{ "type": "bundle", "id": "bundle--56fb756e-0df4-40e4-9756-438e950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T12:18:00.000Z", "modified": "2016-03-30T12:18:00.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56fb756e-0df4-40e4-9756-438e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T12:18:00.000Z", "modified": "2016-03-30T12:18:00.000Z", "name": "OSINT - Taiwan targeted with new cyberespionage back door Trojan", "published": "2016-03-30T12:29:56Z", "object_refs": [ "observed-data--56fb7596-a590-4da9-a679-467b950d210f", "url--56fb7596-a590-4da9-a679-467b950d210f", "x-misp-attribute--56fb75ef-16b0-4b65-aea4-4809950d210f", "indicator--56fb764d-a53c-4345-a754-43c7950d210f", "indicator--56fb764e-23e0-4ee6-85f7-4218950d210f", "indicator--56fb764e-643c-4ce9-83f1-4544950d210f", "indicator--56fb764e-e028-49f1-94d6-4ac4950d210f", "indicator--56fb764e-be28-4b04-9ff7-428f950d210f", "indicator--56fb764f-9d64-471b-86cb-487c950d210f", "indicator--56fb764f-be3c-4da9-9427-401e950d210f", "indicator--56fb764f-7df8-4856-b8a9-4ec1950d210f", "indicator--56fb7650-13d0-4c5c-bc1c-4bac950d210f", "indicator--56fb76be-2608-41bf-b905-4800950d210f", "indicator--56fb76bf-dd10-4dd2-b455-4f26950d210f", "indicator--56fb76bf-a120-4d9e-bdac-41d6950d210f", "indicator--56fb76c0-a9a4-47de-a0b7-476b950d210f", "indicator--56fb76c0-7684-4f0b-913e-42e7950d210f", "indicator--56fb76c0-726c-4489-a265-4cd3950d210f", "indicator--56fb76c1-1128-4689-920f-47aa950d210f", "indicator--56fb76c1-4610-4939-9e12-4995950d210f", "indicator--56fb76c1-f63c-4948-9ec2-4e6d950d210f", "indicator--56fb76c1-142c-448a-882b-410d950d210f", "indicator--56fb76c2-5b1c-447c-8e11-4b5a950d210f", "indicator--56fb76c2-a9c4-4c5f-aba7-43ce950d210f", "indicator--56fb76c2-fc40-40b9-9ecc-4acb950d210f", "indicator--56fb76c3-303c-4d10-9f1b-4ada950d210f", "indicator--56fb76c3-be30-4591-a074-4c3c950d210f", "indicator--56fb76c3-2c70-4e67-bde0-41db950d210f", "indicator--56fb76c3-9dc4-42e9-9d03-4dc9950d210f", "indicator--56fb76c4-8090-4b2e-9b9e-45c8950d210f", "indicator--56fb76c4-42e0-4403-a4e0-4566950d210f", "indicator--56fb76c5-5e84-40dd-a7db-4a7f950d210f", "indicator--56fb76c5-abf4-4bab-99e1-47f2950d210f", "indicator--56fb7812-cc00-4a88-b061-41d302de0b81", "indicator--56fb7812-c9f0-4aa8-96c0-4cba02de0b81", "observed-data--56fb7812-c270-4734-909a-4a0a02de0b81", "url--56fb7812-c270-4734-909a-4a0a02de0b81", "indicator--56fb7813-d03c-48a7-92dc-43ad02de0b81", "indicator--56fb7813-5f54-482c-b9c8-4c8d02de0b81", "observed-data--56fb7813-9714-4300-a683-4aa602de0b81", "url--56fb7813-9714-4300-a683-4aa602de0b81", "indicator--56fb7814-20fc-4425-ae0c-4c9d02de0b81", "indicator--56fb7814-1cf0-48ea-a52f-45d802de0b81", "observed-data--56fb7814-9d74-46a8-8955-4eb602de0b81", "url--56fb7814-9d74-46a8-8955-4eb602de0b81", "indicator--56fb7814-aa54-4383-b8af-429702de0b81", "indicator--56fb7815-4b18-42e0-bef6-426202de0b81", "observed-data--56fb7815-7ab4-440c-9ef9-43a202de0b81", "url--56fb7815-7ab4-440c-9ef9-43a202de0b81", "indicator--56fb7815-b3e4-4997-82aa-4bfa02de0b81", "indicator--56fb7816-9604-4ddc-b48c-406002de0b81", "observed-data--56fb7816-8464-4f18-8f1c-418902de0b81", "url--56fb7816-8464-4f18-8f1c-418902de0b81", "indicator--56fb7816-a5e0-4816-812e-425d02de0b81", "indicator--56fb7817-1aa0-4a96-96c9-4bfc02de0b81", "observed-data--56fb7817-c508-4707-9731-4bb602de0b81", "url--56fb7817-c508-4707-9731-4bb602de0b81", "indicator--56fb7817-9484-4c10-93dd-40a202de0b81", "indicator--56fb7817-aec4-4197-aa0a-4bb202de0b81", "observed-data--56fb7818-3734-4f5b-8e9a-4cae02de0b81", "url--56fb7818-3734-4f5b-8e9a-4cae02de0b81", "indicator--56fb7818-75d4-4a89-9b41-45c602de0b81", "indicator--56fb7818-7c6c-4423-862d-436402de0b81", "observed-data--56fb7819-a9a4-4011-a751-4a3a02de0b81", "url--56fb7819-a9a4-4011-a751-4a3a02de0b81", "indicator--56fb7819-1f58-4ea9-9bea-4c9502de0b81", "indicator--56fb7819-83f0-49a8-b8dd-446202de0b81", "observed-data--56fb781a-6670-4e54-a213-47d002de0b81", "url--56fb781a-6670-4e54-a213-47d002de0b81", "indicator--56fb781a-81a0-4ea3-95b1-4ea402de0b81", "indicator--56fb781a-0a0c-40c3-80c5-4d2602de0b81", "observed-data--56fb781b-54d4-473e-b222-486202de0b81", "url--56fb781b-54d4-473e-b222-486202de0b81", "indicator--56fb781b-80fc-4a69-9336-49bd02de0b81", "indicator--56fb781b-aa24-462e-8602-4ea302de0b81", "observed-data--56fb781c-a0a8-43fe-b5c1-4c6602de0b81", "url--56fb781c-a0a8-43fe-b5c1-4c6602de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7596-a590-4da9-a679-467b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:43:34.000Z", "modified": "2016-03-30T06:43:34.000Z", "first_observed": "2016-03-30T06:43:34Z", "last_observed": "2016-03-30T06:43:34Z", "number_observed": 1, "object_refs": [ "url--56fb7596-a590-4da9-a679-467b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7596-a590-4da9-a679-467b950d210f", "value": "http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--56fb75ef-16b0-4b65-aea4-4809950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:45:03.000Z", "modified": "2016-03-30T06:45:03.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "In late August 2015, Symantec identified a previously unknown back door Trojan (Backdoor.Dripion) infecting organizations primarily located in Taiwan, as well as Brazil and the United States. Dripion is custom-built, designed to steal information, and has been used sparingly in a limited number of targeted attacks. The attackers behind this campaign went to some lengths to disguise their activities, including using domains names disguised as antivirus (AV) company websites for their command and control (C&C) servers. These attacks have some links to earlier attacks by a group called Budminer involving the Taidoor Trojan (Trojan.Taidoor).\r\n\r\nThe threat posed by custom malware such as Dripion illustrates the value of multilayered security. Unknown threats may evade signature-based detection, but can be blocked by other detection tools which identify malicious behavior." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764d-a53c-4345-a754-43c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:37.000Z", "modified": "2016-03-30T06:46:37.000Z", "description": "Infrastructure", "pattern": "[domain-name:value = 'hyydn.nortonsoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764e-23e0-4ee6-85f7-4218950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:38.000Z", "modified": "2016-03-30T06:46:38.000Z", "description": "Infrastructure", "pattern": "[domain-name:value = 'mhysix.mcfeesoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764e-643c-4ce9-83f1-4544950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:38.000Z", "modified": "2016-03-30T06:46:38.000Z", "description": "Infrastructure", "pattern": "[domain-name:value = 'gspt.dns1.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764e-e028-49f1-94d6-4ac4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:38.000Z", "modified": "2016-03-30T06:46:38.000Z", "description": "Infrastructure", "pattern": "[domain-name:value = 'unpt.defultname.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764e-be28-4b04-9ff7-428f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:38.000Z", "modified": "2016-03-30T06:46:38.000Z", "description": "Infrastructure", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.144.100.73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764f-9d64-471b-86cb-487c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:39.000Z", "modified": "2016-03-30T06:46:39.000Z", "description": "Infrastructure", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.61.229.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764f-be3c-4da9-9427-401e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:39.000Z", "modified": "2016-03-30T06:46:39.000Z", "description": "Infrastructure", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.215.222.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb764f-7df8-4856-b8a9-4ec1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:39.000Z", "modified": "2016-03-30T06:46:39.000Z", "description": "Infrastructure", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.222.137.66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7650-13d0-4c5c-bc1c-4bac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:46:40.000Z", "modified": "2016-03-30T06:46:40.000Z", "description": "Infrastructure", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.240.182.99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:46:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76be-2608-41bf-b905-4800950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:30.000Z", "modified": "2016-03-30T06:48:30.000Z", "pattern": "[file:hashes.MD5 = '2dd931cf0950817d1bb567e12cf80ae7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76bf-dd10-4dd2-b455-4f26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:31.000Z", "modified": "2016-03-30T06:48:31.000Z", "pattern": "[file:hashes.MD5 = '3652075425b367d101a7d6b6ef558c6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76bf-a120-4d9e-bdac-41d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:31.000Z", "modified": "2016-03-30T06:48:31.000Z", "pattern": "[file:hashes.MD5 = '59ff5624a02e98f60187add71bba3756']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c0-a9a4-47de-a0b7-476b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:32.000Z", "modified": "2016-03-30T06:48:32.000Z", "pattern": "[file:hashes.MD5 = '865d24324f1cac5aecc09bae6a9157f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c0-7684-4f0b-913e-42e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:32.000Z", "modified": "2016-03-30T06:48:32.000Z", "pattern": "[file:hashes.MD5 = 'eca0ef705d148ff105dbaf40ce9d1d5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c0-726c-4489-a265-4cd3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:32.000Z", "modified": "2016-03-30T06:48:32.000Z", "pattern": "[file:hashes.MD5 = 'f4260ecd0395076439d8c0725ee0125f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c1-1128-4689-920f-47aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:32.000Z", "modified": "2016-03-30T06:48:32.000Z", "pattern": "[file:hashes.MD5 = '285de6e5d3ed8ca966430846888a56ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c1-4610-4939-9e12-4995950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:33.000Z", "modified": "2016-03-30T06:48:33.000Z", "pattern": "[file:hashes.MD5 = '31f83a1e09062e8c4773a03d5993d870']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c1-f63c-4948-9ec2-4e6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:33.000Z", "modified": "2016-03-30T06:48:33.000Z", "pattern": "[file:hashes.MD5 = '4438921ea3d08d0c90f2f903556967e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c1-142c-448a-882b-410d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:33.000Z", "modified": "2016-03-30T06:48:33.000Z", "pattern": "[file:hashes.MD5 = '7ad3b2b6eee18af6816b6f4f7f7f71a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c2-5b1c-447c-8e11-4b5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:34.000Z", "modified": "2016-03-30T06:48:34.000Z", "pattern": "[file:hashes.MD5 = 'b594d53a0d19eaac113988bf238654d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c2-a9c4-4c5f-aba7-43ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:34.000Z", "modified": "2016-03-30T06:48:34.000Z", "pattern": "[file:hashes.MD5 = 'c3e6ce287d12ac39ceb24e08dc63e3b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c2-fc40-40b9-9ecc-4acb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:34.000Z", "modified": "2016-03-30T06:48:34.000Z", "pattern": "[file:hashes.MD5 = 'e0c6b7d9bdae838139caa3acce5c890d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c3-303c-4d10-9f1b-4ada950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:35.000Z", "modified": "2016-03-30T06:48:35.000Z", "pattern": "[file:hashes.MD5 = 'e7205c0b80035b629d80b5e7aeff7b0e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c3-be30-4591-a074-4c3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:35.000Z", "modified": "2016-03-30T06:48:35.000Z", "pattern": "[file:hashes.MD5 = 'c182e33cf7e85316e9dc0e13999db45e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c3-2c70-4e67-bde0-41db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:35.000Z", "modified": "2016-03-30T06:48:35.000Z", "pattern": "[file:hashes.MD5 = '272ff690f6d27d2953fbadf75791274c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c3-9dc4-42e9-9d03-4dc9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:35.000Z", "modified": "2016-03-30T06:48:35.000Z", "pattern": "[file:hashes.MD5 = 'ae80f056b8c38873ab1251c454ed1fe9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c4-8090-4b2e-9b9e-45c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:36.000Z", "modified": "2016-03-30T06:48:36.000Z", "pattern": "[file:hashes.MD5 = '260f19ef39d56373bb5590346d2c1811']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c4-42e0-4403-a4e0-4566950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:36.000Z", "modified": "2016-03-30T06:48:36.000Z", "pattern": "[file:hashes.MD5 = 'fe8d19e3435879e56f5189b37263ab06']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c5-5e84-40dd-a7db-4a7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:37.000Z", "modified": "2016-03-30T06:48:37.000Z", "pattern": "[file:hashes.MD5 = '68bebcd9d2ad418332980a7dab71bf79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb76c5-abf4-4bab-99e1-47f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:48:37.000Z", "modified": "2016-03-30T06:48:37.000Z", "pattern": "[file:hashes.MD5 = 'cbde79b6ba782840db4aca46a5a63467']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:48:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7812-cc00-4a88-b061-41d302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:10.000Z", "modified": "2016-03-30T06:54:10.000Z", "description": "- Xchecked via VT: cbde79b6ba782840db4aca46a5a63467", "pattern": "[file:hashes.SHA256 = '39cd2290575c291b1da6ee7c1da52ab14441bd4647fe3eb21561579e08c9d93c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7812-c9f0-4aa8-96c0-4cba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:10.000Z", "modified": "2016-03-30T06:54:10.000Z", "description": "- Xchecked via VT: cbde79b6ba782840db4aca46a5a63467", "pattern": "[file:hashes.SHA1 = '5b697da0efde1052c0f49d586744bc52e49626ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7812-c270-4734-909a-4a0a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:10.000Z", "modified": "2016-03-30T06:54:10.000Z", "first_observed": "2016-03-30T06:54:10Z", "last_observed": "2016-03-30T06:54:10Z", "number_observed": 1, "object_refs": [ "url--56fb7812-c270-4734-909a-4a0a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7812-c270-4734-909a-4a0a02de0b81", "value": "https://www.virustotal.com/file/39cd2290575c291b1da6ee7c1da52ab14441bd4647fe3eb21561579e08c9d93c/analysis/1456306454/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7813-d03c-48a7-92dc-43ad02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:11.000Z", "modified": "2016-03-30T06:54:11.000Z", "description": "- Xchecked via VT: 68bebcd9d2ad418332980a7dab71bf79", "pattern": "[file:hashes.SHA256 = 'fe461e8d5f89a78d89522f0a69f1f78ae9cd41dc772a38d88eed677ccde2fd83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7813-5f54-482c-b9c8-4c8d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:11.000Z", "modified": "2016-03-30T06:54:11.000Z", "description": "- Xchecked via VT: 68bebcd9d2ad418332980a7dab71bf79", "pattern": "[file:hashes.SHA1 = 'f9222b8048ec770c613be5692b1ed225564c90e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7813-9714-4300-a683-4aa602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:11.000Z", "modified": "2016-03-30T06:54:11.000Z", "first_observed": "2016-03-30T06:54:11Z", "last_observed": "2016-03-30T06:54:11Z", "number_observed": 1, "object_refs": [ "url--56fb7813-9714-4300-a683-4aa602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7813-9714-4300-a683-4aa602de0b81", "value": "https://www.virustotal.com/file/fe461e8d5f89a78d89522f0a69f1f78ae9cd41dc772a38d88eed677ccde2fd83/analysis/1441264811/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7814-20fc-4425-ae0c-4c9d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:12.000Z", "modified": "2016-03-30T06:54:12.000Z", "description": "- Xchecked via VT: ae80f056b8c38873ab1251c454ed1fe9", "pattern": "[file:hashes.SHA256 = 'c84fc7bef4e77e1f913a4be1a7114d255459f9d808fcc09b0f441e3761e5e4a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7814-1cf0-48ea-a52f-45d802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:12.000Z", "modified": "2016-03-30T06:54:12.000Z", "description": "- Xchecked via VT: ae80f056b8c38873ab1251c454ed1fe9", "pattern": "[file:hashes.SHA1 = '4a4f670f59073191c4b06e857151725208693c39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7814-9d74-46a8-8955-4eb602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:12.000Z", "modified": "2016-03-30T06:54:12.000Z", "first_observed": "2016-03-30T06:54:12Z", "last_observed": "2016-03-30T06:54:12Z", "number_observed": 1, "object_refs": [ "url--56fb7814-9d74-46a8-8955-4eb602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7814-9d74-46a8-8955-4eb602de0b81", "value": "https://www.virustotal.com/file/c84fc7bef4e77e1f913a4be1a7114d255459f9d808fcc09b0f441e3761e5e4a4/analysis/1459263257/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7814-aa54-4383-b8af-429702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:12.000Z", "modified": "2016-03-30T06:54:12.000Z", "description": "- Xchecked via VT: 272ff690f6d27d2953fbadf75791274c", "pattern": "[file:hashes.SHA256 = '580e638dcea5b47cf3fc1e1b486e78cf053565e3f862e923abc8f128bcaf54b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7815-4b18-42e0-bef6-426202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:13.000Z", "modified": "2016-03-30T06:54:13.000Z", "description": "- Xchecked via VT: 272ff690f6d27d2953fbadf75791274c", "pattern": "[file:hashes.SHA1 = '8e74830b02b73c12b7eb7f273bb60ef18b658dbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7815-7ab4-440c-9ef9-43a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:13.000Z", "modified": "2016-03-30T06:54:13.000Z", "first_observed": "2016-03-30T06:54:13Z", "last_observed": "2016-03-30T06:54:13Z", "number_observed": 1, "object_refs": [ "url--56fb7815-7ab4-440c-9ef9-43a202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7815-7ab4-440c-9ef9-43a202de0b81", "value": "https://www.virustotal.com/file/580e638dcea5b47cf3fc1e1b486e78cf053565e3f862e923abc8f128bcaf54b8/analysis/1407397787/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7815-b3e4-4997-82aa-4bfa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:13.000Z", "modified": "2016-03-30T06:54:13.000Z", "description": "- Xchecked via VT: c182e33cf7e85316e9dc0e13999db45e", "pattern": "[file:hashes.SHA256 = '52a2931cb88f50cfb6a5728797c6e5ea201e0ea8493e7eba1eac02e50273edbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7816-9604-4ddc-b48c-406002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:14.000Z", "modified": "2016-03-30T06:54:14.000Z", "description": "- Xchecked via VT: c182e33cf7e85316e9dc0e13999db45e", "pattern": "[file:hashes.SHA1 = 'b9ecda3a8695d0385d1764091b9bb751cfb92ff6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7816-8464-4f18-8f1c-418902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:14.000Z", "modified": "2016-03-30T06:54:14.000Z", "first_observed": "2016-03-30T06:54:14Z", "last_observed": "2016-03-30T06:54:14Z", "number_observed": 1, "object_refs": [ "url--56fb7816-8464-4f18-8f1c-418902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7816-8464-4f18-8f1c-418902de0b81", "value": "https://www.virustotal.com/file/52a2931cb88f50cfb6a5728797c6e5ea201e0ea8493e7eba1eac02e50273edbb/analysis/1442570891/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7816-a5e0-4816-812e-425d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:14.000Z", "modified": "2016-03-30T06:54:14.000Z", "description": "- Xchecked via VT: e7205c0b80035b629d80b5e7aeff7b0e", "pattern": "[file:hashes.SHA256 = '9a9aa2c782b2747668ebe5ce3b509b970521e8a1aab1e89dcd87cb9e9a083982']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7817-1aa0-4a96-96c9-4bfc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:15.000Z", "modified": "2016-03-30T06:54:15.000Z", "description": "- Xchecked via VT: e7205c0b80035b629d80b5e7aeff7b0e", "pattern": "[file:hashes.SHA1 = '63c1e2b477bfbc05a9f2806adfcdfe1bc03cef1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7817-c508-4707-9731-4bb602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:15.000Z", "modified": "2016-03-30T06:54:15.000Z", "first_observed": "2016-03-30T06:54:15Z", "last_observed": "2016-03-30T06:54:15Z", "number_observed": 1, "object_refs": [ "url--56fb7817-c508-4707-9731-4bb602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7817-c508-4707-9731-4bb602de0b81", "value": "https://www.virustotal.com/file/9a9aa2c782b2747668ebe5ce3b509b970521e8a1aab1e89dcd87cb9e9a083982/analysis/1458897537/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7817-9484-4c10-93dd-40a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:15.000Z", "modified": "2016-03-30T06:54:15.000Z", "description": "- Xchecked via VT: c3e6ce287d12ac39ceb24e08dc63e3b5", "pattern": "[file:hashes.SHA256 = '22923e9c1db6e9fb3ffc131adffa8607748e948b7e87e36679d8600cb8ff86a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7817-aec4-4197-aa0a-4bb202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:15.000Z", "modified": "2016-03-30T06:54:15.000Z", "description": "- Xchecked via VT: c3e6ce287d12ac39ceb24e08dc63e3b5", "pattern": "[file:hashes.SHA1 = '76db73ab0b5393a6a871b6ac8b7c467af61ee729']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7818-3734-4f5b-8e9a-4cae02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:16.000Z", "modified": "2016-03-30T06:54:16.000Z", "first_observed": "2016-03-30T06:54:16Z", "last_observed": "2016-03-30T06:54:16Z", "number_observed": 1, "object_refs": [ "url--56fb7818-3734-4f5b-8e9a-4cae02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7818-3734-4f5b-8e9a-4cae02de0b81", "value": "https://www.virustotal.com/file/22923e9c1db6e9fb3ffc131adffa8607748e948b7e87e36679d8600cb8ff86a4/analysis/1397818663/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7818-75d4-4a89-9b41-45c602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:16.000Z", "modified": "2016-03-30T06:54:16.000Z", "description": "- Xchecked via VT: 7ad3b2b6eee18af6816b6f4f7f7f71a6", "pattern": "[file:hashes.SHA256 = 'a1f8f780821d3c3c8d0e08e44854c09b6f44725ce782987882f6b8fd24a57145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7818-7c6c-4423-862d-436402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:16.000Z", "modified": "2016-03-30T06:54:16.000Z", "description": "- Xchecked via VT: 7ad3b2b6eee18af6816b6f4f7f7f71a6", "pattern": "[file:hashes.SHA1 = '52d455c5c8d4c8a852f8c3d9c477154e01604a8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb7819-a9a4-4011-a751-4a3a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:17.000Z", "modified": "2016-03-30T06:54:17.000Z", "first_observed": "2016-03-30T06:54:17Z", "last_observed": "2016-03-30T06:54:17Z", "number_observed": 1, "object_refs": [ "url--56fb7819-a9a4-4011-a751-4a3a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb7819-a9a4-4011-a751-4a3a02de0b81", "value": "https://www.virustotal.com/file/a1f8f780821d3c3c8d0e08e44854c09b6f44725ce782987882f6b8fd24a57145/analysis/1459263245/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7819-1f58-4ea9-9bea-4c9502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:17.000Z", "modified": "2016-03-30T06:54:17.000Z", "description": "- Xchecked via VT: 4438921ea3d08d0c90f2f903556967e5", "pattern": "[file:hashes.SHA256 = '31f8f6b30da868df88cfcbcaa7d3144ddf76ebd4c6852479a7a6643ce311ac01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb7819-83f0-49a8-b8dd-446202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:17.000Z", "modified": "2016-03-30T06:54:17.000Z", "description": "- Xchecked via VT: 4438921ea3d08d0c90f2f903556967e5", "pattern": "[file:hashes.SHA1 = '2b798aa6018278ddd868253831439a8da3571edf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb781a-6670-4e54-a213-47d002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:18.000Z", "modified": "2016-03-30T06:54:18.000Z", "first_observed": "2016-03-30T06:54:18Z", "last_observed": "2016-03-30T06:54:18Z", "number_observed": 1, "object_refs": [ "url--56fb781a-6670-4e54-a213-47d002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb781a-6670-4e54-a213-47d002de0b81", "value": "https://www.virustotal.com/file/31f8f6b30da868df88cfcbcaa7d3144ddf76ebd4c6852479a7a6643ce311ac01/analysis/1457938903/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb781a-81a0-4ea3-95b1-4ea402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:18.000Z", "modified": "2016-03-30T06:54:18.000Z", "description": "- Xchecked via VT: 285de6e5d3ed8ca966430846888a56ff", "pattern": "[file:hashes.SHA256 = 'f0ac7076b7295f39e76288b98adb8b2fb550a081d1a0f937e0db214bbb90996e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb781a-0a0c-40c3-80c5-4d2602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:18.000Z", "modified": "2016-03-30T06:54:18.000Z", "description": "- Xchecked via VT: 285de6e5d3ed8ca966430846888a56ff", "pattern": "[file:hashes.SHA1 = '9f5e1b4bd1be64869f98af484881c5df5859a312']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb781b-54d4-473e-b222-486202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:19.000Z", "modified": "2016-03-30T06:54:19.000Z", "first_observed": "2016-03-30T06:54:19Z", "last_observed": "2016-03-30T06:54:19Z", "number_observed": 1, "object_refs": [ "url--56fb781b-54d4-473e-b222-486202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb781b-54d4-473e-b222-486202de0b81", "value": "https://www.virustotal.com/file/f0ac7076b7295f39e76288b98adb8b2fb550a081d1a0f937e0db214bbb90996e/analysis/1415944613/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb781b-80fc-4a69-9336-49bd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:19.000Z", "modified": "2016-03-30T06:54:19.000Z", "description": "- Xchecked via VT: eca0ef705d148ff105dbaf40ce9d1d5e", "pattern": "[file:hashes.SHA256 = '8f4c585a5310c415071c844f7df165c0d8f386eb9a8b35953a5b669f4abf9729']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56fb781b-aa24-462e-8602-4ea302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:19.000Z", "modified": "2016-03-30T06:54:19.000Z", "description": "- Xchecked via VT: eca0ef705d148ff105dbaf40ce9d1d5e", "pattern": "[file:hashes.SHA1 = 'cdcc2d4557ef9e27e4d41608076f92e4129617d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-30T06:54:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56fb781c-a0a8-43fe-b5c1-4c6602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-30T06:54:20.000Z", "modified": "2016-03-30T06:54:20.000Z", "first_observed": "2016-03-30T06:54:20Z", "last_observed": "2016-03-30T06:54:20Z", "number_observed": 1, "object_refs": [ "url--56fb781c-a0a8-43fe-b5c1-4c6602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56fb781c-a0a8-43fe-b5c1-4c6602de0b81", "value": "https://www.virustotal.com/file/8f4c585a5310c415071c844f7df165c0d8f386eb9a8b35953a5b669f4abf9729/analysis/1459271737/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }