{ "type": "bundle", "id": "bundle--56240d98-a524-4386-8e43-8371950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:27.000Z", "modified": "2015-12-22T14:36:27.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56240d98-a524-4386-8e43-8371950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:27.000Z", "modified": "2015-12-22T14:36:27.000Z", "name": "OSINT Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites by Citizen Labs", "published": "2015-10-21T09:04:31Z", "object_refs": [ "observed-data--56240daf-5e40-4631-8a88-4416950d210b", "url--56240daf-5e40-4631-8a88-4416950d210b", "indicator--56240e02-0950-47e9-a84e-8371950d210b", "indicator--56240e02-e808-4cb8-814b-8371950d210b", "indicator--56240e03-aeac-42f9-a84b-8371950d210b", "indicator--56240e03-3c84-470b-842a-8371950d210b", "indicator--56240e58-8374-4e94-a379-985e950d210b", "indicator--56240e59-ebcc-4a9a-a330-985e950d210b", "indicator--56240e59-a624-435b-b7ef-985e950d210b", "indicator--56240e59-e278-45da-a1b4-985e950d210b", "indicator--56240e5a-b864-4d11-b021-985e950d210b", "indicator--56240e5a-2900-4ca4-aa61-985e950d210b", "indicator--56240eb7-8e04-40b4-97c2-7dd1950d210b", "indicator--56240eb8-0958-41fa-ab85-7dd1950d210b", "indicator--56240eb8-e438-4d89-8c76-7dd1950d210b", "indicator--56240eb9-ac80-46dd-a90e-7dd1950d210b", "indicator--56240eb9-608c-4b5d-aa05-7dd1950d210b", "indicator--56240eba-d774-4119-b2d1-7dd1950d210b", "indicator--56240eba-cea4-4d24-8d86-7dd1950d210b", "indicator--56266cf4-7bbc-4601-9b87-771f950d210b", "indicator--56266cf5-5d00-47a7-b5c0-771f950d210b", "indicator--56266cf5-767c-4172-8a63-771f950d210b", "indicator--56266cf6-fc08-4dfe-8cb6-771f950d210b", "indicator--56266cf6-41c4-44b4-a591-771f950d210b", "indicator--56266cf6-1c00-4670-907b-771f950d210b", "indicator--56266cf7-da80-4dc4-9132-771f950d210b", "indicator--56266cf7-e870-453d-8a9a-771f950d210b", "indicator--56266cf8-5e70-4f2e-8240-771f950d210b", "observed-data--56275518-82a4-42d4-b18a-4498950d210b", "url--56275518-82a4-42d4-b18a-4498950d210b", "indicator--56795feb-2f6c-419e-9ed4-45bd950d210f", "indicator--56795feb-f20c-45cd-a22a-4db1950d210f", "indicator--56795fec-2cb0-4de1-a7c0-42d7950d210f", "indicator--56795fec-abfc-48ce-894e-4347950d210f", "indicator--56795fec-0150-4dbc-ac02-422b950d210f", "indicator--56795fec-7e3c-478a-a737-45fb950d210f", "indicator--56795fed-cb88-486d-b125-4cc8950d210f", "indicator--56795fed-25fc-46f2-80d4-4fe3950d210f", "indicator--56795fed-c0e0-4847-a03d-4fde950d210f", "indicator--56795fee-8410-463e-ae7e-4d19950d210f", "indicator--56795fee-83a4-4b57-b858-4018950d210f", "indicator--56795fee-d458-46aa-ac57-4785950d210f", "indicator--56795fee-5084-4386-999a-4445950d210f", "indicator--56795fef-dd6c-4d72-9a96-48fe950d210f", "indicator--56795fef-89cc-4dbc-86ff-435d950d210f", "indicator--56795fef-a068-4e7c-82ad-47fb950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56240daf-5e40-4631-8a88-4416950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:22:55.000Z", "modified": "2015-10-18T21:22:55.000Z", "first_observed": "2015-10-18T21:22:55Z", "last_observed": "2015-10-18T21:22:55Z", "number_observed": 1, "object_refs": [ "url--56240daf-5e40-4631-8a88-4416950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56240daf-5e40-4631-8a88-4416950d210b", "value": "https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e02-0950-47e9-a84e-8371950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:24:18.000Z", "modified": "2015-10-18T21:24:18.000Z", "pattern": "[domain-name:value = 'usafbi.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:24:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e02-e808-4cb8-814b-8371950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:24:18.000Z", "modified": "2015-10-18T21:24:18.000Z", "pattern": "[domain-name:value = 'usacia.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:24:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e03-aeac-42f9-a84b-8371950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:24:19.000Z", "modified": "2015-10-18T21:24:19.000Z", "pattern": "[domain-name:value = 'webhttps.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:24:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e03-3c84-470b-842a-8371950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:24:19.000Z", "modified": "2015-10-18T21:24:19.000Z", "pattern": "[domain-name:value = 'appeur.gnway.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:24:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e58-8374-4e94-a379-985e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:25:44.000Z", "modified": "2015-10-18T21:25:44.000Z", "pattern": "[file:hashes.MD5 = '884d46c01c762ad6ddd2759fd921bf71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:25:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e59-ebcc-4a9a-a330-985e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:25:45.000Z", "modified": "2015-10-18T21:25:45.000Z", "pattern": "[domain-name:value = 't2.mailsecurityservice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:25:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e59-a624-435b-b7ef-985e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:25:45.000Z", "modified": "2015-10-18T21:25:45.000Z", "pattern": "[domain-name:value = 't1.mailsecurityservice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:25:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e59-e278-45da-a1b4-985e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:25:45.000Z", "modified": "2015-10-18T21:25:45.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.212.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:25:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e5a-b864-4d11-b021-985e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:25:46.000Z", "modified": "2015-10-18T21:25:46.000Z", "pattern": "[file:hashes.MD5 = '15c926d2602f65be0de65fa9c06aa6c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:25:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240e5a-2900-4ca4-aa61-985e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:25:46.000Z", "modified": "2015-10-18T21:25:46.000Z", "pattern": "[url:value = 'http://client.mailsecurityservice.com/viewclient/connect.php?n=zxishanchu1106.exe.']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:25:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eb7-8e04-40b4-97c2-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-21T08:57:11.000Z", "modified": "2015-10-21T08:57:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.44.190.85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-21T08:57:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eb8-0958-41fa-ab85-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:27:20.000Z", "modified": "2015-10-18T21:27:20.000Z", "pattern": "[domain-name:value = 'mailsecurityservice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eb8-e438-4d89-8c76-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:27:20.000Z", "modified": "2015-10-18T21:27:20.000Z", "pattern": "[domain-name:value = 'iyouthen.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eb9-ac80-46dd-a90e-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-21T09:04:09.000Z", "modified": "2015-10-21T09:04:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.222.244']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-21T09:04:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eb9-608c-4b5d-aa05-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:27:21.000Z", "modified": "2015-10-18T21:27:21.000Z", "pattern": "[domain-name:value = 'gmail.iyouthen.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:27:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eba-d774-4119-b2d1-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:27:22.000Z", "modified": "2015-10-18T21:27:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.44.49.88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:27:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56240eba-cea4-4d24-8d86-7dd1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-18T21:27:22.000Z", "modified": "2015-10-18T21:27:22.000Z", "pattern": "[file:hashes.MD5 = '53f81415ccedf453d6e3ebcdc142b966']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-18T21:27:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf4-7bbc-4601-9b87-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:56.000Z", "modified": "2015-10-20T16:33:56.000Z", "pattern": "[file:hashes.MD5 = '56f0e67d981024ddcc215543698f44fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf5-5d00-47a7-b5c0-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:57.000Z", "modified": "2015-10-20T16:33:57.000Z", "pattern": "[file:hashes.SHA1 = 'bfaebb3e8a6768a2a5785ffa8dbb16cab43ba560']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf5-767c-4172-8a63-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:57.000Z", "modified": "2015-10-20T16:33:57.000Z", "pattern": "[file:hashes.SHA256 = '30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf6-fc08-4dfe-8cb6-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:58.000Z", "modified": "2015-10-20T16:33:58.000Z", "pattern": "[file:hashes.MD5 = 'c4c147bdfddffec2eea6bf99661e69ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf6-41c4-44b4-a591-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:58.000Z", "modified": "2015-10-20T16:33:58.000Z", "pattern": "[file:hashes.MD5 = '7e0081fba718fcd71753d3199a290f03']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf6-1c00-4670-907b-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:58.000Z", "modified": "2015-10-20T16:33:58.000Z", "pattern": "[file:hashes.MD5 = '6701662097e274f3cd089ceec35471d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf7-da80-4dc4-9132-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:59.000Z", "modified": "2015-10-20T16:33:59.000Z", "pattern": "[file:hashes.MD5 = '699b3d90b050cae37f65c855ec7f616a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf7-e870-453d-8a9a-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:33:59.000Z", "modified": "2015-10-20T16:33:59.000Z", "pattern": "[file:hashes.MD5 = '5710d567d98a8f4a6682859ce3a35336']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266cf8-5e70-4f2e-8240-771f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:34:00.000Z", "modified": "2015-10-20T16:34:00.000Z", "pattern": "[file:hashes.MD5 = '49ceba3347d39870f15f2ab0391af234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:34:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56275518-82a4-42d4-b18a-4498950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-21T09:04:24.000Z", "modified": "2015-10-21T09:04:24.000Z", "first_observed": "2015-10-21T09:04:24Z", "last_observed": "2015-10-21T09:04:24Z", "number_observed": 1, "object_refs": [ "url--56275518-82a4-42d4-b18a-4498950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56275518-82a4-42d4-b18a-4498950d210b", "value": "https://passivetotal.org/passive/103.20.222.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795feb-2f6c-419e-9ed4-45bd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:27.000Z", "modified": "2015-12-22T14:36:27.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf/analysis/1447248301/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795feb-f20c-45cd-a22a-4db1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:27.000Z", "modified": "2015-12-22T14:36:27.000Z", "description": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336", "pattern": "[file:hashes.SHA256 = '44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fec-2cb0-4de1-a7c0-42d7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:28.000Z", "modified": "2015-12-22T14:36:28.000Z", "description": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336", "pattern": "[file:hashes.SHA1 = '355e7fd36a18253358e6175842c7309f79629570']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fec-abfc-48ce-894e-4347950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:28.000Z", "modified": "2015-12-22T14:36:28.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6/analysis/1447876975/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fec-0150-4dbc-ac02-422b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:28.000Z", "modified": "2015-12-22T14:36:28.000Z", "description": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03", "pattern": "[file:hashes.SHA256 = 'd71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fec-7e3c-478a-a737-45fb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:28.000Z", "modified": "2015-12-22T14:36:28.000Z", "description": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03", "pattern": "[file:hashes.SHA1 = '4d994872ad4032282d140ac0a19844de6f252141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fed-cb88-486d-b125-4cc8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:29.000Z", "modified": "2015-12-22T14:36:29.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f/analysis/1438899341/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fed-25fc-46f2-80d4-4fe3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:29.000Z", "modified": "2015-12-22T14:36:29.000Z", "description": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee", "pattern": "[file:hashes.SHA256 = '365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fed-c0e0-4847-a03d-4fde950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:29.000Z", "modified": "2015-12-22T14:36:29.000Z", "description": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee", "pattern": "[file:hashes.SHA1 = '926b3576e75b49169e4fec6cbd070f02c8f33ed0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fee-8410-463e-ae7e-4d19950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:30.000Z", "modified": "2015-12-22T14:36:30.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1/analysis/1445244286/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fee-83a4-4b57-b858-4018950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:30.000Z", "modified": "2015-12-22T14:36:30.000Z", "description": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6", "pattern": "[file:hashes.SHA256 = '2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fee-d458-46aa-ac57-4785950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:30.000Z", "modified": "2015-12-22T14:36:30.000Z", "description": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6", "pattern": "[file:hashes.SHA1 = '3425cdc99e28661d6c510a5167488ce0a6952b6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fee-5084-4386-999a-4445950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:30.000Z", "modified": "2015-12-22T14:36:30.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79/analysis/1442294210/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fef-dd6c-4d72-9a96-48fe950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:31.000Z", "modified": "2015-12-22T14:36:31.000Z", "description": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71", "pattern": "[file:hashes.SHA256 = '3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fef-89cc-4dbc-86ff-435d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:31.000Z", "modified": "2015-12-22T14:36:31.000Z", "description": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71", "pattern": "[file:hashes.SHA1 = 'd201b130232e0ea411daa23c1ba2892fe6468712']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fef-a068-4e7c-82ad-47fb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:36:31.000Z", "modified": "2015-12-22T14:36:31.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe/analysis/1450088702/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }