938-4066-9a76-4a18950d210f", "indicator--574ed691-a5e8-41fa-909e-4f74950d210f", "indicator--574ed691-b768-4eae-9e84-42a3950d210f", "indicator--574ed691-ca04-4bca-9816-4c56950d210f", "indicator--574ed692-2c98-4b23-b11e-42e7950d210f", "indicator--574ed692-aed8-46bd-9276-4f64950d210f", "indicator--574ed692-54f0-47fa-9e07-405a950d210f", "indicator--574ed692-f98c-42c3-be84-46ef950d210f", "indicator--574ed692-daf8-4804-ab83-40f1950d210f", "indicator--574ed692-dd38-488c-8184-45bf950d210f", "indicator--574ed693-1068-4af9-a944-480f950d210f", "indicator--574ed693-b61c-431c-9b12-4778950d210f", "indicator--574ed693-9bb8-40a5-8d66-4a19950d210f", "indicator--574ed693-d8f8-4e6e-850c-4838950d210f", "indicator--574ed693-ede8-4fd7-b5d9-4d4b950d210f", "indicator--574ed693-1154-4d3d-bea8-4faf950d210f", "indicator--574ed694-1f18-4075-b15b-4211950d210f", "indicator--574ed694-5498-4ea0-b123-4adb950d210f", "indicator--574ed694-794c-4a8e-a139-4df0950d210f", "indicator--574ed694-70f0-4000-a9ce-4b38950d210f", "indicator--574ed694-35a0-4093-98c7-41f4950d210f", "indicator--574ed694-3b74-4f02-8b48-45e4950d210f", "indicator--574ed695-85cc-4f11-9c21-46a5950d210f", "indicator--574ed6c1-e328-4853-a284-42af950d210f", "indicator--574ed6c1-5de8-4f25-b38e-4fcd950d210f", "indicator--574ed6c2-d118-4c33-a360-4168950d210f", "indicator--574ed6c2-5880-4abb-a4df-4a28950d210f", "indicator--574ed6c2-8c40-4ab0-9eb2-444a950d210f", "indicator--574ed6c3-aee4-47cc-b778-4146950d210f", "indicator--574ed6c3-d0bc-4646-b7db-4def950d210f", "indicator--574ed6c3-14e0-4ca3-bb66-4253950d210f", "indicator--574ed6c3-e2b4-43e7-bb01-410d950d210f", "indicator--574ed6c3-b1fc-4e34-8a24-4edf950d210f", "indicator--574ed6c4-387c-4574-b5d7-40fc950d210f", "indicator--574ed6c4-18c4-4209-b252-488c950d210f", "indicator--574ed6c4-fe2c-402d-a900-4755950d210f", "indicator--574ed6c4-78c0-449c-97e3-4285950d210f", "indicator--574ed6c4-dac0-48fc-a8f3-4e4c950d210f", "indicator--574ed6c5-b09c-4c1c-a246-448b950d210f", "indicator--574ed6c5-23f8-4376-bf35-4b30950d210f", "indicator--574ed6c5-f104-41a5-ba11-43ad950d210f", "indicator--574ed6c5-cc88-4230-9f7b-4c93950d210f", "indicator--574ed6c5-1af4-4193-a86e-4919950d210f", "indicator--574ed6c6-9c50-4575-b623-4635950d210f", "indicator--574ed6c6-bcac-4289-bff8-4ceb950d210f", "indicator--574ed704-3d8c-4c86-99b8-42ed02de0b81", "indicator--574ed704-f154-4163-868a-469f02de0b81", "observed-data--574ed705-4484-48f9-97cd-4ebd02de0b81", "url--574ed705-4484-48f9-97cd-4ebd02de0b81", "indicator--574ed705-0b6c-4af6-8696-47b702de0b81", "indicator--574ed705-115c-4aa0-9074-4da902de0b81", "observed-data--574ed706-d5ec-405d-a9b2-41aa02de0b81", "url--574ed706-d5ec-405d-a9b2-41aa02de0b81", "indicator--574ed706-0910-494f-b42c-4b7102de0b81", "indicator--574ed707-0100-46ba-bc57-480302de0b81", "observed-data--574ed707-d860-45fd-b811-48d502de0b81", "url--574ed707-d860-45fd-b811-48d502de0b81", "indicator--574ed707-a2d0-4938-8dda-41c202de0b81", "indicator--574ed708-5bcc-4a14-8c6a-4c9502de0b81", "observed-data--574ed708-391c-4353-9c18-440602de0b81", "url--574ed708-391c-4353-9c18-440602de0b81", "indicator--574ed708-9e34-4f9e-a55f-4d2902de0b81", "indicator--574ed709-d55c-4675-8236-467602de0b81", "observed-data--574ed709-b7a8-442f-8c45-41bc02de0b81", "url--574ed709-b7a8-442f-8c45-41bc02de0b81", "indicator--574ed709-bfa0-4d25-96b9-4dad02de0b81", "indicator--574ed70a-03e4-4770-b329-400002de0b81", "observed-data--574ed70a-84ec-4b7b-bf22-40e802de0b81", "url--574ed70a-84ec-4b7b-bf22-40e802de0b81", "indicator--574ed70b-39c0-45d6-8bbd-419f02de0b81", "indicator--574ed70b-0738-4742-a911-4da602de0b81", "observed-data--574ed70b-9a04-4cb4-914b-414f02de0b81", "url--574ed70b-9a04-4cb4-914b-414f02de0b81", "indicator--574ed70c-8444-4f0a-a9bb-468802de0b81", "indicator--574ed70c-6f98-4634-b600-463d02de0b81", "observed-data--574ed70d-7c98-4944-bb1d-460702de0b81", "url--574ed70d-7c98-4944-bb1d-460702de0b81", "indicator--574ed70d-d298-40c9-bd98-499f02de0b81", "indicator--574ed70d-dabc-43d8-9a68-4f2602de0b81", "observed-data--574ed70e-fb20-411c-93b1-488d02de0b81", "url--574ed70e-fb20-411c-93b1-488d02de0b81", "indicator--574ed70e-23b8-42a4-b417-4c6b02de0b81", "indicator--574ed70e-f5f0-47cf-a2e4-44d202de0b81", "observed-data--574ed70f-8b0c-4932-a627-4eaa02de0b81", "url--574ed70f-8b0c-4932-a627-4eaa02de0b81", "indicator--574ed70f-6f58-491d-8609-4d6a02de0b81", "indicator--574ed710-1e2c-4bf7-a8a1-4e7e02de0b81", "observed-data--574ed710-636c-46f2-aacd-419202de0b81", "url--574ed710-636c-46f2-aacd-419202de0b81", "indicator--574ed710-bc30-45d7-aab9-427002de0b81", "indicator--574ed711-79e0-4dc6-9503-4ef902de0b81", "observed-data--574ed711-beb0-43b8-953a-4e6202de0b81", "url--574ed711-beb0-43b8-953a-4e6202de0b81", "indicator--574ed711-dae0-480a-85ae-4e1402de0b81", "indicator--574ed712-ca6c-4b4e-b6b3-4d0102de0b81", "observed-data--574ed712-b44c-4f9a-ae9a-463602de0b81", "url--574ed712-b44c-4f9a-ae9a-463602de0b81", "indicator--574ed713-9878-4b07-aab3-4bc902de0b81", "indicator--574ed713-6890-4b88-9cd9-429f02de0b81", "observed-data--574ed713-2ad8-4dad-b4fc-498702de0b81", "url--574ed713-2ad8-4dad-b4fc-498702de0b81", "indicator--574ed714-d3b8-42c9-a33a-46a402de0b81", "indicator--574ed714-7464-45e6-965a-42e902de0b81", "observed-data--574ed714-b380-4d57-976d-4d7702de0b81", "url--574ed714-b380-4d57-976d-4d7702de0b81", "indicator--574ed715-883c-47a3-b056-478702de0b81", "indicator--574ed715-dae8-43cb-97bb-457e02de0b81", "observed-data--574ed716-a3b8-4739-9cc5-469d02de0b81", "url--574ed716-a3b8-4739-9cc5-469d02de0b81", "indicator--574ed716-46b8-4926-a667-405f02de0b81", "indicator--574ed716-7120-422e-b689-49ee02de0b81", "observed-data--574ed717-4138-41ca-b237-4d6302de0b81", "url--574ed717-4138-41ca-b237-4d6302de0b81", "indicator--574ed717-1b74-4075-a4ad-47ba02de0b81", "indicator--574ed718-8ea8-47b3-bf14-476002de0b81", "observed-data--574ed718-0478-4878-83ae-4aa102de0b81", "url--574ed718-0478-4878-83ae-4aa102de0b81", "indicator--574ed718-3d6c-4034-b842-4d3502de0b81", "indicator--574ed719-fc1c-4964-9bbc-41c502de0b81", "observed-data--574ed719-683c-4fde-963e-4b5c02de0b81", "url--574ed719-683c-4fde-963e-4b5c02de0b81", "indicator--574ed719-bc10-4e19-a33d-4e3402de0b81", "indicator--574ed71a-e484-4ded-9391-41e202de0b81", "observed-data--574ed71a-de0c-4a7e-9e34-44f902de0b81", "url--574ed71a-de0c-4a7e-9e34-44f902de0b81", "indicator--574ed71b-a28c-46be-a965-4f9d02de0b81", "indicator--574ed71b-4678-4049-a426-444802de0b81", "observed-data--574ed71b-246c-4efc-93ba-4d3202de0b81", "url--574ed71b-246c-4efc-93ba-4d3202de0b81", "indicator--574ed71c-c46c-4f1b-a2c9-42f602de0b81", "indicator--574ed71c-7cec-4f0f-bda3-4c0002de0b81", "observed-data--574ed71c-8974-43c1-b9cf-481402de0b81", "url--574ed71c-8974-43c1-b9cf-481402de0b81", "indicator--574ed71d-10c4-4461-b448-491c02de0b81", "indicator--574ed71d-7e88-4f51-9078-472002de0b81", "observed-data--574ed71d-c10c-4e74-9572-4b3d02de0b81", "url--574ed71d-c10c-4e74-9572-4b3d02de0b81", "indicator--574ed71e-fe00-443d-ba58-4fbe02de0b81", "indicator--574ed71e-5db4-4180-9928-4a8902de0b81", "observed-data--574ed71f-9774-4660-86cc-410302de0b81", "url--574ed71f-9774-4660-86cc-410302de0b81", "indicator--574ed71f-3f20-471b-9e13-475d02de0b81", "indicator--574ed71f-d078-4eb6-be22-40d002de0b81", "observed-data--574ed720-76f4-4599-afc8-4bef02de0b81", "url--574ed720-76f4-4599-afc8-4bef02de0b81", "indicator--574ed720-3dd0-47df-ad07-487102de0b81", "indicator--574ed720-62a4-4741-ba52-4cea02de0b81", "observed-data--574ed721-0dbc-46ba-bacf-4fd602de0b81", "url--574ed721-0dbc-46ba-bacf-4fd602de0b81", "indicator--574ed721-3e30-4b23-9b98-45ee02de0b81", "indicator--574ed722-c12c-4e7a-869a-4dc202de0b81", "observed-data--574ed722-7fdc-4092-b4ed-470b02de0b81", "url--574ed722-7fdc-4092-b4ed-470b02de0b81", "indicator--574ed722-26e4-4a98-b8f2-4c5c02de0b81", "indicator--574ed723-bdd0-4b2f-9efe-46e402de0b81", "observed-data--574ed723-eca4-4f99-9bbd-4fa302de0b81", "url--574ed723-eca4-4f99-9bbd-4fa302de0b81", "indicator--574ed724-4c64-45fb-81b2-421802de0b81", "indicator--574ed724-6e98-485d-9e4a-4ee402de0b81", "observed-data--574ed724-2c4c-4634-ba06-4df702de0b81", "url--574ed724-2c4c-4634-ba06-4df702de0b81", "indicator--574ed725-3600-4f8a-9a96-47dc02de0b81", "indicator--574ed725-8594-47cb-bea3-47f702de0b81", "observed-data--574ed725-d964-4b42-86a8-4ce902de0b81", "url--574ed725-d964-4b42-86a8-4ce902de0b81", "indicator--574ed726-5d88-4b3e-b983-420602de0b81", "indicator--574ed726-bb10-4e4b-ab8a-4dc102de0b81", "observed-data--574ed726-503c-45ec-8788-4edc02de0b81", "url--574ed726-503c-45ec-8788-4edc02de0b81", "indicator--574ed727-aff8-462b-9d3e-469102de0b81", "indicator--574ed727-b1f4-4fd5-8432-464f02de0b81", "observed-data--574ed727-1d30-42d4-b8f2-472902de0b81", "url--574ed727-1d30-42d4-b8f2-472902de0b81", "indicator--574ed728-4d98-42f5-88e8-432a02de0b81", "indicator--574ed728-de30-4088-98ac-4edc02de0b81", "observed-data--574ed728-61e4-4bab-a9fc-4cf902de0b81", "url--574ed728-61e4-4bab-a9fc-4cf902de0b81", "indicator--574ed729-d3b8-48bb-8be2-4e6102de0b81", "indicator--574ed729-578c-48d8-a291-403102de0b81", "observed-data--574ed729-ee88-48dd-af27-4d3502de0b81", "url--574ed729-ee88-48dd-af27-4d3502de0b81", "indicator--574ed72a-d528-4991-9ece-4c6f02de0b81", "indicator--574ed72a-b8e4-489a-b5d9-41a202de0b81", "observed-data--574ed72b-3fd4-493e-9863-486202de0b81", "url--574ed72b-3fd4-493e-9863-486202de0b81", "indicator--574ed72b-b7d8-49ee-87fd-474602de0b81", "indicator--574ed72b-6d04-42a3-8d38-430002de0b81", "observed-data--574ed72c-453c-4cce-90b5-4a8802de0b81", "url--574ed72c-453c-4cce-90b5-4a8802de0b81", "indicator--574ed72c-227c-41b7-aaac-4ccf02de0b81", "indicator--574ed72c-5778-4616-b69d-407502de0b81", "observed-data--574ed72d-f3f4-40cf-8249-44d302de0b81", "url--574ed72d-f3f4-40cf-8249-44d302de0b81", "indicator--574ed72d-de4c-4dbe-8897-471702de0b81", "indicator--574ed72d-aa20-44ce-86ac-409e02de0b81", "observed-data--574ed72e-6058-489f-8ebe-407a02de0b81", "url--574ed72e-6058-489f-8ebe-407a02de0b81", "indicator--574ed72e-2600-41a1-b7a7-4fed02de0b81", "indicator--574ed72e-d878-4358-a442-452d02de0b81", "observed-data--574ed72f-5c2c-45ff-82de-4dfa02de0b81", "url--574ed72f-5c2c-45ff-82de-4dfa02de0b81", "indicator--574ed72f-dbf4-49f0-96cf-400e02de0b81", "indicator--574ed72f-a528-412e-862f-497202de0b81", "observed-data--574ed730-9738-4530-9d13-4be602de0b81", "url--574ed730-9738-4530-9d13-4be602de0b81", "indicator--574ed730-e15c-4768-927d-41a602de0b81", "indicator--574ed730-4e4c-4a4e-857f-4eff02de0b81", "observed-data--574ed731-5508-4e5b-806f-4d2f02de0b81", "url--574ed731-5508-4e5b-806f-4d2f02de0b81", "indicator--574ed731-91ac-475d-a2d5-4f9702de0b81", "indicator--574ed731-d044-4692-8183-495d02de0b81", "observed-data--574ed732-916c-46d9-809e-445202de0b81", "url--574ed732-916c-46d9-809e-445202de0b81", "indicator--574ed732-c63c-4896-ad24-4e5902de0b81", "indicator--574ed732-ae40-442c-bb6e-486d02de0b81", "observed-data--574ed733-454c-4125-add0-443302de0b81", "url--574ed733-454c-4125-add0-443302de0b81", "indicator--574ed733-7cd0-4e2c-b591-48dc02de0b81", "indicator--574ed733-bc0c-43bb-958d-407902de0b81", "observed-data--574ed734-bdfc-4aa2-975f-442302de0b81", "url--574ed734-bdfc-4aa2-975f-442302de0b81", "indicator--574ed734-9b8c-4afa-986d-4b1b02de0b81", "indicator--574ed734-aa4c-459c-824e-4e1602de0b81", "observed-data--574ed735-d344-4b80-bc4b-477402de0b81", "url--574ed735-d344-4b80-bc4b-477402de0b81", "indicator--574ed735-8700-40b4-b7b7-435f02de0b81", "indicator--574ed735-7374-4eda-a1c5-4f5a02de0b81", "observed-data--574ed736-b6e8-403a-811a-46f802de0b81", "url--574ed736-b6e8-403a-811a-46f802de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed4ee-70e8-4fe7-bebd-4e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:28:30.000Z", "modified": "2016-06-01T12:28:30.000Z", "first_observed": "2016-06-01T12:28:30Z", "last_observed": "2016-06-01T12:28:30Z", "number_observed": 1, "object_refs": [ "url--574ed4ee-70e8-4fe7-bebd-4e72950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed4ee-70e8-4fe7-bebd-4e72950d210f", "value": "http://documents.trendmicro.com/assets/appendix-dridex-new-tricks-lead-to-global-spam-outbreak.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed4fc-6f68-4c18-bb78-4310950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:28:44.000Z", "modified": "2016-06-01T12:28:44.000Z", "first_observed": "2016-06-01T12:28:44Z", "last_observed": "2016-06-01T12:28:44Z", "number_observed": 1, "object_refs": [ "url--574ed4fc-6f68-4c18-bb78-4310950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed4fc-6f68-4c18-bb78-4310950d210f", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-poses-as-fake-certificate/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--574ed511-bd28-4c6f-a32f-46bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:05.000Z", "modified": "2016-06-01T12:29:05.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX\u00e2\u20ac\u201crelated spam emails after its seeming \u00e2\u20ac\u02dchiatus.\u00e2\u20ac\u2122 This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed533-1e64-4b94-a9dd-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:39.000Z", "modified": "2016-06-01T12:29:39.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.187.28.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed534-9eb0-4144-b0ac-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:40.000Z", "modified": "2016-06-01T12:29:40.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.109.210.112']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed534-ce38-4de0-8284-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:40.000Z", "modified": "2016-06-01T12:29:40.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.227.176.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed534-0bbc-475a-8b94-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:40.000Z", "modified": "2016-06-01T12:29:40.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '135.26.29.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed535-cc84-4eb5-beab-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:41.000Z", "modified": "2016-06-01T12:29:41.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.97.18.93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed535-c3b4-46c2-8fc1-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:41.000Z", "modified": "2016-06-01T12:29:41.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.99.8.219']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed536-3608-4ddd-89cb-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:42.000Z", "modified": "2016-06-01T12:29:42.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.255.60.173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed536-7e50-464a-b537-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:42.000Z", "modified": "2016-06-01T12:29:42.000Z", "description": "On port 443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.96.139.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed536-7e2c-408e-ab57-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:42.000Z", "modified": "2016-06-01T12:29:42.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.45.13.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed537-715c-4870-be31-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:43.000Z", "modified": "2016-06-01T12:29:43.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.223.199.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed537-15dc-43fe-94c4-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:43.000Z", "modified": "2016-06-01T12:29:43.000Z", "description": "On port 443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.255.121.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed537-cca0-48ee-b31e-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:43.000Z", "modified": "2016-06-01T12:29:43.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.8.213.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed538-eb30-4ec6-992e-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:44.000Z", "modified": "2016-06-01T12:29:44.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.2.145.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed538-fee0-4fd3-9dae-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:44.000Z", "modified": "2016-06-01T12:29:44.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.203.222.43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed539-a0b4-48e4-9fb8-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:45.000Z", "modified": "2016-06-01T12:29:45.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.22.207.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed539-02fc-42f0-8c57-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:45.000Z", "modified": "2016-06-01T12:29:45.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.200.154.229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed539-2848-4f22-b279-3834950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:29:45.000Z", "modified": "2016-06-01T12:29:45.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '70.164.35.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:29:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed566-3ff4-4341-83a7-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:30.000Z", "modified": "2016-06-01T12:30:30.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '1a5179c9b72fdb4b606cb63037c91de413a49db1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed567-2708-4f36-8476-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:31.000Z", "modified": "2016-06-01T12:30:31.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '7ea297d29023a7ea7a3d01df618c0166c559bdf5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed567-92b8-4fd1-aee4-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:31.000Z", "modified": "2016-06-01T12:30:31.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '19cc50c25f6135f73852f06c9a0722deff76a3a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed567-8be4-43e5-a15f-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:31.000Z", "modified": "2016-06-01T12:30:31.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '22a7d69955fbafd0d5e090295e367a409731ba90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed568-ef6c-4bbf-8e3c-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:32.000Z", "modified": "2016-06-01T12:30:32.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '93ec6482f36639578784a61f6bc1ed4b0fa14912']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed568-c23c-4f7f-8f10-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:32.000Z", "modified": "2016-06-01T12:30:32.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '133a1fffc46903061d8ea2d12b80deb89636dbb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed569-83ec-40b7-b1f2-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:33.000Z", "modified": "2016-06-01T12:30:33.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '268f374b0fcc7fab399c64311dfac2e9f97a4da1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed569-390c-4911-b668-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:33.000Z", "modified": "2016-06-01T12:30:33.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '707ad2ab4f9735b51e5da503178d7763198cc4d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed569-6514-4b5a-ade9-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:33.000Z", "modified": "2016-06-01T12:30:33.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '885b48c5a644caf92ce62e70b90197c6f30b225c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56a-16b8-476c-95b9-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:34.000Z", "modified": "2016-06-01T12:30:34.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '4611e4824587231d7dc6fbe271d18b14bb3aed3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56a-04bc-4a84-97d4-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:34.000Z", "modified": "2016-06-01T12:30:34.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '84342db658af50c34dd75c792bf4ff726d6e02d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56b-004c-4f8c-860e-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:35.000Z", "modified": "2016-06-01T12:30:35.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '94046ddd538b5831e9e3ba7548e84da645ad4bb8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56b-4cf0-4f0d-b8e2-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:35.000Z", "modified": "2016-06-01T12:30:35.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '96197dc35306c827f3891c1fdf807624b071972d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56b-8c8c-4fc3-b5bc-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:35.000Z", "modified": "2016-06-01T12:30:35.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '406059fe3ddf8ef42bfcc99441871efd2fa8fb07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56c-e8dc-486d-a0c6-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:36.000Z", "modified": "2016-06-01T12:30:36.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '603135d21d691797969fd1e330e285c173815ab4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56c-252c-4273-aa1f-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:36.000Z", "modified": "2016-06-01T12:30:36.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'a1a5c7a55e14481a93b1e2a836a4ffaf1242b301']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56d-5a74-4570-a8bc-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:37.000Z", "modified": "2016-06-01T12:30:37.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'a14b2b9626549b34737ffb55a5caff71cdb3d714']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56d-0de8-4919-bdb6-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:37.000Z", "modified": "2016-06-01T12:30:37.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'a3606a848a40c554ee60add2eb53ba44778aca46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56e-e208-4eda-b006-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:38.000Z", "modified": "2016-06-01T12:30:38.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'aea29b594274eeabf954415a347fbca802d057e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56e-9330-4d6c-899b-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:38.000Z", "modified": "2016-06-01T12:30:38.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'b9afbd6054d4c512b0e4e048e2eec518acc95b0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed56e-5460-440a-9850-9bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:30:38.000Z", "modified": "2016-06-01T12:30:38.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'b99d8c6e0ad54728cb93eb22a1ae9115a2cfc750']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5bd-ecb8-4757-a379-46c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:31:57.000Z", "modified": "2016-06-01T12:31:57.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'befa9acb077f8c8c75e3892a811c5bfd08e3e7fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:31:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5be-cec0-41a4-ad9b-4734950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:31:58.000Z", "modified": "2016-06-01T12:31:58.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'd775706af618112ad7e8defe3a77ec9724b97a8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:31:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5be-5358-4711-aaa5-4974950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:31:58.000Z", "modified": "2016-06-01T12:31:58.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'de238864f60e34b6fc6d4d26590692141ad9ca32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:31:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5be-8528-4ec1-b768-41a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:31:58.000Z", "modified": "2016-06-01T12:31:58.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'ea83c4f39ce54f09359f09f14ae8e05e055ab6c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:31:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5bf-9d00-4178-9199-46b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:31:59.000Z", "modified": "2016-06-01T12:31:59.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'f9d17572fdf3e891f03e23ea0b1bfef276405b49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:31:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5bf-621c-4eb6-be42-426f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:31:59.000Z", "modified": "2016-06-01T12:31:59.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'f778982a989c54f800aac913e0e9afa7d6c6a8f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:31:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c0-da54-41d1-a3c7-418b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:00.000Z", "modified": "2016-06-01T12:32:00.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '0699fb11acea5906e4f5d6c97164812c51b579d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c0-6174-48e7-97de-4579950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:00.000Z", "modified": "2016-06-01T12:32:00.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '0b70c4376e74700bb4df6882c28a71ace417d2c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c0-9f6c-4f74-9f82-44eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:00.000Z", "modified": "2016-06-01T12:32:00.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '2859eaf08f5da8752b2da399cc583d5030ac7e9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c1-91bc-4272-8e48-417f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:01.000Z", "modified": "2016-06-01T12:32:01.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '350d537414ddc7db6c545e1d2a25406161615693']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c1-87e0-40f3-87f8-4a5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:01.000Z", "modified": "2016-06-01T12:32:01.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '4d3f50def97ab7eab86771d1bf2f2710c8af48d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c2-5434-4320-a56d-42d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:02.000Z", "modified": "2016-06-01T12:32:02.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '594d87c767f776ca610636b601a9cc9faf0fd1e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c2-a24c-46a6-b405-4637950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:02.000Z", "modified": "2016-06-01T12:32:02.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '5ae28c8f5ff3e35c708ef76e40c9672651ec6fc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c3-11fc-4786-add5-4d5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:03.000Z", "modified": "2016-06-01T12:32:03.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '845b1d71ffec59322f688a21221e5817475d2da9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c3-5ac4-49ea-97aa-4ee0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:03.000Z", "modified": "2016-06-01T12:32:03.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '89fe9b77ea0e9ec6dc5ded8d9812b4dfab612512']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c3-1cc4-45f2-aba5-4ec6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:03.000Z", "modified": "2016-06-01T12:32:03.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = '9f227611e68ef2128bdd7a9f03483f7f8e275920']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c4-0cb8-4b6b-bd7a-41b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:04.000Z", "modified": "2016-06-01T12:32:04.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'a136f9ff047767fe4d603c96c6c57d759a211c2c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c4-9624-4b46-94f3-4f47950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:04.000Z", "modified": "2016-06-01T12:32:04.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'b0c100374dd7142edf97a9d233b3c68bcf77a07e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c5-7c00-4e1e-adc0-4a27950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:05.000Z", "modified": "2016-06-01T12:32:05.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'b3b07b038834a8b3eb8527f2990a1b8d89e82602']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c5-6eb4-40ed-82fc-4cd4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:05.000Z", "modified": "2016-06-01T12:32:05.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'bb9bed40b9b8eef3132e6c0844a88744c61fe219']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c5-e72c-4f92-b916-41ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:05.000Z", "modified": "2016-06-01T12:32:05.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'dce40b0833f241b6027633ff4481a3ea910766c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5c6-eb40-41f0-80f3-4223950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:06.000Z", "modified": "2016-06-01T12:32:06.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'def75ed1591517947f094b02cb3627a2e852e637']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5de-3ea8-403f-9133-4c72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:30.000Z", "modified": "2016-06-01T12:32:30.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'e34f5dd4d8b8d40c49afef563055baeee9d0c755']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5de-c5a4-416f-af1b-46bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:30.000Z", "modified": "2016-06-01T12:32:30.000Z", "description": "W2KM_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'faccbbc8160e27d7c625d0be6b974825c68dc58c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed5f0-fec4-4326-9431-4ec9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:32:48.000Z", "modified": "2016-06-01T12:32:48.000Z", "description": "TSPY_DRIDEX.YVD", "pattern": "[file:hashes.SHA1 = 'b94f0b460cf620a77120bbe76dd378146116ed25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:32:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed602-3f18-467f-9654-4f00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:06.000Z", "modified": "2016-06-01T12:33:06.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.27.189.56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed602-8a54-4fc7-8f51-4f17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:06.000Z", "modified": "2016-06-01T12:33:06.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.35.204.239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed602-0ef0-4a7f-b750-406b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:06.000Z", "modified": "2016-06-01T12:33:06.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.207.137.87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed603-eb94-4ab0-8676-4224950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:07.000Z", "modified": "2016-06-01T12:33:07.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.67.214.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed603-3aec-48c4-a423-40b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:07.000Z", "modified": "2016-06-01T12:33:07.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.146.221.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed603-abb8-4f45-8421-459d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:07.000Z", "modified": "2016-06-01T12:33:07.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.140.160.54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed604-041c-46d2-920a-411b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:08.000Z", "modified": "2016-06-01T12:33:08.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.152.47.41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed604-0564-4dc2-b336-4ec4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:08.000Z", "modified": "2016-06-01T12:33:08.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.175.137.132']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed604-656c-4f34-8761-4038950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:08.000Z", "modified": "2016-06-01T12:33:08.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.230.226.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed605-d734-400e-8b54-449d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:09.000Z", "modified": "2016-06-01T12:33:09.000Z", "description": "On port 8443", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.93.247.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed617-1ffc-4758-95e5-4a3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:27.000Z", "modified": "2016-06-01T12:33:27.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/natwest_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed618-c908-4d7a-a1c1-4634950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:28.000Z", "modified": "2016-06-01T12:33:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/halifaxpers_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed618-8758-4c8d-9eed-4d3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:28.000Z", "modified": "2016-06-01T12:33:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/lloydspers_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed619-881c-49e3-b19b-48b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:29.000Z", "modified": "2016-06-01T12:33:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/tsbpers_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed619-e088-4d5b-88f2-4d38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:29.000Z", "modified": "2016-06-01T12:33:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/ulster_ie_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed619-7b70-4c82-a108-4453950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:29.000Z", "modified": "2016-06-01T12:33:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/ulster_uk_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed61a-12e8-42c3-87e3-4b1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:30.000Z", "modified": "2016-06-01T12:33:30.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/bospers_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed61a-a2ac-4061-b5e2-4b05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:30.000Z", "modified": "2016-06-01T12:33:30.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = '174.34.164.106:11443/2/rbs_62y7rKX8yF819Lg3/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed636-01a8-45e0-9eb2-420f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:58.000Z", "modified": "2016-06-01T12:33:58.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.126.113.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed636-d81c-4386-ac68-426c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:58.000Z", "modified": "2016-06-01T12:33:58.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.135.163.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed637-963c-48f7-bd18-4a13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:59.000Z", "modified": "2016-06-01T12:33:59.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.53.8.33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed637-df08-4cb8-a90c-4499950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:33:59.000Z", "modified": "2016-06-01T12:33:59.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.161.7.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed667-8cd4-4097-aec7-4c0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:47.000Z", "modified": "2016-06-01T12:34:47.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '189.201.241.39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed667-132c-4421-8b3a-4a46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:47.000Z", "modified": "2016-06-01T12:34:47.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.6.166.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed667-f3d8-479e-9a21-412d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:47.000Z", "modified": "2016-06-01T12:34:47.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.218.244.205']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed668-82ac-41c5-8fa6-44b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:48.000Z", "modified": "2016-06-01T12:34:48.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.105.223.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed668-5290-4c5f-9aa1-4a46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:48.000Z", "modified": "2016-06-01T12:34:48.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.114.80.90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed669-d254-4d39-89e9-4369950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:49.000Z", "modified": "2016-06-01T12:34:49.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.158.6.57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed669-5e70-48f4-be59-4038950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:49.000Z", "modified": "2016-06-01T12:34:49.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.210.229.13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed669-fc88-4936-a528-49c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:49.000Z", "modified": "2016-06-01T12:34:49.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.111.75.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed669-20f4-4fbc-97a4-4f19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:49.000Z", "modified": "2016-06-01T12:34:49.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.64.166.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed669-a45c-452e-995c-4a2b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:49.000Z", "modified": "2016-06-01T12:34:49.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.44.165.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed669-a114-4a1a-97b5-4855950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:49.000Z", "modified": "2016-06-01T12:34:49.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.96.114.66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66a-7898-4a6a-a568-438f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:50.000Z", "modified": "2016-06-01T12:34:50.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.38.90.245']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66a-6390-4023-8c0d-47ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:50.000Z", "modified": "2016-06-01T12:34:50.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '201.6.240.190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66a-f1e8-430e-967a-48a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:50.000Z", "modified": "2016-06-01T12:34:50.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.11.93.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66a-8cbc-400b-b433-436b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:50.000Z", "modified": "2016-06-01T12:34:50.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.242.27.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66a-2884-4c9d-a612-4d41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:50.000Z", "modified": "2016-06-01T12:34:50.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.241.121.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66a-6cb0-4411-8a60-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:50.000Z", "modified": "2016-06-01T12:34:50.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.243.207.59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66b-0ebc-47a0-8463-43c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:51.000Z", "modified": "2016-06-01T12:34:51.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.31.109.82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66b-2fb0-4b3f-a30e-4842950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:51.000Z", "modified": "2016-06-01T12:34:51.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.179.25.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66b-e010-48d7-8901-4754950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:51.000Z", "modified": "2016-06-01T12:34:51.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.149.90.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66b-9864-433e-bd03-4ddf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:51.000Z", "modified": "2016-06-01T12:34:51.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.110.23.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66b-8614-4de4-9d60-4fae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:51.000Z", "modified": "2016-06-01T12:34:51.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.208.209.32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed66c-c504-45cc-9197-4e9d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:34:52.000Z", "modified": "2016-06-01T12:34:52.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.241.229.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:34:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed691-e938-4066-9a76-4a18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:29.000Z", "modified": "2016-06-01T12:35:29.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.233.23.122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed691-a5e8-41fa-909e-4f74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:29.000Z", "modified": "2016-06-01T12:35:29.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.136.220.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed691-b768-4eae-9e84-42a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:29.000Z", "modified": "2016-06-01T12:35:29.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.23.143.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed691-ca04-4bca-9816-4c56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:29.000Z", "modified": "2016-06-01T12:35:29.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.108.99.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed692-2c98-4b23-b11e-42e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:30.000Z", "modified": "2016-06-01T12:35:30.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.177.147.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed692-aed8-46bd-9276-4f64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:30.000Z", "modified": "2016-06-01T12:35:30.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.188.199.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed692-54f0-47fa-9e07-405a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:30.000Z", "modified": "2016-06-01T12:35:30.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.89.245.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed692-f98c-42c3-be84-46ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:30.000Z", "modified": "2016-06-01T12:35:30.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.160.89.195']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed692-daf8-4804-ab83-40f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:30.000Z", "modified": "2016-06-01T12:35:30.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.170.23.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed692-dd38-488c-8184-45bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:30.000Z", "modified": "2016-06-01T12:35:30.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.107.239.145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed693-1068-4af9-a944-480f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:31.000Z", "modified": "2016-06-01T12:35:31.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.112.149.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed693-b61c-431c-9b12-4778950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:31.000Z", "modified": "2016-06-01T12:35:31.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.104.215.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed693-9bb8-40a5-8d66-4a19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:31.000Z", "modified": "2016-06-01T12:35:31.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.215.244.83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed693-d8f8-4e6e-850c-4838950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:31.000Z", "modified": "2016-06-01T12:35:31.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '36.73.200.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed693-ede8-4fd7-b5d9-4d4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:31.000Z", "modified": "2016-06-01T12:35:31.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.99.72.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed693-1154-4d3d-bea8-4faf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:31.000Z", "modified": "2016-06-01T12:35:31.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.214.99.120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed694-1f18-4075-b15b-4211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:32.000Z", "modified": "2016-06-01T12:35:32.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.97.118.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed694-5498-4ea0-b123-4adb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:32.000Z", "modified": "2016-06-01T12:35:32.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.39.254.233']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed694-794c-4a8e-a139-4df0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:32.000Z", "modified": "2016-06-01T12:35:32.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.180.4.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed694-70f0-4000-a9ce-4b38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:32.000Z", "modified": "2016-06-01T12:35:32.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.243.4.132']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed694-35a0-4093-98c7-41f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:32.000Z", "modified": "2016-06-01T12:35:32.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.231.159.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed694-3b74-4f02-8b48-45e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:32.000Z", "modified": "2016-06-01T12:35:32.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.159.214.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed695-85cc-4f11-9c21-46a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:35:33.000Z", "modified": "2016-06-01T12:35:33.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.117.48.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c1-e328-4853-a284-42af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:17.000Z", "modified": "2016-06-01T12:36:17.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.192.147.54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c1-5de8-4f25-b38e-4fcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:17.000Z", "modified": "2016-06-01T12:36:17.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.120.67.90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c2-d118-4c33-a360-4168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:18.000Z", "modified": "2016-06-01T12:36:18.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.248.222.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c2-5880-4abb-a4df-4a28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:18.000Z", "modified": "2016-06-01T12:36:18.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.218.102.82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c2-8c40-4ab0-9eb2-444a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:18.000Z", "modified": "2016-06-01T12:36:18.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.76.248.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c3-aee4-47cc-b778-4146950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:19.000Z", "modified": "2016-06-01T12:36:19.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.59.202.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c3-d0bc-4646-b7db-4def950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:19.000Z", "modified": "2016-06-01T12:36:19.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.76.8.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c3-14e0-4ca3-bb66-4253950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:19.000Z", "modified": "2016-06-01T12:36:19.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.207.56.230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c3-e2b4-43e7-bb01-410d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:19.000Z", "modified": "2016-06-01T12:36:19.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.239.144.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c3-b1fc-4e34-8a24-4edf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:19.000Z", "modified": "2016-06-01T12:36:19.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.225.221.162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c4-387c-4574-b5d7-40fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:20.000Z", "modified": "2016-06-01T12:36:20.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.247.232.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c4-18c4-4209-b252-488c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:20.000Z", "modified": "2016-06-01T12:36:20.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.124.70.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c4-fe2c-402d-a900-4755950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:20.000Z", "modified": "2016-06-01T12:36:20.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.93.100.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c4-78c0-449c-97e3-4285950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:20.000Z", "modified": "2016-06-01T12:36:20.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.143.187.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c4-dac0-48fc-a8f3-4e4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:20.000Z", "modified": "2016-06-01T12:36:20.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '201.130.1.118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c5-b09c-4c1c-a246-448b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:21.000Z", "modified": "2016-06-01T12:36:21.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.177.100.208']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c5-23f8-4376-bf35-4b30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:21.000Z", "modified": "2016-06-01T12:36:21.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.210.186.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c5-f104-41a5-ba11-43ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:21.000Z", "modified": "2016-06-01T12:36:21.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.36.184.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c5-cc88-4230-9f7b-4c93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:21.000Z", "modified": "2016-06-01T12:36:21.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.58.155.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c5-1af4-4193-a86e-4919950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:21.000Z", "modified": "2016-06-01T12:36:21.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.145.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c6-9c50-4575-b623-4635950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:22.000Z", "modified": "2016-06-01T12:36:22.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.18.180.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed6c6-bcac-4289-bff8-4ceb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:36:22.000Z", "modified": "2016-06-01T12:36:22.000Z", "description": "Spam-sending IP address", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.39.155.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:36:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed704-3d8c-4c86-99b8-42ed02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:24.000Z", "modified": "2016-06-01T12:37:24.000Z", "description": "TSPY_DRIDEX.YVD - Xchecked via VT: b94f0b460cf620a77120bbe76dd378146116ed25", "pattern": "[file:hashes.SHA256 = 'ea17b486de6584313623ec0db9cafac96cb454b91894bb9a4cc1754135d0bd35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed704-f154-4163-868a-469f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:24.000Z", "modified": "2016-06-01T12:37:24.000Z", "description": "TSPY_DRIDEX.YVD - Xchecked via VT: b94f0b460cf620a77120bbe76dd378146116ed25", "pattern": "[file:hashes.MD5 = '5c752edd310dc7eba126073bcd42496f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed705-4484-48f9-97cd-4ebd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:25.000Z", "modified": "2016-06-01T12:37:25.000Z", "first_observed": "2016-06-01T12:37:25Z", "last_observed": "2016-06-01T12:37:25Z", "number_observed": 1, "object_refs": [ "url--574ed705-4484-48f9-97cd-4ebd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed705-4484-48f9-97cd-4ebd02de0b81", "value": "https://www.virustotal.com/file/ea17b486de6584313623ec0db9cafac96cb454b91894bb9a4cc1754135d0bd35/analysis/1464188709/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed705-0b6c-4af6-8696-47b702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:25.000Z", "modified": "2016-06-01T12:37:25.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: faccbbc8160e27d7c625d0be6b974825c68dc58c", "pattern": "[file:hashes.SHA256 = '043643002c18d2a0b533b3ae26f5c18e24c37140121af68a43884f100c3d6efb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed705-115c-4aa0-9074-4da902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:25.000Z", "modified": "2016-06-01T12:37:25.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: faccbbc8160e27d7c625d0be6b974825c68dc58c", "pattern": "[file:hashes.MD5 = '4213752f723b67033b34dc256b1fdeb9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed706-d5ec-405d-a9b2-41aa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:26.000Z", "modified": "2016-06-01T12:37:26.000Z", "first_observed": "2016-06-01T12:37:26Z", "last_observed": "2016-06-01T12:37:26Z", "number_observed": 1, "object_refs": [ "url--574ed706-d5ec-405d-a9b2-41aa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed706-d5ec-405d-a9b2-41aa02de0b81", "value": "https://www.virustotal.com/file/043643002c18d2a0b533b3ae26f5c18e24c37140121af68a43884f100c3d6efb/analysis/1464187130/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed706-0910-494f-b42c-4b7102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:26.000Z", "modified": "2016-06-01T12:37:26.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: e34f5dd4d8b8d40c49afef563055baeee9d0c755", "pattern": "[file:hashes.SHA256 = 'ef80990a71475aba186a248ce43fc5a3e25fed3bb8dececcac3a894c5c788a52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed707-0100-46ba-bc57-480302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:26.000Z", "modified": "2016-06-01T12:37:26.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: e34f5dd4d8b8d40c49afef563055baeee9d0c755", "pattern": "[file:hashes.MD5 = '0b3cfdf6acf83b61b898f1095c96a4fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed707-d860-45fd-b811-48d502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:27.000Z", "modified": "2016-06-01T12:37:27.000Z", "first_observed": "2016-06-01T12:37:27Z", "last_observed": "2016-06-01T12:37:27Z", "number_observed": 1, "object_refs": [ "url--574ed707-d860-45fd-b811-48d502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed707-d860-45fd-b811-48d502de0b81", "value": "https://www.virustotal.com/file/ef80990a71475aba186a248ce43fc5a3e25fed3bb8dececcac3a894c5c788a52/analysis/1464274811/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed707-a2d0-4938-8dda-41c202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:27.000Z", "modified": "2016-06-01T12:37:27.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: def75ed1591517947f094b02cb3627a2e852e637", "pattern": "[file:hashes.SHA256 = '2becbdae70ae1cd71f6d9ed88344883f3fe4484b284e1527fa637b8e02aa4599']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed708-5bcc-4a14-8c6a-4c9502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:28.000Z", "modified": "2016-06-01T12:37:28.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: def75ed1591517947f094b02cb3627a2e852e637", "pattern": "[file:hashes.MD5 = '873333a6c2d66447e1144288b5fe7e30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed708-391c-4353-9c18-440602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:28.000Z", "modified": "2016-06-01T12:37:28.000Z", "first_observed": "2016-06-01T12:37:28Z", "last_observed": "2016-06-01T12:37:28Z", "number_observed": 1, "object_refs": [ "url--574ed708-391c-4353-9c18-440602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed708-391c-4353-9c18-440602de0b81", "value": "https://www.virustotal.com/file/2becbdae70ae1cd71f6d9ed88344883f3fe4484b284e1527fa637b8e02aa4599/analysis/1464274509/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed708-9e34-4f9e-a55f-4d2902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:28.000Z", "modified": "2016-06-01T12:37:28.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: dce40b0833f241b6027633ff4481a3ea910766c3", "pattern": "[file:hashes.SHA256 = 'b9befc85c45bcec49ee487d3fece40a84a4341d2afc8726fd3f48316b79c3212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed709-d55c-4675-8236-467602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:29.000Z", "modified": "2016-06-01T12:37:29.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: dce40b0833f241b6027633ff4481a3ea910766c3", "pattern": "[file:hashes.MD5 = 'b6d59fae3c4e8f53a9b7b4d5713f4245']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed709-b7a8-442f-8c45-41bc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:29.000Z", "modified": "2016-06-01T12:37:29.000Z", "first_observed": "2016-06-01T12:37:29Z", "last_observed": "2016-06-01T12:37:29Z", "number_observed": 1, "object_refs": [ "url--574ed709-b7a8-442f-8c45-41bc02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed709-b7a8-442f-8c45-41bc02de0b81", "value": "https://www.virustotal.com/file/b9befc85c45bcec49ee487d3fece40a84a4341d2afc8726fd3f48316b79c3212/analysis/1464274515/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed709-bfa0-4d25-96b9-4dad02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:29.000Z", "modified": "2016-06-01T12:37:29.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: bb9bed40b9b8eef3132e6c0844a88744c61fe219", "pattern": "[file:hashes.SHA256 = '1b1f3fda172f175739b5283d9ca2aa258ebb2d65a1e7e1b0eec2bc41bba48f9e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70a-03e4-4770-b329-400002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:30.000Z", "modified": "2016-06-01T12:37:30.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: bb9bed40b9b8eef3132e6c0844a88744c61fe219", "pattern": "[file:hashes.MD5 = '645598660fe6e184bc1d59816796f54d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed70a-84ec-4b7b-bf22-40e802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:30.000Z", "modified": "2016-06-01T12:37:30.000Z", "first_observed": "2016-06-01T12:37:30Z", "last_observed": "2016-06-01T12:37:30Z", "number_observed": 1, "object_refs": [ "url--574ed70a-84ec-4b7b-bf22-40e802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed70a-84ec-4b7b-bf22-40e802de0b81", "value": "https://www.virustotal.com/file/1b1f3fda172f175739b5283d9ca2aa258ebb2d65a1e7e1b0eec2bc41bba48f9e/analysis/1464154807/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70b-39c0-45d6-8bbd-419f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:31.000Z", "modified": "2016-06-01T12:37:31.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b3b07b038834a8b3eb8527f2990a1b8d89e82602", "pattern": "[file:hashes.SHA256 = 'd3e7693c2c26d8c915766d048ebe01131972881fa9ec57bfe7e182cbe8b8e5ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70b-0738-4742-a911-4da602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:31.000Z", "modified": "2016-06-01T12:37:31.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b3b07b038834a8b3eb8527f2990a1b8d89e82602", "pattern": "[file:hashes.MD5 = 'a791732bda4dd212ea961e5c4accc9eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed70b-9a04-4cb4-914b-414f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:31.000Z", "modified": "2016-06-01T12:37:31.000Z", "first_observed": "2016-06-01T12:37:31Z", "last_observed": "2016-06-01T12:37:31Z", "number_observed": 1, "object_refs": [ "url--574ed70b-9a04-4cb4-914b-414f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed70b-9a04-4cb4-914b-414f02de0b81", "value": "https://www.virustotal.com/file/d3e7693c2c26d8c915766d048ebe01131972881fa9ec57bfe7e182cbe8b8e5ea/analysis/1464154207/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70c-8444-4f0a-a9bb-468802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:32.000Z", "modified": "2016-06-01T12:37:32.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b0c100374dd7142edf97a9d233b3c68bcf77a07e", "pattern": "[file:hashes.SHA256 = '62a5d3ec0dcda0aa72d13b2deac30307935b41b3e5a0e132fc4cf70cb2688543']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70c-6f98-4634-b600-463d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:32.000Z", "modified": "2016-06-01T12:37:32.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b0c100374dd7142edf97a9d233b3c68bcf77a07e", "pattern": "[file:hashes.MD5 = '16eb1828b27feb9dd470eb018be39d0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed70d-7c98-4944-bb1d-460702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:33.000Z", "modified": "2016-06-01T12:37:33.000Z", "first_observed": "2016-06-01T12:37:33Z", "last_observed": "2016-06-01T12:37:33Z", "number_observed": 1, "object_refs": [ "url--574ed70d-7c98-4944-bb1d-460702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed70d-7c98-4944-bb1d-460702de0b81", "value": "https://www.virustotal.com/file/62a5d3ec0dcda0aa72d13b2deac30307935b41b3e5a0e132fc4cf70cb2688543/analysis/1464332226/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70d-d298-40c9-bd98-499f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:33.000Z", "modified": "2016-06-01T12:37:33.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a136f9ff047767fe4d603c96c6c57d759a211c2c", "pattern": "[file:hashes.SHA256 = '4936f72d9bd07214d6ce00ca574183e321a9971aa190c1faba8c5c0c4061c378']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70d-dabc-43d8-9a68-4f2602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:33.000Z", "modified": "2016-06-01T12:37:33.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a136f9ff047767fe4d603c96c6c57d759a211c2c", "pattern": "[file:hashes.MD5 = '6e50f2d582e7fab6465ba1ce1f1c9188']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed70e-fb20-411c-93b1-488d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:34.000Z", "modified": "2016-06-01T12:37:34.000Z", "first_observed": "2016-06-01T12:37:34Z", "last_observed": "2016-06-01T12:37:34Z", "number_observed": 1, "object_refs": [ "url--574ed70e-fb20-411c-93b1-488d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed70e-fb20-411c-93b1-488d02de0b81", "value": "https://www.virustotal.com/file/4936f72d9bd07214d6ce00ca574183e321a9971aa190c1faba8c5c0c4061c378/analysis/1464330836/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70e-23b8-42a4-b417-4c6b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:34.000Z", "modified": "2016-06-01T12:37:34.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 9f227611e68ef2128bdd7a9f03483f7f8e275920", "pattern": "[file:hashes.SHA256 = 'd62a247ac628eab408c641938efac031f824aab678ce567476553edf9f7abbf4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70e-f5f0-47cf-a2e4-44d202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:34.000Z", "modified": "2016-06-01T12:37:34.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 9f227611e68ef2128bdd7a9f03483f7f8e275920", "pattern": "[file:hashes.MD5 = '409a27ae35ee674aaa4298e097fc8611']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed70f-8b0c-4932-a627-4eaa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:35.000Z", "modified": "2016-06-01T12:37:35.000Z", "first_observed": "2016-06-01T12:37:35Z", "last_observed": "2016-06-01T12:37:35Z", "number_observed": 1, "object_refs": [ "url--574ed70f-8b0c-4932-a627-4eaa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed70f-8b0c-4932-a627-4eaa02de0b81", "value": "https://www.virustotal.com/file/d62a247ac628eab408c641938efac031f824aab678ce567476553edf9f7abbf4/analysis/1464280807/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed70f-6f58-491d-8609-4d6a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:35.000Z", "modified": "2016-06-01T12:37:35.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 89fe9b77ea0e9ec6dc5ded8d9812b4dfab612512", "pattern": "[file:hashes.SHA256 = '1820e5f7eb34d9ce693f5a075415ae6a1c6cb56856ef96392517eaf40e36fc37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed710-1e2c-4bf7-a8a1-4e7e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:36.000Z", "modified": "2016-06-01T12:37:36.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 89fe9b77ea0e9ec6dc5ded8d9812b4dfab612512", "pattern": "[file:hashes.MD5 = 'a9c351e6b50320213e017885c85bc1a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed710-636c-46f2-aacd-419202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:36.000Z", "modified": "2016-06-01T12:37:36.000Z", "first_observed": "2016-06-01T12:37:36Z", "last_observed": "2016-06-01T12:37:36Z", "number_observed": 1, "object_refs": [ "url--574ed710-636c-46f2-aacd-419202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed710-636c-46f2-aacd-419202de0b81", "value": "https://www.virustotal.com/file/1820e5f7eb34d9ce693f5a075415ae6a1c6cb56856ef96392517eaf40e36fc37/analysis/1464671185/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed710-bc30-45d7-aab9-427002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:36.000Z", "modified": "2016-06-01T12:37:36.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 845b1d71ffec59322f688a21221e5817475d2da9", "pattern": "[file:hashes.SHA256 = 'c37c07c4bdfe5b5ef66b42051f62fc1091c4e34b09ce83a12856fecda9e25b1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed711-79e0-4dc6-9503-4ef902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:37.000Z", "modified": "2016-06-01T12:37:37.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 845b1d71ffec59322f688a21221e5817475d2da9", "pattern": "[file:hashes.MD5 = '5d917ed2ab5b87f9a72ae34db5e9143d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed711-beb0-43b8-953a-4e6202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:37.000Z", "modified": "2016-06-01T12:37:37.000Z", "first_observed": "2016-06-01T12:37:37Z", "last_observed": "2016-06-01T12:37:37Z", "number_observed": 1, "object_refs": [ "url--574ed711-beb0-43b8-953a-4e6202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed711-beb0-43b8-953a-4e6202de0b81", "value": "https://www.virustotal.com/file/c37c07c4bdfe5b5ef66b42051f62fc1091c4e34b09ce83a12856fecda9e25b1d/analysis/1464274518/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed711-dae0-480a-85ae-4e1402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:37.000Z", "modified": "2016-06-01T12:37:37.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 5ae28c8f5ff3e35c708ef76e40c9672651ec6fc9", "pattern": "[file:hashes.SHA256 = 'c18cfb614c133aea643b85f27a0787df09a42a2a2b24d5fac5c411af35287a70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed712-ca6c-4b4e-b6b3-4d0102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:38.000Z", "modified": "2016-06-01T12:37:38.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 5ae28c8f5ff3e35c708ef76e40c9672651ec6fc9", "pattern": "[file:hashes.MD5 = '21078e101eacde6ebb36cbc7667bba46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed712-b44c-4f9a-ae9a-463602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:38.000Z", "modified": "2016-06-01T12:37:38.000Z", "first_observed": "2016-06-01T12:37:38Z", "last_observed": "2016-06-01T12:37:38Z", "number_observed": 1, "object_refs": [ "url--574ed712-b44c-4f9a-ae9a-463602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed712-b44c-4f9a-ae9a-463602de0b81", "value": "https://www.virustotal.com/file/c18cfb614c133aea643b85f27a0787df09a42a2a2b24d5fac5c411af35287a70/analysis/1464283210/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed713-9878-4b07-aab3-4bc902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:39.000Z", "modified": "2016-06-01T12:37:39.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 594d87c767f776ca610636b601a9cc9faf0fd1e0", "pattern": "[file:hashes.SHA256 = 'b3fa5fb185ebf75d76af10374c57c8194746f555e72e1d64c4d58436b7de6895']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed713-6890-4b88-9cd9-429f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:39.000Z", "modified": "2016-06-01T12:37:39.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 594d87c767f776ca610636b601a9cc9faf0fd1e0", "pattern": "[file:hashes.MD5 = '296615b212b15f904d80f258fb802d60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed713-2ad8-4dad-b4fc-498702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:39.000Z", "modified": "2016-06-01T12:37:39.000Z", "first_observed": "2016-06-01T12:37:39Z", "last_observed": "2016-06-01T12:37:39Z", "number_observed": 1, "object_refs": [ "url--574ed713-2ad8-4dad-b4fc-498702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed713-2ad8-4dad-b4fc-498702de0b81", "value": "https://www.virustotal.com/file/b3fa5fb185ebf75d76af10374c57c8194746f555e72e1d64c4d58436b7de6895/analysis/1464279906/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed714-d3b8-42c9-a33a-46a402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:40.000Z", "modified": "2016-06-01T12:37:40.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4d3f50def97ab7eab86771d1bf2f2710c8af48d0", "pattern": "[file:hashes.SHA256 = '7067dfb09619a5bafa9156fe6ee339e45fcf6afc59a6a755e36944178f86d1e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed714-7464-45e6-965a-42e902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:40.000Z", "modified": "2016-06-01T12:37:40.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4d3f50def97ab7eab86771d1bf2f2710c8af48d0", "pattern": "[file:hashes.MD5 = '2798b6f9723d4a78800be3d9bd2bb00a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed714-b380-4d57-976d-4d7702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:40.000Z", "modified": "2016-06-01T12:37:40.000Z", "first_observed": "2016-06-01T12:37:40Z", "last_observed": "2016-06-01T12:37:40Z", "number_observed": 1, "object_refs": [ "url--574ed714-b380-4d57-976d-4d7702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed714-b380-4d57-976d-4d7702de0b81", "value": "https://www.virustotal.com/file/7067dfb09619a5bafa9156fe6ee339e45fcf6afc59a6a755e36944178f86d1e2/analysis/1464280807/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed715-883c-47a3-b056-478702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:41.000Z", "modified": "2016-06-01T12:37:41.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 350d537414ddc7db6c545e1d2a25406161615693", "pattern": "[file:hashes.SHA256 = 'da90bc5e927db21ee4788c2818fc26dbe08bb0c02b931cc3cf298145760d6f07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed715-dae8-43cb-97bb-457e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:41.000Z", "modified": "2016-06-01T12:37:41.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 350d537414ddc7db6c545e1d2a25406161615693", "pattern": "[file:hashes.MD5 = '398b7b5ae9bab18c002a801bfc0ae1af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed716-a3b8-4739-9cc5-469d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:42.000Z", "modified": "2016-06-01T12:37:42.000Z", "first_observed": "2016-06-01T12:37:42Z", "last_observed": "2016-06-01T12:37:42Z", "number_observed": 1, "object_refs": [ "url--574ed716-a3b8-4739-9cc5-469d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed716-a3b8-4739-9cc5-469d02de0b81", "value": "https://www.virustotal.com/file/da90bc5e927db21ee4788c2818fc26dbe08bb0c02b931cc3cf298145760d6f07/analysis/1464274808/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed716-46b8-4926-a667-405f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:42.000Z", "modified": "2016-06-01T12:37:42.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 2859eaf08f5da8752b2da399cc583d5030ac7e9f", "pattern": "[file:hashes.SHA256 = '7e5862b8f96535cb3139e5508949fbb7d33c5dbdf0850d5464e3b9f999e8178e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed716-7120-422e-b689-49ee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:42.000Z", "modified": "2016-06-01T12:37:42.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 2859eaf08f5da8752b2da399cc583d5030ac7e9f", "pattern": "[file:hashes.MD5 = '4ebfb103d9a738e9015dcb40fbc6e116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed717-4138-41ca-b237-4d6302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:43.000Z", "modified": "2016-06-01T12:37:43.000Z", "first_observed": "2016-06-01T12:37:43Z", "last_observed": "2016-06-01T12:37:43Z", "number_observed": 1, "object_refs": [ "url--574ed717-4138-41ca-b237-4d6302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed717-4138-41ca-b237-4d6302de0b81", "value": "https://www.virustotal.com/file/7e5862b8f96535cb3139e5508949fbb7d33c5dbdf0850d5464e3b9f999e8178e/analysis/1464274512/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed717-1b74-4075-a4ad-47ba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:43.000Z", "modified": "2016-06-01T12:37:43.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0b70c4376e74700bb4df6882c28a71ace417d2c9", "pattern": "[file:hashes.SHA256 = '821b3e36646266a31fe06cad2103e42a6f747985023e6f598206500433b8a2bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed718-8ea8-47b3-bf14-476002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:44.000Z", "modified": "2016-06-01T12:37:44.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0b70c4376e74700bb4df6882c28a71ace417d2c9", "pattern": "[file:hashes.MD5 = '2d72390dc6ee07efa3e5ac76e533292c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed718-0478-4878-83ae-4aa102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:44.000Z", "modified": "2016-06-01T12:37:44.000Z", "first_observed": "2016-06-01T12:37:44Z", "last_observed": "2016-06-01T12:37:44Z", "number_observed": 1, "object_refs": [ "url--574ed718-0478-4878-83ae-4aa102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed718-0478-4878-83ae-4aa102de0b81", "value": "https://www.virustotal.com/file/821b3e36646266a31fe06cad2103e42a6f747985023e6f598206500433b8a2bc/analysis/1464154206/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed718-3d6c-4034-b842-4d3502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:44.000Z", "modified": "2016-06-01T12:37:44.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0699fb11acea5906e4f5d6c97164812c51b579d2", "pattern": "[file:hashes.SHA256 = '9ee70f3e41e9ed63dfa9f13d767447e91adeb09305db6fff7f420ba18a8a86a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed719-fc1c-4964-9bbc-41c502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:45.000Z", "modified": "2016-06-01T12:37:45.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0699fb11acea5906e4f5d6c97164812c51b579d2", "pattern": "[file:hashes.MD5 = '8a2a8e3dfb654bb9bf3eb77d7495476a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed719-683c-4fde-963e-4b5c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:45.000Z", "modified": "2016-06-01T12:37:45.000Z", "first_observed": "2016-06-01T12:37:45Z", "last_observed": "2016-06-01T12:37:45Z", "number_observed": 1, "object_refs": [ "url--574ed719-683c-4fde-963e-4b5c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed719-683c-4fde-963e-4b5c02de0b81", "value": "https://www.virustotal.com/file/9ee70f3e41e9ed63dfa9f13d767447e91adeb09305db6fff7f420ba18a8a86a5/analysis/1464274510/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed719-bc10-4e19-a33d-4e3402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:45.000Z", "modified": "2016-06-01T12:37:45.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: f778982a989c54f800aac913e0e9afa7d6c6a8f2", "pattern": "[file:hashes.SHA256 = 'b23e7549da1df710501490bf267ac049b7b65fb11a5b765cc36445dd8cddb68d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71a-e484-4ded-9391-41e202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:46.000Z", "modified": "2016-06-01T12:37:46.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: f778982a989c54f800aac913e0e9afa7d6c6a8f2", "pattern": "[file:hashes.MD5 = '3cb78ca08348504682964e7d9a627e1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed71a-de0c-4a7e-9e34-44f902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:46.000Z", "modified": "2016-06-01T12:37:46.000Z", "first_observed": "2016-06-01T12:37:46Z", "last_observed": "2016-06-01T12:37:46Z", "number_observed": 1, "object_refs": [ "url--574ed71a-de0c-4a7e-9e34-44f902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed71a-de0c-4a7e-9e34-44f902de0b81", "value": "https://www.virustotal.com/file/b23e7549da1df710501490bf267ac049b7b65fb11a5b765cc36445dd8cddb68d/analysis/1464276308/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71b-a28c-46be-a965-4f9d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:47.000Z", "modified": "2016-06-01T12:37:47.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: f9d17572fdf3e891f03e23ea0b1bfef276405b49", "pattern": "[file:hashes.SHA256 = 'bc56b4211c3d305064b4c94ef66a1e35159e61a8ff49e7fb92e863591b4c9e3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71b-4678-4049-a426-444802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:47.000Z", "modified": "2016-06-01T12:37:47.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: f9d17572fdf3e891f03e23ea0b1bfef276405b49", "pattern": "[file:hashes.MD5 = 'cf6ebf48497b91ddcad30e2f316ade2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed71b-246c-4efc-93ba-4d3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:47.000Z", "modified": "2016-06-01T12:37:47.000Z", "first_observed": "2016-06-01T12:37:47Z", "last_observed": "2016-06-01T12:37:47Z", "number_observed": 1, "object_refs": [ "url--574ed71b-246c-4efc-93ba-4d3202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed71b-246c-4efc-93ba-4d3202de0b81", "value": "https://www.virustotal.com/file/bc56b4211c3d305064b4c94ef66a1e35159e61a8ff49e7fb92e863591b4c9e3c/analysis/1464659554/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71c-c46c-4f1b-a2c9-42f602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:48.000Z", "modified": "2016-06-01T12:37:48.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: ea83c4f39ce54f09359f09f14ae8e05e055ab6c5", "pattern": "[file:hashes.SHA256 = '8c40417b2f5927ed0c74a066c530fc8aac676e9405e3feee57de2f11322bbb46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71c-7cec-4f0f-bda3-4c0002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:48.000Z", "modified": "2016-06-01T12:37:48.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: ea83c4f39ce54f09359f09f14ae8e05e055ab6c5", "pattern": "[file:hashes.MD5 = 'bc8d8284f8127188a41e3d2cebbc18f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed71c-8974-43c1-b9cf-481402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:48.000Z", "modified": "2016-06-01T12:37:48.000Z", "first_observed": "2016-06-01T12:37:48Z", "last_observed": "2016-06-01T12:37:48Z", "number_observed": 1, "object_refs": [ "url--574ed71c-8974-43c1-b9cf-481402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed71c-8974-43c1-b9cf-481402de0b81", "value": "https://www.virustotal.com/file/8c40417b2f5927ed0c74a066c530fc8aac676e9405e3feee57de2f11322bbb46/analysis/1464281411/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71d-10c4-4461-b448-491c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:49.000Z", "modified": "2016-06-01T12:37:49.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: de238864f60e34b6fc6d4d26590692141ad9ca32", "pattern": "[file:hashes.SHA256 = 'ef5370e9e3b3d6d48469ee6c43ba6487ad37fc3eae3c0816d0426f76642b12c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71d-7e88-4f51-9078-472002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:49.000Z", "modified": "2016-06-01T12:37:49.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: de238864f60e34b6fc6d4d26590692141ad9ca32", "pattern": "[file:hashes.MD5 = '1414746553b755f09e5caae544a8bf04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed71d-c10c-4e74-9572-4b3d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:49.000Z", "modified": "2016-06-01T12:37:49.000Z", "first_observed": "2016-06-01T12:37:49Z", "last_observed": "2016-06-01T12:37:49Z", "number_observed": 1, "object_refs": [ "url--574ed71d-c10c-4e74-9572-4b3d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed71d-c10c-4e74-9572-4b3d02de0b81", "value": "https://www.virustotal.com/file/ef5370e9e3b3d6d48469ee6c43ba6487ad37fc3eae3c0816d0426f76642b12c9/analysis/1464088723/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71e-fe00-443d-ba58-4fbe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:50.000Z", "modified": "2016-06-01T12:37:50.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: d775706af618112ad7e8defe3a77ec9724b97a8a", "pattern": "[file:hashes.SHA256 = 'd835b6594bab079a43f18bd5e88a8bc5ed5e576631ed2e66167959a1642c970e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71e-5db4-4180-9928-4a8902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:50.000Z", "modified": "2016-06-01T12:37:50.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: d775706af618112ad7e8defe3a77ec9724b97a8a", "pattern": "[file:hashes.MD5 = '3d4a41941efeb13932b18f34781c3664']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed71f-9774-4660-86cc-410302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:51.000Z", "modified": "2016-06-01T12:37:51.000Z", "first_observed": "2016-06-01T12:37:51Z", "last_observed": "2016-06-01T12:37:51Z", "number_observed": 1, "object_refs": [ "url--574ed71f-9774-4660-86cc-410302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed71f-9774-4660-86cc-410302de0b81", "value": "https://www.virustotal.com/file/d835b6594bab079a43f18bd5e88a8bc5ed5e576631ed2e66167959a1642c970e/analysis/1464282306/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71f-3f20-471b-9e13-475d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:51.000Z", "modified": "2016-06-01T12:37:51.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: befa9acb077f8c8c75e3892a811c5bfd08e3e7fe", "pattern": "[file:hashes.SHA256 = 'c325f91bc0b66729e252f985a6833e8f74b3ef13c1060cb3c53108889c995766']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed71f-d078-4eb6-be22-40d002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:51.000Z", "modified": "2016-06-01T12:37:51.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: befa9acb077f8c8c75e3892a811c5bfd08e3e7fe", "pattern": "[file:hashes.MD5 = 'de33d6a0adf1d2b25a93dcac6e0e721c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed720-76f4-4599-afc8-4bef02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:52.000Z", "modified": "2016-06-01T12:37:52.000Z", "first_observed": "2016-06-01T12:37:52Z", "last_observed": "2016-06-01T12:37:52Z", "number_observed": 1, "object_refs": [ "url--574ed720-76f4-4599-afc8-4bef02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed720-76f4-4599-afc8-4bef02de0b81", "value": "https://www.virustotal.com/file/c325f91bc0b66729e252f985a6833e8f74b3ef13c1060cb3c53108889c995766/analysis/1464279907/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed720-3dd0-47df-ad07-487102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:52.000Z", "modified": "2016-06-01T12:37:52.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b99d8c6e0ad54728cb93eb22a1ae9115a2cfc750", "pattern": "[file:hashes.SHA256 = '85e2fa225eeb3bb50b38bb47bf256230b50a04d77ef10368e80a882fcc4c8ea1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed720-62a4-4741-ba52-4cea02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:52.000Z", "modified": "2016-06-01T12:37:52.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b99d8c6e0ad54728cb93eb22a1ae9115a2cfc750", "pattern": "[file:hashes.MD5 = 'cac113ea6e5355e8f9ffdbdd13d00477']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed721-0dbc-46ba-bacf-4fd602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:53.000Z", "modified": "2016-06-01T12:37:53.000Z", "first_observed": "2016-06-01T12:37:53Z", "last_observed": "2016-06-01T12:37:53Z", "number_observed": 1, "object_refs": [ "url--574ed721-0dbc-46ba-bacf-4fd602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed721-0dbc-46ba-bacf-4fd602de0b81", "value": "https://www.virustotal.com/file/85e2fa225eeb3bb50b38bb47bf256230b50a04d77ef10368e80a882fcc4c8ea1/analysis/1464174821/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed721-3e30-4b23-9b98-45ee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:53.000Z", "modified": "2016-06-01T12:37:53.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b9afbd6054d4c512b0e4e048e2eec518acc95b0a", "pattern": "[file:hashes.SHA256 = '6bee86eeab18533aa3fd2ccaa773d15a68bbfbd92f3a52cc4a8877dc1dbe0f48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed722-c12c-4e7a-869a-4dc202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:54.000Z", "modified": "2016-06-01T12:37:54.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: b9afbd6054d4c512b0e4e048e2eec518acc95b0a", "pattern": "[file:hashes.MD5 = '8e2916624c4718ab2fa554f3a696d162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed722-7fdc-4092-b4ed-470b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:54.000Z", "modified": "2016-06-01T12:37:54.000Z", "first_observed": "2016-06-01T12:37:54Z", "last_observed": "2016-06-01T12:37:54Z", "number_observed": 1, "object_refs": [ "url--574ed722-7fdc-4092-b4ed-470b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed722-7fdc-4092-b4ed-470b02de0b81", "value": "https://www.virustotal.com/file/6bee86eeab18533aa3fd2ccaa773d15a68bbfbd92f3a52cc4a8877dc1dbe0f48/analysis/1464282608/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed722-26e4-4a98-b8f2-4c5c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:54.000Z", "modified": "2016-06-01T12:37:54.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: aea29b594274eeabf954415a347fbca802d057e3", "pattern": "[file:hashes.SHA256 = '4d6333f9d2f1aa7e52150c304a718d245d3e5feac364dbe07eb4641d36891982']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed723-bdd0-4b2f-9efe-46e402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:55.000Z", "modified": "2016-06-01T12:37:55.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: aea29b594274eeabf954415a347fbca802d057e3", "pattern": "[file:hashes.MD5 = '5678143f61315cc6e3797f0610383b61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed723-eca4-4f99-9bbd-4fa302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:55.000Z", "modified": "2016-06-01T12:37:55.000Z", "first_observed": "2016-06-01T12:37:55Z", "last_observed": "2016-06-01T12:37:55Z", "number_observed": 1, "object_refs": [ "url--574ed723-eca4-4f99-9bbd-4fa302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed723-eca4-4f99-9bbd-4fa302de0b81", "value": "https://www.virustotal.com/file/4d6333f9d2f1aa7e52150c304a718d245d3e5feac364dbe07eb4641d36891982/analysis/1464190639/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed724-4c64-45fb-81b2-421802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:55.000Z", "modified": "2016-06-01T12:37:55.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a3606a848a40c554ee60add2eb53ba44778aca46", "pattern": "[file:hashes.SHA256 = '120cd62b6d6125dce5cd1166af2911da19c442dba615aa3b225de455de375725']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed724-6e98-485d-9e4a-4ee402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:56.000Z", "modified": "2016-06-01T12:37:56.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a3606a848a40c554ee60add2eb53ba44778aca46", "pattern": "[file:hashes.MD5 = '916b2e1b00de50fe6febc13f9320b52a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed724-2c4c-4634-ba06-4df702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:56.000Z", "modified": "2016-06-01T12:37:56.000Z", "first_observed": "2016-06-01T12:37:56Z", "last_observed": "2016-06-01T12:37:56Z", "number_observed": 1, "object_refs": [ "url--574ed724-2c4c-4634-ba06-4df702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed724-2c4c-4634-ba06-4df702de0b81", "value": "https://www.virustotal.com/file/120cd62b6d6125dce5cd1166af2911da19c442dba615aa3b225de455de375725/analysis/1464279906/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed725-3600-4f8a-9a96-47dc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:57.000Z", "modified": "2016-06-01T12:37:57.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a14b2b9626549b34737ffb55a5caff71cdb3d714", "pattern": "[file:hashes.SHA256 = 'abd4f9bbf5f28c3867dcfe26e6f85dd0db574881c04d03ec50a2d0a86899b081']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed725-8594-47cb-bea3-47f702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:57.000Z", "modified": "2016-06-01T12:37:57.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a14b2b9626549b34737ffb55a5caff71cdb3d714", "pattern": "[file:hashes.MD5 = '3865b020786854c99e23e24156216dbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed725-d964-4b42-86a8-4ce902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:57.000Z", "modified": "2016-06-01T12:37:57.000Z", "first_observed": "2016-06-01T12:37:57Z", "last_observed": "2016-06-01T12:37:57Z", "number_observed": 1, "object_refs": [ "url--574ed725-d964-4b42-86a8-4ce902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed725-d964-4b42-86a8-4ce902de0b81", "value": "https://www.virustotal.com/file/abd4f9bbf5f28c3867dcfe26e6f85dd0db574881c04d03ec50a2d0a86899b081/analysis/1464279907/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed726-5d88-4b3e-b983-420602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:58.000Z", "modified": "2016-06-01T12:37:58.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a1a5c7a55e14481a93b1e2a836a4ffaf1242b301", "pattern": "[file:hashes.SHA256 = 'a629a15c09782e3869d20ea91c6925c03988058943c1b0cb53f6bb02bee38e1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed726-bb10-4e4b-ab8a-4dc102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:58.000Z", "modified": "2016-06-01T12:37:58.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: a1a5c7a55e14481a93b1e2a836a4ffaf1242b301", "pattern": "[file:hashes.MD5 = 'ff75a1f58320f8ccc8f2e1c9e7341392']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed726-503c-45ec-8788-4edc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:58.000Z", "modified": "2016-06-01T12:37:58.000Z", "first_observed": "2016-06-01T12:37:58Z", "last_observed": "2016-06-01T12:37:58Z", "number_observed": 1, "object_refs": [ "url--574ed726-503c-45ec-8788-4edc02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed726-503c-45ec-8788-4edc02de0b81", "value": "https://www.virustotal.com/file/a629a15c09782e3869d20ea91c6925c03988058943c1b0cb53f6bb02bee38e1b/analysis/1464355548/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed727-aff8-462b-9d3e-469102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:59.000Z", "modified": "2016-06-01T12:37:59.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 603135d21d691797969fd1e330e285c173815ab4", "pattern": "[file:hashes.SHA256 = 'c93922366f480c56127991714719ee084b1ae205c9fbd8ead645b3cfc82f9044']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed727-b1f4-4fd5-8432-464f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:59.000Z", "modified": "2016-06-01T12:37:59.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 603135d21d691797969fd1e330e285c173815ab4", "pattern": "[file:hashes.MD5 = 'da4ab4f4ec6c058f0bd7832b733d5f22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:37:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed727-1d30-42d4-b8f2-472902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:37:59.000Z", "modified": "2016-06-01T12:37:59.000Z", "first_observed": "2016-06-01T12:37:59Z", "last_observed": "2016-06-01T12:37:59Z", "number_observed": 1, "object_refs": [ "url--574ed727-1d30-42d4-b8f2-472902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed727-1d30-42d4-b8f2-472902de0b81", "value": "https://www.virustotal.com/file/c93922366f480c56127991714719ee084b1ae205c9fbd8ead645b3cfc82f9044/analysis/1464283210/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed728-4d98-42f5-88e8-432a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:00.000Z", "modified": "2016-06-01T12:38:00.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 406059fe3ddf8ef42bfcc99441871efd2fa8fb07", "pattern": "[file:hashes.SHA256 = '4dacd3523a4d21e3c808d5cf72c71a8142b89fc2a087ec452384c6c4005ed7f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed728-de30-4088-98ac-4edc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:00.000Z", "modified": "2016-06-01T12:38:00.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 406059fe3ddf8ef42bfcc99441871efd2fa8fb07", "pattern": "[file:hashes.MD5 = 'aaad1cae653255823b842787732fb75a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed728-61e4-4bab-a9fc-4cf902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:00.000Z", "modified": "2016-06-01T12:38:00.000Z", "first_observed": "2016-06-01T12:38:00Z", "last_observed": "2016-06-01T12:38:00Z", "number_observed": 1, "object_refs": [ "url--574ed728-61e4-4bab-a9fc-4cf902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed728-61e4-4bab-a9fc-4cf902de0b81", "value": "https://www.virustotal.com/file/4dacd3523a4d21e3c808d5cf72c71a8142b89fc2a087ec452384c6c4005ed7f7/analysis/1464304785/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed729-d3b8-48bb-8be2-4e6102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:01.000Z", "modified": "2016-06-01T12:38:01.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 96197dc35306c827f3891c1fdf807624b071972d", "pattern": "[file:hashes.SHA256 = '4cb4c619b415b5ddf18610336955612f3e01e5a420a7cd85ec598f4316d20965']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed729-578c-48d8-a291-403102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:01.000Z", "modified": "2016-06-01T12:38:01.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 96197dc35306c827f3891c1fdf807624b071972d", "pattern": "[file:hashes.MD5 = '94f4dbb31c80f3897d7d0fa3d8274796']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed729-ee88-48dd-af27-4d3502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:01.000Z", "modified": "2016-06-01T12:38:01.000Z", "first_observed": "2016-06-01T12:38:01Z", "last_observed": "2016-06-01T12:38:01Z", "number_observed": 1, "object_refs": [ "url--574ed729-ee88-48dd-af27-4d3502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed729-ee88-48dd-af27-4d3502de0b81", "value": "https://www.virustotal.com/file/4cb4c619b415b5ddf18610336955612f3e01e5a420a7cd85ec598f4316d20965/analysis/1464282307/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72a-d528-4991-9ece-4c6f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:02.000Z", "modified": "2016-06-01T12:38:02.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 94046ddd538b5831e9e3ba7548e84da645ad4bb8", "pattern": "[file:hashes.SHA256 = '94eb03a028993c56a995e3058d59a588e0f689cd2d65a6284e837999ec370d98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72a-b8e4-489a-b5d9-41a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:02.000Z", "modified": "2016-06-01T12:38:02.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 94046ddd538b5831e9e3ba7548e84da645ad4bb8", "pattern": "[file:hashes.MD5 = 'd7edb525cab98df68c4d0fdad33f57e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed72b-3fd4-493e-9863-486202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:03.000Z", "modified": "2016-06-01T12:38:03.000Z", "first_observed": "2016-06-01T12:38:03Z", "last_observed": "2016-06-01T12:38:03Z", "number_observed": 1, "object_refs": [ "url--574ed72b-3fd4-493e-9863-486202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed72b-3fd4-493e-9863-486202de0b81", "value": "https://www.virustotal.com/file/94eb03a028993c56a995e3058d59a588e0f689cd2d65a6284e837999ec370d98/analysis/1464163864/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72b-b7d8-49ee-87fd-474602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:03.000Z", "modified": "2016-06-01T12:38:03.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 84342db658af50c34dd75c792bf4ff726d6e02d9", "pattern": "[file:hashes.SHA256 = '91da672792a159eed04b4b1f0360d90603ffe0167de76380fb85fe1f01035d5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72b-6d04-42a3-8d38-430002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:03.000Z", "modified": "2016-06-01T12:38:03.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 84342db658af50c34dd75c792bf4ff726d6e02d9", "pattern": "[file:hashes.MD5 = '382a0ab8c0d03aa043adc789df9d241d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed72c-453c-4cce-90b5-4a8802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:04.000Z", "modified": "2016-06-01T12:38:04.000Z", "first_observed": "2016-06-01T12:38:04Z", "last_observed": "2016-06-01T12:38:04Z", "number_observed": 1, "object_refs": [ "url--574ed72c-453c-4cce-90b5-4a8802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed72c-453c-4cce-90b5-4a8802de0b81", "value": "https://www.virustotal.com/file/91da672792a159eed04b4b1f0360d90603ffe0167de76380fb85fe1f01035d5d/analysis/1464274509/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72c-227c-41b7-aaac-4ccf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:04.000Z", "modified": "2016-06-01T12:38:04.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4611e4824587231d7dc6fbe271d18b14bb3aed3f", "pattern": "[file:hashes.SHA256 = 'f860b441d19333148b1b5734fd956af014f50b8a658fc6f91d80ff24b8087eb8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72c-5778-4616-b69d-407502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:04.000Z", "modified": "2016-06-01T12:38:04.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4611e4824587231d7dc6fbe271d18b14bb3aed3f", "pattern": "[file:hashes.MD5 = 'b8696a786c66cbf97939bd80c1bbf8f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed72d-f3f4-40cf-8249-44d302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:05.000Z", "modified": "2016-06-01T12:38:05.000Z", "first_observed": "2016-06-01T12:38:05Z", "last_observed": "2016-06-01T12:38:05Z", "number_observed": 1, "object_refs": [ "url--574ed72d-f3f4-40cf-8249-44d302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed72d-f3f4-40cf-8249-44d302de0b81", "value": "https://www.virustotal.com/file/f860b441d19333148b1b5734fd956af014f50b8a658fc6f91d80ff24b8087eb8/analysis/1464690531/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72d-de4c-4dbe-8897-471702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:05.000Z", "modified": "2016-06-01T12:38:05.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 885b48c5a644caf92ce62e70b90197c6f30b225c", "pattern": "[file:hashes.SHA256 = '563e1f9d156d35be3838ddd4bfbe2024a549efdc0aafd4c748bb110a2040a46f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72d-aa20-44ce-86ac-409e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:05.000Z", "modified": "2016-06-01T12:38:05.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 885b48c5a644caf92ce62e70b90197c6f30b225c", "pattern": "[file:hashes.MD5 = '9a842ae947b3c5dd2054411d22d0100e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed72e-6058-489f-8ebe-407a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:06.000Z", "modified": "2016-06-01T12:38:06.000Z", "first_observed": "2016-06-01T12:38:06Z", "last_observed": "2016-06-01T12:38:06Z", "number_observed": 1, "object_refs": [ "url--574ed72e-6058-489f-8ebe-407a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed72e-6058-489f-8ebe-407a02de0b81", "value": "https://www.virustotal.com/file/563e1f9d156d35be3838ddd4bfbe2024a549efdc0aafd4c748bb110a2040a46f/analysis/1464187131/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72e-2600-41a1-b7a7-4fed02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:06.000Z", "modified": "2016-06-01T12:38:06.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 707ad2ab4f9735b51e5da503178d7763198cc4d7", "pattern": "[file:hashes.SHA256 = 'cb7a0f3f7b4fa67db4b4082fcb978ffe667f8fc3bf61a1df1c06491d2d4aadb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72e-d878-4358-a442-452d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:06.000Z", "modified": "2016-06-01T12:38:06.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 707ad2ab4f9735b51e5da503178d7763198cc4d7", "pattern": "[file:hashes.MD5 = 'af30b20e1dfd700a5794c570d82cdb14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed72f-5c2c-45ff-82de-4dfa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:07.000Z", "modified": "2016-06-01T12:38:07.000Z", "first_observed": "2016-06-01T12:38:07Z", "last_observed": "2016-06-01T12:38:07Z", "number_observed": 1, "object_refs": [ "url--574ed72f-5c2c-45ff-82de-4dfa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed72f-5c2c-45ff-82de-4dfa02de0b81", "value": "https://www.virustotal.com/file/cb7a0f3f7b4fa67db4b4082fcb978ffe667f8fc3bf61a1df1c06491d2d4aadb4/analysis/1464279905/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72f-dbf4-49f0-96cf-400e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:07.000Z", "modified": "2016-06-01T12:38:07.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 268f374b0fcc7fab399c64311dfac2e9f97a4da1", "pattern": "[file:hashes.SHA256 = '82f05df86a2782b96d08f0ecc151665a3f77bdf19fb108fadbaf021fbda7269b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed72f-a528-412e-862f-497202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:07.000Z", "modified": "2016-06-01T12:38:07.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 268f374b0fcc7fab399c64311dfac2e9f97a4da1", "pattern": "[file:hashes.MD5 = '7a1d2d519e46a3e7e262c4c90d3cd51b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed730-9738-4530-9d13-4be602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:08.000Z", "modified": "2016-06-01T12:38:08.000Z", "first_observed": "2016-06-01T12:38:08Z", "last_observed": "2016-06-01T12:38:08Z", "number_observed": 1, "object_refs": [ "url--574ed730-9738-4530-9d13-4be602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed730-9738-4530-9d13-4be602de0b81", "value": "https://www.virustotal.com/file/82f05df86a2782b96d08f0ecc151665a3f77bdf19fb108fadbaf021fbda7269b/analysis/1464281412/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed730-e15c-4768-927d-41a602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:08.000Z", "modified": "2016-06-01T12:38:08.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 133a1fffc46903061d8ea2d12b80deb89636dbb4", "pattern": "[file:hashes.SHA256 = '5bb72587afad04ddadac20c6d4ee583a8b8acd6dbaa2ce14f004bb9e397922d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed730-4e4c-4a4e-857f-4eff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:08.000Z", "modified": "2016-06-01T12:38:08.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 133a1fffc46903061d8ea2d12b80deb89636dbb4", "pattern": "[file:hashes.MD5 = 'd063c867ad3e035269272a48301bd70e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed731-5508-4e5b-806f-4d2f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:09.000Z", "modified": "2016-06-01T12:38:09.000Z", "first_observed": "2016-06-01T12:38:09Z", "last_observed": "2016-06-01T12:38:09Z", "number_observed": 1, "object_refs": [ "url--574ed731-5508-4e5b-806f-4d2f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed731-5508-4e5b-806f-4d2f02de0b81", "value": "https://www.virustotal.com/file/5bb72587afad04ddadac20c6d4ee583a8b8acd6dbaa2ce14f004bb9e397922d1/analysis/1464274518/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed731-91ac-475d-a2d5-4f9702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:09.000Z", "modified": "2016-06-01T12:38:09.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 93ec6482f36639578784a61f6bc1ed4b0fa14912", "pattern": "[file:hashes.SHA256 = '6523e6a50a9386259f9fee8ece1932a79c2bc5bfdde13be1e3c81933eb73b2f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed731-d044-4692-8183-495d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:09.000Z", "modified": "2016-06-01T12:38:09.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 93ec6482f36639578784a61f6bc1ed4b0fa14912", "pattern": "[file:hashes.MD5 = '78665830ca1f639319341f20d691538a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed732-916c-46d9-809e-445202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:10.000Z", "modified": "2016-06-01T12:38:10.000Z", "first_observed": "2016-06-01T12:38:10Z", "last_observed": "2016-06-01T12:38:10Z", "number_observed": 1, "object_refs": [ "url--574ed732-916c-46d9-809e-445202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed732-916c-46d9-809e-445202de0b81", "value": "https://www.virustotal.com/file/6523e6a50a9386259f9fee8ece1932a79c2bc5bfdde13be1e3c81933eb73b2f2/analysis/1464279907/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed732-c63c-4896-ad24-4e5902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:10.000Z", "modified": "2016-06-01T12:38:10.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 22a7d69955fbafd0d5e090295e367a409731ba90", "pattern": "[file:hashes.SHA256 = '4a35cd7624b1f8708d0411532283bae36fa5eb8edf91ac0b76bb34881c854a48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed732-ae40-442c-bb6e-486d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:10.000Z", "modified": "2016-06-01T12:38:10.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 22a7d69955fbafd0d5e090295e367a409731ba90", "pattern": "[file:hashes.MD5 = '8ef20ed3bfaa0e4a81132adc311d90c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed733-454c-4125-add0-443302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:11.000Z", "modified": "2016-06-01T12:38:11.000Z", "first_observed": "2016-06-01T12:38:11Z", "last_observed": "2016-06-01T12:38:11Z", "number_observed": 1, "object_refs": [ "url--574ed733-454c-4125-add0-443302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed733-454c-4125-add0-443302de0b81", "value": "https://www.virustotal.com/file/4a35cd7624b1f8708d0411532283bae36fa5eb8edf91ac0b76bb34881c854a48/analysis/1464279907/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed733-7cd0-4e2c-b591-48dc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:11.000Z", "modified": "2016-06-01T12:38:11.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 19cc50c25f6135f73852f06c9a0722deff76a3a3", "pattern": "[file:hashes.SHA256 = '7b1cc6b4f72ac942bde69964b6e21e468d17066493453660cd1fcc83d7753497']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed733-bc0c-43bb-958d-407902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:11.000Z", "modified": "2016-06-01T12:38:11.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 19cc50c25f6135f73852f06c9a0722deff76a3a3", "pattern": "[file:hashes.MD5 = '46fa0453db511db7496b20489bbd59e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed734-bdfc-4aa2-975f-442302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:12.000Z", "modified": "2016-06-01T12:38:12.000Z", "first_observed": "2016-06-01T12:38:12Z", "last_observed": "2016-06-01T12:38:12Z", "number_observed": 1, "object_refs": [ "url--574ed734-bdfc-4aa2-975f-442302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed734-bdfc-4aa2-975f-442302de0b81", "value": "https://www.virustotal.com/file/7b1cc6b4f72ac942bde69964b6e21e468d17066493453660cd1fcc83d7753497/analysis/1464187126/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed734-9b8c-4afa-986d-4b1b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:12.000Z", "modified": "2016-06-01T12:38:12.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 7ea297d29023a7ea7a3d01df618c0166c559bdf5", "pattern": "[file:hashes.SHA256 = '1ecac955498e7abe339192d757581d9014aef961c5a669e867120924e371d44a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed734-aa4c-459c-824e-4e1602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:12.000Z", "modified": "2016-06-01T12:38:12.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 7ea297d29023a7ea7a3d01df618c0166c559bdf5", "pattern": "[file:hashes.MD5 = 'f7c72d40bfbaf4a8b57cef0164d65bf1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed735-d344-4b80-bc4b-477402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:13.000Z", "modified": "2016-06-01T12:38:13.000Z", "first_observed": "2016-06-01T12:38:13Z", "last_observed": "2016-06-01T12:38:13Z", "number_observed": 1, "object_refs": [ "url--574ed735-d344-4b80-bc4b-477402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed735-d344-4b80-bc4b-477402de0b81", "value": "https://www.virustotal.com/file/1ecac955498e7abe339192d757581d9014aef961c5a669e867120924e371d44a/analysis/1464167534/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed735-8700-40b4-b7b7-435f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:13.000Z", "modified": "2016-06-01T12:38:13.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 1a5179c9b72fdb4b606cb63037c91de413a49db1", "pattern": "[file:hashes.SHA256 = '6d06c3d4317ae5fc39f1f698f7f0901cfd21da905ad03c018a01cda539edf32f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--574ed735-7374-4eda-a1c5-4f5a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:13.000Z", "modified": "2016-06-01T12:38:13.000Z", "description": "W2KM_DRIDEX.YVD - Xchecked via VT: 1a5179c9b72fdb4b606cb63037c91de413a49db1", "pattern": "[file:hashes.MD5 = 'f2f71ae36203b4109292e6795efde0e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-01T12:38:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--574ed736-b6e8-403a-811a-46f802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-01T12:38:14.000Z", "modified": "2016-06-01T12:38:14.000Z", "first_observed": "2016-06-01T12:38:14Z", "last_observed": "2016-06-01T12:38:14Z", "number_observed": 1, "object_refs": [ "url--574ed736-b6e8-403a-811a-46f802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--574ed736-b6e8-403a-811a-46f802de0b81", "value": "https://www.virustotal.com/file/6d06c3d4317ae5fc39f1f698f7f0901cfd21da905ad03c018a01cda539edf32f/analysis/1464690620/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }