{ "type": "bundle", "id": "bundle--55db9387-6a70-4fdd-8fee-6e76950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:18:30.000Z", "modified": "2017-06-22T20:18:30.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55db9387-6a70-4fdd-8fee-6e76950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:18:30.000Z", "modified": "2017-06-22T20:18:30.000Z", "name": "OSINT New activity of the Blue Termite APT by AlienVault", "published": "2017-06-22T20:18:58Z", "object_refs": [ "observed-data--55db939f-46d4-4867-9d87-6070950d210b", "url--55db939f-46d4-4867-9d87-6070950d210b", "x-misp-attribute--55db93a9-df84-40b7-89e1-4c28950d210b", "vulnerability--55dc1201-38e4-424b-b789-44a1950d210b", "indicator--55dc1213-5904-442e-9cba-449a950d210b", "indicator--55dc1213-463c-4c3d-96a1-4119950d210b", "indicator--55dc1213-0e34-4583-ad80-47c6950d210b", "indicator--55dc1214-c82c-4aef-afe6-445f950d210b", "indicator--55dc1214-6018-4397-8532-4edd950d210b", "indicator--55dc1214-67b0-48ab-8eda-4aa6950d210b", "indicator--55dc1214-b0cc-44ec-bf92-48ae950d210b", "indicator--55dc1214-6ba8-478a-96b6-432b950d210b", "indicator--55dc1215-5360-40c9-8525-47a6950d210b", "indicator--55dc1215-ebe4-4e89-9dd3-4c54950d210b", "indicator--55dc1215-82c0-4ed3-93d5-401c950d210b", "indicator--55dc1215-51dc-4c23-bd6e-4cb7950d210b", "indicator--55dc1215-1d90-4dec-b586-4093950d210b", "indicator--55dc1216-0044-43e7-84e4-4d1e950d210b", "indicator--55dc1216-f97c-481a-ac7a-41b1950d210b", "indicator--55dc1216-32a0-403b-88c9-4635950d210b", "indicator--55dc1216-cad4-49e4-b6f0-4fe1950d210b", "indicator--55dc1216-bd24-4e15-b0d9-40c2950d210b", "indicator--55dc1216-b3e0-49c8-85dd-4a7d950d210b", "indicator--55dc1217-4ed0-40c0-ac32-43db950d210b", "indicator--55dc1963-4b34-418d-810c-4593950d210b", "indicator--55dc1964-e2e0-40b6-ae55-4c42950d210b", "observed-data--55dc1964-98c0-4a77-a6f5-40ed950d210b", "url--55dc1964-98c0-4a77-a6f5-40ed950d210b", "indicator--55dc1964-58c8-4161-99cb-4c74950d210b", "indicator--55dc1964-f858-4bf8-aad7-4667950d210b", "observed-data--55dc1964-2ac0-4644-8fde-49ab950d210b", "url--55dc1964-2ac0-4644-8fde-49ab950d210b", "indicator--55dc1965-5a00-4e1e-9400-41e7950d210b", "indicator--55dc1965-9a94-4135-ad58-4e79950d210b", "observed-data--55dc1965-77a8-44c5-be6c-4b02950d210b", "url--55dc1965-77a8-44c5-be6c-4b02950d210b", "indicator--55dc1965-e704-4cf0-89c1-40c4950d210b", "indicator--55dc1965-1fb4-4bac-9e22-40c8950d210b", "observed-data--55dc1966-d0d0-4eb4-b38f-458c950d210b", "url--55dc1966-d0d0-4eb4-b38f-458c950d210b", "indicator--55dc1966-ca20-40fc-9581-4052950d210b", "indicator--55dc1966-f1e4-423c-9c3f-4e7b950d210b", "observed-data--55dc1966-3338-4325-8bb7-400e950d210b", "url--55dc1966-3338-4325-8bb7-400e950d210b", "indicator--55dc1966-b224-4fa7-b241-42dc950d210b", "indicator--55dc1967-b370-4622-b41b-4604950d210b", "observed-data--55dc1967-deec-4044-b468-4e83950d210b", "url--55dc1967-deec-4044-b468-4e83950d210b", "indicator--55dc1967-5cd0-4fb1-a672-4a35950d210b", "indicator--55dc1967-acbc-482c-abeb-42b8950d210b", "observed-data--55dc1967-fa48-4bc8-9350-494f950d210b", "url--55dc1967-fa48-4bc8-9350-494f950d210b", "indicator--55dc1968-7b38-4679-b642-4b15950d210b", "indicator--55dc1968-8f2c-47fd-8709-4a35950d210b", "observed-data--55dc1968-7d4c-4456-b885-446b950d210b", "url--55dc1968-7d4c-4456-b885-446b950d210b", "indicator--55dc1968-500c-47f7-95e9-42d7950d210b", "indicator--55dc1969-fa74-4784-b76c-414e950d210b", "observed-data--55dc1969-6bb8-4c62-bc9f-4c09950d210b", "url--55dc1969-6bb8-4c62-bc9f-4c09950d210b", "indicator--55dc1969-7d50-447a-81e9-4cab950d210b", "indicator--55dc1969-0dbc-425e-8520-4491950d210b", "observed-data--55dc1969-3994-4e37-8e05-47a1950d210b", "url--55dc1969-3994-4e37-8e05-47a1950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "misp-galaxy:threat-actor=\"Blue Termite\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55db939f-46d4-4867-9d87-6070950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-24T21:58:55.000Z", "modified": "2015-08-24T21:58:55.000Z", "first_observed": "2015-08-24T21:58:55Z", "last_observed": "2015-08-24T21:58:55Z", "number_observed": 1, "object_refs": [ "url--55db939f-46d4-4867-9d87-6070950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55db939f-46d4-4867-9d87-6070950d210b", "value": "https://otx.alienvault.com/pulse/55db51554637f21c54c19363/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--55db93a9-df84-40b7-89e1-4c28950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-24T21:59:05.000Z", "modified": "2015-08-24T21:59:05.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Blue Termite" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55dc1201-38e4-424b-b789-44a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:09.000Z", "modified": "2015-08-25T06:58:09.000Z", "name": "CVE-2015-5119", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-5119" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1213-5904-442e-9cba-449a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:27.000Z", "modified": "2015-08-25T06:58:27.000Z", "pattern": "[file:hashes.MD5 = '07aa0340ec0bfbb2e59f1cc50382c055']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1213-463c-4c3d-96a1-4119950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:27.000Z", "modified": "2015-08-25T06:58:27.000Z", "pattern": "[file:hashes.MD5 = '23f23e1345f6bc70af34604246d6300d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1213-0e34-4583-ad80-47c6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:27.000Z", "modified": "2015-08-25T06:58:27.000Z", "pattern": "[file:hashes.MD5 = '302fbe13736403921ad7f9d310d7beb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1214-c82c-4aef-afe6-445f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:28.000Z", "modified": "2015-08-25T06:58:28.000Z", "pattern": "[file:hashes.MD5 = '3b42577bbd602934a728744f242ffe26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1214-6018-4397-8532-4edd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:28.000Z", "modified": "2015-08-25T06:58:28.000Z", "pattern": "[file:hashes.MD5 = '438a3b6783fb290197d3023ce441229c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1214-67b0-48ab-8eda-4aa6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:28.000Z", "modified": "2015-08-25T06:58:28.000Z", "pattern": "[file:hashes.MD5 = '512d93c711f006891cbc124392c2e8d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1214-b0cc-44ec-bf92-48ae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:28.000Z", "modified": "2015-08-25T06:58:28.000Z", "pattern": "[file:hashes.MD5 = '8cc0f235189efcf3fe1c4ccc7527fcfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1214-6ba8-478a-96b6-432b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:28.000Z", "modified": "2015-08-25T06:58:28.000Z", "pattern": "[file:hashes.MD5 = 'a421f5145eae2c68950cc3174e88870f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1215-5360-40c9-8525-47a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:29.000Z", "modified": "2015-08-25T06:58:29.000Z", "pattern": "[file:hashes.MD5 = 'b3bc4b5f17fd5f87ec3714c6587f6906']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1215-ebe4-4e89-9dd3-4c54950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:29.000Z", "modified": "2015-08-25T06:58:29.000Z", "pattern": "[file:hashes.MD5 = 'bb3f0ad472aac26ae6dc8c0e7969cc30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1215-82c0-4ed3-93d5-401c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:29.000Z", "modified": "2015-08-25T06:58:29.000Z", "pattern": "[file:hashes.MD5 = 'f07216c34689a9104b29bbdcba17325f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1215-51dc-4c23-bd6e-4cb7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:29.000Z", "modified": "2015-08-25T06:58:29.000Z", "pattern": "[file:hashes.MD5 = 'f46019f795bd721262dc69988d7e53bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1215-1d90-4dec-b586-4093950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:29.000Z", "modified": "2015-08-25T06:58:29.000Z", "pattern": "[file:hashes.MD5 = 'f60cdde57bd9ca9412c32a08ef068abc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1216-0044-43e7-84e4-4d1e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:30.000Z", "modified": "2015-08-25T06:58:30.000Z", "pattern": "[file:hashes.MD5 = 'f8d9af763e64c420ffa6e8930727f779']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1216-f97c-481a-ac7a-41b1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:30.000Z", "modified": "2015-08-25T06:58:30.000Z", "pattern": "[url:value = 'http://www.ishopsg.com/sites.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1216-32a0-403b-88c9-4635950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:30.000Z", "modified": "2015-08-25T06:58:30.000Z", "pattern": "[url:value = 'http://www.motoavanti.com/shinyo/backup/look/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1216-cad4-49e4-b6f0-4fe1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:30.000Z", "modified": "2015-08-25T06:58:30.000Z", "pattern": "[url:value = 'http://www.n-fit-sub.com/ec/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1216-bd24-4e15-b0d9-40c2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:30.000Z", "modified": "2015-08-25T06:58:30.000Z", "pattern": "[url:value = 'http://www.nichiiko-golf.com/news/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1216-b3e0-49c8-85dd-4a7d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:30.000Z", "modified": "2015-08-25T06:58:30.000Z", "pattern": "[url:value = 'http://www.pikogrm.jp/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1217-4ed0-40c0-ac32-43db950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T06:58:31.000Z", "modified": "2015-08-25T06:58:31.000Z", "pattern": "[url:value = 'http://www.upgs.com/css/bin/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T06:58:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1963-4b34-418d-810c-4593950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:39.000Z", "modified": "2015-08-25T07:29:39.000Z", "description": "- Xchecked via VT: f60cdde57bd9ca9412c32a08ef068abc", "pattern": "[file:hashes.SHA256 = 'e03e6f7d98b214b5051b7484e4099ce5bd8c46e49faf44002c8ba146977127ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1964-e2e0-40b6-ae55-4c42950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:40.000Z", "modified": "2015-08-25T07:29:40.000Z", "description": "- Xchecked via VT: f60cdde57bd9ca9412c32a08ef068abc", "pattern": "[file:hashes.SHA1 = '3573a9d03211e3935a48a947d1152d7611539f68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1964-98c0-4a77-a6f5-40ed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:40.000Z", "modified": "2015-08-25T07:29:40.000Z", "first_observed": "2015-08-25T07:29:40Z", "last_observed": "2015-08-25T07:29:40Z", "number_observed": 1, "object_refs": [ "url--55dc1964-98c0-4a77-a6f5-40ed950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1964-98c0-4a77-a6f5-40ed950d210b", "value": "https://www.virustotal.com/file/e03e6f7d98b214b5051b7484e4099ce5bd8c46e49faf44002c8ba146977127ef/analysis/1436519315/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1964-58c8-4161-99cb-4c74950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:40.000Z", "modified": "2015-08-25T07:29:40.000Z", "description": "- Xchecked via VT: f46019f795bd721262dc69988d7e53bc", "pattern": "[file:hashes.SHA256 = 'e9302fe774e22e2b34a395f8e56c6976fe354bb88b5dcfda4ee36984eebd9340']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1964-f858-4bf8-aad7-4667950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:40.000Z", "modified": "2015-08-25T07:29:40.000Z", "description": "- Xchecked via VT: f46019f795bd721262dc69988d7e53bc", "pattern": "[file:hashes.SHA1 = 'de51aa21847c1268a708351992a0f95b9a823ffb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1964-2ac0-4644-8fde-49ab950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:40.000Z", "modified": "2015-08-25T07:29:40.000Z", "first_observed": "2015-08-25T07:29:40Z", "last_observed": "2015-08-25T07:29:40Z", "number_observed": 1, "object_refs": [ "url--55dc1964-2ac0-4644-8fde-49ab950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1964-2ac0-4644-8fde-49ab950d210b", "value": "https://www.virustotal.com/file/e9302fe774e22e2b34a395f8e56c6976fe354bb88b5dcfda4ee36984eebd9340/analysis/1439629438/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1965-5a00-4e1e-9400-41e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:41.000Z", "modified": "2015-08-25T07:29:41.000Z", "description": "- Xchecked via VT: bb3f0ad472aac26ae6dc8c0e7969cc30", "pattern": "[file:hashes.SHA256 = 'e919ae6a3bdc6abe6b695215a53b74072a39b86757e049f930866b3f69000957']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1965-9a94-4135-ad58-4e79950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:41.000Z", "modified": "2015-08-25T07:29:41.000Z", "description": "- Xchecked via VT: bb3f0ad472aac26ae6dc8c0e7969cc30", "pattern": "[file:hashes.SHA1 = '7e8c4127902dbb0fd3f714d2e6b50acc57d4fcc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1965-77a8-44c5-be6c-4b02950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:41.000Z", "modified": "2015-08-25T07:29:41.000Z", "first_observed": "2015-08-25T07:29:41Z", "last_observed": "2015-08-25T07:29:41Z", "number_observed": 1, "object_refs": [ "url--55dc1965-77a8-44c5-be6c-4b02950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1965-77a8-44c5-be6c-4b02950d210b", "value": "https://www.virustotal.com/file/e919ae6a3bdc6abe6b695215a53b74072a39b86757e049f930866b3f69000957/analysis/1440461268/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1965-e704-4cf0-89c1-40c4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:41.000Z", "modified": "2015-08-25T07:29:41.000Z", "description": "- Xchecked via VT: b3bc4b5f17fd5f87ec3714c6587f6906", "pattern": "[file:hashes.SHA256 = 'dc3c90084e8c47414ccb17fd70d3c2b051a293efcc29dc57a6d273293e0001ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1965-1fb4-4bac-9e22-40c8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:41.000Z", "modified": "2015-08-25T07:29:41.000Z", "description": "- Xchecked via VT: b3bc4b5f17fd5f87ec3714c6587f6906", "pattern": "[file:hashes.SHA1 = '07aba67978294a8757bb58fd99f8e1fa151fc348']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1966-d0d0-4eb4-b38f-458c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:42.000Z", "modified": "2015-08-25T07:29:42.000Z", "first_observed": "2015-08-25T07:29:42Z", "last_observed": "2015-08-25T07:29:42Z", "number_observed": 1, "object_refs": [ "url--55dc1966-d0d0-4eb4-b38f-458c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1966-d0d0-4eb4-b38f-458c950d210b", "value": "https://www.virustotal.com/file/dc3c90084e8c47414ccb17fd70d3c2b051a293efcc29dc57a6d273293e0001ec/analysis/1440387368/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1966-ca20-40fc-9581-4052950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:42.000Z", "modified": "2015-08-25T07:29:42.000Z", "description": "- Xchecked via VT: a421f5145eae2c68950cc3174e88870f", "pattern": "[file:hashes.SHA256 = 'f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1966-f1e4-423c-9c3f-4e7b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:42.000Z", "modified": "2015-08-25T07:29:42.000Z", "description": "- Xchecked via VT: a421f5145eae2c68950cc3174e88870f", "pattern": "[file:hashes.SHA1 = '5c9b84f587cd1a79caae46d9b7cee30c4857f4a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1966-3338-4325-8bb7-400e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:42.000Z", "modified": "2015-08-25T07:29:42.000Z", "first_observed": "2015-08-25T07:29:42Z", "last_observed": "2015-08-25T07:29:42Z", "number_observed": 1, "object_refs": [ "url--55dc1966-3338-4325-8bb7-400e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1966-3338-4325-8bb7-400e950d210b", "value": "https://www.virustotal.com/file/f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051/analysis/1438873061/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1966-b224-4fa7-b241-42dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:42.000Z", "modified": "2015-08-25T07:29:42.000Z", "description": "- Xchecked via VT: 8cc0f235189efcf3fe1c4ccc7527fcfc", "pattern": "[file:hashes.SHA256 = '6aed51b108d9f9f197842e17b0f58d4dec3709ca1eae4d42146d0bba0c145eaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1967-b370-4622-b41b-4604950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:43.000Z", "modified": "2015-08-25T07:29:43.000Z", "description": "- Xchecked via VT: 8cc0f235189efcf3fe1c4ccc7527fcfc", "pattern": "[file:hashes.SHA1 = 'cdbbcd70452fd84fe4612a7fe2208077fb8fa8ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1967-deec-4044-b468-4e83950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:43.000Z", "modified": "2015-08-25T07:29:43.000Z", "first_observed": "2015-08-25T07:29:43Z", "last_observed": "2015-08-25T07:29:43Z", "number_observed": 1, "object_refs": [ "url--55dc1967-deec-4044-b468-4e83950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1967-deec-4044-b468-4e83950d210b", "value": "https://www.virustotal.com/file/6aed51b108d9f9f197842e17b0f58d4dec3709ca1eae4d42146d0bba0c145eaf/analysis/1437032832/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1967-5cd0-4fb1-a672-4a35950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:43.000Z", "modified": "2015-08-25T07:29:43.000Z", "description": "- Xchecked via VT: 438a3b6783fb290197d3023ce441229c", "pattern": "[file:hashes.SHA256 = '85a5b524a07d2a37e56876495c1a3a67a1217998a45283fe87f4ab1f97f6a973']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1967-acbc-482c-abeb-42b8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:43.000Z", "modified": "2015-08-25T07:29:43.000Z", "description": "- Xchecked via VT: 438a3b6783fb290197d3023ce441229c", "pattern": "[file:hashes.SHA1 = 'dfd74765a126a0fff4122d9b101720e148c179cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1967-fa48-4bc8-9350-494f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:43.000Z", "modified": "2015-08-25T07:29:43.000Z", "first_observed": "2015-08-25T07:29:43Z", "last_observed": "2015-08-25T07:29:43Z", "number_observed": 1, "object_refs": [ "url--55dc1967-fa48-4bc8-9350-494f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1967-fa48-4bc8-9350-494f950d210b", "value": "https://www.virustotal.com/file/85a5b524a07d2a37e56876495c1a3a67a1217998a45283fe87f4ab1f97f6a973/analysis/1437031062/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1968-7b38-4679-b642-4b15950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:44.000Z", "modified": "2015-08-25T07:29:44.000Z", "description": "- Xchecked via VT: 302fbe13736403921ad7f9d310d7beb2", "pattern": "[file:hashes.SHA256 = '008f4f14cf64dc9d323b6cb5942da4a99979c4c7d750ec1228d8c8285883771e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1968-8f2c-47fd-8709-4a35950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:44.000Z", "modified": "2015-08-25T07:29:44.000Z", "description": "- Xchecked via VT: 302fbe13736403921ad7f9d310d7beb2", "pattern": "[file:hashes.SHA1 = 'd87315166be5e3aa2d0962563e0b2edaf371d959']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1968-7d4c-4456-b885-446b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:44.000Z", "modified": "2015-08-25T07:29:44.000Z", "first_observed": "2015-08-25T07:29:44Z", "last_observed": "2015-08-25T07:29:44Z", "number_observed": 1, "object_refs": [ "url--55dc1968-7d4c-4456-b885-446b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1968-7d4c-4456-b885-446b950d210b", "value": "https://www.virustotal.com/file/008f4f14cf64dc9d323b6cb5942da4a99979c4c7d750ec1228d8c8285883771e/analysis/1438870784/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1968-500c-47f7-95e9-42d7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:44.000Z", "modified": "2015-08-25T07:29:44.000Z", "description": "- Xchecked via VT: 23f23e1345f6bc70af34604246d6300d", "pattern": "[file:hashes.SHA256 = 'a1fa7c5216737e96359452dcbf121afc251b225abd00f6a464392591caaf52e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1969-fa74-4784-b76c-414e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:45.000Z", "modified": "2015-08-25T07:29:45.000Z", "description": "- Xchecked via VT: 23f23e1345f6bc70af34604246d6300d", "pattern": "[file:hashes.SHA1 = '26fc5977b2d235e36b084e2f5b2c1cb23ea834be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1969-6bb8-4c62-bc9f-4c09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:45.000Z", "modified": "2015-08-25T07:29:45.000Z", "first_observed": "2015-08-25T07:29:45Z", "last_observed": "2015-08-25T07:29:45Z", "number_observed": 1, "object_refs": [ "url--55dc1969-6bb8-4c62-bc9f-4c09950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1969-6bb8-4c62-bc9f-4c09950d210b", "value": "https://www.virustotal.com/file/a1fa7c5216737e96359452dcbf121afc251b225abd00f6a464392591caaf52e1/analysis/1436513718/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1969-7d50-447a-81e9-4cab950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:45.000Z", "modified": "2015-08-25T07:29:45.000Z", "description": "- Xchecked via VT: 07aa0340ec0bfbb2e59f1cc50382c055", "pattern": "[file:hashes.SHA256 = 'a94bf485cebeda8e4b74bbe2c0a0567903a13c36b9bf60fab484a9b55207fe0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc1969-0dbc-425e-8520-4491950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:45.000Z", "modified": "2015-08-25T07:29:45.000Z", "description": "- Xchecked via VT: 07aa0340ec0bfbb2e59f1cc50382c055", "pattern": "[file:hashes.SHA1 = 'f0a73f20bc6c986d5e09a11f5606cf0aff271b2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T07:29:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc1969-3994-4e37-8e05-47a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T07:29:45.000Z", "modified": "2015-08-25T07:29:45.000Z", "first_observed": "2015-08-25T07:29:45Z", "last_observed": "2015-08-25T07:29:45Z", "number_observed": 1, "object_refs": [ "url--55dc1969-3994-4e37-8e05-47a1950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc1969-3994-4e37-8e05-47a1950d210b", "value": "https://www.virustotal.com/file/a94bf485cebeda8e4b74bbe2c0a0567903a13c36b9bf60fab484a9b55207fe0d/analysis/1440402672/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }