{ "type": "bundle", "id": "bundle--555dcba2-bdd0-49d6-8c72-4e87950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:12.000Z", "modified": "2015-05-21T13:01:12.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--555dcba2-bdd0-49d6-8c72-4e87950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:12.000Z", "modified": "2015-05-21T13:01:12.000Z", "name": "OSINT Trend Micro Exposes LURID APT", "published": "2016-02-22T14:19:45Z", "object_refs": [ "x-misp-attribute--555dcbb3-0224-40da-9cdb-a479950d210b", "observed-data--555dcc05-2e34-4284-a25f-ab11950d210b", "url--555dcc05-2e34-4284-a25f-ab11950d210b", "observed-data--555dcc05-3994-4079-82eb-ab11950d210b", "url--555dcc05-3994-4079-82eb-ab11950d210b", "observed-data--555dcc05-bc10-4c10-9f2a-ab11950d210b", "url--555dcc05-bc10-4c10-9f2a-ab11950d210b", "indicator--555dd1f9-0f38-43ca-b4e1-ab11950d210b", "indicator--555dd1f9-e440-413c-bac2-ab11950d210b", "indicator--555dd1f9-4b5c-4fac-8e2f-ab11950d210b", "indicator--555dd1f9-51d8-4990-9010-ab11950d210b", "indicator--555dd28a-32e8-4e2c-ad00-a62e950d210b", "indicator--555dd28a-27e4-4bc5-aed8-a62e950d210b", "indicator--555dd28a-0cb8-4232-a102-a62e950d210b", "indicator--555dd28a-0e44-4d00-a47a-a62e950d210b", "indicator--555dd28a-735c-41e5-bdab-a62e950d210b", "x-misp-attribute--555dd29e-c8cc-4e13-a28c-177c950d210b", "x-misp-attribute--555dd29e-22c4-4e2f-8b16-177c950d210b", "indicator--555dd2bb-8740-4435-b004-4168950d210b", "indicator--555dd2bb-4238-4fba-9ee4-41e4950d210b", "indicator--555dd2bb-70a0-4429-a67f-4f96950d210b", "indicator--555dd2bb-a270-4e97-b0bf-4553950d210b", "indicator--555dd2bc-2650-4771-9ef5-4f0a950d210b", "indicator--555dd2bc-f750-458c-a708-4f00950d210b", "indicator--555dd2bc-abec-4dde-af7c-4b83950d210b", "indicator--555dd2d6-2f7c-4038-9e77-d8a4950d210b", "indicator--555dd2d6-015c-4300-9f4e-d8a4950d210b", "indicator--555dd2d6-ee5c-4be9-b4fa-d8a4950d210b", "indicator--555dd2d6-a128-47ab-a7e0-d8a4950d210b", "indicator--555dd2d6-1e4c-4f07-8ec4-d8a4950d210b", "x-misp-attribute--555dd318-a14c-441c-b42d-ab11950d210b", "x-misp-attribute--555dd318-7b4c-4d64-9dd7-ab11950d210b", "indicator--555dd6c4-4014-47b4-b537-ab11950d210b", "indicator--555dd6c4-d774-45ec-a986-ab11950d210b", "indicator--555dd6c4-bfd4-49c4-bcb0-ab11950d210b", "indicator--555dd6c4-974c-4348-ba70-ab11950d210b", "indicator--555dd6c4-694c-4efa-a8af-ab11950d210b", "indicator--555dd6c4-def8-4079-90df-ab11950d210b", "indicator--555dd6c5-2eb8-4f42-b3a9-ab11950d210b", "indicator--555dd6c5-ec60-4014-8f07-ab11950d210b", "indicator--555dd6c5-987c-4730-81ae-ab11950d210b", "indicator--555dd6c5-28d4-4e3d-95a4-ab11950d210b", "indicator--555dd6c5-5360-4214-98ae-ab11950d210b", "indicator--555dd6c5-3860-4b5a-81da-ab11950d210b", "indicator--555dd6c5-9868-4258-9dd7-ab11950d210b", "indicator--555dd6d0-9194-4dfd-bd45-177c950d210b", "indicator--555dd6d0-4b10-4a34-9809-177c950d210b", "indicator--555dd6d0-d380-48c3-a8ac-177c950d210b", "indicator--555dd6d0-513c-476b-a081-177c950d210b", "indicator--555dd6d1-043c-473b-9a7f-177c950d210b", "indicator--555dd6d1-3738-400b-833b-177c950d210b", "indicator--555dd6d1-b294-4f68-9b83-177c950d210b", "indicator--555dd6d1-18b0-4d9a-be47-177c950d210b", "indicator--555dd6d1-bb94-41da-98ff-177c950d210b", "indicator--555dd6d1-85e4-44e6-a48d-177c950d210b", "indicator--555dd6d1-3a68-47fe-b3ce-177c950d210b", "indicator--555dd6d1-904c-41ef-bc6c-177c950d210b", "indicator--555dd6d2-3420-4cad-8c78-177c950d210b", "indicator--555dd6d2-835c-4f88-972e-177c950d210b", "indicator--555dd6d2-f538-43c1-bb04-177c950d210b", "indicator--555dd6d2-cf60-4cf7-ac81-177c950d210b", "indicator--555dd6d2-9844-4c65-8c19-177c950d210b", "indicator--555dd6d2-0f38-4dc9-b9b9-177c950d210b", "indicator--555dd6d2-c714-4fc7-8423-177c950d210b", "indicator--555dd6d3-c934-46e2-8a4f-177c950d210b", "indicator--555dd718-e7d8-44c5-91e8-44c0950d210b", "indicator--555dd719-b590-4909-aedc-48bd950d210b", "indicator--555dd719-72c0-4a55-b0bf-4267950d210b", "indicator--555dd719-d5ec-4c48-9c05-48f6950d210b", "indicator--555dd719-2bec-4425-ae02-4f57950d210b", "indicator--555dd719-4714-49bf-9195-4101950d210b", "indicator--555dd719-3020-4c29-9ca8-49f7950d210b", "indicator--555dd719-3940-4a94-ab1e-4a82950d210b", "indicator--555dd71a-3df0-49f9-a612-45e2950d210b", "indicator--555dd71a-51ac-4fc6-86c2-44f0950d210b", "indicator--555dd71a-752c-4b41-856b-44e2950d210b", "indicator--555dd71a-89b0-492c-a4ee-4c17950d210b", "indicator--555dd71a-01d4-4845-891a-4dea950d210b", "indicator--555dd71a-f7d4-48ee-875b-41a1950d210b", "indicator--555dd71a-0074-40ee-bfd0-4092950d210b", "indicator--555dd71a-32f0-44ad-ab21-4385950d210b", "indicator--56c65c84-e3a8-4a5a-88bd-5ca1950d210f", "indicator--56c65c86-eb0c-4251-80e7-59a2950d210f", "indicator--56c65c87-fcb0-4c26-a98a-c654950d210f", "indicator--56c65c89-e070-4cb1-abea-c652950d210f", "indicator--56c65c8b-b748-4009-9890-4a80950d210f", "indicator--56c65c8d-8e64-4d21-9905-599d950d210f", "indicator--56c65c8f-3bd0-473b-831c-c653950d210f", "indicator--56c65c90-fea8-4225-baa7-437a950d210f", "indicator--56c65c92-8bfc-4bd0-bd66-c650950d210f", "indicator--56c65c93-d020-4149-b6f3-4ff2950d210f", "indicator--56c65c95-8464-4425-be57-c652950d210f", "indicator--56c65c97-4d80-43aa-afe1-c651950d210f", "indicator--56c65c99-3d90-4d6f-8e46-409a950d210f", "indicator--56c65c9a-eeb4-49b9-bc33-c650950d210f", "indicator--56c65c9c-1248-4b3c-8820-599c950d210f", "indicator--56c65c9e-b2d0-47c0-9eee-599d950d210f", "indicator--56c65ca0-e1e8-4711-8c90-c654950d210f", "indicator--56c65ca1-8770-4eef-a43e-5f51950d210f", "indicator--56c65c85-bcbc-4754-870d-599c950d210f", "indicator--56c65c87-9664-4e94-b4e1-599f950d210f", "indicator--56c65c88-f968-4453-96e7-59a4950d210f", "indicator--56c65c8a-0370-4ad5-b609-c651950d210f", "indicator--56c65c8c-1ed0-4e66-9634-599c950d210f", "indicator--56c65c8d-eec8-4fdc-b5a8-43ca950d210f", "indicator--56c65c8f-d114-4d58-94e5-5f51950d210f", "indicator--56c65c91-be0c-410b-a491-599f950d210f", "indicator--56c65c93-24cc-4061-8dc5-454e950d210f", "indicator--56c65c94-4ae4-4e69-8222-59a2950d210f", "indicator--56c65c96-3524-4693-a14e-4475950d210f", "indicator--56c65c98-8b58-4fec-9206-5f51950d210f", "indicator--56c65c99-71e8-48da-b934-599e950d210f", "indicator--56c65c9b-1064-4c8d-9adc-59a1950d210f", "indicator--56c65c9d-4190-4d62-af1c-59a0950d210f", "indicator--56c65c9f-98ec-4445-b2d4-c650950d210f", "indicator--56c65ca0-8fb8-44b3-bafa-599e950d210f", "indicator--56c65ca2-3780-44dc-8b03-c651950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "APT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555dcbb3-0224-40da-9cdb-a479950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:12:35.000Z", "modified": "2015-05-21T12:12:35.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Lurid" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--555dcc05-2e34-4284-a25f-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:13:57.000Z", "modified": "2015-05-21T12:13:57.000Z", "first_observed": "2015-05-21T12:13:57Z", "last_observed": "2015-05-21T12:13:57Z", "number_observed": 1, "object_refs": [ "url--555dcc05-2e34-4284-a25f-ab11950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--555dcc05-2e34-4284-a25f-ab11950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-exposes-lurid-apt/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--555dcc05-3994-4079-82eb-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:13:57.000Z", "modified": "2015-05-21T12:13:57.000Z", "first_observed": "2015-05-21T12:13:57Z", "last_observed": "2015-05-21T12:13:57Z", "number_observed": 1, "object_refs": [ "url--555dcc05-3994-4079-82eb-ab11950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--555dcc05-3994-4079-82eb-ab11950d210b", "value": "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--555dcc05-bc10-4c10-9f2a-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:13:57.000Z", "modified": "2015-05-21T12:13:57.000Z", "first_observed": "2015-05-21T12:13:57Z", "last_observed": "2015-05-21T12:13:57Z", "number_observed": 1, "object_refs": [ "url--555dcc05-bc10-4c10-9f2a-ab11950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--555dcc05-bc10-4c10-9f2a-ab11950d210b", "value": "http://la.trendmicro.com/media/misc/lurid-downloader-enfal-report-en.pdf" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd1f9-0f38-43ca-b4e1-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:39:21.000Z", "modified": "2015-05-21T12:39:21.000Z", "pattern": "[file:hashes.MD5 = '322fcf1b134fef1bae52fbd80a373ede']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:39:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd1f9-e440-413c-bac2-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:39:21.000Z", "modified": "2015-05-21T12:39:21.000Z", "pattern": "[file:hashes.MD5 = '84d24967cb5cbacf4052a3001692dd54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:39:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd1f9-4b5c-4fac-8e2f-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:39:21.000Z", "modified": "2015-05-21T12:39:21.000Z", "pattern": "[file:hashes.MD5 = '3447416fbbc65906bd0384d4c2ba479e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:39:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd1f9-51d8-4990-9010-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:39:21.000Z", "modified": "2015-05-21T12:39:21.000Z", "pattern": "[file:hashes.MD5 = '856de08a947a40e00ea7ed66b8e02c53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:39:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd28a-32e8-4e2c-ad00-a62e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:41:46.000Z", "modified": "2015-05-21T12:41:46.000Z", "pattern": "[url:value = '/Owpq4.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd28a-27e4-4bc5-aed8-a62e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:41:46.000Z", "modified": "2015-05-21T12:41:46.000Z", "pattern": "[url:value = '/trandocs/mm/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd28a-0cb8-4232-a102-a62e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:41:46.000Z", "modified": "2015-05-21T12:41:46.000Z", "pattern": "[url:value = '/Clnpp5.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd28a-0e44-4d00-a47a-a62e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:41:46.000Z", "modified": "2015-05-21T12:41:46.000Z", "pattern": "[url:value = '/Rwpq1.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd28a-735c-41e5-bdab-a62e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:41:46.000Z", "modified": "2015-05-21T12:41:46.000Z", "pattern": "[url:value = '/cgl-bin/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555dd29e-c8cc-4e13-a28c-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:06.000Z", "modified": "2015-05-21T12:42:06.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "e:\\programs\\LuridDownLoader\\LuridDownloader for Falcon\\DllServiceTrojan\\Release\\DllServiceTrojan.pdb" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555dd29e-22c4-4e2f-8b16-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:06.000Z", "modified": "2015-05-21T12:42:06.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "e:\\programs\\LuridDownLoader\\LuridDownloader for Falcon\\ServiceDll\\Release\\ServiceDll.pdb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bb-8740-4435-b004-4168950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:35.000Z", "modified": "2015-05-21T12:42:35.000Z", "pattern": "[domain-name:value = 'mailru-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bb-4238-4fba-9ee4-41e4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:35.000Z", "modified": "2015-05-21T12:42:35.000Z", "pattern": "[domain-name:value = 'yandex-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bb-70a0-4429-a67f-4f96950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:35.000Z", "modified": "2015-05-21T12:42:35.000Z", "pattern": "[domain-name:value = 'foxit-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bb-a270-4e97-b0bf-4553950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:35.000Z", "modified": "2015-05-21T12:42:35.000Z", "pattern": "[domain-name:value = 'ymail-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bc-2650-4771-9ef5-4f0a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:36.000Z", "modified": "2015-05-21T12:42:36.000Z", "pattern": "[domain-name:value = 'ymail-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bc-f750-458c-a708-4f00950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:36.000Z", "modified": "2015-05-21T12:42:36.000Z", "pattern": "[domain-name:value = 'yandex-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2bc-abec-4dde-af7c-4b83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:42:36.000Z", "modified": "2015-05-21T12:42:36.000Z", "pattern": "[domain-name:value = 'mailru-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2d6-2f7c-4038-9e77-d8a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:43:02.000Z", "modified": "2015-05-21T12:43:02.000Z", "pattern": "[domain-name:value = 'hoticq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2d6-015c-4300-9f4e-d8a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:43:02.000Z", "modified": "2015-05-21T12:43:02.000Z", "pattern": "[domain-name:value = 'redhag.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2d6-ee5c-4be9-b4fa-d8a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:43:02.000Z", "modified": "2015-05-21T12:43:02.000Z", "pattern": "[domain-name:value = 'zadhc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2d6-a128-47ab-a7e0-d8a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:43:02.000Z", "modified": "2015-05-21T12:43:02.000Z", "pattern": "[domain-name:value = 'lasmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd2d6-1e4c-4f07-8ec4-d8a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:43:02.000Z", "modified": "2015-05-21T12:43:02.000Z", "pattern": "[domain-name:value = 'hotoicq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555dd318-a14c-441c-b42d-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:44:08.000Z", "modified": "2015-05-21T12:44:08.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrants", "x_misp_type": "text", "x_misp_value": "bruce_tuner@yahoo.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555dd318-7b4c-4d64-9dd7-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:44:08.000Z", "modified": "2015-05-21T12:44:08.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrants", "x_misp_type": "text", "x_misp_value": "icqmaster@163.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c4-4014-47b4-b537-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:48.000Z", "modified": "2015-05-21T12:59:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.240.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c4-d774-45ec-a986-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:48.000Z", "modified": "2015-05-21T12:59:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.251.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c4-bfd4-49c4-bcb0-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:48.000Z", "modified": "2015-05-21T12:59:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.95.36.75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c4-974c-4348-ba70-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:48.000Z", "modified": "2015-05-21T12:59:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.12.197.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c4-694c-4efa-a8af-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:48.000Z", "modified": "2015-05-21T12:59:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.64.149.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c4-def8-4079-90df-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:48.000Z", "modified": "2015-05-21T12:59:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.123.126.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-2eb8-4f42-b3a9-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.143']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-ec60-4014-8f07-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-987c-4730-81ae-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-28d4-4e3d-95a4-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.157']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-5360-4214-98ae-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.212.195.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-3860-4b5a-81da-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.139.13.122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6c5-9868-4258-9dd7-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T12:59:49.000Z", "modified": "2015-05-21T12:59:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.23.67.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T12:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d0-9194-4dfd-bd45-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:00.000Z", "modified": "2015-05-21T13:00:00.000Z", "pattern": "[file:hashes.MD5 = '140c69ea9a963100e75497b33820f1da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d0-4b10-4a34-9809-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:00.000Z", "modified": "2015-05-21T13:00:00.000Z", "pattern": "[file:hashes.MD5 = '166d6cd28c9df20c30fed220a3132345']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d0-d380-48c3-a8ac-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:00.000Z", "modified": "2015-05-21T13:00:00.000Z", "pattern": "[file:hashes.MD5 = '22caf76a780c54ddce7fa139100fa54e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d0-513c-476b-a081-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:00.000Z", "modified": "2015-05-21T13:00:00.000Z", "pattern": "[file:hashes.MD5 = '2a21eb36cc2a0a24149a4821aa328b7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-043c-473b-9a7f-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:00.000Z", "modified": "2015-05-21T13:00:00.000Z", "pattern": "[file:hashes.MD5 = '2d93cbe969d3b5f02d4f9f1a3eb39b85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-3738-400b-833b-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '465ca2eef82b412949eeaa9fa3cc5c75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-b294-4f68-9b83-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '5403e0bda1db72e5e862e9169db4e1d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-18b0-4d9a-be47-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '57d99d67c3e8987e812c9332d6774794']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-bb94-41da-98ff-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '744670ca4531f7ceb72a75ae456e8215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-85e4-44e6-a48d-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '74bdabd1077d640f7d21c6cfb14a0348']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-3a68-47fe-b3ce-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '89b98f66650cb29d0926713fda3b5bbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d1-904c-41ef-bc6c-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:01.000Z", "modified": "2015-05-21T13:00:01.000Z", "pattern": "[file:hashes.MD5 = '8f65204d8440b7be2b52908e35d19124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-3420-4cad-8c78-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = '963e39d8675b5bb3d2f4e6da45c51bb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-835c-4f88-972e-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = 'd66948e4e90baff08d24c77c93788597']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-f538-43c1-bb04-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = 'd8815fe64eb5321add412554908da28a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-cf60-4cf7-ac81-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = 'e1833932053171da15c60e6c2fca708a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-9844-4c65-8c19-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = 'e38ccff8e7fb922fe48b54b4032fec50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-0f38-4dc9-b9b9-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = 'ed69041fbe470fe0f2c1fd837efcb6e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d2-c714-4fc7-8423-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:02.000Z", "modified": "2015-05-21T13:00:02.000Z", "pattern": "[file:hashes.MD5 = 'f0f31112af491f56af7cc0802ba96c0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd6d3-c934-46e2-8a4f-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:00:03.000Z", "modified": "2015-05-21T13:00:03.000Z", "pattern": "[file:hashes.MD5 = 'f993d4cabe5021c96d6a80192f142dca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:00:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd718-e7d8-44c5-91e8-44c0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:12.000Z", "modified": "2015-05-21T13:01:12.000Z", "pattern": "[domain-name:value = 'ace.mailru-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-b590-4909-aedc-48bd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'led.office-helppane.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-72c0-4a55-b0bf-4267950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'help.lasmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-d5ec-4c48-9c05-48f6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'home.mailru-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-2bec-4425-ae02-4f57950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'mail.lasmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-4714-49bf-9195-4101950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'microsoft.office-helppane.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-3020-4c29-9ca8-49f7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'press.foxit-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd719-3940-4a94-ab1e-4a82950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'press.mailru-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-3df0-49f9-a612-45e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:13.000Z", "modified": "2015-05-21T13:01:13.000Z", "pattern": "[domain-name:value = 'press.ymail-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-51ac-4fc6-86c2-44f0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'setup.mailru-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-752c-4b41-856b-44e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'sexinsex.ymail-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-89b0-492c-a4ee-4c17950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'superkiller.mailru-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-01d4-4845-891a-4dea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'support.hotoicq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-f7d4-48ee-875b-41a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'update.ymail-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-0074-40ee-bfd0-4092950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'win.foxit-pro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555dd71a-32f0-44ad-ab21-4385950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:01:14.000Z", "modified": "2015-05-21T13:01:14.000Z", "pattern": "[domain-name:value = 'xphlp.ymail-vip.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c84-e3a8-4a5a-88bd-5ca1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:28.000Z", "modified": "2016-02-19T00:06:28.000Z", "description": "Automatically added (via 140c69ea9a963100e75497b33820f1da)", "pattern": "[file:hashes.SHA1 = '1124f1815fd9ac486af884910f1057f74c77de1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c86-eb0c-4251-80e7-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:30.000Z", "modified": "2016-02-19T00:06:30.000Z", "description": "Automatically added (via 166d6cd28c9df20c30fed220a3132345)", "pattern": "[file:hashes.SHA1 = '45250d5dbbb4dbca60bee6487bd7354cd9459758']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c87-fcb0-4c26-a98a-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:31.000Z", "modified": "2016-02-19T00:06:31.000Z", "description": "Automatically added (via 22caf76a780c54ddce7fa139100fa54e)", "pattern": "[file:hashes.SHA1 = '3253b063de345004da077df7d30040a7d7b31534']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c89-e070-4cb1-abea-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:33.000Z", "modified": "2016-02-19T00:06:33.000Z", "description": "Automatically added (via 2a21eb36cc2a0a24149a4821aa328b7b)", "pattern": "[file:hashes.SHA1 = '944d5735b6fc361d33c1e82e1453d12bd4168390']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8b-b748-4009-9890-4a80950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:35.000Z", "modified": "2016-02-19T00:06:35.000Z", "description": "Automatically added (via 57d99d67c3e8987e812c9332d6774794)", "pattern": "[file:hashes.SHA1 = '503ae4b437c8a96f4a40f4440ce6d6d8c1831466']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8d-8e64-4d21-9905-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:37.000Z", "modified": "2016-02-19T00:06:37.000Z", "description": "Automatically added (via 744670ca4531f7ceb72a75ae456e8215)", "pattern": "[file:hashes.SHA1 = '4ce4cc713ffe71f371a90d07fff85cf10083ebaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8f-3bd0-473b-831c-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:39.000Z", "modified": "2016-02-19T00:06:39.000Z", "description": "Automatically added (via 74bdabd1077d640f7d21c6cfb14a0348)", "pattern": "[file:hashes.SHA1 = 'f65627a4d3f132da78f3c72f83b3b0ad9e4bcfc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c90-fea8-4225-baa7-437a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:40.000Z", "modified": "2016-02-19T00:06:40.000Z", "description": "Automatically added (via 89b98f66650cb29d0926713fda3b5bbc)", "pattern": "[file:hashes.SHA1 = '98ab7ec2b7356850da43d1e3368f9b7a3dfb6272']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c92-8bfc-4bd0-bd66-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:42.000Z", "modified": "2016-02-19T00:06:42.000Z", "description": "Automatically added (via 8f65204d8440b7be2b52908e35d19124)", "pattern": "[file:hashes.SHA1 = '7f2d2897367cb7eae84b67421ff1bd1d7cffadb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c93-d020-4149-b6f3-4ff2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:43.000Z", "modified": "2016-02-19T00:06:43.000Z", "description": "Automatically added (via 963e39d8675b5bb3d2f4e6da45c51bb0)", "pattern": "[file:hashes.SHA1 = '2874c20bfd341885694f80cf5327e03ef32c0b73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c95-8464-4425-be57-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:45.000Z", "modified": "2016-02-19T00:06:45.000Z", "description": "Automatically added (via d8815fe64eb5321add412554908da28a)", "pattern": "[file:hashes.SHA1 = '4c35b7f11d59cd661f5ebeeba3e20f1320bee6a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c97-4d80-43aa-afe1-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:47.000Z", "modified": "2016-02-19T00:06:47.000Z", "description": "Automatically added (via e1833932053171da15c60e6c2fca708a)", "pattern": "[file:hashes.SHA1 = 'ca9435e710c590fca8e96085e51aadb104b725e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c99-3d90-4d6f-8e46-409a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:49.000Z", "modified": "2016-02-19T00:06:49.000Z", "description": "Automatically added (via e38ccff8e7fb922fe48b54b4032fec50)", "pattern": "[file:hashes.SHA1 = '32f6536be3b68b30d49afe5e898a7620173b6632']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c9a-eeb4-49b9-bc33-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:50.000Z", "modified": "2016-02-19T00:06:50.000Z", "description": "Automatically added (via f0f31112af491f56af7cc0802ba96c0f)", "pattern": "[file:hashes.SHA1 = '6517caa62fbfdf767879625be9e0ba999b9482d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c9c-1248-4b3c-8820-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:52.000Z", "modified": "2016-02-19T00:06:52.000Z", "description": "Automatically added (via f993d4cabe5021c96d6a80192f142dca)", "pattern": "[file:hashes.SHA1 = '306851d9b9aa77a56129b9ec0afacd3f781cc1fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c9e-b2d0-47c0-9eee-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:54.000Z", "modified": "2016-02-19T00:06:54.000Z", "description": "Automatically added (via 84d24967cb5cbacf4052a3001692dd54)", "pattern": "[file:hashes.SHA1 = '06b2e6240c2072a3219268d15e427a2060adbe8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65ca0-e1e8-4711-8c90-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:56.000Z", "modified": "2016-02-19T00:06:56.000Z", "description": "Automatically added (via 3447416fbbc65906bd0384d4c2ba479e)", "pattern": "[file:hashes.SHA1 = '6ad16e7b6470d18d488d39ac0b9b3d33fec998cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65ca1-8770-4eef-a43e-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:57.000Z", "modified": "2016-02-19T00:06:57.000Z", "description": "Automatically added (via 856de08a947a40e00ea7ed66b8e02c53)", "pattern": "[file:hashes.SHA1 = '88f186e705c7ed1e22a9d3765c54b5e46344d9db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c85-bcbc-4754-870d-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:29.000Z", "modified": "2016-02-19T00:06:29.000Z", "description": "Automatically added (via 140c69ea9a963100e75497b33820f1da)", "pattern": "[file:hashes.SHA256 = 'c2135ccc8a46d4bda7b6052df92035a134b83b8f78b8ba078621d537db021bc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c87-9664-4e94-b4e1-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:31.000Z", "modified": "2016-02-19T00:06:31.000Z", "description": "Automatically added (via 166d6cd28c9df20c30fed220a3132345)", "pattern": "[file:hashes.SHA256 = '618af8da35dee6ae64a27c3fe74309803e844fa7dbba0b6f95ee9c533e30cb5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c88-f968-4453-96e7-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:32.000Z", "modified": "2016-02-19T00:06:32.000Z", "description": "Automatically added (via 22caf76a780c54ddce7fa139100fa54e)", "pattern": "[file:hashes.SHA256 = '101b0b8aa0952818f81f701d2074090a269574aa0e2fb3a65ea6bfa76a3670a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8a-0370-4ad5-b609-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:34.000Z", "modified": "2016-02-19T00:06:34.000Z", "description": "Automatically added (via 2a21eb36cc2a0a24149a4821aa328b7b)", "pattern": "[file:hashes.SHA256 = '683e8e008f37a839de173eabc180dba0cf3dfe3ad4d4ec96aa0100ecc29ba5f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8c-1ed0-4e66-9634-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:36.000Z", "modified": "2016-02-19T00:06:36.000Z", "description": "Automatically added (via 57d99d67c3e8987e812c9332d6774794)", "pattern": "[file:hashes.SHA256 = 'bb7c0873affe2759ee83cd7b7f55f8468ebf577f066c401dd11bd094e0e6a9f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8d-eec8-4fdc-b5a8-43ca950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:37.000Z", "modified": "2016-02-19T00:06:37.000Z", "description": "Automatically added (via 744670ca4531f7ceb72a75ae456e8215)", "pattern": "[file:hashes.SHA256 = '21a4c280a91c06e5f6546802af1dff5f5e4daf69599f7b44d68a8b8c7bc45f3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c8f-d114-4d58-94e5-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:39.000Z", "modified": "2016-02-19T00:06:39.000Z", "description": "Automatically added (via 74bdabd1077d640f7d21c6cfb14a0348)", "pattern": "[file:hashes.SHA256 = '3b0f1f4dc3309a68e3837f03aa3457727e1dbbf00df9c3fe102d5151a273c97f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c91-be0c-410b-a491-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:41.000Z", "modified": "2016-02-19T00:06:41.000Z", "description": "Automatically added (via 89b98f66650cb29d0926713fda3b5bbc)", "pattern": "[file:hashes.SHA256 = '53704d0afd299b6ab846ed54bd1d6709713d1d84d482c092d9b2c221a86f6ca3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c93-24cc-4061-8dc5-454e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:43.000Z", "modified": "2016-02-19T00:06:43.000Z", "description": "Automatically added (via 8f65204d8440b7be2b52908e35d19124)", "pattern": "[file:hashes.SHA256 = 'af781cfc811c8c847be5c972e7482c29193a2222e686c7b682b2d0b0c13e70c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c94-4ae4-4e69-8222-59a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:44.000Z", "modified": "2016-02-19T00:06:44.000Z", "description": "Automatically added (via 963e39d8675b5bb3d2f4e6da45c51bb0)", "pattern": "[file:hashes.SHA256 = '33f055ef7d55427e3be295e1d1f940d548d0d336bdd56aff34baf401d7c39412']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c96-3524-4693-a14e-4475950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:46.000Z", "modified": "2016-02-19T00:06:46.000Z", "description": "Automatically added (via d8815fe64eb5321add412554908da28a)", "pattern": "[file:hashes.SHA256 = '5f5fcb7582b9e1ab03a98dc1670e690b40c1d7f4fcaeb8fdd4d85efebdf07074']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c98-8b58-4fec-9206-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:48.000Z", "modified": "2016-02-19T00:06:48.000Z", "description": "Automatically added (via e1833932053171da15c60e6c2fca708a)", "pattern": "[file:hashes.SHA256 = '45d245c6b464972667080b5e4115b071f5960bb510aa23a75646d50d9e591baa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c99-71e8-48da-b934-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:49.000Z", "modified": "2016-02-19T00:06:49.000Z", "description": "Automatically added (via e38ccff8e7fb922fe48b54b4032fec50)", "pattern": "[file:hashes.SHA256 = '6c555854d014c3ba559a55621d2f996d405497a793c472cccbc8ad6657f07ad3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c9b-1064-4c8d-9adc-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:51.000Z", "modified": "2016-02-19T00:06:51.000Z", "description": "Automatically added (via f0f31112af491f56af7cc0802ba96c0f)", "pattern": "[file:hashes.SHA256 = 'e2c6dee089bd8c3d23ab7d422e25c5f21553bda2c805f9e63765371ba71feaa9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c9d-4190-4d62-af1c-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:53.000Z", "modified": "2016-02-19T00:06:53.000Z", "description": "Automatically added (via f993d4cabe5021c96d6a80192f142dca)", "pattern": "[file:hashes.SHA256 = '2686335f2be7ef06ddb826177d26377129b6c448abd70a02ef6363a175421661']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65c9f-98ec-4445-b2d4-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:55.000Z", "modified": "2016-02-19T00:06:55.000Z", "description": "Automatically added (via 84d24967cb5cbacf4052a3001692dd54)", "pattern": "[file:hashes.SHA256 = '4dda14e0eb9a21583bf5276ff2caa9d4c45b4b3dfbc0fef71182b5672d00eb73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65ca0-8fb8-44b3-bafa-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:56.000Z", "modified": "2016-02-19T00:06:56.000Z", "description": "Automatically added (via 3447416fbbc65906bd0384d4c2ba479e)", "pattern": "[file:hashes.SHA256 = '3e1a3929457a3d347be51ebaa1410d9f238865e92ff0058cfe1e7a2cc6643b85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65ca2-3780-44dc-8b03-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:06:58.000Z", "modified": "2016-02-19T00:06:58.000Z", "description": "Automatically added (via 856de08a947a40e00ea7ed66b8e02c53)", "pattern": "[file:hashes.SHA256 = 'e236a76e2be259fd6c12590c6a1904247c170e9b20261520d4321eb40b971f11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }