{ "type": "bundle", "id": "bundle--576afc2a-6fd8-4b0d-949b-347902de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:42.000Z", "modified": "2016-06-22T21:02:42.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--576afc2a-6fd8-4b0d-949b-347902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:42.000Z", "modified": "2016-06-22T21:02:42.000Z", "name": "OSINT - The Curious Case of an Unknown Trojan Targeting German-Speaking Users", "published": "2016-06-22T21:03:10Z", "object_refs": [ "indicator--576afc56-f90c-4bbe-90aa-ed0e02de0b81", "indicator--576afc7a-3970-48c8-a823-34a202de0b81", "indicator--576afc7a-0fd4-475c-b0bf-34a202de0b81", "indicator--576afc7b-1880-4d7e-834e-34a202de0b81", "indicator--576afc7b-3464-4907-bfd4-34a202de0b81", "indicator--576afc7c-7f58-4fb5-91e4-34a202de0b81", "indicator--576afc7c-d25c-4c02-b088-34a202de0b81", "indicator--576afc7c-f4a0-4cde-9d62-34a202de0b81", "indicator--576afca5-8050-4ee0-82d1-347602de0b81", "indicator--576afca5-92f4-416a-be70-347602de0b81", "indicator--576afca6-e670-4045-b465-347602de0b81", "indicator--576afca6-543c-4bd0-a13c-347602de0b81", "indicator--576afca6-ea50-4e69-ac50-347602de0b81", "indicator--576afca7-1d94-4d40-af6f-347602de0b81", "indicator--576afca7-1f08-4086-a1e7-347602de0b81", "indicator--576afca8-bd38-4746-8f03-347602de0b81", "indicator--576afca8-8abc-4d03-9542-347602de0b81", "indicator--576afca8-15cc-4be9-9768-347602de0b81", "indicator--576afca9-c414-465b-8269-347602de0b81", "indicator--576afca9-5638-41b5-a53e-347602de0b81", "indicator--576afca9-082c-49df-aa2a-347602de0b81", "indicator--576afca9-8b10-4c3c-a30e-347602de0b81", "indicator--576afca9-83e8-4a0b-b3ae-347602de0b81", "indicator--576afcaa-f518-426f-91fb-347602de0b81", "indicator--576afcaa-1b54-4285-8824-347602de0b81", "indicator--576afcaa-f148-45a5-a2c1-347602de0b81", "indicator--576afcaa-7720-4615-9de9-347602de0b81", "indicator--576afcaa-e120-4c03-b763-347602de0b81", "indicator--576afcaa-2794-480b-ab84-347602de0b81", "indicator--576afcab-e95c-4f8f-b0b8-347602de0b81", "indicator--576afcab-5154-4bf9-826b-347602de0b81", "indicator--576afcab-15c8-4001-8012-347602de0b81", "indicator--576afcab-23c4-4361-a6f4-347602de0b81", "indicator--576afcab-d818-4a28-9b77-347602de0b81", "indicator--576afcab-124c-40d1-ac8d-347602de0b81", "indicator--576afcac-0850-435b-b55d-347602de0b81", "indicator--576afcac-61e8-4080-8bc2-347602de0b81", "indicator--576afcac-b624-4ed2-9682-347602de0b81", "indicator--576afcac-2d98-498e-a580-347602de0b81", "observed-data--576afcd1-2ef8-447b-ac63-3cc102de0b81", "url--576afcd1-2ef8-447b-ac63-3cc102de0b81", "indicator--576afcf2-595c-452c-9b4c-4f0502de0b81", "indicator--576afcf2-131c-4140-9e0c-4bf302de0b81", "observed-data--576afcf2-8650-4b94-9554-4f9f02de0b81", "url--576afcf2-8650-4b94-9554-4f9f02de0b81", "indicator--576afcf2-8440-4dbf-bad6-4bd002de0b81", "indicator--576afcf3-d39c-41ee-b8cd-486802de0b81", "observed-data--576afcf3-9e90-4fcd-b365-4f4602de0b81", "url--576afcf3-9e90-4fcd-b365-4f4602de0b81", "indicator--576afcf3-bc34-4747-87df-459e02de0b81", "indicator--576afcf3-8ce4-4fdf-aa4f-4edf02de0b81", "observed-data--576afcf3-ff68-41c5-97cf-4d8402de0b81", "url--576afcf3-ff68-41c5-97cf-4d8402de0b81", "indicator--576afcf3-22d0-401d-a0f5-411a02de0b81", "indicator--576afcf4-36c0-4221-9b96-450502de0b81", "observed-data--576afcf4-b404-48a7-ba05-4cff02de0b81", "url--576afcf4-b404-48a7-ba05-4cff02de0b81", "indicator--576afcf4-7ed8-4ab3-9fb6-4a3702de0b81", "indicator--576afcf4-8298-42fa-a794-44cf02de0b81", "observed-data--576afcf4-8984-46db-b974-43aa02de0b81", "url--576afcf4-8984-46db-b974-43aa02de0b81", "indicator--576afcf5-b9bc-4e4a-aa0a-431902de0b81", "indicator--576afcf5-53f4-4669-b311-4e8202de0b81", "observed-data--576afcf5-813c-45cd-950d-412202de0b81", "url--576afcf5-813c-45cd-950d-412202de0b81", "indicator--576afcf5-2350-4ba0-a4c5-453f02de0b81", "indicator--576afcf5-dd9c-4b6f-b8ed-41b102de0b81", "observed-data--576afcf5-289c-4baf-8453-49a402de0b81", "url--576afcf5-289c-4baf-8453-49a402de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc56-f90c-4bbe-90aa-ed0e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:06.000Z", "modified": "2016-06-22T21:00:06.000Z", "description": "Last week, an unidentified malware was discovered", "pattern": "[file:hashes.SHA256 = '171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7a-3970-48c8-a823-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:42.000Z", "modified": "2016-06-22T21:00:42.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = '72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7a-0fd4-475c-b0bf-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:42.000Z", "modified": "2016-06-22T21:00:42.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = '5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7b-1880-4d7e-834e-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:43.000Z", "modified": "2016-06-22T21:00:43.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = 'c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7b-3464-4907-bfd4-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:43.000Z", "modified": "2016-06-22T21:00:43.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = '171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7c-7f58-4fb5-91e4-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:44.000Z", "modified": "2016-06-22T21:00:44.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = '5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7c-d25c-4c02-b088-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:44.000Z", "modified": "2016-06-22T21:00:44.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = '103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afc7c-f4a0-4cde-9d62-34a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:00:44.000Z", "modified": "2016-06-22T21:00:44.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "pattern": "[file:hashes.SHA256 = 'cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca5-8050-4ee0-82d1-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:25.000Z", "modified": "2016-06-22T21:01:25.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'yberprojects22017.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca5-92f4-416a-be70-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:25.000Z", "modified": "2016-06-22T21:01:25.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'masterhost8981.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca6-e670-4045-b465-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:26.000Z", "modified": "2016-06-22T21:01:26.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'nov15mailmarketing.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca6-543c-4bd0-a13c-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:26.000Z", "modified": "2016-06-22T21:01:26.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'auspostresponse22.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca6-ea50-4e69-ac50-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:26.000Z", "modified": "2016-06-22T21:01:26.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'goodwinn8.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca7-1d94-4d40-af6f-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:27.000Z", "modified": "2016-06-22T21:01:27.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'mastehost12312.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca7-1f08-4086-a1e7-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:27.000Z", "modified": "2016-06-22T21:01:27.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'masterhost1333.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca8-bd38-4746-8f03-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:28.000Z", "modified": "2016-06-22T21:01:28.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'marketingmas.in.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca8-8abc-4d03-9542-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:28.000Z", "modified": "2016-06-22T21:01:28.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'remembermetoday4.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca8-15cc-4be9-9768-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:28.000Z", "modified": "2016-06-22T21:01:28.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'startupproject33676.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca9-c414-465b-8269-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:29.000Z", "modified": "2016-06-22T21:01:29.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'bestbrowser-2015.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca9-5638-41b5-a53e-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:29.000Z", "modified": "2016-06-22T21:01:29.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'marketing5050.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca9-082c-49df-aa2a-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:29.000Z", "modified": "2016-06-22T21:01:29.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'marketingking878.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca9-8b10-4c3c-a30e-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:29.000Z", "modified": "2016-06-22T21:01:29.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'yidckntbrmhuuhmq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afca9-83e8-4a0b-b3ae-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:29.000Z", "modified": "2016-06-22T21:01:29.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'resdomactivationa.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcaa-f518-426f-91fb-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:30.000Z", "modified": "2016-06-22T21:01:30.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'ukcompanymarketing.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcaa-1b54-4285-8824-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:30.000Z", "modified": "2016-06-22T21:01:30.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'goodvin77787.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcaa-f148-45a5-a2c1-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:30.000Z", "modified": "2016-06-22T21:01:30.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'jajajakala8212.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcaa-7720-4615-9de9-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:30.000Z", "modified": "2016-06-22T21:01:30.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'masterhost122133.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcaa-e120-4c03-b763-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:30.000Z", "modified": "2016-06-22T21:01:30.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'masterj.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcaa-2794-480b-ab84-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:30.000Z", "modified": "2016-06-22T21:01:30.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'lalalababla.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcab-e95c-4f8f-b0b8-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:31.000Z", "modified": "2016-06-22T21:01:31.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'responder201922.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcab-5154-4bf9-826b-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:31.000Z", "modified": "2016-06-22T21:01:31.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'cyberprojects2727.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcab-15c8-4001-8012-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:31.000Z", "modified": "2016-06-22T21:01:31.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'super-sexy-girl2015.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcab-23c4-4361-a6f4-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:31.000Z", "modified": "2016-06-22T21:01:31.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'jxsraxhlccokkrob.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcab-d818-4a28-9b77-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:31.000Z", "modified": "2016-06-22T21:01:31.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'mastehost88832.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcab-124c-40d1-ac8d-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:31.000Z", "modified": "2016-06-22T21:01:31.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'masterlin888.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcac-0850-435b-b55d-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:32.000Z", "modified": "2016-06-22T21:01:32.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'mamba777.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcac-61e8-4080-8bc2-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:32.000Z", "modified": "2016-06-22T21:01:32.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'copolsox.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcac-b624-4ed2-9682-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:32.000Z", "modified": "2016-06-22T21:01:32.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = '10cyberprojects2016.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcac-2d98-498e-a580-347602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:01:32.000Z", "modified": "2016-06-22T21:01:32.000Z", "description": "Domains registered by sir777alex@outlook.com:", "pattern": "[domain-name:value = 'startupproject336.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcd1-2ef8-447b-ac63-3cc102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:09.000Z", "modified": "2016-06-22T21:02:09.000Z", "first_observed": "2016-06-22T21:02:09Z", "last_observed": "2016-06-22T21:02:09Z", "number_observed": 1, "object_refs": [ "url--576afcd1-2ef8-447b-ac63-3cc102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcd1-2ef8-447b-ac63-3cc102de0b81", "value": "https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf2-595c-452c-9b4c-4f0502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:42.000Z", "modified": "2016-06-22T21:02:42.000Z", "description": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b", "pattern": "[file:hashes.SHA1 = '9fbbca0a32f609aea6c8b3794429fea6b1cef1f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf2-131c-4140-9e0c-4bf302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:42.000Z", "modified": "2016-06-22T21:02:42.000Z", "description": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b", "pattern": "[file:hashes.MD5 = '2e624f044f4cd086e3d49ef8b78a5cb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf2-8650-4b94-9554-4f9f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:42.000Z", "modified": "2016-06-22T21:02:42.000Z", "first_observed": "2016-06-22T21:02:42Z", "last_observed": "2016-06-22T21:02:42Z", "number_observed": 1, "object_refs": [ "url--576afcf2-8650-4b94-9554-4f9f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf2-8650-4b94-9554-4f9f02de0b81", "value": "https://www.virustotal.com/file/171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b/analysis/1466577042/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf2-8440-4dbf-bad6-4bd002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:42.000Z", "modified": "2016-06-22T21:02:42.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892", "pattern": "[file:hashes.SHA1 = 'b8001fb6144f491226306194a08254d04f854cc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf3-d39c-41ee-b8cd-486802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:43.000Z", "modified": "2016-06-22T21:02:43.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892", "pattern": "[file:hashes.MD5 = '9ab0746d527beb6bf141580eb7e39b9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf3-9e90-4fcd-b365-4f4602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:43.000Z", "modified": "2016-06-22T21:02:43.000Z", "first_observed": "2016-06-22T21:02:43Z", "last_observed": "2016-06-22T21:02:43Z", "number_observed": 1, "object_refs": [ "url--576afcf3-9e90-4fcd-b365-4f4602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf3-9e90-4fcd-b365-4f4602de0b81", "value": "https://www.virustotal.com/file/cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892/analysis/1465950050/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf3-bc34-4747-87df-459e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:43.000Z", "modified": "2016-06-22T21:02:43.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d", "pattern": "[file:hashes.SHA1 = '88261bc52f2bd5a18ff29963b4f5300d66b794d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf3-8ce4-4fdf-aa4f-4edf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:43.000Z", "modified": "2016-06-22T21:02:43.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d", "pattern": "[file:hashes.MD5 = 'ddf0134ee920b0b9930f7d7aa2d1e038']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf3-ff68-41c5-97cf-4d8402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:43.000Z", "modified": "2016-06-22T21:02:43.000Z", "first_observed": "2016-06-22T21:02:43Z", "last_observed": "2016-06-22T21:02:43Z", "number_observed": 1, "object_refs": [ "url--576afcf3-ff68-41c5-97cf-4d8402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf3-ff68-41c5-97cf-4d8402de0b81", "value": "https://www.virustotal.com/file/103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d/analysis/1466578390/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf3-22d0-401d-a0f5-411a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:43.000Z", "modified": "2016-06-22T21:02:43.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c", "pattern": "[file:hashes.SHA1 = '349f5250384621b0e0e29a02947c2bf263234eb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf4-36c0-4221-9b96-450502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:44.000Z", "modified": "2016-06-22T21:02:44.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c", "pattern": "[file:hashes.MD5 = '04c5b2382eecf78729e3c7f28d18cb88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf4-b404-48a7-ba05-4cff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:44.000Z", "modified": "2016-06-22T21:02:44.000Z", "first_observed": "2016-06-22T21:02:44Z", "last_observed": "2016-06-22T21:02:44Z", "number_observed": 1, "object_refs": [ "url--576afcf4-b404-48a7-ba05-4cff02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf4-b404-48a7-ba05-4cff02de0b81", "value": "https://www.virustotal.com/file/5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c/analysis/1465147301/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf4-7ed8-4ab3-9fb6-4a3702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:44.000Z", "modified": "2016-06-22T21:02:44.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca", "pattern": "[file:hashes.SHA1 = 'aad3a9a14d91f4c371dab192e976b28772a9f5b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf4-8298-42fa-a794-44cf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:44.000Z", "modified": "2016-06-22T21:02:44.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca", "pattern": "[file:hashes.MD5 = '533fc5d5a9d7c0e06de13af3af0662ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf4-8984-46db-b974-43aa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:44.000Z", "modified": "2016-06-22T21:02:44.000Z", "first_observed": "2016-06-22T21:02:44Z", "last_observed": "2016-06-22T21:02:44Z", "number_observed": 1, "object_refs": [ "url--576afcf4-8984-46db-b974-43aa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf4-8984-46db-b974-43aa02de0b81", "value": "https://www.virustotal.com/file/c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca/analysis/1459406571/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf5-b9bc-4e4a-aa0a-431902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:45.000Z", "modified": "2016-06-22T21:02:45.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f", "pattern": "[file:hashes.SHA1 = 'e77be9eaa91ff9429c2837a8291c9ae4a58a76b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf5-53f4-4669-b311-4e8202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:45.000Z", "modified": "2016-06-22T21:02:45.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f", "pattern": "[file:hashes.MD5 = 'a4232d262ebfafc8570c034f428e64cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf5-813c-45cd-950d-412202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:45.000Z", "modified": "2016-06-22T21:02:45.000Z", "first_observed": "2016-06-22T21:02:45Z", "last_observed": "2016-06-22T21:02:45Z", "number_observed": 1, "object_refs": [ "url--576afcf5-813c-45cd-950d-412202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf5-813c-45cd-950d-412202de0b81", "value": "https://www.virustotal.com/file/5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f/analysis/1464162631/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf5-2350-4ba0-a4c5-453f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:45.000Z", "modified": "2016-06-22T21:02:45.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891", "pattern": "[file:hashes.SHA1 = '343878c85ff1b66e27e0d1d193fe8fde81bf1db1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576afcf5-dd9c-4b6f-b8ed-41b102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:45.000Z", "modified": "2016-06-22T21:02:45.000Z", "description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891", "pattern": "[file:hashes.MD5 = 'd79c3cce5d103f387955c34a0e429f58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-22T21:02:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--576afcf5-289c-4baf-8453-49a402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-22T21:02:45.000Z", "modified": "2016-06-22T21:02:45.000Z", "first_observed": "2016-06-22T21:02:45Z", "last_observed": "2016-06-22T21:02:45Z", "number_observed": 1, "object_refs": [ "url--576afcf5-289c-4baf-8453-49a402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--576afcf5-289c-4baf-8453-49a402de0b81", "value": "https://www.virustotal.com/file/72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891/analysis/1466153872/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }