{ "type": "bundle", "id": "bundle--54651e3e-3934-4d34-9396-956a950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:47.000Z", "modified": "2014-11-13T21:35:47.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54651e3e-3934-4d34-9396-956a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:47.000Z", "modified": "2014-11-13T21:35:47.000Z", "name": "OSINT Korplug military targeted attacks: Afghanistan & Tajikistan blog post from ESET", "published": "2016-02-22T14:38:51Z", "object_refs": [ "observed-data--54651fd0-3988-45ca-8816-9a37950d210b", "url--54651fd0-3988-45ca-8816-9a37950d210b", "x-misp-attribute--54651fe0-6ad0-4955-ad1a-4960950d210b", "x-misp-attribute--54652006-ed94-4a90-8907-9a22950d210b", "x-misp-attribute--54652006-32ac-4819-abb7-9a22950d210b", "indicator--5465202e-7418-4999-bb7e-4767950d210b", "indicator--5465203b-92c4-46ea-bb24-9a39950d210b", "indicator--546520b5-18ac-4f42-a306-956a950d210b", "indicator--546520b5-659c-43c0-9b37-956a950d210b", "indicator--546520c6-31a4-4603-9ec4-93c7950d210b", "indicator--546520c7-0f04-463c-879c-93c7950d210b", "x-misp-attribute--54652117-1e68-455f-b492-9a39950d210b", "x-misp-attribute--54652117-f490-4062-9d03-9a39950d210b", "x-misp-attribute--54652117-4e70-4163-a7bd-9a39950d210b", "indicator--5465234c-0940-4a89-8115-d85b950d210b", "indicator--5465234c-83f0-4e58-ad78-d85b950d210b", "indicator--5465234c-0f44-4060-bba3-d85b950d210b", "indicator--5465234c-5dd8-4054-a92e-d85b950d210b", "indicator--5465234c-bc40-4ed7-983c-d85b950d210b", "indicator--5465234c-46c4-48dd-9b2c-d85b950d210b", "indicator--5465234c-c30c-4fd1-84ed-d85b950d210b", "indicator--5465234c-57dc-44bf-9ed1-d85b950d210b", "indicator--5465234c-001c-495c-b61c-d85b950d210b", "vulnerability--54652382-8914-451f-b266-956a950d210b", "vulnerability--54652382-58a0-48df-b92b-956a950d210b", "indicator--546523c1-e814-42dd-aa3f-c0c0950d210b", "indicator--546523c1-52d0-4d19-88d5-c0c0950d210b", "indicator--546523c1-77cc-41e3-899b-c0c0950d210b", "indicator--546523c1-0bf0-4d16-b80a-c0c0950d210b", "indicator--546523c2-f568-45e6-914a-c0c0950d210b", "indicator--546523c2-0038-4c87-98fb-c0c0950d210b", "indicator--546523c2-6b20-4c51-a75a-c0c0950d210b", "indicator--546523c2-acd0-4e34-877a-c0c0950d210b", "indicator--546523c2-aebc-4b25-b287-c0c0950d210b", "indicator--546523c2-0f80-462b-a405-c0c0950d210b", "indicator--546523c2-4098-49d6-9d70-c0c0950d210b", "indicator--546523c2-8fac-49e7-8751-c0c0950d210b", "indicator--546523c2-e534-4aaa-bfbd-c0c0950d210b", "indicator--546523c2-1e68-4f24-b7b8-c0c0950d210b", "indicator--5465240a-ff00-4d83-877e-9a37950d210b", "indicator--5465240b-f640-47a2-9f11-9a37950d210b", "indicator--5465240b-1604-4b57-81ac-9a37950d210b", "indicator--5465240b-3c64-4dbb-9adc-9a37950d210b", "indicator--5465240b-d1e0-4bc2-8505-9a37950d210b", "indicator--5465240b-3924-4b91-b38f-9a37950d210b", "indicator--5465240b-d138-402c-ae8f-9a37950d210b", "indicator--54652433-5664-4cae-ba8b-9a39950d210b", "indicator--54652433-218c-4ba7-9fc0-9a39950d210b", "indicator--54652433-d50c-4a22-96c2-9a39950d210b", "indicator--54652433-0384-4c5e-95b6-9a39950d210b", "indicator--54652434-8b2c-4d61-b247-9a39950d210b", "indicator--54652434-1f48-484a-bf2a-9a39950d210b", "indicator--54652434-95d0-4bc5-8232-9a39950d210b", "indicator--54652434-91a4-40ac-bb34-9a39950d210b", "indicator--54652434-dbb4-4417-9505-9a39950d210b", "indicator--54652434-c010-43b5-8ff4-9a39950d210b", "indicator--54652434-93d0-42fe-8bbe-9a39950d210b", "indicator--56c64533-4454-42f6-bcbb-59a3950d210f", "indicator--56c64535-5680-4596-8cec-59a2950d210f", "indicator--56c64538-d5a4-494e-bd85-4a96950d210f", "indicator--56c6453a-ab4c-49b9-bafc-599c950d210f", "indicator--56c6453c-16fc-4833-b304-469e950d210f", "indicator--56c6453f-b078-46b4-a427-59a0950d210f", "indicator--56c64543-2df0-4f2a-ab13-59a0950d210f", "indicator--56c64534-da74-4d4c-adb7-5ca1950d210f", "indicator--56c64536-cbb0-42f1-9383-c653950d210f", "indicator--56c64538-e3dc-4ff0-8208-c651950d210f", "indicator--56c6453b-8654-4926-b86a-59a0950d210f", "indicator--56c6453d-cb18-4837-976b-59a3950d210f", "indicator--56c64540-35b8-40fe-972a-59a1950d210f", "indicator--56c64544-bb7c-4291-ae52-c651950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54651fd0-3988-45ca-8816-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:17:04.000Z", "modified": "2014-11-13T21:17:04.000Z", "first_observed": "2014-11-13T21:17:04Z", "last_observed": "2014-11-13T21:17:04Z", "number_observed": 1, "object_refs": [ "url--54651fd0-3988-45ca-8816-9a37950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54651fd0-3988-45ca-8816-9a37950d210b", "value": "http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54651fe0-6ad0-4955-ad1a-4960950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:17:20.000Z", "modified": "2014-11-13T21:17:20.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54652006-ed94-4a90-8907-9a22950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:17:58.000Z", "modified": "2014-11-13T21:17:58.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Korplug" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54652006-32ac-4819-abb7-9a22950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:17:58.000Z", "modified": "2014-11-13T21:17:58.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "PlugX" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465202e-7418-4999-bb7e-4767950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:18:38.000Z", "modified": "2014-11-13T21:18:38.000Z", "pattern": "[domain-name:value = 'www.notebookhk.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:18:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465203b-92c4-46ea-bb24-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:18:51.000Z", "modified": "2014-11-13T21:18:51.000Z", "pattern": "[domain-name:value = 'notebookhk.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:18:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546520b5-18ac-4f42-a306-956a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:20:53.000Z", "modified": "2014-11-13T21:20:53.000Z", "pattern": "[domain-name:value = 'www.dicemention.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546520b5-659c-43c0-9b37-956a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:20:53.000Z", "modified": "2014-11-13T21:20:53.000Z", "pattern": "[domain-name:value = 'www.abudlrasul.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546520c6-31a4-4603-9ec4-93c7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:21:10.000Z", "modified": "2014-11-13T21:21:10.000Z", "pattern": "[domain-name:value = 'dicemention.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:21:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546520c7-0f04-463c-879c-93c7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:21:11.000Z", "modified": "2014-11-13T21:21:11.000Z", "pattern": "[domain-name:value = 'abudlrasul.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:21:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54652117-1e68-455f-b492-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:22:31.000Z", "modified": "2014-11-13T21:22:31.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant", "x_misp_type": "text", "x_misp_value": "stanlee@gmail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54652117-f490-4062-9d03-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:22:31.000Z", "modified": "2014-11-13T21:22:31.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant", "x_misp_type": "text", "x_misp_value": "123@123.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54652117-4e70-4163-a7bd-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:22:31.000Z", "modified": "2014-11-13T21:22:31.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant", "x_misp_type": "text", "x_misp_value": "woffg89@yahoo.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-0940-4a89-8115-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = '36119221826d0290bc23371b55a8c0e6a84718dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-83f0-4e58-ad78-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = 'a6642bc9f3425f0ab93d462002456be231bb5646']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-0f44-4060-bba3-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = '51cdc273b5638e06906bcb700335e288807744b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-5dd8-4054-a92e-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = 'ea6ee9eab546fb9f93b75dcb650af22a95486391']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-bc40-4ed7-983c-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = 'd297dc7d29e42e8d37c951b0b11629051eebe9c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-46c4-48dd-9b2c-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = '8e5e19ebe719ebf7f8be4290931ffa173e658cb8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-c30c-4fd1-84ed-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = '1f726e94b90034e7abd148fe31eba08774d1506f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-57dc-44bf-9ed1-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = 'a9c627aa09b8cc50a83ff2728a3978492aeb79d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465234c-001c-495c-b61c-d85b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:31:56.000Z", "modified": "2014-11-13T21:31:56.000Z", "pattern": "[file:hashes.SHA1 = 'e32081c56f39ea14dfd1e449c28219d264d80b2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:31:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--54652382-8914-451f-b266-956a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:32:50.000Z", "modified": "2014-11-13T21:32:50.000Z", "name": "CVE-2012-0158", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2012-0158" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--54652382-58a0-48df-b92b-956a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:32:50.000Z", "modified": "2014-11-13T21:32:50.000Z", "name": "CVE-2014-1761", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-1761" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c1-e814-42dd-aa3f-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:53.000Z", "modified": "2014-11-13T21:33:53.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '5dfa79eb89b3a8ddbc55252bd330d04d285f9189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c1-52d0-4d19-88d5-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:53.000Z", "modified": "2014-11-13T21:33:53.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '095550e3f0e5d24a59add9390e6e17120039355e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c1-77cc-41e3-899b-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:53.000Z", "modified": "2014-11-13T21:33:53.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '5d760403108bdcdce5c22403387e89edc2694860']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c1-0bf0-4d16-b80a-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:53.000Z", "modified": "2014-11-13T21:33:53.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '05bfe122f207df7806eb5e4ce69d3aec26d74190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-f568-45e6-914a-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '548577598a670ffd7770f01b8c8eeff853c222c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-0038-4c87-98fb-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '530d26a9beedcced0c36c54c1bf3cda28d2b6e62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-6b20-4c51-a75a-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = 'f6cb6db20aa8f17769095042790aeb60eecd58b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-acd0-4e34-877a-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = 'ef17b7ec3111949cbdbdeb5e0e15bd2c6e90358f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-aebc-4b25-b287-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '17ca3bbddef164e6493f32c952002e34c55a74f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-0f80-462b-a405-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '973ea910ea3734e45fde304f20ab6cf067456551']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-4098-49d6-9d70-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '47d78fbfb2efc3ab9ddc653a0f03d560d972bf67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-8fac-49e7-8751-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = '0b5a7e49987ef2c320864cf205b7048f7032300d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-e534-4aaa-bfbd-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = 'e81e0f416752b336396294d24e639ae86d9c6baa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546523c2-1e68-4f24-b7b8-c0c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:33:54.000Z", "modified": "2014-11-13T21:33:54.000Z", "description": "Korplug", "pattern": "[file:hashes.SHA1 = 'e930d3a2e6b2ffdc7052d7e18f51bd5a765bdb90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240a-ff00-4d83-877e-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:06.000Z", "modified": "2014-11-13T21:35:06.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = 'fdd41eb3cbb631f38ac415347e25926e3e3f09b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240b-f640-47a2-9f11-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:07.000Z", "modified": "2014-11-13T21:35:07.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = '457f4ffa2fe1cacfea53f8f5ff72c3fa61939ccd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240b-1604-4b57-81ac-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:07.000Z", "modified": "2014-11-13T21:35:07.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = '5b6d654eb16fc84a212acf7d5a05a8e8a642ce20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240b-3c64-4dbb-9adc-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:07.000Z", "modified": "2014-11-13T21:35:07.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = '7d59b19bd56e1d2c742c39a2aba9ac34f6bc58d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240b-d1e0-4bc2-8505-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:07.000Z", "modified": "2014-11-13T21:35:07.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = 'd7d130b8cc9bea51143f28820f08068521763494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240b-3924-4b91-b38f-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:07.000Z", "modified": "2014-11-13T21:35:07.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = '01b4b92d5839ecf3130f5c69652295fe4f2da0c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5465240b-d138-402c-ae8f-9a37950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:07.000Z", "modified": "2014-11-13T21:35:07.000Z", "description": "Alternative Malware #1", "pattern": "[file:hashes.SHA1 = '02c38ec1c67098e1f6854d1125d3aed6268540de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652433-5664-4cae-ba8b-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:47.000Z", "modified": "2014-11-13T21:35:47.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '3a7fb6e819eec52111693219e604239bd25629e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652433-218c-4ba7-9fc0-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:47.000Z", "modified": "2014-11-13T21:35:47.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = 'bf77d0ba7f3e60b45bd0801979b12bea703b227b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652433-d50c-4a22-96c2-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:47.000Z", "modified": "2014-11-13T21:35:47.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '55ef67afa2ec2f260b046a901868c48a76bc7b72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652433-0384-4c5e-95b6-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:47.000Z", "modified": "2014-11-13T21:35:47.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = 'a29f64cd7b78e51d0c9fdfbdcbc57ced43a157b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-8b2c-4d61-b247-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '34754e8b410c9480e1adfb31a4aa72419056b622']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-1f48-484a-bf2a-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '17a2f18c9ccaaa714fd31be2de0bc62b2c310d8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-95d0-4bc5-8232-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '6d99acea8323b8797560f7284607db08eca616d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-91a4-40ac-bb34-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '1884a05409c7ef877e0e1aaaec6bb9d59e065d7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-dbb4-4417-9505-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '1fc6fb0d35dcd0517c82adaef1a85ffe2afab4ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-c010-43b5-8ff4-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '5860c99e5065a414c91f51b9e8b779d10f40adc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54652434-93d0-42fe-8bbe-9a39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T21:35:48.000Z", "modified": "2014-11-13T21:35:48.000Z", "description": "Alternative Malware #2", "pattern": "[file:hashes.SHA1 = '7950d5b57fa651ca6fa9180e39b6e8cc1e65b746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T21:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64533-4454-42f6-bcbb-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:26:59.000Z", "modified": "2016-02-18T22:26:59.000Z", "description": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)", "pattern": "[file:hashes.MD5 = 'b948c6616215ba79bc152e7eccc21044']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:26:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64535-5680-4596-8cec-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:01.000Z", "modified": "2016-02-18T22:27:01.000Z", "description": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)", "pattern": "[file:hashes.MD5 = 'd4c0390698f5332cc6e0f3fe611d1d38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64538-d5a4-494e-bd85-4a96950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:04.000Z", "modified": "2016-02-18T22:27:04.000Z", "description": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)", "pattern": "[file:hashes.MD5 = '66c411a966f01575c0ab39f197638e73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6453a-ab4c-49b9-bafc-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:06.000Z", "modified": "2016-02-18T22:27:06.000Z", "description": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)", "pattern": "[file:hashes.MD5 = '4c184b9f897999b4daa4fbe2b023292e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6453c-16fc-4833-b304-469e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:08.000Z", "modified": "2016-02-18T22:27:08.000Z", "description": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)", "pattern": "[file:hashes.MD5 = '18d7adcdade1942efd572ed5256a0d2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6453f-b078-46b4-a427-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:11.000Z", "modified": "2016-02-18T22:27:11.000Z", "description": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)", "pattern": "[file:hashes.MD5 = '6f6eeade8fac2509b677a33c5c6b2628']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64543-2df0-4f2a-ab13-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:15.000Z", "modified": "2016-02-18T22:27:15.000Z", "description": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)", "pattern": "[file:hashes.MD5 = '273e3694afb362d836fdeafa03921a19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64534-da74-4d4c-adb7-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:00.000Z", "modified": "2016-02-18T22:27:00.000Z", "description": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)", "pattern": "[file:hashes.SHA256 = 'baf81d98dcdd218ee1dd89610ec44cbfcc75667b11efb52987011b4f15202fb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64536-cbb0-42f1-9383-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:02.000Z", "modified": "2016-02-18T22:27:02.000Z", "description": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)", "pattern": "[file:hashes.SHA256 = 'a623949b9624e1410fdb22e490d014cad175b98b758d786f50ed9edb2549607a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64538-e3dc-4ff0-8208-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:04.000Z", "modified": "2016-02-18T22:27:04.000Z", "description": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)", "pattern": "[file:hashes.SHA256 = '38fea14bf5c8c6cd82b8f46a83389f2eab28ca6c007e887e14e9c37f688df762']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6453b-8654-4926-b86a-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:07.000Z", "modified": "2016-02-18T22:27:07.000Z", "description": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)", "pattern": "[file:hashes.SHA256 = '0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6453d-cb18-4837-976b-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:09.000Z", "modified": "2016-02-18T22:27:09.000Z", "description": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)", "pattern": "[file:hashes.SHA256 = '3c4d6ddfc047fccb21ae5e4294a195920bb35a21cf8cb795928c55d94233e7e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64540-35b8-40fe-972a-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:12.000Z", "modified": "2016-02-18T22:27:12.000Z", "description": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)", "pattern": "[file:hashes.SHA256 = 'd685fc5a95189c6cecfbdec160de75401161a959d8e98f00a75d3b89465ddd4e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c64544-bb7c-4291-ae52-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:27:16.000Z", "modified": "2016-02-18T22:27:16.000Z", "description": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)", "pattern": "[file:hashes.SHA256 = '97ada78fe46d46d9d640b34c2d66bd55ff5c543d99efe951ec489de7d5b3de1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:27:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }