{ "type": "bundle", "id": "bundle--5851355e-eb60-4bfb-8cea-6e01950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:42.000Z", "modified": "2016-12-14T13:02:42.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5851355e-eb60-4bfb-8cea-6e01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:42.000Z", "modified": "2016-12-14T13:02:42.000Z", "name": "OSINT - GOOLIGAN - More than a million Google accounts breached", "context": "suspicious-activity", "object_refs": [ "x-misp-attribute--58513820-85dc-4699-9470-4c81950d210f", "observed-data--5851382e-995c-49fc-ad0f-43b1950d210f", "url--5851382e-995c-49fc-ad0f-43b1950d210f", "indicator--58513976-b458-4d98-89ee-45aa950d210f", "indicator--58513977-0668-47f5-b34a-4bb9950d210f", "indicator--58513977-1544-4c4a-be60-4967950d210f", "indicator--58513978-12d0-4f68-bf3e-40c7950d210f", "indicator--58513a1b-4d2c-4701-a641-4c76950d210f", "indicator--58513a69-a980-43f0-a7f1-40be950d210f", "indicator--58513a69-beac-49e6-858e-4c50950d210f", "indicator--58513a97-8e78-480b-8055-4089950d210f", "indicator--58513a98-3aac-473b-a74f-431d950d210f", "indicator--58513c03-7614-48db-8d46-46eb950d210f", "indicator--58513e06-f85c-41dc-ada7-4b10950d210f", "indicator--58513e06-3488-4c24-8c6d-4b38950d210f", "indicator--58513e28-7a9c-455e-baee-084a950d210f", "indicator--58513e29-a920-4d8b-96ad-084a950d210f", "indicator--58513fad-872c-4fc2-9d44-4320950d210f", "indicator--58513fad-ad9c-42e5-9520-40de950d210f", "indicator--58513fae-f7fc-4ea8-a65e-497f950d210f", "indicator--58513fae-fbac-44ac-850a-4713950d210f", "indicator--58513faf-0658-43f6-bf8a-40bf950d210f", "indicator--58513faf-749c-4641-bc81-46b4950d210f", "indicator--58513fb0-4b54-4b31-9851-448a950d210f", "indicator--58513fb1-7090-4cb5-b2f1-41b8950d210f", "indicator--58514041-1eac-4449-a731-b197950d210f", "indicator--58514041-a2b8-4cd5-b1a4-b197950d210f", "indicator--58514042-9578-4d64-a49f-b197950d210f", "indicator--58514042-553c-48bd-beaa-b197950d210f", "indicator--58514043-a128-4fee-817d-b197950d210f", "indicator--58514051-ebc8-45f8-8872-4130950d210f", "indicator--585140b9-98e4-4d03-8484-457a950d210f", "indicator--585140b9-f858-4887-b8c3-4a76950d210f", "indicator--585140ba-287c-4fb3-9df3-4c31950d210f", "indicator--585140ba-8458-4ab6-9633-4066950d210f", "indicator--585141de-d004-41df-b189-4fcc950d210f", "indicator--585141de-e54c-4f1e-9434-4803950d210f", "indicator--585141df-1ba4-44ee-9a29-42cc950d210f", "indicator--585141df-3f58-4360-95f6-4bcc950d210f", "indicator--585141df-5810-4561-adb1-4013950d210f", "indicator--585141e0-aa04-47d7-a0df-4fa7950d210f", "indicator--585141e0-a81c-4ff1-b11b-426e950d210f", "indicator--585141e1-7070-46e6-9547-4b6c950d210f", "indicator--585141e1-90b0-4430-9328-4814950d210f", "indicator--585141e2-fcf8-4e9e-918a-4a9d950d210f", "indicator--5851424b-3c10-4e8f-aceb-4f9b950d210f", "indicator--5851426a-a02c-48b3-b4fd-4324950d210f", "indicator--5851426b-9fdc-470b-8e5f-4ef0950d210f", "indicator--5851426b-d974-4e24-8fc7-4870950d210f", "indicator--585142d3-c9ac-432b-a56b-4b6d950d210f", "indicator--585142d3-7e48-4f27-bb67-4945950d210f", "indicator--585142d4-1250-4cf3-8f19-4185950d210f", "indicator--585142d4-6f18-46c5-af31-4a6e950d210f", "indicator--585142d5-8a04-40e8-95cb-41f1950d210f", "indicator--585142d5-fb10-4880-9e76-4d4d950d210f", "indicator--585142d6-9584-4d0e-8eef-4e90950d210f", "indicator--585142d6-edc0-4d69-9294-4806950d210f", "indicator--585142d7-83b8-42e0-8593-47db950d210f", "indicator--585142d7-6d30-48b2-8d9d-4117950d210f", "indicator--585142d8-a028-4952-8f6d-4ba2950d210f", "indicator--585142d8-f4f0-42a5-8670-45c3950d210f", "indicator--585142d9-9d04-4431-8923-4f05950d210f", "indicator--585142d9-b154-446f-9300-4772950d210f", "indicator--585142da-d704-4049-8214-4356950d210f", "indicator--585142da-5350-41de-aab2-4453950d210f", "indicator--585142db-e09c-49a5-8f48-4351950d210f", "indicator--585142db-b8ec-4dba-8f51-49d0950d210f", "indicator--585142dc-1d68-4644-aec0-499f950d210f", "indicator--585142dc-491c-4f6b-8cc4-4276950d210f", "indicator--585142dd-d8bc-4fbd-9ed1-400f950d210f", "indicator--585142de-5d40-443e-b1e6-4fa6950d210f", "indicator--585142de-9c80-4e71-b357-455c950d210f", "indicator--585142df-bff0-4763-8f1f-4217950d210f", "indicator--585142df-d418-47b5-9e2e-4d04950d210f", "indicator--585142e0-ea18-4ec0-b49d-4710950d210f", "indicator--585142e0-b330-4fe3-a762-4f51950d210f", "indicator--585142e1-0d84-4258-8554-495d950d210f", "indicator--585142e1-b5d0-474e-ab8a-40b6950d210f", "indicator--585142e2-7370-43bd-ba10-4553950d210f", "indicator--585142e2-78c8-4aa1-854b-4962950d210f", "indicator--585142e3-7164-4cc7-8e28-4e58950d210f", "indicator--585142e3-0948-4937-9d8c-48ed950d210f", "indicator--585142e4-7acc-4b2d-a2f1-46cd950d210f", "indicator--585142e4-96e4-44d3-95fa-4740950d210f", "indicator--585142e5-c40c-4618-b6bd-4c05950d210f", "indicator--585142e5-5464-42d5-9217-4c0e950d210f", "indicator--585142e6-7bd4-402a-b70f-4402950d210f", "indicator--585142e6-3b40-4512-b98c-4e11950d210f", "indicator--585142e7-69ac-4330-8aa9-44ed950d210f", "indicator--585142e7-d3f0-4d5e-a22c-4130950d210f", "indicator--585142e8-4924-428a-820c-43b4950d210f", "indicator--585142e8-27ec-4966-8575-4ebe950d210f", "indicator--585142e9-9940-44e8-afd9-4f3d950d210f", "indicator--585142e9-0e98-4769-a8ec-4194950d210f", "indicator--585142ea-7dc8-4f66-a1fe-4b9f950d210f", "indicator--585142ea-7968-43dc-9ce9-4d8c950d210f", "indicator--585142eb-2d40-477d-a2df-428d950d210f", "indicator--585142eb-7cc8-4b3b-92aa-48af950d210f", "indicator--585142ec-935c-4701-b747-4579950d210f", "indicator--585142ec-da2c-41d6-a2d5-4b0b950d210f", "indicator--585142ed-aebc-4b67-8860-4b22950d210f", "indicator--585142ed-79cc-466b-8d87-4023950d210f", "indicator--585142ee-9904-46e2-977e-455d950d210f", "indicator--585142ee-98b4-47cc-b4aa-4c78950d210f", "indicator--585142ef-0e58-4907-851b-4e42950d210f", "indicator--585142ef-39ec-4406-b9b1-4bfc950d210f", "indicator--585142f0-1d10-445a-adbb-4aa5950d210f", "indicator--585142f0-2978-44e5-955a-43ce950d210f", "indicator--585142f1-7ffc-42b0-b61b-44d2950d210f", "indicator--585142f1-76d0-4680-a7e6-4ce4950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58513820-85dc-4699-9470-4c81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:16:32.000Z", "modified": "2016-12-14T12:16:32.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Gooligan, a new variant of the Android malware Check Point researchers found in the SnapPea app last year, has breached the security of more than a million Google accounts, potentially exposing messages, documents, and other sensitive data to attack.\r\n \r\nThis new variant roots devices and steals email addresses andauthentication tokens stored on the device. With this information, an attacker can access a user\u2019s Google account data like Google Play, Google Photos, Gmail, Google Drive, and G Suite." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5851382e-995c-49fc-ad0f-43b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:16:46.000Z", "modified": "2016-12-14T12:16:46.000Z", "first_observed": "2016-12-14T12:16:46Z", "last_observed": "2016-12-14T12:16:46Z", "number_observed": 1, "object_refs": [ "url--5851382e-995c-49fc-ad0f-43b1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5851382e-995c-49fc-ad0f-43b1950d210f", "value": "http://blog.checkpoint.com/wp-content/uploads/2016/12/Gooligan-Research-Report.pdf" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513976-b458-4d98-89ee-45aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:22:14.000Z", "modified": "2016-12-14T12:22:14.000Z", "description": "initiation C&C server", "pattern": "[url:value = 'http://api2.appsolo.net/ggview/rsddateindex']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:22:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513977-0668-47f5-b34a-4bb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:22:15.000Z", "modified": "2016-12-14T12:22:15.000Z", "description": "initiation C&C server", "pattern": "[url:value = 'http://sys.hdyfhpoi.com/ggview/rsddateindex']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:22:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513977-1544-4c4a-be60-4967950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:22:15.000Z", "modified": "2016-12-14T12:22:15.000Z", "description": "initiation C&C server", "pattern": "[url:value = 'http://sys.syllyq1n.com/ggview/rsddateindex']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:22:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513978-12d0-4f68-bf3e-40c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:22:16.000Z", "modified": "2016-12-14T12:22:16.000Z", "description": "initiation C&C server", "pattern": "[url:value = 'http://sys.wksnkys7.com/ggview/rsddateindex']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:22:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513a1b-4d2c-4701-a641-4c76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:24:59.000Z", "modified": "2016-12-14T12:24:59.000Z", "description": "Exploit kit", "pattern": "[url:value = 'http://down.vcrlwlen.com/thinking/group/rt1028_648.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:24:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513a69-a980-43f0-a7f1-40be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:26:17.000Z", "modified": "2016-12-14T12:26:17.000Z", "pattern": "[file:name = '/system/lib/igpld.so;']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:26:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513a69-beac-49e6-858e-4c50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:26:17.000Z", "modified": "2016-12-14T12:26:17.000Z", "pattern": "[file:name = '/system/lib/igpfix.so;']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:26:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513a97-8e78-480b-8055-4089950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:29:07.000Z", "modified": "2016-12-14T12:29:07.000Z", "description": "The file /system/xbin/igpi is used to inject binary library into a remote process", "pattern": "[file:name = '/system/xbin/igpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:29:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513a98-3aac-473b-a74f-431d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:27:04.000Z", "modified": "2016-12-14T12:27:04.000Z", "pattern": "[file:name = '/system/lib/igpld.so']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:27:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513c03-7614-48db-8d46-46eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:33:07.000Z", "modified": "2016-12-14T12:33:07.000Z", "pattern": "[url:value = 'g.omlao.com/igp/api/1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:33:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513e06-f85c-41dc-ada7-4b10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:41:42.000Z", "modified": "2016-12-14T12:41:42.000Z", "pattern": "[url:value = 'http://sys.aedxdrcb.com/ggview/rsddateindex']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:41:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513e06-3488-4c24-8c6d-4b38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:41:42.000Z", "modified": "2016-12-14T12:41:42.000Z", "pattern": "[url:value = 'http://api.aedxdrcb.com/ggview/rsddateindex']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:41:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513e28-7a9c-455e-baee-084a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:42:16.000Z", "modified": "2016-12-14T12:42:16.000Z", "pattern": "[domain-name:value = 'm.aedxdrcb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513e29-a920-4d8b-96ad-084a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:42:17.000Z", "modified": "2016-12-14T12:42:17.000Z", "pattern": "[domain-name:value = 'aedxdrcb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513fad-872c-4fc2-9d44-4320950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:45.000Z", "modified": "2016-12-14T12:48:45.000Z", "pattern": "[url:value = 'api2.appsolo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513fad-ad9c-42e5-9520-40de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:45.000Z", "modified": "2016-12-14T12:48:45.000Z", "pattern": "[url:value = 'http://mas.goaapis.com/overseaads/admin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513fae-f7fc-4ea8-a65e-497f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:46.000Z", "modified": "2016-12-14T12:48:46.000Z", "pattern": "[url:value = 'http://mas.goaapis.com/overseapay/admin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513fae-fbac-44ac-850a-4713950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:46.000Z", "modified": "2016-12-14T12:48:46.000Z", "pattern": "[url:value = 'http://pay.fastmopay.com/overseapay/admin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513faf-0658-43f6-bf8a-40bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:47.000Z", "modified": "2016-12-14T12:48:47.000Z", "pattern": "[url:value = 'http://down.cmgkiwdwcom/thinking/group/pl4y_3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513faf-749c-4641-bc81-46b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:47.000Z", "modified": "2016-12-14T12:48:47.000Z", "pattern": "[url:value = 'http://down.akocdn.com/onemain/maink.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513fb0-4b54-4b31-9851-448a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:48.000Z", "modified": "2016-12-14T12:48:48.000Z", "pattern": "[url:value = 'http://106.186.17.81/rootmasterdemo1128_524.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58513fb1-7090-4cb5-b2f1-41b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:48:49.000Z", "modified": "2016-12-14T12:48:49.000Z", "pattern": "[url:value = 'http://down.vcrlwlen.com/thinking/group/rt1018_648.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:48:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58514041-1eac-4449-a731-b197950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:51:13.000Z", "modified": "2016-12-14T12:51:13.000Z", "pattern": "[domain-name:value = 'g.omlao.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:51:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58514041-a2b8-4cd5-b1a4-b197950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:51:13.000Z", "modified": "2016-12-14T12:51:13.000Z", "pattern": "[url:value = 'http://api.gadmobs.com/oversea_adjust_and_download_write_redis/notify/download/app']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:51:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58514042-9578-4d64-a49f-b197950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:51:14.000Z", "modified": "2016-12-14T12:51:14.000Z", "pattern": "[url:value = 'http://log.appsolo.net/gkview/info/601']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:51:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58514042-553c-48bd-beaa-b197950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:51:14.000Z", "modified": "2016-12-14T12:51:14.000Z", "pattern": "[url:value = 'http://m.aedxdrcb.com/pmsg/api/20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:51:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58514043-a128-4fee-817d-b197950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:51:15.000Z", "modified": "2016-12-14T12:51:15.000Z", "pattern": "[domain-name:value = 'log.appsolo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58514051-ebc8-45f8-8872-4130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:51:29.000Z", "modified": "2016-12-14T12:51:29.000Z", "pattern": "[domain-name:value = 'g.omlao.com' AND domain-name:resolves_to_refs[*].value = '52.74.212.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:51:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585140b9-98e4-4d03-8484-457a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:54:10.000Z", "modified": "2016-12-14T12:54:10.000Z", "description": "(No longer found on Google Play.)", "pattern": "[file:name = 'com.cg.clean.guru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585140b9-f858-4887-b8c3-4a76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:54:24.000Z", "modified": "2016-12-14T12:54:24.000Z", "description": "(No longer found on Google Play.)", "pattern": "[file:name = 'com.violet.battery.guru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:54:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585140ba-287c-4fb3-9df3-4c31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:54:38.000Z", "modified": "2016-12-14T12:54:38.000Z", "description": "(No longer found on Google Play.)", "pattern": "[file:name = 'com.speed.boost.clean']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:54:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585140ba-8458-4ab6-9633-4066950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:54:49.000Z", "modified": "2016-12-14T12:54:49.000Z", "description": "(No longer found on Google Play.)", "pattern": "[file:name = 'com.tools.clean']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:54:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141de-d004-41df-b189-4fcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:06.000Z", "modified": "2016-12-14T12:58:06.000Z", "pattern": "[file:name = 'com.doctor.power.saver.lite']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141de-e54c-4f1e-9434-4803950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:06.000Z", "modified": "2016-12-14T12:58:06.000Z", "pattern": "[file:name = 'com.doctor.power.saver']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141df-1ba4-44ee-9a29-42cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:07.000Z", "modified": "2016-12-14T12:58:07.000Z", "pattern": "[file:name = 'com.blackjack21.goodgame']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141df-3f58-4360-95f6-4bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:07.000Z", "modified": "2016-12-14T12:58:07.000Z", "pattern": "[file:name = 'com.power.fast.charge']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141df-5810-4561-adb1-4013950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:07.000Z", "modified": "2016-12-14T12:58:07.000Z", "pattern": "[file:name = 'com.xxapp.freemusic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141e0-aa04-47d7-a0df-4fa7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:08.000Z", "modified": "2016-12-14T12:58:08.000Z", "pattern": "[file:name = 'com.doorwaygames.StarOfLasVegas']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141e0-a81c-4ff1-b11b-426e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:08.000Z", "modified": "2016-12-14T12:58:08.000Z", "pattern": "[file:name = 'com.tattoo.draw.hand']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141e1-7070-46e6-9547-4b6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:09.000Z", "modified": "2016-12-14T12:58:09.000Z", "pattern": "[file:name = 'com.tv.broadcast']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141e1-90b0-4430-9328-4814950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:09.000Z", "modified": "2016-12-14T12:58:09.000Z", "pattern": "[file:name = 'com.sweet.wallpapers']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585141e2-fcf8-4e9e-918a-4a9d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:58:10.000Z", "modified": "2016-12-14T12:58:10.000Z", "pattern": "[file:name = 'com.fast.sos.flashlight']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:58:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5851424b-3c10-4e8f-aceb-4f9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T12:59:55.000Z", "modified": "2016-12-14T12:59:55.000Z", "pattern": "[file:name = 'com.msgame.holdem.poker']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T12:59:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5851426a-a02c-48b3-b4fd-4324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:00:26.000Z", "modified": "2016-12-14T13:00:26.000Z", "pattern": "[file:name = 'com.androapplite.app.applock.lite.blue']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5851426b-9fdc-470b-8e5f-4ef0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:00:27.000Z", "modified": "2016-12-14T13:00:27.000Z", "pattern": "[file:name = 'com.xxgame.solitaire.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5851426b-d974-4e24-8fc7-4870950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:00:27.000Z", "modified": "2016-12-14T13:00:27.000Z", "pattern": "[file:name = 'com.battleships.pacific.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d3-c9ac-432b-a56b-4b6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:10.000Z", "modified": "2016-12-14T13:02:10.000Z", "pattern": "[file:hashes.SHA256 = '07f9a055fdf9e3e67bfe7a67952747c0020e3e4ffe461122d23b653d4fd52455']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d3-7e48-4f27-bb67-4945950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:11.000Z", "modified": "2016-12-14T13:02:11.000Z", "pattern": "[file:hashes.SHA256 = 'a1238be52e0913f8679e249b7099b9f58fe57a76a32e1b177743ce4d16abd000']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d4-1250-4cf3-8f19-4185950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:12.000Z", "modified": "2016-12-14T13:02:12.000Z", "pattern": "[file:hashes.SHA256 = 'b0da7c219cc895db3c7fab3c5e6855e43e4e268733d982a02527af27eb762def']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d4-6f18-46c5-af31-4a6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:12.000Z", "modified": "2016-12-14T13:02:12.000Z", "pattern": "[file:hashes.SHA256 = '867eb7655c11c01b9d35a0c595f82d4628d5583bd3ddc3fdfe19967995424555']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d5-8a04-40e8-95cb-41f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:13.000Z", "modified": "2016-12-14T13:02:13.000Z", "pattern": "[file:hashes.SHA256 = '354600f5691575f00b6abc48e555ddb69859d5973688443aad7dd6d1de4c6249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d5-fb10-4880-9e76-4d4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:13.000Z", "modified": "2016-12-14T13:02:13.000Z", "pattern": "[file:hashes.SHA256 = '05b33442670e460c893710b7c0dda46bde826d8067bbaba36d1ee0d5907207ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d6-9584-4d0e-8eef-4e90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:14.000Z", "modified": "2016-12-14T13:02:14.000Z", "pattern": "[file:hashes.SHA256 = 'd9b8f075b348af14edf044624a72103428dc6577e69b7ea4e93763b4c1ab80c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d6-edc0-4d69-9294-4806950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:14.000Z", "modified": "2016-12-14T13:02:14.000Z", "pattern": "[file:hashes.SHA256 = 'cbedc9693849086cd388bf0d3c036bbfa80a9aa10c7d49db3575b8626a003e6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d7-83b8-42e0-8593-47db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:15.000Z", "modified": "2016-12-14T13:02:15.000Z", "pattern": "[file:hashes.SHA256 = 'a7b4f38844653b8f86ea5dd68cdf28a7e363df46968f4be75a5785e610987e59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d7-6d30-48b2-8d9d-4117950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:15.000Z", "modified": "2016-12-14T13:02:15.000Z", "pattern": "[file:hashes.SHA256 = '870578049e8ccae3024b9344337fd640ccc4f14acb072b30bfb3abda30714a72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d8-a028-4952-8f6d-4ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:16.000Z", "modified": "2016-12-14T13:02:16.000Z", "pattern": "[file:hashes.SHA256 = 'e1257111072fdfe35779787f966a414dde40165eb66f382bbdc7676629b969d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d8-f4f0-42a5-8670-45c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:16.000Z", "modified": "2016-12-14T13:02:16.000Z", "pattern": "[file:hashes.SHA256 = '349fed356c7aa55c8971630f7935578f3504693d96a74c8f7cc73701747f5cb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d9-9d04-4431-8923-4f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:17.000Z", "modified": "2016-12-14T13:02:17.000Z", "pattern": "[file:hashes.SHA256 = 'f820744aedd716c5896574dee39b6c15e085a096920d7e70eb417dd891df0563']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142d9-b154-446f-9300-4772950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:17.000Z", "modified": "2016-12-14T13:02:17.000Z", "pattern": "[file:hashes.SHA256 = '12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142da-d704-4049-8214-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:18.000Z", "modified": "2016-12-14T13:02:18.000Z", "pattern": "[file:hashes.SHA256 = '70b8014302f72c4da8cb636f8bad643b32aaa7bd171010c5f045b771303db395']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142da-5350-41de-aab2-4453950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:18.000Z", "modified": "2016-12-14T13:02:18.000Z", "pattern": "[file:hashes.SHA256 = '7842ead880bd98fb423723383e69db16fdb9ff917fc836522a42159fb7959f94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142db-e09c-49a5-8f48-4351950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:19.000Z", "modified": "2016-12-14T13:02:19.000Z", "pattern": "[file:hashes.SHA256 = 'c89d725daddc309bf24411e29dd58d1e181ffdfb5191c17c63217ba9c4fd09dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142db-b8ec-4dba-8f51-49d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:19.000Z", "modified": "2016-12-14T13:02:19.000Z", "pattern": "[file:hashes.SHA256 = 'e03c9a118d003b10e5b1a0770c77288aa139e06209d616ba5135b92460feda7f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142dc-1d68-4644-aec0-499f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:20.000Z", "modified": "2016-12-14T13:02:20.000Z", "pattern": "[file:hashes.SHA256 = 'e091d0a05e4514ac1c193cb26519f2cc1ee4f00c0ff447038e1c6f37a72ed1ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142dc-491c-4f6b-8cc4-4276950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:20.000Z", "modified": "2016-12-14T13:02:20.000Z", "pattern": "[file:hashes.SHA256 = 'a032d434a4c5e6f5d728d36d435b258be5a877752d79a8fd236e96527a3ff573']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142dd-d8bc-4fbd-9ed1-400f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:21.000Z", "modified": "2016-12-14T13:02:21.000Z", "pattern": "[file:hashes.SHA256 = '3386a5a5ee447cbde467e26f8442bcd2f9ada8eda03f8ca2e46e39b19aa4debb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142de-5d40-443e-b1e6-4fa6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:22.000Z", "modified": "2016-12-14T13:02:22.000Z", "pattern": "[file:hashes.SHA256 = '5bfe0e13e6d925dec72e401a829e320ef447852defa805d1ca7646001b5ec134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142de-9c80-4e71-b357-455c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:22.000Z", "modified": "2016-12-14T13:02:22.000Z", "pattern": "[file:hashes.SHA256 = 'cc553ef39d9c554ddaef8ea0d866379ffada7ea1fa994b19fddcb33e43c2f9a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142df-bff0-4763-8f1f-4217950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:23.000Z", "modified": "2016-12-14T13:02:23.000Z", "pattern": "[file:hashes.SHA256 = '12062dfd934ca3fcde1e86871e84bb2f71bade21b8823da2c5fadc75bfafc8fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142df-d418-47b5-9e2e-4d04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:23.000Z", "modified": "2016-12-14T13:02:23.000Z", "pattern": "[file:hashes.SHA256 = 'ce22d3e9cee82dbb1a53609ccb6dfa3ec198d54c4eb35dd120dfa0a55a497c9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e0-ea18-4ec0-b49d-4710950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:23.000Z", "modified": "2016-12-14T13:02:23.000Z", "pattern": "[file:hashes.SHA256 = 'd25e95b8a1d1024ecb983c758e2993def46e5de5f73d50f4f7762e29a5755712']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e0-b330-4fe3-a762-4f51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:24.000Z", "modified": "2016-12-14T13:02:24.000Z", "pattern": "[file:hashes.SHA256 = 'eca6693ca85549101c8dbe0910235eac193459e6e1b3133d33fbe4eea8417bc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e1-0d84-4258-8554-495d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:25.000Z", "modified": "2016-12-14T13:02:25.000Z", "pattern": "[file:hashes.SHA256 = '43b5985f025200b0a24357e02d5c680af98d45c20446fd2d981110d6a9696c76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e1-b5d0-474e-ab8a-40b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:25.000Z", "modified": "2016-12-14T13:02:25.000Z", "pattern": "[file:hashes.SHA256 = '191b4eb236c5ef2dfe5b942262d01d118ebf5c9a225ef7f0cba5a184445783aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e2-7370-43bd-ba10-4553950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:26.000Z", "modified": "2016-12-14T13:02:26.000Z", "pattern": "[file:hashes.SHA256 = 'd1a38ede86092e621a734bc62f147556b888bf4c55489baf7a8de7f41f927b81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e2-78c8-4aa1-854b-4962950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:26.000Z", "modified": "2016-12-14T13:02:26.000Z", "pattern": "[file:hashes.SHA256 = 'cc1811aa02e6e4a821aef1f6bfbfef525d2f9c994a247586b2ae4e5850c1930f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e3-7164-4cc7-8e28-4e58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:27.000Z", "modified": "2016-12-14T13:02:27.000Z", "pattern": "[file:hashes.SHA256 = 'c239e46b769801dd6d8e1ac6ea2e86738c67bdb0c0f3909c5fc02861386ecc52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e3-0948-4937-9d8c-48ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:27.000Z", "modified": "2016-12-14T13:02:27.000Z", "pattern": "[file:hashes.SHA256 = '470c633e4804e0abd917399d52ace266b4aba47816b113fbdd09b832a7d72194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e4-7acc-4b2d-a2f1-46cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:28.000Z", "modified": "2016-12-14T13:02:28.000Z", "pattern": "[file:hashes.SHA256 = '0dfaad97ac88b159657d3642ddcacb31045dc98bb1f1d12805e6673ddca1ea1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e4-96e4-44d3-95fa-4740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:28.000Z", "modified": "2016-12-14T13:02:28.000Z", "pattern": "[file:hashes.SHA256 = '421971df2f3dbd7173473404c8f3b2d3ed522efa86cac49ef905edf645054422']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e5-c40c-4618-b6bd-4c05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:29.000Z", "modified": "2016-12-14T13:02:29.000Z", "pattern": "[file:hashes.SHA256 = '93cd06a6c3df7cda6d9213a0eab0b98daf9ea3e1f2b009f5bd40f160a4e6814a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e5-5464-42d5-9217-4c0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:29.000Z", "modified": "2016-12-14T13:02:29.000Z", "pattern": "[file:hashes.SHA256 = '36e15c8b6211b22d4176424339ab39a52e65d2b1c9dea3b24c3639fb022a85ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e6-7bd4-402a-b70f-4402950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:30.000Z", "modified": "2016-12-14T13:02:30.000Z", "pattern": "[file:hashes.SHA256 = 'f0699aa87cf7a7845b39f21aa9e018e0860ac97e5b33c3eddfdca7d11c629cca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e6-3b40-4512-b98c-4e11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:30.000Z", "modified": "2016-12-14T13:02:30.000Z", "pattern": "[file:hashes.SHA256 = 'd10a691c1642d40eea40b6038ac961006a68f57dddd46bdf322a842ef459bd05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e7-69ac-4330-8aa9-44ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:31.000Z", "modified": "2016-12-14T13:02:31.000Z", "pattern": "[file:hashes.SHA256 = 'e83b62fee05a9d3a10fff43782fa0cc45ef73391f8923d21cbe20b9b7c7db6ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e7-d3f0-4d5e-a22c-4130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:31.000Z", "modified": "2016-12-14T13:02:31.000Z", "pattern": "[file:hashes.SHA256 = 'db04ad4a91d3a9fcba6d98e86c52b8644f071c94c9047bf34ff2fb84bc6d89c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e8-4924-428a-820c-43b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:32.000Z", "modified": "2016-12-14T13:02:32.000Z", "pattern": "[file:hashes.SHA256 = '56557bf64edccf7758e48decffc619bf5b6761616a4fb192b9ef6ea7d930554b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e8-27ec-4966-8575-4ebe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:32.000Z", "modified": "2016-12-14T13:02:32.000Z", "pattern": "[file:hashes.SHA256 = '56f045b79e705bcc7255f5d43f596e36464a4b774d374b735161c29e47baa1e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e9-9940-44e8-afd9-4f3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:33.000Z", "modified": "2016-12-14T13:02:33.000Z", "pattern": "[file:hashes.SHA256 = '5b46e3137216a0776ca782c83004c0da4dafe7473eccd2fe8d8114e170d9329b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142e9-0e98-4769-a8ec-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:33.000Z", "modified": "2016-12-14T13:02:33.000Z", "pattern": "[file:hashes.SHA256 = 'a2672ae55704d4245b6ed91e155e19c64e3d01b5e9a8d36d31b5f7b3ff63eeae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ea-7dc8-4f66-a1fe-4b9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:34.000Z", "modified": "2016-12-14T13:02:34.000Z", "pattern": "[file:hashes.SHA256 = '90f581b2386be57516fa55025324cacdb9ea12998af75a9f96f3074b8e6f6177']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ea-7968-43dc-9ce9-4d8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:34.000Z", "modified": "2016-12-14T13:02:34.000Z", "pattern": "[file:hashes.SHA256 = '0e012f69d493b7cc38fcafcf495e0bd1290ca94b1ad043fcf255df3ad5789834']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142eb-2d40-477d-a2df-428d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:35.000Z", "modified": "2016-12-14T13:02:35.000Z", "pattern": "[file:hashes.SHA256 = '422b23b0b67bc14e8b38525ceee18fe5a84911ad55308a3e9c6124e1764e4c09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142eb-7cc8-4b3b-92aa-48af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:35.000Z", "modified": "2016-12-14T13:02:35.000Z", "pattern": "[file:hashes.SHA256 = '7720ad4eca127b50bc41263e54b2be4157dd894828c3a338c8a85ca7411731b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ec-935c-4701-b747-4579950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:36.000Z", "modified": "2016-12-14T13:02:36.000Z", "pattern": "[file:hashes.SHA256 = 'fe004b912fb8b7f290f8d17f33a7b07df5a7a59adc449c343005ec2db0b75f71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ec-da2c-41d6-a2d5-4b0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:36.000Z", "modified": "2016-12-14T13:02:36.000Z", "pattern": "[file:hashes.SHA256 = 'ef002a629319eaed04769adcfad03c58cbe19aa3a13674ad2be95e0ba1f5f59f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ed-aebc-4b67-8860-4b22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:37.000Z", "modified": "2016-12-14T13:02:37.000Z", "pattern": "[file:hashes.SHA256 = '1ebf15dac765a075e97c682f04fac7b4bf53efd93c70ff9f30dd7c053a3e1a45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ed-79cc-466b-8d87-4023950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:37.000Z", "modified": "2016-12-14T13:02:37.000Z", "pattern": "[file:hashes.SHA256 = 'b3bb323cdb254039c67278cde02e1c6b1d7bded8fe6cabe64c8295850667156d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ee-9904-46e2-977e-455d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:38.000Z", "modified": "2016-12-14T13:02:38.000Z", "pattern": "[file:hashes.SHA256 = 'c3af147ee86ab8778b76f12f5f51384e9b36f29f3bf667adeaf308b72a909c74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ee-98b4-47cc-b4aa-4c78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:38.000Z", "modified": "2016-12-14T13:02:38.000Z", "pattern": "[file:hashes.SHA256 = '5749b6beb4493adab453e26219652d968c760bea510196e9fd9319bc3712296b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ef-0e58-4907-851b-4e42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:39.000Z", "modified": "2016-12-14T13:02:39.000Z", "pattern": "[file:hashes.SHA256 = '7b191604b875d6cc8164e568f5a78ac54bf03762abb6d78b6fdcea7f2094c72a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142ef-39ec-4406-b9b1-4bfc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:39.000Z", "modified": "2016-12-14T13:02:39.000Z", "pattern": "[file:hashes.SHA256 = 'b1298ab9b9928537bd7151af489df8e9964e9439212fa5407a7e114df9be4bca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142f0-1d10-445a-adbb-4aa5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:40.000Z", "modified": "2016-12-14T13:02:40.000Z", "pattern": "[file:hashes.SHA256 = '923e1301508dace3704821c030877b669daf15ef4a93ed707087c62304ffd5d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142f0-2978-44e5-955a-43ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:40.000Z", "modified": "2016-12-14T13:02:40.000Z", "pattern": "[file:hashes.SHA256 = '91f59854eae589389225e8fe942def5ede3204ad6237adf77c0e0675d0820076']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142f1-7ffc-42b0-b61b-44d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:41.000Z", "modified": "2016-12-14T13:02:41.000Z", "pattern": "[file:hashes.SHA256 = '5deb76c71c06460ecc86d2b275faff5ce05d337ba772e51544bbef5c12ef6616']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--585142f1-76d0-4680-a7e6-4ce4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-14T13:02:41.000Z", "modified": "2016-12-14T13:02:41.000Z", "pattern": "[file:hashes.SHA256 = 'ad38b1523f671a9aad7007b8c4eece75fd4b168819b7f5bfa0b4b8adff619020']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-14T13:02:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }