{ "type": "bundle", "id": "bundle--57b5a6a6-334c-4a50-9e23-45b0950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:19:56.000Z", "modified": "2016-08-18T12:19:56.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57b5a6a6-334c-4a50-9e23-45b0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:19:56.000Z", "modified": "2016-08-18T12:19:56.000Z", "name": "OSINT Shark Ransomware: Ransomware as a service", "published": "2016-09-09T14:52:15Z", "object_refs": [ "observed-data--57b5a6c1-f550-487b-b784-47c0950d210f", "url--57b5a6c1-f550-487b-b784-47c0950d210f", "observed-data--57b5a6f2-8328-47c9-8b24-4bcb950d210f", "url--57b5a6f2-8328-47c9-8b24-4bcb950d210f", "observed-data--57b5a789-27b8-41dd-82f0-4068950d210f", "domain-name--57b5a789-27b8-41dd-82f0-4068950d210f", "indicator--57b5a789-bde4-4bdf-8b42-4072950d210f", "indicator--57b5a789-c50c-41eb-a4d0-4705950d210f", "observed-data--57b5a78a-87ec-4202-940f-45bc950d210f", "file--57b5a78a-87ec-4202-940f-45bc950d210f", "observed-data--57b5a78a-16d4-4125-ba00-49b1950d210f", "domain-name--57b5a78a-16d4-4125-ba00-49b1950d210f", "indicator--57b5a78a-8b2c-49bc-b0fa-4f23950d210f", "indicator--57b5a78a-71b0-4aef-8247-4860950d210f", "indicator--57b5a78a-1520-4f41-9dd4-4f64950d210f", "indicator--57b5a78b-1df4-45a0-8ef7-4159950d210f", "indicator--57b5a78b-9cb4-4318-87f3-4a4c950d210f", "indicator--57b5a78b-97c8-4379-ba61-40c4950d210f", "indicator--57b5a78b-3758-4df2-a8ea-41ff950d210f", "indicator--57b5a78b-39e0-4d08-b4d9-415a950d210f", "indicator--57b5a78c-f514-40f1-8f5f-4506950d210f", "indicator--57b5a78c-321c-463c-b40f-4461950d210f", "indicator--57b5a78c-8d80-4c3e-bd43-4cd3950d210f", "indicator--57b5a78c-1504-4b91-bd3f-4307950d210f", "indicator--57b5a78c-7468-458f-9034-4be3950d210f", "indicator--57b5a78d-fcd0-4305-bec8-4119950d210f", "indicator--57b5a78d-c078-4681-b27d-45e4950d210f", "indicator--57b5a78d-f1a4-46f6-8ca0-49ad950d210f", "indicator--57b5a78d-d8a0-4f2d-ba3e-455e950d210f", "indicator--57b5a78d-0138-405e-a28a-491d950d210f", "indicator--57b5a78d-25f8-4f7d-a717-4af7950d210f", "indicator--57b5a78e-572c-408c-afe0-400e950d210f", "indicator--57b5a78e-3d74-4e43-be6f-4526950d210f", "indicator--57b5a78e-562c-41b6-89e4-41f6950d210f", "indicator--57b5a78e-a34c-47e1-b74e-453a950d210f", "indicator--57b5a78e-0498-49f3-b6d2-4d60950d210f", "indicator--57b5a78e-30a8-4186-a2fe-4f82950d210f", "indicator--57b5a78f-6918-4b45-97bf-4337950d210f", "indicator--57b5a78f-0098-4e0a-9a0f-4e66950d210f", "indicator--57b5a78f-5390-4494-b598-461a950d210f", "indicator--57b5a78f-4530-4b3f-ae2a-4e0b950d210f", "indicator--57b5a78f-006c-4e5c-a737-4435950d210f", "indicator--57b5a790-5248-4acc-9191-4dce950d210f", "indicator--57b5a790-0070-41e3-96da-452d950d210f", "indicator--57b5a790-19a0-4370-be4f-4fc1950d210f", "indicator--57b5a790-6488-404c-a264-4648950d210f", "indicator--57b5a790-1650-4f11-bb68-4b5e950d210f", "indicator--57b5a791-b72c-4477-9484-4ee4950d210f", "indicator--57b5a791-9260-4275-9427-45fc950d210f", "indicator--57b5a791-4318-4009-aa18-4358950d210f", "indicator--57b5a791-d94c-4adf-8f3c-42f9950d210f", "indicator--57b5a791-f6c0-4141-9381-4bce950d210f", "indicator--57b5a792-0e30-44f8-8e2e-4029950d210f", "indicator--57b5a792-9ec8-4d93-a9ed-41c4950d210f", "indicator--57b5a792-27a8-4ca7-8b1d-4d1b950d210f", "observed-data--57b5a792-e858-44d7-906f-4363950d210f", "domain-name--57b5a792-e858-44d7-906f-4363950d210f", "observed-data--57b5a792-b3f8-4b79-945f-40a9950d210f", "domain-name--57b5a792-b3f8-4b79-945f-40a9950d210f", "indicator--57b5a884-7fd0-451b-8255-4d5f950d210f", "indicator--57b5a887-a9a8-4409-aea6-440d950d210f", "indicator--57b5a88b-59a8-4ce9-bf1a-4959950d210f", "indicator--57b5a88e-cb28-479a-bf30-48a4950d210f", "indicator--57b5a891-aa00-4c0f-bc91-41cf950d210f", "indicator--57b5a885-55a4-48fd-bd72-42d4950d210f", "indicator--57b5a888-bde8-49a5-856c-4ff5950d210f", "indicator--57b5a88c-6198-4fc0-b518-4707950d210f", "indicator--57b5a88f-9c2c-445e-8f74-4ba7950d210f", "indicator--57b5a892-4998-43fa-a7c9-4952950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a6c1-f550-487b-b784-47c0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:14:57.000Z", "modified": "2016-08-18T12:14:57.000Z", "first_observed": "2016-08-18T12:14:57Z", "last_observed": "2016-08-18T12:14:57Z", "number_observed": 1, "object_refs": [ "url--57b5a6c1-f550-487b-b784-47c0950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57b5a6c1-f550-487b-b784-47c0950d210f", "value": "https://www.hybrid-analysis.com/sample/08c52b0d9affb15083653c7b9e69468cbb35806e0a82b72ca592d62362f42623?environmentId=100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a6f2-8328-47c9-8b24-4bcb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:15:46.000Z", "modified": "2016-08-18T12:15:46.000Z", "first_observed": "2016-08-18T12:15:46Z", "last_observed": "2016-08-18T12:15:46Z", "number_observed": 1, "object_refs": [ "url--57b5a6f2-8328-47c9-8b24-4bcb950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57b5a6f2-8328-47c9-8b24-4bcb950d210f", "value": "https://otx.alienvault.com/pulse/57b2f34f89ca9f013545f722/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a789-27b8-41dd-82f0-4068950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:19:48.000Z", "modified": "2016-08-18T12:19:48.000Z", "first_observed": "2016-08-18T12:19:48Z", "last_observed": "2016-08-18T12:19:48Z", "number_observed": 1, "object_refs": [ "domain-name--57b5a789-27b8-41dd-82f0-4068950d210f" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--57b5a789-27b8-41dd-82f0-4068950d210f", "value": "system.io" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a789-bde4-4bdf-8b42-4072950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:17.000Z", "modified": "2016-08-18T12:18:17.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = '1729studios.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a789-c50c-41eb-a4d0-4705950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:17.000Z", "modified": "2016-08-18T12:18:17.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'shark.properties']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a78a-87ec-4202-940f-45bc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:38.000Z", "modified": "2016-08-18T12:18:38.000Z", "first_observed": "2016-08-18T12:18:38Z", "last_observed": "2016-08-18T12:18:38Z", "number_observed": 1, "object_refs": [ "file--57b5a78a-87ec-4202-940f-45bc950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--57b5a78a-87ec-4202-940f-45bc950d210f", "name": "myapplication.app" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a78a-16d4-4125-ba00-49b1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:19:56.000Z", "modified": "2016-08-18T12:19:56.000Z", "first_observed": "2016-08-18T12:19:56Z", "last_observed": "2016-08-18T12:19:56Z", "number_observed": 1, "object_refs": [ "domain-name--57b5a78a-16d4-4125-ba00-49b1950d210f" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--57b5a78a-16d4-4125-ba00-49b1950d210f", "value": "system.net" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78a-8b2c-49bc-b0fa-4f23950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:18.000Z", "modified": "2016-08-18T12:18:18.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '72269ea7cc6281139e4d155e7c57dc67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78a-71b0-4aef-8247-4860950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:18.000Z", "modified": "2016-08-18T12:18:18.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'f34d5f2d4577ed6d9ceec516c1f5a744']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78a-1520-4f41-9dd4-4f64950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:18.000Z", "modified": "2016-08-18T12:18:18.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'dec07b3163dfca1d155ae21254c663f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78b-1df4-45a0-8ef7-4159950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:19.000Z", "modified": "2016-08-18T12:18:19.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'cf12f2c0e54cd8ba93511fba008380a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78b-9cb4-4318-87f3-4a4c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:19.000Z", "modified": "2016-08-18T12:18:19.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '74d992a686d753eebecd22de7b5c0dea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78b-97c8-4379-ba61-40c4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:19.000Z", "modified": "2016-08-18T12:18:19.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '72de10b7f7cd75217e4c4ec7a79ca44f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78b-3758-4df2-a8ea-41ff950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:19.000Z", "modified": "2016-08-18T12:18:19.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '0a7670cfd2c824366ad67400c5e74636']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78b-39e0-4d08-b4d9-415a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:19.000Z", "modified": "2016-08-18T12:18:19.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '49edace716a872ec654af76a7c46fbff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78c-f514-40f1-8f5f-4506950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:20.000Z", "modified": "2016-08-18T12:18:20.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '51e2934144ba15628ba5a31be2dae7dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78c-321c-463c-b40f-4461950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:20.000Z", "modified": "2016-08-18T12:18:20.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '347bb967065efeccdc0c16311b88f379']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78c-8d80-4c3e-bd43-4cd3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:20.000Z", "modified": "2016-08-18T12:18:20.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'e40da7a49f8c3f0108e7c835b342f382']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78c-1504-4b91-bd3f-4307950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:20.000Z", "modified": "2016-08-18T12:18:20.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = 'b9f7adbc90a2bcbe8eb9e6e8d2bb975b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78c-7468-458f-9034-4be3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:20.000Z", "modified": "2016-08-18T12:18:20.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '39262c4acb361ecd06d812d2e8bea628']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78d-fcd0-4305-bec8-4119950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:21.000Z", "modified": "2016-08-18T12:18:21.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '9c354f5c9f53fbf2a57c8dc695f89ffe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78d-c078-4681-b27d-45e4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:21.000Z", "modified": "2016-08-18T12:18:21.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '070399bfc77f0ff0da23c2d8699c0095']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78d-f1a4-46f6-8ca0-49ad950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:21.000Z", "modified": "2016-08-18T12:18:21.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '4309269ad51911d65b6ad62ba61218a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78d-d8a0-4f2d-ba3e-455e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:21.000Z", "modified": "2016-08-18T12:18:21.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '625557075843d93b867802c222d63da2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78d-0138-405e-a28a-491d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:21.000Z", "modified": "2016-08-18T12:18:21.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '4dbe1d1edf767ef5dd3069508f2d1a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78d-25f8-4f7d-a717-4af7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:21.000Z", "modified": "2016-08-18T12:18:21.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.MD5 = '22ae167d586450ad3a9b9a9ee43ebc86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78e-572c-408c-afe0-400e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:22.000Z", "modified": "2016-08-18T12:18:22.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = 'f9ac686ff83b3df8eeeefb9caf7745ccc37bdbd0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78e-3d74-4e43-be6f-4526950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:22.000Z", "modified": "2016-08-18T12:18:22.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '7d7f4414ccef168adf6bf40753b5becd78375931']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78e-562c-41b6-89e4-41f6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:22.000Z", "modified": "2016-08-18T12:18:22.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = 'b347ae931ad8370c71af18484c55216e99d4bf94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78e-a34c-47e1-b74e-453a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:22.000Z", "modified": "2016-08-18T12:18:22.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '64869ac67f01de6c8fa86928f293ae17e5f939bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78e-0498-49f3-b6d2-4d60950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:22.000Z", "modified": "2016-08-18T12:18:22.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '637162cc59a3a1e25956fa5fa8f60d2e1c52eac6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78e-30a8-4186-a2fe-4f82950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:22.000Z", "modified": "2016-08-18T12:18:22.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '8ad5c9987e6f190bd6f5416e2de44ccd641d8cda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78f-6918-4b45-97bf-4337950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:23.000Z", "modified": "2016-08-18T12:18:23.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '0b0a9534cef684c93c2fc591e55ceaf831e2275d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78f-0098-4e0a-9a0f-4e66950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:23.000Z", "modified": "2016-08-18T12:18:23.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = 'dd5783bcf1e9002bc00ad5b83a95ed6e4ebb4ad5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78f-5390-4494-b598-461a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:23.000Z", "modified": "2016-08-18T12:18:23.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '109f1caed645bb78b3ea2b94c0697c740733031c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78f-4530-4b3f-ae2a-4e0b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:23.000Z", "modified": "2016-08-18T12:18:23.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = 'a377d1b1c0538833035211f4083d00fecc414dab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a78f-006c-4e5c-a737-4435950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:23.000Z", "modified": "2016-08-18T12:18:23.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = '706b3f9d9e678fd4846cae1fd4c0ea037b560e30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a790-5248-4acc-9191-4dce950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:24.000Z", "modified": "2016-08-18T12:18:24.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA1 = 'fee449ee0e3965a5246f000e87fde2a065fd89d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a790-0070-41e3-96da-452d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:24.000Z", "modified": "2016-08-18T12:18:24.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '35104f21cc385fd8f07e162d05bad1aa1d940d1fb08b796993e811639d65b69a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a790-19a0-4370-be4f-4fc1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:24.000Z", "modified": "2016-08-18T12:18:24.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = 'b3e5ec26cf605a36756438776508c3a076e90dc3f8d7ebc3c83d33c62c7c153b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a790-6488-404c-a264-4648950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:24.000Z", "modified": "2016-08-18T12:18:24.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '7a3d78d44c4c43d9d839da67f101390be3c4cb675dfc633b9ca85b647883cf88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a790-1650-4f11-bb68-4b5e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:24.000Z", "modified": "2016-08-18T12:18:24.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = 'cd7b9e76ee30e48e2607e2cb6264c9e059cce211e8127077b4ee111140f838da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a791-b72c-4477-9484-4ee4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:25.000Z", "modified": "2016-08-18T12:18:25.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = 'c4899d923f0ff4120d50a15d8cd34a17836359cc643b152617672bcdd14d5f51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a791-9260-4275-9427-45fc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:25.000Z", "modified": "2016-08-18T12:18:25.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '7410386118f1dd7aed244dcd392664e7f2b00ea4bca8aa3052474970fe6c8395']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a791-4318-4009-aa18-4358950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:25.000Z", "modified": "2016-08-18T12:18:25.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '5568728ca42a1d8462f60daf7108a55d81b46b58277656425a81a6663644e11e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a791-d94c-4adf-8f3c-42f9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:25.000Z", "modified": "2016-08-18T12:18:25.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '8813eafe23c85cc65902939b0c9caf891fc5d3917d0b8364ecf88d8214942332']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a791-f6c0-4141-9381-4bce950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:25.000Z", "modified": "2016-08-18T12:18:25.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '08c52b0d9affb15083653c7b9e69468cbb35806e0a82b72ca592d62362f42623']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a792-0e30-44f8-8e2e-4029950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:26.000Z", "modified": "2016-08-18T12:18:26.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = 'a4a97e8d1edf9fba4d15dca44f0b3908f4c804ab1a452521e4b53ce2ee80316c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a792-9ec8-4d93-a9ed-41c4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:26.000Z", "modified": "2016-08-18T12:18:26.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = '5a77195969ded56df2c9a62c8c0345a4de336a58c517059f2edfd939d8ca34c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a792-27a8-4ca7-8b1d-4d1b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:26.000Z", "modified": "2016-08-18T12:18:26.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:hashes.SHA256 = 'dda9d9c50b0650a39f82deba66c599003ac57b126f557c9d1d2fbef0004e5763']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a792-e858-44d7-906f-4363950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:26.000Z", "modified": "2016-08-18T12:18:26.000Z", "first_observed": "2016-08-18T12:18:26Z", "last_observed": "2016-08-18T12:18:26Z", "number_observed": 1, "object_refs": [ "domain-name--57b5a792-e858-44d7-906f-4363950d210f" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--57b5a792-e858-44d7-906f-4363950d210f", "value": "www.ip-api.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5a792-b3f8-4b79-945f-40a9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:18:26.000Z", "modified": "2016-08-18T12:18:26.000Z", "first_observed": "2016-08-18T12:18:26Z", "last_observed": "2016-08-18T12:18:26Z", "number_observed": 1, "object_refs": [ "domain-name--57b5a792-b3f8-4b79-945f-40a9950d210f" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--57b5a792-b3f8-4b79-945f-40a9950d210f", "value": "outgoing.ip-api.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a884-7fd0-451b-8255-4d5f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:28.000Z", "modified": "2016-08-18T12:22:28.000Z", "description": "Automatically added (via cd7b9e76ee30e48e2607e2cb6264c9e059cce211e8127077b4ee111140f838da)", "pattern": "[file:hashes.MD5 = '3376a873bb4d0e8394eb02467069d170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a887-a9a8-4409-aea6-440d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:31.000Z", "modified": "2016-08-18T12:22:31.000Z", "description": "Automatically added (via c4899d923f0ff4120d50a15d8cd34a17836359cc643b152617672bcdd14d5f51)", "pattern": "[file:hashes.MD5 = '6534f7c9e450bd7c700e8eea2b8fdc80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a88b-59a8-4ce9-bf1a-4959950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:35.000Z", "modified": "2016-08-18T12:22:35.000Z", "description": "Automatically added (via 8813eafe23c85cc65902939b0c9caf891fc5d3917d0b8364ecf88d8214942332)", "pattern": "[file:hashes.MD5 = 'e9b5cf97da4147122eda58acfd364dc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a88e-cb28-479a-bf30-48a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:38.000Z", "modified": "2016-08-18T12:22:38.000Z", "description": "Automatically added (via a4a97e8d1edf9fba4d15dca44f0b3908f4c804ab1a452521e4b53ce2ee80316c)", "pattern": "[file:hashes.MD5 = 'ec43971547c0c3fee00fe095008a053c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a891-aa00-4c0f-bc91-41cf950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:41.000Z", "modified": "2016-08-18T12:22:41.000Z", "description": "Automatically added (via dda9d9c50b0650a39f82deba66c599003ac57b126f557c9d1d2fbef0004e5763)", "pattern": "[file:hashes.MD5 = 'ff76d48375d9f9b21579826a13d9c9b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a885-55a4-48fd-bd72-42d4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:29.000Z", "modified": "2016-08-18T12:22:29.000Z", "description": "Automatically added (via cd7b9e76ee30e48e2607e2cb6264c9e059cce211e8127077b4ee111140f838da)", "pattern": "[file:hashes.SHA1 = '5466c1dfc0a4f738aecfc45a3465f9219736368d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a888-bde8-49a5-856c-4ff5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:32.000Z", "modified": "2016-08-18T12:22:32.000Z", "description": "Automatically added (via c4899d923f0ff4120d50a15d8cd34a17836359cc643b152617672bcdd14d5f51)", "pattern": "[file:hashes.SHA1 = '14eaf11792bec41b9268531010ff252a5534eb5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a88c-6198-4fc0-b518-4707950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:36.000Z", "modified": "2016-08-18T12:22:36.000Z", "description": "Automatically added (via 8813eafe23c85cc65902939b0c9caf891fc5d3917d0b8364ecf88d8214942332)", "pattern": "[file:hashes.SHA1 = '6e0a051f8ce858839d3d190c5f5d2ab462a5c73f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a88f-9c2c-445e-8f74-4ba7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:39.000Z", "modified": "2016-08-18T12:22:39.000Z", "description": "Automatically added (via a4a97e8d1edf9fba4d15dca44f0b3908f4c804ab1a452521e4b53ce2ee80316c)", "pattern": "[file:hashes.SHA1 = 'fdf05f8fadefdad3b83fcc735f4eeb3b5d178d7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5a892-4998-43fa-a7c9-4952950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T12:22:42.000Z", "modified": "2016-08-18T12:22:42.000Z", "description": "Automatically added (via dda9d9c50b0650a39f82deba66c599003ac57b126f557c9d1d2fbef0004e5763)", "pattern": "[file:hashes.SHA1 = '0446223b9d678f7576a4a4d17992d4e6509251dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:22:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }