adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5523e803-a6ac-4679-95ee-4382950d210b.json

3106 lines
No EOL
130 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5523e803-a6ac-4679-95ee-4382950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-22T14:57:20.000Z",
"modified": "2015-04-22T14:57:20.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5523e803-a6ac-4679-95ee-4382950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-22T14:57:20.000Z",
"modified": "2015-04-22T14:57:20.000Z",
"name": "OSINT Winnti OpSMN new malware RE report by Novetta",
"published": "2016-02-22T14:07:46Z",
"object_refs": [
"observed-data--5523e848-294c-4d2b-b8af-7076950d210b",
"url--5523e848-294c-4d2b-b8af-7076950d210b",
"observed-data--5523e848-284c-45e6-b5da-7076950d210b",
"url--5523e848-284c-45e6-b5da-7076950d210b",
"observed-data--5523e848-f4b0-404e-bc03-7076950d210b",
"url--5523e848-f4b0-404e-bc03-7076950d210b",
"observed-data--5523e848-6a14-4a94-b13f-7076950d210b",
"url--5523e848-6a14-4a94-b13f-7076950d210b",
"indicator--5523e862-3618-48db-b29f-448e950d210b",
"indicator--5523e862-bf64-40eb-aaf0-48c2950d210b",
"indicator--5523e862-095c-4ae2-b57c-4924950d210b",
"indicator--5523e862-5adc-4d33-934a-4196950d210b",
"indicator--5523e862-7d20-4493-b1df-43b4950d210b",
"indicator--5523e862-1018-4bf6-812b-47ef950d210b",
"indicator--5523e862-a060-4d4b-8323-4011950d210b",
"indicator--5523e862-9580-48a5-9a73-445b950d210b",
"indicator--5523e863-1b58-4e38-95ef-421a950d210b",
"indicator--5523e863-2098-4dcc-9287-49f4950d210b",
"indicator--5523e863-3398-43da-80c6-40ea950d210b",
"indicator--5523e863-7f50-4b32-aa2d-411c950d210b",
"indicator--5523e863-8214-4cec-90dd-45ed950d210b",
"indicator--5523e863-fdb8-4550-8855-4a91950d210b",
"indicator--5523e863-3430-4b6b-82ea-45b2950d210b",
"indicator--5523e863-bd70-4f8b-b83d-444e950d210b",
"indicator--5523e864-31cc-42f6-9e2a-4644950d210b",
"indicator--5523e864-c350-46e4-b12c-4d74950d210b",
"indicator--5523e864-2c88-4d16-946c-4e4f950d210b",
"indicator--5523e864-63ec-46e7-b6d7-4b6c950d210b",
"indicator--5523e864-3774-4eec-b4fa-47d0950d210b",
"indicator--5523e864-87ac-45c4-879e-4886950d210b",
"indicator--5523e864-f500-49ae-8abe-425d950d210b",
"indicator--5523e864-9000-4bf9-8771-4ab4950d210b",
"indicator--5523e864-b74c-47eb-8dee-4a15950d210b",
"indicator--5523e865-dca4-49b5-b96e-42b5950d210b",
"indicator--5523e865-18f0-4e2a-af25-4a5d950d210b",
"indicator--5523e865-726c-4594-84e6-41f8950d210b",
"indicator--5523e865-52e0-4bea-9a56-4423950d210b",
"indicator--5523e865-8fc4-4970-bb7b-4864950d210b",
"indicator--5523e865-db08-4966-bf61-428b950d210b",
"indicator--5523e865-ad78-4ba1-9e61-45f7950d210b",
"indicator--5523e865-c518-4a84-8de2-46d1950d210b",
"indicator--5523e865-f2d8-4057-abae-4e2c950d210b",
"indicator--5523e865-5ac0-4af6-a018-4ef3950d210b",
"indicator--5523e866-ee30-4407-994c-4438950d210b",
"indicator--5523e866-9724-4483-9014-4e6e950d210b",
"indicator--5523e866-ecc8-4499-a19f-45b2950d210b",
"indicator--5523e866-ed94-46a4-9a8b-4c56950d210b",
"indicator--5523e866-2bec-4c82-94e0-4bd3950d210b",
"indicator--5523e866-bd20-418c-b82b-4969950d210b",
"indicator--5523e866-d278-4cd7-aed3-418b950d210b",
"indicator--5523e866-bd44-44ad-8daf-4580950d210b",
"indicator--5523e867-1368-48ae-bf62-4fa6950d210b",
"indicator--5523e867-ecbc-4e36-91d3-4125950d210b",
"indicator--5523e867-b2fc-4536-a4c5-4ca8950d210b",
"indicator--5523e867-3054-4cd3-9eaa-4ff1950d210b",
"indicator--5523e867-ecb4-4d12-a7d8-43e8950d210b",
"indicator--5523e867-1718-41a1-98b9-40cd950d210b",
"indicator--5523e867-f9f0-4783-921f-4a6c950d210b",
"indicator--5523e867-5694-4cc0-b230-4081950d210b",
"indicator--5523e867-ac38-4bc0-8999-48b5950d210b",
"indicator--5523e868-bf1c-4d4f-866f-4ebf950d210b",
"indicator--5523e868-54b0-46df-b5c3-4a6e950d210b",
"indicator--5523e868-05d8-437d-b16a-4062950d210b",
"indicator--5523e868-8500-4bd7-80ae-426e950d210b",
"indicator--5523e868-543c-4096-a75f-4075950d210b",
"indicator--5523e868-8bcc-4b55-8d3c-4793950d210b",
"indicator--5523e868-7844-4bbe-8ea7-4136950d210b",
"indicator--5523e868-efe8-4bcb-afa9-445b950d210b",
"indicator--5523e868-3efc-478f-aba5-41cd950d210b",
"indicator--5523e869-61f4-495e-bc12-483f950d210b",
"indicator--5523e869-29a4-42fa-8e2f-4821950d210b",
"indicator--5523e869-6efc-477a-ba5b-4b35950d210b",
"indicator--5523e869-d24c-4418-918f-4606950d210b",
"indicator--5523e869-fe44-4606-8ed5-43ad950d210b",
"indicator--5523e869-80e0-4ca9-ad99-4e7b950d210b",
"indicator--5523e869-25c0-4fb8-8696-4a7c950d210b",
"indicator--5523e869-27e8-449b-8ea8-4e56950d210b",
"indicator--5523e869-7364-47a7-8cfa-42ca950d210b",
"indicator--5523e86a-7104-4c7f-abe7-466b950d210b",
"indicator--5523e86a-8404-497e-80d1-49a1950d210b",
"indicator--5523e86a-4c4c-4fcf-9077-43bf950d210b",
"indicator--5523e86a-fdc8-433c-8766-48b9950d210b",
"indicator--5523e86a-6c9c-41ce-8a89-4e59950d210b",
"indicator--5523e86a-3880-40cf-b0b4-4330950d210b",
"indicator--5523e86a-6610-44fc-ae7c-4f11950d210b",
"indicator--5523e86a-36f8-4588-b761-46de950d210b",
"indicator--5523e86a-a308-44ef-89b0-4a6d950d210b",
"indicator--5523e86b-2728-45a8-a484-4f6f950d210b",
"indicator--5523e86b-afd4-430a-982b-458a950d210b",
"indicator--5523e86b-eb24-4c1c-8e94-43b4950d210b",
"indicator--5523e86b-68b8-45c9-9f66-4077950d210b",
"indicator--5523e86b-db2c-4d73-976e-4326950d210b",
"indicator--5523e86b-6bcc-445b-9dfd-41e2950d210b",
"indicator--5523e8d5-59fc-4e53-8708-401f950d210b",
"indicator--5523e8e9-26ac-4de4-8961-7071950d210b",
"indicator--5523e901-4c20-4365-8f2e-4953950d210b",
"indicator--5523e918-3a8c-48d5-8b3b-755f950d210b",
"x-misp-attribute--5523e931-ac20-4215-a415-7076950d210b",
"x-misp-attribute--5523e931-68c4-4dc0-a56e-7076950d210b",
"x-misp-attribute--5523e9a9-2bc4-4eea-8f7f-7071950d210b",
"indicator--5523ea6b-7d44-483d-98db-755e950d210b",
"indicator--5523ea6b-7de8-4911-aa6d-755e950d210b",
"indicator--5523ea6b-d4d4-4e8f-a502-755e950d210b",
"indicator--56c65947-8c90-4777-84aa-c652950d210f",
"indicator--56c65949-7bac-4192-a47d-c653950d210f",
"indicator--56c6594c-b568-4637-aa57-59a1950d210f",
"indicator--56c6594e-50f0-442b-b4f2-599c950d210f",
"indicator--56c65950-c37c-4f92-a973-599f950d210f",
"indicator--56c65952-af10-45a5-b49b-c653950d210f",
"indicator--56c65954-2a68-419b-bb46-4dd6950d210f",
"indicator--56c65957-b2d4-4677-950a-c651950d210f",
"indicator--56c6595a-c8fc-4c65-a4f9-599d950d210f",
"indicator--56c6595c-4154-4897-a5c8-c653950d210f",
"indicator--56c6595f-490c-43f7-9a20-599d950d210f",
"indicator--56c65962-ccc0-4d2d-a319-599e950d210f",
"indicator--56c65964-4d60-404e-a426-59a3950d210f",
"indicator--56c65966-9438-4dfa-a2a0-c650950d210f",
"indicator--56c65948-8a3c-4741-bafb-599d950d210f",
"indicator--56c6594a-8134-4c8d-b5c2-5f51950d210f",
"indicator--56c6594d-d1e8-478f-a3cf-59a3950d210f",
"indicator--56c6594f-bbdc-4643-842a-42cb950d210f",
"indicator--56c65951-3188-4296-a453-c651950d210f",
"indicator--56c65952-cf2c-428d-8f95-5f51950d210f",
"indicator--56c65954-f9fc-450a-9d54-4706950d210f",
"indicator--56c65958-5060-4e01-889d-c652950d210f",
"indicator--56c6595a-8d40-4a3d-8b51-59a1950d210f",
"indicator--56c6595c-2c5c-4d5e-932c-c654950d210f",
"indicator--56c65960-a020-41f5-903d-5f51950d210f",
"indicator--56c65962-b6b8-44e7-a2cd-c653950d210f",
"indicator--56c65965-95d4-4f13-a712-599c950d210f",
"indicator--56c65967-ac6c-4474-8a25-599f950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5523e848-294c-4d2b-b8af-7076950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:04.000Z",
"modified": "2015-04-07T14:23:04.000Z",
"first_observed": "2015-04-07T14:23:04Z",
"last_observed": "2015-04-07T14:23:04Z",
"number_observed": 1,
"object_refs": [
"url--5523e848-294c-4d2b-b8af-7076950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5523e848-294c-4d2b-b8af-7076950d210b",
"value": "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5523e848-284c-45e6-b5da-7076950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:04.000Z",
"modified": "2015-04-07T14:23:04.000Z",
"first_observed": "2015-04-07T14:23:04Z",
"last_observed": "2015-04-07T14:23:04Z",
"number_observed": 1,
"object_refs": [
"url--5523e848-284c-45e6-b5da-7076950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5523e848-284c-45e6-b5da-7076950d210b",
"value": "http://www.novetta.com/wp-content/uploads/2015/04/nov_winnti_yara.txt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5523e848-f4b0-404e-bc03-7076950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:04.000Z",
"modified": "2015-04-07T14:23:04.000Z",
"first_observed": "2015-04-07T14:23:04Z",
"last_observed": "2015-04-07T14:23:04Z",
"number_observed": 1,
"object_refs": [
"url--5523e848-f4b0-404e-bc03-7076950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5523e848-f4b0-404e-bc03-7076950d210b",
"value": "http://www.novetta.com/wp-content/uploads/2015/04/vt-winnti.txt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5523e848-6a14-4a94-b13f-7076950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:04.000Z",
"modified": "2015-04-07T14:23:04.000Z",
"first_observed": "2015-04-07T14:23:04Z",
"last_observed": "2015-04-07T14:23:04Z",
"number_observed": 1,
"object_refs": [
"url--5523e848-6a14-4a94-b13f-7076950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5523e848-6a14-4a94-b13f-7076950d210b",
"value": "http://www.novetta.com/2015/04/operation-smn-winnti-update/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-3618-48db-b29f-448e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '0798740771dc8f40a5a45a2f58aeab479e2ead6682d67b24fafc46a7ab40c128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-bf64-40eb-aaf0-48c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '0e21bf36ce80687d69caf537ea2a77cd8ef3210fb845256f56b5096efb0f7177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-095c-4ae2-b57c-4924950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '0e258047b5883e8e8841f8649352478bf1ad4362c53b8be082cf701380694fc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-5adc-4d33-934a-4196950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '0e3d6da65139e01a8f9be0ee63b4510123fc9f644100b00535f7f3b1611ab2ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-7d20-4493-b1df-43b4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '1616adcdb750330cdad6223d26311244ce21080fce5ff03203261302d1031249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-1018-4bf6-812b-47ef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '18c42f98affc8f053d0a20e9bc85786f1cc8c33bd5f7c0080687b5aa8c97f1d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-a060-4d4b-8323-4011950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '18df4e50d2db8e352755bab86e2aa04ce9dcf2a83bf3e03135abae00ab3d16c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e862-9580-48a5-9a73-445b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:30.000Z",
"modified": "2015-04-07T14:23:30.000Z",
"pattern": "[file:hashes.SHA256 = '1b0cd7bbd5188798f0bbcebb06afb54f6455a680b061bf32fa43d28e829837b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-1b58-4e38-95ef-421a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '21cbd6ba2f1787ebdeac8e6098a94e0e3f8d760bf7277f0e30229d9362cd7689']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-2098-4dcc-9287-49f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '246feb48f0a8e11b1c0d6cfb1a6fcbcb3b1b6014dc825367e67976cc31d29c37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-3398-43da-80c6-40ea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '2491fcac659f72cf9f0247e6444f1024e3f93b8684d9129fee61b7fe27ae4848']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-7f50-4b32-aa2d-411c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '288e9ac646b5c42666717326943fcfe90d206a2b29b6bcd46dd0b4a5db683689']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-8214-4cec-90dd-45ed950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '29c43ec1a4c4fc823028ee0e5b4ce9e6e5e1217766ee430f663538a60ccf13d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-fdb8-4550-8855-4a91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '2c3032b2b19b19369a37c7d60cd850c4208ec042ef32c9870b701f333734ae56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-3430-4b6b-82ea-45b2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '2e90ec6594eb5fda2cfb6d46b91e13e9ee3f8941de31b57f366dbe254ee9fc32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e863-bd70-4f8b-b83d-444e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:31.000Z",
"modified": "2015-04-07T14:23:31.000Z",
"pattern": "[file:hashes.SHA256 = '2fa4b025c74dec27d2640d441db27601e6d1c7717db90b7e9915f6ef5db92fa3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-31cc-42f6-9e2a-4644950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '2fde6617eaca9e178bd4de52fd55d4bcf211632c004703f31efbd541b3d16319']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-c350-46e4-b12c-4d74950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '3087f00b5ef2941ebf3005e9ed46c134a601c629d8dd26e83b25b3e3a4106f77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-2c88-4d16-946c-4e4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '316f052a09f1f121cfe70491697048db32612c4a2c4f007748fda9a2b0e56c20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-63ec-46e7-b6d7-4b6c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '33f8cfb672ab39e7ef1986848b293ade35e08480a8f7d2cbe96195357fb39cfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-3774-4eec-b4fa-47d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '35541d4f586a97d5f4cd0c43436df0cee2944a1a650dd7b9d3f14a63e7f20c8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-87ac-45c4-879e-4886950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '4466f22fd87e4d7fc875c7e073131cf81635fac48ba0fa7bbcf37f8a2dd0563e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-f500-49ae-8abe-425d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '47053e77580ef64ca39058f72986c6ff46a81c092027e240916c8bdb42cdfcb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-9000-4bf9-8771-4ab4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '4a4e729b5a2212bdcba4314594cbdf8fcbec7146bb1f47b3c99ad6d183bceb38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e864-b74c-47eb-8dee-4a15950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '4a7e8d72dbaf30ebe2328771381912df9387deea6e240f3ad046ba1154250680']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-dca4-49b5-b96e-42b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:32.000Z",
"modified": "2015-04-07T14:23:32.000Z",
"pattern": "[file:hashes.SHA256 = '52ce11b571aacf298c10d6dce47a60c199f6f58a76b901583bde65d86886cf1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-18f0-4e2a-af25-4a5d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '5f41b896d76c04677ac400262aae06727771d408b598e870827c2c8f4aac061c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-726c-4594-84e6-41f8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '62bd0c6eca0c4d562de0d83bbc7ce63fe9bfb3ac149e9a449dd44e2e3165c9dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-52e0-4bea-9a56-4423950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '6aa66eef38c6fcc2d9ab8034723acdaf2af0195749ff713dddaf414d2caea45f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-8fc4-4970-bb7b-4864950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '6c8347ec0c0a26a8942342e4031cf823332a8637d9a4e7f31bad725edc04a395']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-db08-4966-bf61-428b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '7339fe6a7799ab8369d0dbafed9d7f3b6c81d164b00ec5d3a17d6c69ea52b141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-ad78-4ba1-9e61-45f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '7a0fdc652e0ce4d84e9a6fd89343e6d71756c0a8f537276d3aed7388264ddb16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-c518-4a84-8de2-46d1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-f2d8-4057-abae-4e2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '7c754b0bec42a85f78393082b011e07fb0e964437c0c5c690ccf51d5508ab8b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e865-5ac0-4af6-a018-4ef3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:33.000Z",
"modified": "2015-04-07T14:23:33.000Z",
"pattern": "[file:hashes.SHA256 = '7d8da529d439e31b917661ae7421ee99b132e995cc78156fdd6e1f7df43ac07c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-ee30-4407-994c-4438950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '823e09d204e3c4d57abcbb23c1db50b0db3d8d4eecde72b0ffefa2f0b6abe904']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-9724-4483-9014-4e6e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '87e4096e3989ae5f047d1ede355e5e95b2eb4ce2fc8fb42a7d8a39f3224d41ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-ecc8-4499-a19f-45b2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '890137121b159b0de4b287627a8710605327f8aa0b2e657362b05b793881d87e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-ed94-46a4-9a8b-4c56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '8ac94fb63d023242e62d08ef7552beed720845266ea884c8d992d2533b81cf12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-2bec-4c82-94e0-4bd3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '8dcae5e7f13d190ff492687ddca33342450fdef868fbfa92d2ac7b32ffbf7365']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-bd20-418c-b82b-4969950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '8f9e875825f498cee1ef74c57829cd367a8b3089fe4e8918449711fa3af0f984']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-d278-4cd7-aed3-418b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '90745e366f46b1065c56a1a3e262e9e1f0f26baf05b6d29e4758dabdc2570d76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e866-bd44-44ad-8daf-4580950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:34.000Z",
"modified": "2015-04-07T14:23:34.000Z",
"pattern": "[file:hashes.SHA256 = '92f960ddcfa6ed39289e28f03bb36cd2b6b513f3c3c21ef31ee5f9a8238a8a01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-1368-48ae-bf62-4fa6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = '959630cb90c5e3810a8a02c771f37b46388204d2d99a436463cd87411f961ba0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-ecbc-4e36-91d3-4125950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = '970415694f5b1952a45b7c3c776292877738e32b42b23d97e1b5361e0eaf97de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-b2fc-4536-a4c5-4ca8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = '9df413b0da7355bbb203c294ed64c06ec68ab4a00221c8e9a0e635a40a08576d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-3054-4cd3-9eaa-4ff1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = 'a679d46a8ce8da6135b0dec9b2632ae41d01629a17f3183f9bcb76debfcecba5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-ecb4-4d12-a7d8-43e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = 'a8f50d0f0c41e83dc3697b6668013e8cff990e5b98b99170c24c57281ff43e09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-1718-41a1-98b9-40cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = 'aa17bce6d8c469ce22ba29f79d2754db5d44096862d7a13be9324121c04a5343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-f9f0-4783-921f-4a6c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = 'ad1e7e12607ccdda70197a9cc0fc3df7fb74db540d1a1764da9da7347cbd73e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-5694-4cc0-b230-4081950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = 'b21a5ac48502ff75057f9773bf31abd970ef6c75a2c0ea1c871dd4e81ec5a994']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e867-ac38-4bc0-8999-48b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:35.000Z",
"modified": "2015-04-07T14:23:35.000Z",
"pattern": "[file:hashes.SHA256 = 'b63407714c73d022b748411df888ccabcca082cf87bc32d53c6a9cfd55f46bda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-bf1c-4d4f-866f-4ebf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'b9140df8a58f02469f9f5789e1a39e476381855820730c997580f3a49fff1148']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-54b0-46df-b5c3-4a6e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'bdb451dd67a1101f8437a2f4231abac37d8bcc4b7c7b85bc74ace83e31aaa156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-05d8-437d-b16a-4062950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'bf1ac8ab322891defe755552c198891ff28fb2fa57fd36a8b1b5a6b649fbc027']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-8500-4bd7-80ae-426e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'c46bfed74f17b114664adb658c7a10389eceb3c35edbaa472197d32b66bea7ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-543c-4096-a75f-4075950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'c6791c74cf345c38ff10f04d36c11ad2953eb39bbc95df837dd4bf77176d6322']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-8bcc-4b55-8d3c-4793950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'ca0acc09b6b17271bcda7f67eaf9b9a8d8227408e7fd6b0def0f99e501bc179a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-7844-4bbe-8ea7-4136950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'ca6540211b309620c38db716b29d282492c4842d5d6e167ecc3b0707431c491f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-efe8-4bcb-afa9-445b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'cf15e587ef51527660947510b53f2a7b28da4b5ea02e39ff24c04e7156210612']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e868-3efc-478f-aba5-41cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:36.000Z",
"modified": "2015-04-07T14:23:36.000Z",
"pattern": "[file:hashes.SHA256 = 'd11884d05b679e494d8d997784e2d11648946b66d2f04daf3813e57fd1a156fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-61f4-495e-bc12-483f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'd173811a545ba495934cb293460bc86b0c6681c2cd98de52b6b10c63e4d3abb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-29a4-42fa-8e2f-4821950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'd1e1a66afb0e33d865776758abb5869fae5b3deab58e6a9f996253bdaf02a91f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-6efc-477a-ba5b-4b35950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'd6011662c2d1a18c50b02dc6ec5d9650c34bd67083038a9d56d9e0c98b100730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-d24c-4418-918f-4606950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'd72b78c634d9e1c24c90da7badb54a1243573c49dffe43ddb6a14db586b2aaf8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-fe44-4606-8ed5-43ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'd929406819df0faaf297e2b2e4253724a9f6fafaafa239c4b90db5ab6e58bd83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-80e0-4ca9-ad99-4e7b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'da198b32b61d0a5765d2961b1f4a20592a90bd919835bd5cf1f64329ef388a61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-25c0-4fb8-8696-4a7c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'ddccba1aa87ec9d12a896bed96d2d16465b4b63baefd4580828372971881be00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-27e8-449b-8ea8-4e56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'dec864735d2017b52accdd5285d24131ee556f9266156c62a83cde0ae8dbd095']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e869-7364-47a7-8cfa-42ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:37.000Z",
"modified": "2015-04-07T14:23:37.000Z",
"pattern": "[file:hashes.SHA256 = 'df6e40fb0bea1d00c86e0bca493d05a9318ba8e27b015bcadb2fc1d82fa8af04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-7104-4c7f-abe7-466b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'e13c06fa97a3f502edc3aee62b0f6aee174d5ced7a5d0a4dffc7323a9c993347']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-8404-497e-80d1-49a1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'e82f0bfa09fa9d855a73ae82ca56566c5b59074fa2ad4aad1f6870d5331eede8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-4c4c-4fcf-9077-43bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'e9bfcfe6d1bbfabca1d8c0896b1bcf452000bed161c1eba95bbae2256993f3ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-fdc8-433c-8766-48b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'eb8d20f3241a702409ef153b9f71c3af4e4f4557371265b86f4edd075c36cb91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-6c9c-41ce-8a89-4e59950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'ec198eb746eb1d87315e4ce2cb0d960246da4824f4925d340201288947537bfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-3880-40cf-b0b4-4330950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'f1c61fd84e925eb42d681755395f20b1adedd4ee43c58e974a32604e953cbbfd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-6610-44fc-ae7c-4f11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'f255321e7331ec856bcbf816f4a38371c2311b00d531fdff541fb18496cc0edd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-36f8-4588-b761-46de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'f37762bb2199c20d0c5ea0a21774f60bef1fabd7966ee9dc9c67514d5e7ed239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86a-a308-44ef-89b0-4a6d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:38.000Z",
"modified": "2015-04-07T14:23:38.000Z",
"pattern": "[file:hashes.SHA256 = 'f3ccc986dc4922514432440612331e74b1677995258291dd1fb068314e413a75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86b-2728-45a8-a484-4f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:39.000Z",
"modified": "2015-04-07T14:23:39.000Z",
"pattern": "[file:hashes.SHA256 = 'f4bf952b5b922a431ad15e4b9a9bc7011a999241187ca93811cec3cdd0a87351']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86b-afd4-430a-982b-458a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:39.000Z",
"modified": "2015-04-07T14:23:39.000Z",
"pattern": "[file:hashes.SHA256 = 'f571b27da6fc097bfc7a989fb9b752320f45ded7505125c558851ddd68f01688']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86b-eb24-4c1c-8e94-43b4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:39.000Z",
"modified": "2015-04-07T14:23:39.000Z",
"pattern": "[file:hashes.SHA256 = 'f8d6b5995ae855e9cd89194faf0c2f683f8e2d83376bcd4f2da55904d411368c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86b-68b8-45c9-9f66-4077950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:39.000Z",
"modified": "2015-04-07T14:23:39.000Z",
"pattern": "[file:hashes.SHA256 = 'f97ba6bdd7893af406d500634d5982184d278b46d392a0f7ad7d7bade0c47fc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86b-db2c-4d73-976e-4326950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:39.000Z",
"modified": "2015-04-07T14:23:39.000Z",
"pattern": "[file:hashes.SHA256 = 'fcc252231ec72ef03fb1309f415fb3f39db5f625925d7b01b8f851f33f506342']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e86b-6bcc-445b-9dfd-41e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:23:39.000Z",
"modified": "2015-04-07T14:23:39.000Z",
"pattern": "[file:hashes.SHA256 = 'fef59f6fc920a7a0ce7f67ec88d7d081a23d5c00aa93a646caa06e0a23bb7639']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e8d5-59fc-4e53-8708-401f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:25:25.000Z",
"modified": "2015-04-07T14:25:25.000Z",
"pattern": "[rule Winnti_Dropper\r\n{\r\n meta:\r\n copyright = \"Novetta Solutions\"\r\n author = \"Novetta Advanced Research Group\"\r\n\r\n strings:\r\n $runner = \"%s\\\\rundll32.exe \\\"%s\\\", DlgProc %s\"\r\n $inflate = \"Copyright 1995-2005 Mark Adler\"\r\n \r\n condition:\r\n $runner and $inflate\r\n\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e8e9-26ac-4de4-8961-7071950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:25:45.000Z",
"modified": "2015-04-07T14:25:45.000Z",
"pattern": "[rule Winnti_service\r\n{\r\n meta:\r\n copyright = \"Novetta Solutions\"\r\n author = \"Novetta Advanced Research Group\"\r\n\r\n strings:\r\n $newmem = \"new memory failed!\"\r\n $value = \"can not find value %d\\n\"\r\n $onevalue = \"find one value %d\\n\"\r\n $nofile = \"Can not open the file (error %d)\"\r\n \r\n condition:\r\n 3 of ($newmem, $value, $onevalue, $nofile)\r\n\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e901-4c20-4365-8f2e-4953950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-22T14:57:20.000Z",
"modified": "2015-04-22T14:57:20.000Z",
"pattern": "[rule Winnti_engine\r\n{\r\n meta:\r\n copyright = \"Novetta Solutions\"\r\n author = \"Novetta Advanced Research Group\"\r\n\r\n strings:\r\n $api1 = \"SHCreateItemFromParsingName\"\r\n $datfile = \"otfkty.dat\"\r\n $workstart = \"work_start\"\r\n $workend = \"work_end\"\r\n \r\n condition:\r\n ($api1 or $datfile) and ($workstart and $workend)\r\n \r\n\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2015-04-22T14:57:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523e918-3a8c-48d5-8b3b-755f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:26:32.000Z",
"modified": "2015-04-07T14:26:32.000Z",
"pattern": "[rule Winnti_worker\r\n{\r\n meta:\r\n copyright = \"Novetta Solutions\"\r\n author = \"Novetta Advanced Research Group\"\r\n\r\n strings:\r\n $pango = \"pango-basic-win32.dll\"\r\n $tango = \"tango.dll\"\r\n $dat = \"%s\\\\%d%d.dat\"\r\n $cryptobase = \"%s\\\\sysprep\\\\cryptbase.dll\"\r\n \r\n condition:\r\n $pango and $tango and $dat and $cryptobase\r\n\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5523e931-ac20-4215-a415-7076950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:26:57.000Z",
"modified": "2015-04-07T14:26:57.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "WinNTI"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5523e931-68c4-4dc0-a56e-7076950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:26:57.000Z",
"modified": "2015-04-07T14:26:57.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "OpSMN"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5523e9a9-2bc4-4eea-8f7f-7071950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:28:57.000Z",
"modified": "2015-04-07T14:28:57.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Operation SMN"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523ea6b-7d44-483d-98db-755e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:32:11.000Z",
"modified": "2015-04-07T14:32:11.000Z",
"pattern": "[file:name = '\\\\%SYSDIR\\\\%\\\\otfkyt.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:32:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523ea6b-7de8-4911-aa6d-755e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:32:11.000Z",
"modified": "2015-04-07T14:32:11.000Z",
"pattern": "[file:name = '\\\\%SYSDIR\\\\%\\\\wmtsk.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:32:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5523ea6b-d4d4-4e8f-a502-755e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-07T14:32:11.000Z",
"modified": "2015-04-07T14:32:11.000Z",
"pattern": "[file:name = '\\\\%SYSDIR\\\\%\\\\wmm2.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-07T14:32:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65947-8c90-4777-84aa-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:39.000Z",
"modified": "2016-02-18T23:52:39.000Z",
"description": "Automatically added (via 0798740771dc8f40a5a45a2f58aeab479e2ead6682d67b24fafc46a7ab40c128)",
"pattern": "[file:hashes.MD5 = '159ad2c7a57687363d27c27bc60f6374']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65949-7bac-4192-a47d-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:41.000Z",
"modified": "2016-02-18T23:52:41.000Z",
"description": "Automatically added (via 0e3d6da65139e01a8f9be0ee63b4510123fc9f644100b00535f7f3b1611ab2ce)",
"pattern": "[file:hashes.MD5 = '4ed9366aed62527c69f61de7bb595af6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6594c-b568-4637-aa57-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:44.000Z",
"modified": "2016-02-18T23:52:44.000Z",
"description": "Automatically added (via 2e90ec6594eb5fda2cfb6d46b91e13e9ee3f8941de31b57f366dbe254ee9fc32)",
"pattern": "[file:hashes.MD5 = '0f8fd146ae53c0f0499c8e1ea44d267b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6594e-50f0-442b-b4f2-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:46.000Z",
"modified": "2016-02-18T23:52:46.000Z",
"description": "Automatically added (via 4a4e729b5a2212bdcba4314594cbdf8fcbec7146bb1f47b3c99ad6d183bceb38)",
"pattern": "[file:hashes.MD5 = '50955f8198bf37025d40a7cdcee7978c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65950-c37c-4f92-a973-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:48.000Z",
"modified": "2016-02-18T23:52:48.000Z",
"description": "Automatically added (via 4a7e8d72dbaf30ebe2328771381912df9387deea6e240f3ad046ba1154250680)",
"pattern": "[file:hashes.MD5 = '832d56ab2950db6032eda77de2fbe0cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65952-af10-45a5-b49b-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:50.000Z",
"modified": "2016-02-18T23:52:50.000Z",
"description": "Automatically added (via 52ce11b571aacf298c10d6dce47a60c199f6f58a76b901583bde65d86886cf1f)",
"pattern": "[file:hashes.MD5 = 'a49066ad92a47a2744d142e8c5de892e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65954-2a68-419b-bb46-4dd6950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:52.000Z",
"modified": "2016-02-18T23:52:52.000Z",
"description": "Automatically added (via 6aa66eef38c6fcc2d9ab8034723acdaf2af0195749ff713dddaf414d2caea45f)",
"pattern": "[file:hashes.MD5 = 'b120dab999c4c3edd3628ffca76bc82c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65957-b2d4-4677-950a-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:55.000Z",
"modified": "2016-02-18T23:52:55.000Z",
"description": "Automatically added (via 959630cb90c5e3810a8a02c771f37b46388204d2d99a436463cd87411f961ba0)",
"pattern": "[file:hashes.MD5 = '3086c619b43e5bdd20188ad594de8c41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6595a-c8fc-4c65-a4f9-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:58.000Z",
"modified": "2016-02-18T23:52:58.000Z",
"description": "Automatically added (via b21a5ac48502ff75057f9773bf31abd970ef6c75a2c0ea1c871dd4e81ec5a994)",
"pattern": "[file:hashes.MD5 = '437ea3b450fd1043b20553996c8e9e00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6595c-4154-4897-a5c8-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:00.000Z",
"modified": "2016-02-18T23:53:00.000Z",
"description": "Automatically added (via bdb451dd67a1101f8437a2f4231abac37d8bcc4b7c7b85bc74ace83e31aaa156)",
"pattern": "[file:hashes.MD5 = '937e9a04f082f9f9d5ca6e9a481a8e6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6595f-490c-43f7-9a20-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:03.000Z",
"modified": "2016-02-18T23:53:03.000Z",
"description": "Automatically added (via df6e40fb0bea1d00c86e0bca493d05a9318ba8e27b015bcadb2fc1d82fa8af04)",
"pattern": "[file:hashes.MD5 = '2f10e8bbdc38a8ff342e38b0f1e9cc52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65962-ccc0-4d2d-a319-599e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:06.000Z",
"modified": "2016-02-18T23:53:06.000Z",
"description": "Automatically added (via ec198eb746eb1d87315e4ce2cb0d960246da4824f4925d340201288947537bfa)",
"pattern": "[file:hashes.MD5 = 'd10a1967eee1eadcc010dc89dc2b8925']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65964-4d60-404e-a426-59a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:08.000Z",
"modified": "2016-02-18T23:53:08.000Z",
"description": "Automatically added (via f4bf952b5b922a431ad15e4b9a9bc7011a999241187ca93811cec3cdd0a87351)",
"pattern": "[file:hashes.MD5 = '032a234eda612f8474e8dc97829674e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65966-9438-4dfa-a2a0-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:10.000Z",
"modified": "2016-02-18T23:53:10.000Z",
"description": "Automatically added (via f97ba6bdd7893af406d500634d5982184d278b46d392a0f7ad7d7bade0c47fc0)",
"pattern": "[file:hashes.MD5 = 'e831913787541c94d5d6a25235ce7d84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65948-8a3c-4741-bafb-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:40.000Z",
"modified": "2016-02-18T23:52:40.000Z",
"description": "Automatically added (via 0798740771dc8f40a5a45a2f58aeab479e2ead6682d67b24fafc46a7ab40c128)",
"pattern": "[file:hashes.SHA1 = '72f3c2155c625784c41cf50bfde4d8dc63424c8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6594a-8134-4c8d-b5c2-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:42.000Z",
"modified": "2016-02-18T23:52:42.000Z",
"description": "Automatically added (via 0e3d6da65139e01a8f9be0ee63b4510123fc9f644100b00535f7f3b1611ab2ce)",
"pattern": "[file:hashes.SHA1 = 'cef549547a567db2020af80b1d8e0163f9aa4d65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6594d-d1e8-478f-a3cf-59a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:45.000Z",
"modified": "2016-02-18T23:52:45.000Z",
"description": "Automatically added (via 2e90ec6594eb5fda2cfb6d46b91e13e9ee3f8941de31b57f366dbe254ee9fc32)",
"pattern": "[file:hashes.SHA1 = 'f6918d589408209600f1a1ac57f5f610f5bfc90b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6594f-bbdc-4643-842a-42cb950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:47.000Z",
"modified": "2016-02-18T23:52:47.000Z",
"description": "Automatically added (via 4a4e729b5a2212bdcba4314594cbdf8fcbec7146bb1f47b3c99ad6d183bceb38)",
"pattern": "[file:hashes.SHA1 = '894923f6346506300db5477a8f0057745239cc3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65951-3188-4296-a453-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:49.000Z",
"modified": "2016-02-18T23:52:49.000Z",
"description": "Automatically added (via 4a7e8d72dbaf30ebe2328771381912df9387deea6e240f3ad046ba1154250680)",
"pattern": "[file:hashes.SHA1 = '49e0fb0f7bd276afea3f13bcac9dd945c148f6bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65952-cf2c-428d-8f95-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:50.000Z",
"modified": "2016-02-18T23:52:50.000Z",
"description": "Automatically added (via 52ce11b571aacf298c10d6dce47a60c199f6f58a76b901583bde65d86886cf1f)",
"pattern": "[file:hashes.SHA1 = '60aef3264dd2263791afd59652ef4228bac79a29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65954-f9fc-450a-9d54-4706950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:52.000Z",
"modified": "2016-02-18T23:52:52.000Z",
"description": "Automatically added (via 6aa66eef38c6fcc2d9ab8034723acdaf2af0195749ff713dddaf414d2caea45f)",
"pattern": "[file:hashes.SHA1 = '27976ef26939f0c58a5e2edb222c80761a41e2cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65958-5060-4e01-889d-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:56.000Z",
"modified": "2016-02-18T23:52:56.000Z",
"description": "Automatically added (via 959630cb90c5e3810a8a02c771f37b46388204d2d99a436463cd87411f961ba0)",
"pattern": "[file:hashes.SHA1 = 'ee83355a6fd69caaedaaa5ef5e44683c0cddf553']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6595a-8d40-4a3d-8b51-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:52:58.000Z",
"modified": "2016-02-18T23:52:58.000Z",
"description": "Automatically added (via b21a5ac48502ff75057f9773bf31abd970ef6c75a2c0ea1c871dd4e81ec5a994)",
"pattern": "[file:hashes.SHA1 = 'e30014454ec9678426afb3e8e972dc3d063f1358']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:52:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6595c-2c5c-4d5e-932c-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:00.000Z",
"modified": "2016-02-18T23:53:00.000Z",
"description": "Automatically added (via bdb451dd67a1101f8437a2f4231abac37d8bcc4b7c7b85bc74ace83e31aaa156)",
"pattern": "[file:hashes.SHA1 = 'ca9e770eac54b3b7046e6efdee6e1ebe88a8905f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65960-a020-41f5-903d-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:04.000Z",
"modified": "2016-02-18T23:53:04.000Z",
"description": "Automatically added (via df6e40fb0bea1d00c86e0bca493d05a9318ba8e27b015bcadb2fc1d82fa8af04)",
"pattern": "[file:hashes.SHA1 = '7d9b2a9b65a55ecd9c2867f1ea21821d52459d4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65962-b6b8-44e7-a2cd-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:06.000Z",
"modified": "2016-02-18T23:53:06.000Z",
"description": "Automatically added (via ec198eb746eb1d87315e4ce2cb0d960246da4824f4925d340201288947537bfa)",
"pattern": "[file:hashes.SHA1 = 'f0460290bd8668e94a4c5ad86aa1c487466e8e9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65965-95d4-4f13-a712-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:09.000Z",
"modified": "2016-02-18T23:53:09.000Z",
"description": "Automatically added (via f4bf952b5b922a431ad15e4b9a9bc7011a999241187ca93811cec3cdd0a87351)",
"pattern": "[file:hashes.SHA1 = '972da237b66a1239555bd06588039f8b8c03fbe5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65967-ac6c-4474-8a25-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:53:11.000Z",
"modified": "2016-02-18T23:53:11.000Z",
"description": "Automatically added (via f97ba6bdd7893af406d500634d5982184d278b46d392a0f7ad7d7bade0c47fc0)",
"pattern": "[file:hashes.SHA1 = '4857e755573822aeef32730a5302cd89c88031db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:53:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink