adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5631394c-b9b4-483b-9480-26bc950d210b.json

3654 lines
No EOL
152 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5631394c-b9b4-483b-9480-26bc950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:41:26.000Z",
"modified": "2015-11-03T21:41:26.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5631394c-b9b4-483b-9480-26bc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:41:26.000Z",
"modified": "2015-11-03T21:41:26.000Z",
"name": "OSINT Duuzer back door Trojan targets South Korea to take over computers by Symantec",
"published": "2015-11-03T21:41:32Z",
"object_refs": [
"observed-data--56313962-0aec-45d5-a7bf-0e8f950d210b",
"url--56313962-0aec-45d5-a7bf-0e8f950d210b",
"indicator--5638df6a-f4a0-4fa4-815e-0f6f950d210b",
"indicator--5638df6b-d258-4d60-ad83-0f6f950d210b",
"indicator--5638df6b-a1c8-464d-8939-0f6f950d210b",
"indicator--5638df6b-aa08-4764-9f83-0f6f950d210b",
"indicator--5638df6c-eda8-413c-bd20-0f6f950d210b",
"indicator--5638df6c-4c7c-4a8e-a668-0f6f950d210b",
"indicator--5638df6d-1b84-45c2-b4b2-0f6f950d210b",
"indicator--5638df6d-a4a4-4840-adf5-0f6f950d210b",
"indicator--5638df6d-2054-44a6-a211-0f6f950d210b",
"indicator--5638df6e-dea0-437c-bb5b-0f6f950d210b",
"indicator--5638df6e-b288-44e6-bfb7-0f6f950d210b",
"indicator--5638df6e-3a68-4341-b2d6-0f6f950d210b",
"indicator--5638df6f-a9e8-4d68-819a-0f6f950d210b",
"indicator--5638df6f-9364-4c5a-b830-0f6f950d210b",
"indicator--5638df70-8800-48fc-b31a-0f6f950d210b",
"indicator--5638df70-bc38-4c10-8fbd-0f6f950d210b",
"indicator--5638df70-2698-4187-b8f3-0f6f950d210b",
"indicator--5638df71-b06c-4085-8c69-0f6f950d210b",
"indicator--5638df71-73e4-4e34-8a6a-0f6f950d210b",
"indicator--5638df72-8d2c-447f-811a-0f6f950d210b",
"indicator--5638df72-1764-4b38-9f5d-0f6f950d210b",
"indicator--5638df72-ac3c-431f-9082-0f6f950d210b",
"indicator--5638df73-3430-46ed-97c5-0f6f950d210b",
"indicator--5638df73-841c-4535-8c8c-0f6f950d210b",
"indicator--5638df73-b148-41e9-a6d5-0f6f950d210b",
"indicator--5638df74-371c-4d8c-820d-0f6f950d210b",
"indicator--5638df74-0a50-453d-a7c9-0f6f950d210b",
"indicator--5638df75-ba94-46a5-bac1-0f6f950d210b",
"indicator--5638df75-6fc0-4ef1-bc25-0f6f950d210b",
"indicator--5638df75-d42c-44ef-8a45-0f6f950d210b",
"indicator--5638df76-6904-42e2-8627-0f6f950d210b",
"indicator--5638df76-5984-4998-904b-0f6f950d210b",
"indicator--5638df77-6534-4c27-85d1-0f6f950d210b",
"indicator--5638df77-dea0-463a-b49b-0f6f950d210b",
"indicator--5638df77-1dec-4b64-9a9b-0f6f950d210b",
"indicator--5638df78-36f0-4457-a7fc-0f6f950d210b",
"indicator--5638df78-eaa4-40b6-b85c-0f6f950d210b",
"indicator--5638df78-2958-477b-bb59-0f6f950d210b",
"indicator--5638df79-f40c-49bd-8b75-0f6f950d210b",
"indicator--5638df79-348c-4225-83e6-0f6f950d210b",
"indicator--5638df7a-7224-46c0-ab74-0f6f950d210b",
"indicator--5638df7a-f97c-4b79-a0e6-0f6f950d210b",
"indicator--5638df7a-b328-4e2f-8c14-0f6f950d210b",
"indicator--5638df7b-6610-4077-b55d-0f6f950d210b",
"indicator--5638df7b-b6a0-4ab9-9691-0f6f950d210b",
"indicator--5638df8e-d668-4bce-9d8c-0297950d210b",
"indicator--5638df8e-5c68-41bd-a066-0297950d210b",
"indicator--5638df8e-acac-4575-8e62-0297950d210b",
"indicator--5638df8f-a2f4-4feb-8f1f-0297950d210b",
"indicator--5638df8f-4018-452d-b100-0297950d210b",
"indicator--5638df8f-2c54-4541-a49e-0297950d210b",
"indicator--5638df90-45bc-47dd-9364-0297950d210b",
"indicator--5638df90-93a0-4871-8374-0297950d210b",
"indicator--5638df91-3608-4a03-9d01-0297950d210b",
"indicator--5638df91-98b0-4b15-86a9-0297950d210b",
"indicator--5638df91-93a8-4d2a-af41-0297950d210b",
"indicator--5638df92-1368-4c9b-bd1f-0297950d210b",
"indicator--5638df92-20c4-4191-a4e8-0297950d210b",
"indicator--5638df93-7658-478d-95d9-0297950d210b",
"indicator--5638df93-4590-48e1-a917-0297950d210b",
"indicator--5638df93-0438-4b67-b2fc-0297950d210b",
"indicator--5638df94-1da8-4926-bc29-0297950d210b",
"indicator--5638df94-d294-4de6-a07d-0297950d210b",
"indicator--5638dfb6-417c-472e-814c-2069950d210b",
"indicator--5638dfb7-4b1c-4625-b8ee-2069950d210b",
"indicator--5638dfb7-5644-409e-bc67-2069950d210b",
"indicator--5638dfb8-dddc-4a51-8a58-2069950d210b",
"indicator--5638dfb8-ffb8-4754-8800-2069950d210b",
"indicator--5638dfb9-3870-4807-bbab-2069950d210b",
"indicator--5638dfb9-61d0-443e-8b15-2069950d210b",
"indicator--5638dfba-874c-4d86-a91b-2069950d210b",
"indicator--5638dfba-0d30-46da-9a8d-2069950d210b",
"indicator--5638dfba-9968-4a3b-9406-2069950d210b",
"indicator--5638dfbb-84ac-48c8-b64c-2069950d210b",
"indicator--5638dfbb-3668-4445-8c28-2069950d210b",
"indicator--5638dfbb-33c0-4b31-aac4-2069950d210b",
"indicator--5638dfbc-5058-406d-b35e-2069950d210b",
"indicator--563929d0-aed4-4bb9-9c99-418d950d210b",
"observed-data--563929d0-6920-4f61-8ec3-4934950d210b",
"url--563929d0-6920-4f61-8ec3-4934950d210b",
"indicator--563929d1-5504-45a9-9c5b-45a8950d210b",
"observed-data--563929d1-4818-42b7-abc5-4ed4950d210b",
"url--563929d1-4818-42b7-abc5-4ed4950d210b",
"indicator--563929d1-b8a4-47db-aaee-4a5d950d210b",
"observed-data--563929d2-3314-4468-b8e2-41f3950d210b",
"url--563929d2-3314-4468-b8e2-41f3950d210b",
"indicator--563929d2-47b4-4388-8f66-45a8950d210b",
"observed-data--563929d3-dff0-489a-b36a-4437950d210b",
"url--563929d3-dff0-489a-b36a-4437950d210b",
"indicator--563929d3-361c-46b7-81c6-421b950d210b",
"observed-data--563929d3-40cc-44a0-9775-42d0950d210b",
"url--563929d3-40cc-44a0-9775-42d0950d210b",
"indicator--563929d4-eecc-4976-a58d-46d8950d210b",
"observed-data--563929d4-5614-4868-9200-46e1950d210b",
"url--563929d4-5614-4868-9200-46e1950d210b",
"indicator--563929d5-f344-4264-a152-455f950d210b",
"observed-data--563929d5-2978-4c8e-bc91-4352950d210b",
"url--563929d5-2978-4c8e-bc91-4352950d210b",
"indicator--563929d5-b480-4506-865b-4d11950d210b",
"observed-data--563929d6-024c-44f7-b4d8-4c3b950d210b",
"url--563929d6-024c-44f7-b4d8-4c3b950d210b",
"indicator--563929d6-107c-4ee1-b044-486e950d210b",
"observed-data--563929d7-5758-4088-b15e-491e950d210b",
"url--563929d7-5758-4088-b15e-491e950d210b",
"indicator--563929d7-9d10-4b76-b620-493d950d210b",
"observed-data--563929d7-2034-47b6-ad52-490d950d210b",
"url--563929d7-2034-47b6-ad52-490d950d210b",
"indicator--563929d8-b80c-4822-9a79-4bac950d210b",
"observed-data--563929d8-1d60-4dfa-85be-4293950d210b",
"url--563929d8-1d60-4dfa-85be-4293950d210b",
"indicator--563929d8-f5d4-4ba7-8cec-4ec5950d210b",
"observed-data--563929d9-da64-4f33-8ab7-4156950d210b",
"url--563929d9-da64-4f33-8ab7-4156950d210b",
"indicator--563929d9-9ed4-43b9-943d-423f950d210b",
"observed-data--563929da-6fc0-4a7a-8144-4b43950d210b",
"url--563929da-6fc0-4a7a-8144-4b43950d210b",
"indicator--563929da-3220-4ed0-beb0-4833950d210b",
"observed-data--563929da-1e14-4abb-8b39-449b950d210b",
"url--563929da-1e14-4abb-8b39-449b950d210b",
"indicator--563929db-635c-4a19-9c35-4ffe950d210b",
"observed-data--563929db-1b1c-4d8b-a6ce-46cc950d210b",
"url--563929db-1b1c-4d8b-a6ce-46cc950d210b",
"indicator--563929dc-e380-450d-b5fa-4461950d210b",
"observed-data--563929dc-cb44-4ab9-a785-4357950d210b",
"url--563929dc-cb44-4ab9-a785-4357950d210b",
"indicator--563929dc-c544-4b1b-a390-4210950d210b",
"observed-data--563929dd-18dc-47c6-b350-41a1950d210b",
"url--563929dd-18dc-47c6-b350-41a1950d210b",
"indicator--563929dd-5b98-4a65-be9c-45b2950d210b",
"observed-data--563929de-9db0-4324-8ed3-4f37950d210b",
"url--563929de-9db0-4324-8ed3-4f37950d210b",
"indicator--563929de-96f0-45d8-94d0-4db8950d210b",
"observed-data--563929de-f784-4593-8f71-412a950d210b",
"url--563929de-f784-4593-8f71-412a950d210b",
"indicator--563929df-0144-489a-a39a-43ab950d210b",
"observed-data--563929df-e01c-4916-b533-4648950d210b",
"url--563929df-e01c-4916-b533-4648950d210b",
"indicator--563929e0-df88-4759-bffb-466d950d210b",
"observed-data--563929e0-f5c4-4344-9059-482c950d210b",
"url--563929e0-f5c4-4344-9059-482c950d210b",
"indicator--563929e0-db74-4916-9ee2-4849950d210b",
"observed-data--563929e1-fe40-47ed-9a54-424d950d210b",
"url--563929e1-fe40-47ed-9a54-424d950d210b",
"indicator--563929e1-e014-4214-89d9-4487950d210b",
"observed-data--563929e2-e3e8-487e-9de2-47a7950d210b",
"url--563929e2-e3e8-487e-9de2-47a7950d210b",
"indicator--563929e2-5cbc-417a-ab48-4f2c950d210b",
"observed-data--563929e2-18ec-412f-86e2-405b950d210b",
"url--563929e2-18ec-412f-86e2-405b950d210b",
"indicator--563929e3-9a0c-4ff2-9a16-4117950d210b",
"observed-data--563929e3-dc88-4f54-86b9-4cc7950d210b",
"url--563929e3-dc88-4f54-86b9-4cc7950d210b",
"indicator--563929e3-f038-4ebd-823f-4b44950d210b",
"observed-data--563929e4-3cb4-44d6-b911-453a950d210b",
"url--563929e4-3cb4-44d6-b911-453a950d210b",
"indicator--563929e4-f4b4-473c-a9c4-44bb950d210b",
"observed-data--563929e5-c378-4ac9-8f6a-4b28950d210b",
"url--563929e5-c378-4ac9-8f6a-4b28950d210b",
"indicator--563929e5-1298-47e2-9055-4a86950d210b",
"observed-data--563929e5-3044-4380-b47a-41f1950d210b",
"url--563929e5-3044-4380-b47a-41f1950d210b",
"indicator--563929e6-0f1c-4b61-9533-4fdc950d210b",
"observed-data--563929e6-50b0-4774-8523-4f7b950d210b",
"url--563929e6-50b0-4774-8523-4f7b950d210b",
"indicator--563929e7-363c-4dc2-a2c1-4186950d210b",
"observed-data--563929e7-0fb4-4f34-9ad2-49b5950d210b",
"url--563929e7-0fb4-4f34-9ad2-49b5950d210b",
"indicator--563929e7-738c-4731-a770-468b950d210b",
"observed-data--563929e8-069c-4645-9d41-4482950d210b",
"url--563929e8-069c-4645-9d41-4482950d210b",
"indicator--563929e8-b558-4d2b-94c9-4e24950d210b",
"indicator--563929e9-2b94-4a83-b9df-4264950d210b",
"observed-data--563929e9-3088-439e-9dd3-4ef3950d210b",
"url--563929e9-3088-439e-9dd3-4ef3950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56313962-0aec-45d5-a7bf-0e8f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-28T21:08:50.000Z",
"modified": "2015-10-28T21:08:50.000Z",
"first_observed": "2015-10-28T21:08:50Z",
"last_observed": "2015-10-28T21:08:50Z",
"number_observed": 1,
"object_refs": [
"url--56313962-0aec-45d5-a7bf-0e8f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56313962-0aec-45d5-a7bf-0e8f950d210b",
"value": "http://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6a-f4a0-4fa4-815e-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:06.000Z",
"modified": "2015-11-03T16:23:06.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '1205c4bd5d02782cc4e66dfa3fef749c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6b-d258-4d60-ad83-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:07.000Z",
"modified": "2015-11-03T16:23:07.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '92d618db54690c6ae193f07a31d92098']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6b-a1c8-464d-8939-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:07.000Z",
"modified": "2015-11-03T16:23:07.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '3e6be312a28b2633c8849d3e95e487b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6b-aa08-4764-9f83-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:07.000Z",
"modified": "2015-11-03T16:23:07.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '41a6d7c944bd84329bd31bb07f83150a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6c-eda8-413c-bd20-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:08.000Z",
"modified": "2015-11-03T16:23:08.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '7343f81a0e42ebf283415da7b3da253f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6c-4c7c-4a8e-a668-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:08.000Z",
"modified": "2015-11-03T16:23:08.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '73471f41319468ab207b8d5b33b0b4be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6d-1b84-45c2-b4b2-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:09.000Z",
"modified": "2015-11-03T16:23:09.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '84a3f8941bb4bf15ba28090f8bc0faec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6d-a4a4-4840-adf5-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:09.000Z",
"modified": "2015-11-03T16:23:09.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'b04fabf3a7a710aafe5bc2d899c0fc2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6d-2054-44a6-a211-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:09.000Z",
"modified": "2015-11-03T16:23:09.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'e04792e8e0959e66499bfacb2a76802b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6e-dea0-437c-bb5b-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:10.000Z",
"modified": "2015-11-03T16:23:10.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '3a963e1de08c9920c1dfe923bd4594ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6e-b288-44e6-bfb7-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:10.000Z",
"modified": "2015-11-03T16:23:10.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '51b3e2c7a8ad29f296365972c8452621']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6e-3a68-4341-b2d6-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:10.000Z",
"modified": "2015-11-03T16:23:10.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '5f05a8f1e545457dbd42fe1329f79452']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6f-a9e8-4d68-819a-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:11.000Z",
"modified": "2015-11-03T16:23:11.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '91e5a64826f75f74a5ae123abdf7cef5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df6f-9364-4c5a-b830-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:11.000Z",
"modified": "2015-11-03T16:23:11.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '9749a4b538022e2602945523192964ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df70-8800-48fc-b31a-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:12.000Z",
"modified": "2015-11-03T16:23:12.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '9ca7ec51a98c2b16fd7d9a985877a4ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df70-bc38-4c10-8fbd-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:12.000Z",
"modified": "2015-11-03T16:23:12.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'bb6cbebd4ffd642d437afc605c32eca0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df70-2698-4187-b8f3-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:12.000Z",
"modified": "2015-11-03T16:23:12.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'fb4caaaf1ac1df378d05111d810a833e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df71-b06c-4085-8c69-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:13.000Z",
"modified": "2015-11-03T16:23:13.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '4b2d221deb0c8042780376cb565532f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df71-73e4-4e34-8a6a-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:13.000Z",
"modified": "2015-11-03T16:23:13.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'cd7a72be9c16c2ece1140bc461d6226d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df72-8d2c-447f-811a-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:14.000Z",
"modified": "2015-11-03T16:23:14.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'f032712aa20da98a1bbad7ae5d998767']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df72-1764-4b38-9f5d-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:14.000Z",
"modified": "2015-11-03T16:23:14.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = 'f940a21971820a2fcf8433c28be1e967']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df72-ac3c-431f-9082-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:14.000Z",
"modified": "2015-11-03T16:23:14.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '71cdcc903f94f56c758121d0b442690f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df73-3430-46ed-97c5-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:15.000Z",
"modified": "2015-11-03T16:23:15.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.MD5 = '0f844300318446a70c022f9487475490']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df73-841c-4535-8c8c-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:15.000Z",
"modified": "2015-11-03T16:23:15.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'fd5a7e54cfdd3b3f32b44d8fdd845e62d6b86c0ddb550c544d659588d06ceaee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df73-b148-41e9-a6d5-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:15.000Z",
"modified": "2015-11-03T16:23:15.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '89b25f9a454240a3f52de9bf6f9a829d2b4af04a7d9e9f4136f920f7e372909b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df74-371c-4d8c-820d-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:16.000Z",
"modified": "2015-11-03T16:23:16.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'a01bd92c02c9ef7c4785d8bf61ecff734e990b255bba8e22d4513f35f370fd14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df74-0a50-453d-a7c9-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:16.000Z",
"modified": "2015-11-03T16:23:16.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'c327de2239034b6f6978884b33582ce97761bcc224239c955f62feebd01e5946']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df75-ba94-46a5-bac1-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:17.000Z",
"modified": "2015-11-03T16:23:17.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'c7024cf43d285ec9671e8dc1eae87281a6ee6f28e92d69d94474efc2521f03ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df75-6fc0-4ef1-bc25-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:17.000Z",
"modified": "2015-11-03T16:23:17.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '5a69bce8196b048f8b98f48c8f4950c8b059c43577e35d4af5f26c624140377c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df75-d42c-44ef-8a45-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:17.000Z",
"modified": "2015-11-03T16:23:17.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '477ca3e7353938f75032d04e232eb2c298f06f95328bca1a34fce1d8c9d12023']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df76-6904-42e2-8627-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:18.000Z",
"modified": "2015-11-03T16:23:18.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'd57d772eefa6086b5c249efff01189cf4869c2b73007af63affc353474eaafcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df76-5984-4998-904b-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:18.000Z",
"modified": "2015-11-03T16:23:18.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '4efeea9eeae3d668897206eeccb1444d542ea537ca5c2787f13dd5dadd0e6aaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df77-6534-4c27-85d1-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:19.000Z",
"modified": "2015-11-03T16:23:19.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'a0a6d0e3af6e76264db1e0d4a4ad5745fff15eb2790938718b2c0988b9415b2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df77-dea0-463a-b49b-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:19.000Z",
"modified": "2015-11-03T16:23:19.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '5b28c86d7e581e52328942b35ece0d0875585fbb4e29378666d1af5be7f56b46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df77-1dec-4b64-9a9b-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:19.000Z",
"modified": "2015-11-03T16:23:19.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '47181c973a8a69740b710a420ea8f6bf82ce8a613134a8b080b64ce26bb5db93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df78-36f0-4457-a7fc-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:20.000Z",
"modified": "2015-11-03T16:23:20.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'fb6d81f4165b41febc739358aeba0fe15048e1d445296e8df9104875be30f9a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df78-eaa4-40b6-b85c-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:20.000Z",
"modified": "2015-11-03T16:23:20.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '4a6aba1c182dd8304bac91cc9e1fc39291d78044995f559c1d3bce05afd19982']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df78-2958-477b-bb59-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:20.000Z",
"modified": "2015-11-03T16:23:20.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '7099093177094ea5cc3380b42c2556ed6e8dd06a2f537fa6dd275e5cc1df9c9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df79-f40c-49bd-8b75-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:21.000Z",
"modified": "2015-11-03T16:23:21.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '90d8643e7e52f095ed59ed739167421e45958984c4c9186c4a025e2fd2be668b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df79-348c-4225-83e6-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:21.000Z",
"modified": "2015-11-03T16:23:21.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '66df7660ddae300b1fcf1098b698868dd6f52db5fcf679fc37a396d28613e66b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df7a-7224-46c0-ab74-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:22.000Z",
"modified": "2015-11-03T16:23:22.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '37f652e2060066a1c2c317195573a334416f5a9b9933cfb1ece55bea8048d80f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df7a-f97c-4b79-a0e6-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:22.000Z",
"modified": "2015-11-03T16:23:22.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '6b71465e59eb1e266d47efeaecc256a186d3e08f570bffcfd5ac55e635c67c2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df7a-b328-4e2f-8c14-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:22.000Z",
"modified": "2015-11-03T16:23:22.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = 'd2e03115ef1525f82d70fc691f0360e318ade176a3789cf36969630d9af6901a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df7b-6610-4077-b55d-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:23.000Z",
"modified": "2015-11-03T16:23:23.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '912905ec9d839ca8dfd6771ff5c17aec3516f9ad159a9d627b81261055095fbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df7b-b6a0-4ab9-9691-0f6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:23.000Z",
"modified": "2015-11-03T16:23:23.000Z",
"description": "Backdoor.Duuzer",
"pattern": "[file:hashes.SHA256 = '4cf3a7e17dc4628725dd34b8e98238ed0a2df2dc83189db98d85a38f73706fa5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df8e-d668-4bce-9d8c-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:42.000Z",
"modified": "2015-11-03T16:23:42.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = '1c532fad2c60636654d4c778cfe10408']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df8e-5c68-41bd-a066-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:42.000Z",
"modified": "2015-11-03T16:23:42.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = '1db2dced6dfa04ed75b246ff2784046a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df8e-acac-4575-8e62-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:42.000Z",
"modified": "2015-11-03T16:23:42.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = '3844ec6ec70347913bd1156f8cd159b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df8f-a2f4-4feb-8f1f-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:43.000Z",
"modified": "2015-11-03T16:23:43.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = '40878869de3fc5f23e14bc3f76541263']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df8f-4018-452d-b100-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:43.000Z",
"modified": "2015-11-03T16:23:43.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = '95a5f91931723a65dcd4a3937546da34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df8f-2c54-4541-a49e-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:43.000Z",
"modified": "2015-11-03T16:23:43.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = '99d9f156c73bd69d5df1a1fe1b08c544']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df90-45bc-47dd-9364-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:44.000Z",
"modified": "2015-11-03T16:23:44.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = 'a1ad82988af5d5b2c4003c42a81dda17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df90-93a0-4871-8374-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:44.000Z",
"modified": "2015-11-03T16:23:44.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = 'ca4c2009bf7ff17d556cc095a4ce06dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df91-3608-4a03-9d01-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:45.000Z",
"modified": "2015-11-03T16:23:45.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.MD5 = 'f273d1283364625f986050bdf7dec8bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df91-98b0-4b15-86a9-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:45.000Z",
"modified": "2015-11-03T16:23:45.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = 'c029ae20c314d7a0a2618f38ced03bac99e2ff78a85fe8c8f8de8555a8d153ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df91-93a8-4d2a-af41-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:45.000Z",
"modified": "2015-11-03T16:23:45.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = '1da344e5e55bef4307e257edd6f1e14835bdae17538a74afa5fc12c276666112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df92-1368-4c9b-bd1f-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:46.000Z",
"modified": "2015-11-03T16:23:46.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = '9c3e13e93f68970f2844fb8f1f87506f4aa6e87918449e75a63c1126a240c70e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df92-20c4-4191-a4e8-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:46.000Z",
"modified": "2015-11-03T16:23:46.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = '230c2727e26467e16b5cf3ca37ecb8436ee5df41bfc4cd04062396642f9de352']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df93-7658-478d-95d9-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:47.000Z",
"modified": "2015-11-03T16:23:47.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = 'd558bb63ed9f613d51badd8fea7e8ea5921a9e31925cd163ec0412e0d999df58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df93-4590-48e1-a917-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:47.000Z",
"modified": "2015-11-03T16:23:47.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = 'cbb174815739c679f694e16484a65aa087019272f94bcbf086a92817b4e4154b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df93-0438-4b67-b2fc-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:47.000Z",
"modified": "2015-11-03T16:23:47.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = '61f46b86741c95336cdac3f07f42b7df3e84695968534be193e98ea76d1070d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df94-1da8-4926-bc29-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:48.000Z",
"modified": "2015-11-03T16:23:48.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = '1dea57b33a48c79743481371a19e17f68ae768a26abc352f21560308698c786f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638df94-d294-4de6-a07d-0297950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:23:48.000Z",
"modified": "2015-11-03T16:23:48.000Z",
"description": "W32.Brambul",
"pattern": "[file:hashes.SHA256 = '8df658cba8f8cf0e2b85007f57d79286eec6309e7a0955dd48bcd15c583a9650']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:23:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb6-417c-472e-814c-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:22.000Z",
"modified": "2015-11-03T16:24:22.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = 'fd59af723b7a4044ab41f1b2a33350d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb7-4b1c-4625-b8ee-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:23.000Z",
"modified": "2015-11-03T16:24:23.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = '4613f51087f01715bf9132c704aea2c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb7-5644-409e-bc67-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:23.000Z",
"modified": "2015-11-03T16:24:23.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = '074dc6c0fa12cadbc016b8b5b5b7b7c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb8-dddc-4a51-8a58-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:24.000Z",
"modified": "2015-11-03T16:24:24.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = '27a3498690d6e86f45229acd2ebc0510']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb8-ffb8-4754-8800-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:24.000Z",
"modified": "2015-11-03T16:24:24.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = '7a83c6cd46984a84c40d77e9acff28bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb9-3870-4807-bbab-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:25.000Z",
"modified": "2015-11-03T16:24:25.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = '1d8f0e2375f6bc1e045fa2f25cd4f7e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfb9-61d0-443e-8b15-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:25.000Z",
"modified": "2015-11-03T16:24:25.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.MD5 = '304cea78b53d8baaa2748c7b0bce5dd0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfba-874c-4d86-a91b-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:26.000Z",
"modified": "2015-11-03T16:24:26.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = '9a179e1ca07c1f16c4c1c4ee517322d390cbab34b5d123a876b38d08da1face4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfba-0d30-46da-9a8d-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:26.000Z",
"modified": "2015-11-03T16:24:26.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = 'a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfba-9968-4a3b-9406-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:26.000Z",
"modified": "2015-11-03T16:24:26.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = '7650d8c0874aa7d1f2a5a7d255112976e9f38ffad8b7cdda76d0baa8f4729203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfbb-84ac-48c8-b64c-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:27.000Z",
"modified": "2015-11-03T16:24:27.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = '5b10cfb236d56a0f3ddaa5e9463ebf307b1d2e0624b0f1c6ece19213804b6826']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfbb-3668-4445-8c28-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:27.000Z",
"modified": "2015-11-03T16:24:27.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = '0622481f1c1e246289014e9fe3497e69f06ed8b3a327eda86e4442a46790dd2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfbb-33c0-4b31-aac4-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:27.000Z",
"modified": "2015-11-03T16:24:27.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = '4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5638dfbc-5058-406d-b35e-2069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T16:24:28.000Z",
"modified": "2015-11-03T16:24:28.000Z",
"description": "Backdoor.Joanap",
"pattern": "[file:hashes.SHA256 = 'cbf5f579ff16206b17f039c2dc0fa35704ec01ede4ba18ecb1fc2c7b8217e54f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T16:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d0-aed4-4bb9-9c99-418d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:32.000Z",
"modified": "2015-11-03T21:40:32.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: cbf5f579ff16206b17f039c2dc0fa35704ec01ede4ba18ecb1fc2c7b8217e54f",
"pattern": "[file:hashes.SHA1 = '562d81f7cf19d903518cdc184485c03a139554f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d0-6920-4f61-8ec3-4934950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:32.000Z",
"modified": "2015-11-03T21:40:32.000Z",
"first_observed": "2015-11-03T21:40:32Z",
"last_observed": "2015-11-03T21:40:32Z",
"number_observed": 1,
"object_refs": [
"url--563929d0-6920-4f61-8ec3-4934950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d0-6920-4f61-8ec3-4934950d210b",
"value": "https://www.virustotal.com/file/cbf5f579ff16206b17f039c2dc0fa35704ec01ede4ba18ecb1fc2c7b8217e54f/analysis/1445963197/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d1-5504-45a9-9c5b-45a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:33.000Z",
"modified": "2015-11-03T21:40:33.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: 4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e",
"pattern": "[file:hashes.SHA1 = 'ac6860bf7f0278566ef7a78146f874db4fc3a0cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d1-4818-42b7-abc5-4ed4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:33.000Z",
"modified": "2015-11-03T21:40:33.000Z",
"first_observed": "2015-11-03T21:40:33Z",
"last_observed": "2015-11-03T21:40:33Z",
"number_observed": 1,
"object_refs": [
"url--563929d1-4818-42b7-abc5-4ed4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d1-4818-42b7-abc5-4ed4950d210b",
"value": "https://www.virustotal.com/file/4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e/analysis/1446307387/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d1-b8a4-47db-aaee-4a5d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:33.000Z",
"modified": "2015-11-03T21:40:33.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: 0622481f1c1e246289014e9fe3497e69f06ed8b3a327eda86e4442a46790dd2e",
"pattern": "[file:hashes.SHA1 = '091c28f026410ef983c0089228a2f74514da4373']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d2-3314-4468-b8e2-41f3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:34.000Z",
"modified": "2015-11-03T21:40:34.000Z",
"first_observed": "2015-11-03T21:40:34Z",
"last_observed": "2015-11-03T21:40:34Z",
"number_observed": 1,
"object_refs": [
"url--563929d2-3314-4468-b8e2-41f3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d2-3314-4468-b8e2-41f3950d210b",
"value": "https://www.virustotal.com/file/0622481f1c1e246289014e9fe3497e69f06ed8b3a327eda86e4442a46790dd2e/analysis/1445889292/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d2-47b4-4388-8f66-45a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:34.000Z",
"modified": "2015-11-03T21:40:34.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: 5b10cfb236d56a0f3ddaa5e9463ebf307b1d2e0624b0f1c6ece19213804b6826",
"pattern": "[file:hashes.SHA1 = '72e1b04a22eb6f4228c558b5840908fbcfd80d60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d3-dff0-489a-b36a-4437950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:35.000Z",
"modified": "2015-11-03T21:40:35.000Z",
"first_observed": "2015-11-03T21:40:35Z",
"last_observed": "2015-11-03T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--563929d3-dff0-489a-b36a-4437950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d3-dff0-489a-b36a-4437950d210b",
"value": "https://www.virustotal.com/file/5b10cfb236d56a0f3ddaa5e9463ebf307b1d2e0624b0f1c6ece19213804b6826/analysis/1445889291/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d3-361c-46b7-81c6-421b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:35.000Z",
"modified": "2015-11-03T21:40:35.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: 7650d8c0874aa7d1f2a5a7d255112976e9f38ffad8b7cdda76d0baa8f4729203",
"pattern": "[file:hashes.SHA1 = 'bde95f35a5acf34019fdb2f3c72dbe6c8619a84a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d3-40cc-44a0-9775-42d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:35.000Z",
"modified": "2015-11-03T21:40:35.000Z",
"first_observed": "2015-11-03T21:40:35Z",
"last_observed": "2015-11-03T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--563929d3-40cc-44a0-9775-42d0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d3-40cc-44a0-9775-42d0950d210b",
"value": "https://www.virustotal.com/file/7650d8c0874aa7d1f2a5a7d255112976e9f38ffad8b7cdda76d0baa8f4729203/analysis/1382671575/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d4-eecc-4976-a58d-46d8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:36.000Z",
"modified": "2015-11-03T21:40:36.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717",
"pattern": "[file:hashes.SHA1 = '6b1ddf0e63e04146d68cd33b0e18e668b29035c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d4-5614-4868-9200-46e1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:36.000Z",
"modified": "2015-11-03T21:40:36.000Z",
"first_observed": "2015-11-03T21:40:36Z",
"last_observed": "2015-11-03T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--563929d4-5614-4868-9200-46e1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d4-5614-4868-9200-46e1950d210b",
"value": "https://www.virustotal.com/file/a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717/analysis/1432926119/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d5-f344-4264-a152-455f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:37.000Z",
"modified": "2015-11-03T21:40:37.000Z",
"description": "Backdoor.Joanap - Xchecked via VT: 9a179e1ca07c1f16c4c1c4ee517322d390cbab34b5d123a876b38d08da1face4",
"pattern": "[file:hashes.SHA1 = 'f58eed5e4f1d9b9423a7dcc817173ce1b76e6b8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d5-2978-4c8e-bc91-4352950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:37.000Z",
"modified": "2015-11-03T21:40:37.000Z",
"first_observed": "2015-11-03T21:40:37Z",
"last_observed": "2015-11-03T21:40:37Z",
"number_observed": 1,
"object_refs": [
"url--563929d5-2978-4c8e-bc91-4352950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d5-2978-4c8e-bc91-4352950d210b",
"value": "https://www.virustotal.com/file/9a179e1ca07c1f16c4c1c4ee517322d390cbab34b5d123a876b38d08da1face4/analysis/1446104926/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d5-b480-4506-865b-4d11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:37.000Z",
"modified": "2015-11-03T21:40:37.000Z",
"description": "W32.Brambul - Xchecked via VT: 8df658cba8f8cf0e2b85007f57d79286eec6309e7a0955dd48bcd15c583a9650",
"pattern": "[file:hashes.SHA1 = '0e0280a842fe88f586205a419b07d37f1fe97aca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d6-024c-44f7-b4d8-4c3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:38.000Z",
"modified": "2015-11-03T21:40:38.000Z",
"first_observed": "2015-11-03T21:40:38Z",
"last_observed": "2015-11-03T21:40:38Z",
"number_observed": 1,
"object_refs": [
"url--563929d6-024c-44f7-b4d8-4c3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d6-024c-44f7-b4d8-4c3b950d210b",
"value": "https://www.virustotal.com/file/8df658cba8f8cf0e2b85007f57d79286eec6309e7a0955dd48bcd15c583a9650/analysis/1446394059/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d6-107c-4ee1-b044-486e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:38.000Z",
"modified": "2015-11-03T21:40:38.000Z",
"description": "W32.Brambul - Xchecked via VT: 1dea57b33a48c79743481371a19e17f68ae768a26abc352f21560308698c786f",
"pattern": "[file:hashes.SHA1 = '9ef1d38da520e5faf4632db85e5dc194c1603a84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d7-5758-4088-b15e-491e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:39.000Z",
"modified": "2015-11-03T21:40:39.000Z",
"first_observed": "2015-11-03T21:40:39Z",
"last_observed": "2015-11-03T21:40:39Z",
"number_observed": 1,
"object_refs": [
"url--563929d7-5758-4088-b15e-491e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d7-5758-4088-b15e-491e950d210b",
"value": "https://www.virustotal.com/file/1dea57b33a48c79743481371a19e17f68ae768a26abc352f21560308698c786f/analysis/1446446537/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d7-9d10-4b76-b620-493d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:39.000Z",
"modified": "2015-11-03T21:40:39.000Z",
"description": "W32.Brambul - Xchecked via VT: 61f46b86741c95336cdac3f07f42b7df3e84695968534be193e98ea76d1070d1",
"pattern": "[file:hashes.SHA1 = '37619b31e2a905cd42cc22b24d42ef1312d0b388']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d7-2034-47b6-ad52-490d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:39.000Z",
"modified": "2015-11-03T21:40:39.000Z",
"first_observed": "2015-11-03T21:40:39Z",
"last_observed": "2015-11-03T21:40:39Z",
"number_observed": 1,
"object_refs": [
"url--563929d7-2034-47b6-ad52-490d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d7-2034-47b6-ad52-490d950d210b",
"value": "https://www.virustotal.com/file/61f46b86741c95336cdac3f07f42b7df3e84695968534be193e98ea76d1070d1/analysis/1445966609/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d8-b80c-4822-9a79-4bac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:40.000Z",
"modified": "2015-11-03T21:40:40.000Z",
"description": "W32.Brambul - Xchecked via VT: cbb174815739c679f694e16484a65aa087019272f94bcbf086a92817b4e4154b",
"pattern": "[file:hashes.SHA1 = 'b64aa69025713ce541ab2fed892e3a2338cf9605']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d8-1d60-4dfa-85be-4293950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:40.000Z",
"modified": "2015-11-03T21:40:40.000Z",
"first_observed": "2015-11-03T21:40:40Z",
"last_observed": "2015-11-03T21:40:40Z",
"number_observed": 1,
"object_refs": [
"url--563929d8-1d60-4dfa-85be-4293950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d8-1d60-4dfa-85be-4293950d210b",
"value": "https://www.virustotal.com/file/cbb174815739c679f694e16484a65aa087019272f94bcbf086a92817b4e4154b/analysis/1446104890/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d8-f5d4-4ba7-8cec-4ec5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:40.000Z",
"modified": "2015-11-03T21:40:40.000Z",
"description": "W32.Brambul - Xchecked via VT: d558bb63ed9f613d51badd8fea7e8ea5921a9e31925cd163ec0412e0d999df58",
"pattern": "[file:hashes.SHA1 = '22b0a0aa2ec4ae8f0bd7cab2260eedbc7dd48abf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929d9-da64-4f33-8ab7-4156950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:41.000Z",
"modified": "2015-11-03T21:40:41.000Z",
"first_observed": "2015-11-03T21:40:41Z",
"last_observed": "2015-11-03T21:40:41Z",
"number_observed": 1,
"object_refs": [
"url--563929d9-da64-4f33-8ab7-4156950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929d9-da64-4f33-8ab7-4156950d210b",
"value": "https://www.virustotal.com/file/d558bb63ed9f613d51badd8fea7e8ea5921a9e31925cd163ec0412e0d999df58/analysis/1446200025/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929d9-9ed4-43b9-943d-423f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:41.000Z",
"modified": "2015-11-03T21:40:41.000Z",
"description": "W32.Brambul - Xchecked via VT: 230c2727e26467e16b5cf3ca37ecb8436ee5df41bfc4cd04062396642f9de352",
"pattern": "[file:hashes.SHA1 = '3f6166e37b3916f23ab47a11bb0c9d0ce5d62fa0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929da-6fc0-4a7a-8144-4b43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:42.000Z",
"modified": "2015-11-03T21:40:42.000Z",
"first_observed": "2015-11-03T21:40:42Z",
"last_observed": "2015-11-03T21:40:42Z",
"number_observed": 1,
"object_refs": [
"url--563929da-6fc0-4a7a-8144-4b43950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929da-6fc0-4a7a-8144-4b43950d210b",
"value": "https://www.virustotal.com/file/230c2727e26467e16b5cf3ca37ecb8436ee5df41bfc4cd04062396642f9de352/analysis/1445889287/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929da-3220-4ed0-beb0-4833950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:42.000Z",
"modified": "2015-11-03T21:40:42.000Z",
"description": "W32.Brambul - Xchecked via VT: 9c3e13e93f68970f2844fb8f1f87506f4aa6e87918449e75a63c1126a240c70e",
"pattern": "[file:hashes.SHA1 = '7cabfdff38ffc906ad4d19c354d90129a3e90d13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929da-1e14-4abb-8b39-449b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:42.000Z",
"modified": "2015-11-03T21:40:42.000Z",
"first_observed": "2015-11-03T21:40:42Z",
"last_observed": "2015-11-03T21:40:42Z",
"number_observed": 1,
"object_refs": [
"url--563929da-1e14-4abb-8b39-449b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929da-1e14-4abb-8b39-449b950d210b",
"value": "https://www.virustotal.com/file/9c3e13e93f68970f2844fb8f1f87506f4aa6e87918449e75a63c1126a240c70e/analysis/1446387179/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929db-635c-4a19-9c35-4ffe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:43.000Z",
"modified": "2015-11-03T21:40:43.000Z",
"description": "W32.Brambul - Xchecked via VT: 1da344e5e55bef4307e257edd6f1e14835bdae17538a74afa5fc12c276666112",
"pattern": "[file:hashes.SHA1 = 'c135daa9bfa3c58d2ea652b5d9f43028470c1535']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929db-1b1c-4d8b-a6ce-46cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:43.000Z",
"modified": "2015-11-03T21:40:43.000Z",
"first_observed": "2015-11-03T21:40:43Z",
"last_observed": "2015-11-03T21:40:43Z",
"number_observed": 1,
"object_refs": [
"url--563929db-1b1c-4d8b-a6ce-46cc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929db-1b1c-4d8b-a6ce-46cc950d210b",
"value": "https://www.virustotal.com/file/1da344e5e55bef4307e257edd6f1e14835bdae17538a74afa5fc12c276666112/analysis/1446307358/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929dc-e380-450d-b5fa-4461950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:44.000Z",
"modified": "2015-11-03T21:40:44.000Z",
"description": "W32.Brambul - Xchecked via VT: c029ae20c314d7a0a2618f38ced03bac99e2ff78a85fe8c8f8de8555a8d153ab",
"pattern": "[file:hashes.SHA1 = '2f90d95c1fff33332a475e569e3941d8602f9ed6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929dc-cb44-4ab9-a785-4357950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:44.000Z",
"modified": "2015-11-03T21:40:44.000Z",
"first_observed": "2015-11-03T21:40:44Z",
"last_observed": "2015-11-03T21:40:44Z",
"number_observed": 1,
"object_refs": [
"url--563929dc-cb44-4ab9-a785-4357950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929dc-cb44-4ab9-a785-4357950d210b",
"value": "https://www.virustotal.com/file/c029ae20c314d7a0a2618f38ced03bac99e2ff78a85fe8c8f8de8555a8d153ab/analysis/1445994622/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929dc-c544-4b1b-a390-4210950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:44.000Z",
"modified": "2015-11-03T21:40:44.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 4cf3a7e17dc4628725dd34b8e98238ed0a2df2dc83189db98d85a38f73706fa5",
"pattern": "[file:hashes.SHA1 = 'a69eb5dd202d2c28e5fbf800e14015e2dc975dc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929dd-18dc-47c6-b350-41a1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:45.000Z",
"modified": "2015-11-03T21:40:45.000Z",
"first_observed": "2015-11-03T21:40:45Z",
"last_observed": "2015-11-03T21:40:45Z",
"number_observed": 1,
"object_refs": [
"url--563929dd-18dc-47c6-b350-41a1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929dd-18dc-47c6-b350-41a1950d210b",
"value": "https://www.virustotal.com/file/4cf3a7e17dc4628725dd34b8e98238ed0a2df2dc83189db98d85a38f73706fa5/analysis/1446235560/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929dd-5b98-4a65-be9c-45b2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:45.000Z",
"modified": "2015-11-03T21:40:45.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 6b71465e59eb1e266d47efeaecc256a186d3e08f570bffcfd5ac55e635c67c2a",
"pattern": "[file:hashes.SHA1 = '93c7d05fcb406050eca5c47cee273a390e21d3bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929de-9db0-4324-8ed3-4f37950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:46.000Z",
"modified": "2015-11-03T21:40:46.000Z",
"first_observed": "2015-11-03T21:40:46Z",
"last_observed": "2015-11-03T21:40:46Z",
"number_observed": 1,
"object_refs": [
"url--563929de-9db0-4324-8ed3-4f37950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929de-9db0-4324-8ed3-4f37950d210b",
"value": "https://www.virustotal.com/file/6b71465e59eb1e266d47efeaecc256a186d3e08f570bffcfd5ac55e635c67c2a/analysis/1446505448/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929de-96f0-45d8-94d0-4db8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:46.000Z",
"modified": "2015-11-03T21:40:46.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 37f652e2060066a1c2c317195573a334416f5a9b9933cfb1ece55bea8048d80f",
"pattern": "[file:hashes.SHA1 = 'c7bebe4820cd1d6a78577e041e06a3b72f77d087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929de-f784-4593-8f71-412a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:46.000Z",
"modified": "2015-11-03T21:40:46.000Z",
"first_observed": "2015-11-03T21:40:46Z",
"last_observed": "2015-11-03T21:40:46Z",
"number_observed": 1,
"object_refs": [
"url--563929de-f784-4593-8f71-412a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929de-f784-4593-8f71-412a950d210b",
"value": "https://www.virustotal.com/file/37f652e2060066a1c2c317195573a334416f5a9b9933cfb1ece55bea8048d80f/analysis/1446475802/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929df-0144-489a-a39a-43ab950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:47.000Z",
"modified": "2015-11-03T21:40:47.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 66df7660ddae300b1fcf1098b698868dd6f52db5fcf679fc37a396d28613e66b",
"pattern": "[file:hashes.SHA1 = '78956d5a8706edb3246a3c726f7b6373e7380bc8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929df-e01c-4916-b533-4648950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:47.000Z",
"modified": "2015-11-03T21:40:47.000Z",
"first_observed": "2015-11-03T21:40:47Z",
"last_observed": "2015-11-03T21:40:47Z",
"number_observed": 1,
"object_refs": [
"url--563929df-e01c-4916-b533-4648950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929df-e01c-4916-b533-4648950d210b",
"value": "https://www.virustotal.com/file/66df7660ddae300b1fcf1098b698868dd6f52db5fcf679fc37a396d28613e66b/analysis/1446232997/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e0-df88-4759-bffb-466d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:48.000Z",
"modified": "2015-11-03T21:40:48.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 90d8643e7e52f095ed59ed739167421e45958984c4c9186c4a025e2fd2be668b",
"pattern": "[file:hashes.SHA1 = '0e2aefe8c044f67925de4b46755acf92f4f8a6e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e0-f5c4-4344-9059-482c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:48.000Z",
"modified": "2015-11-03T21:40:48.000Z",
"first_observed": "2015-11-03T21:40:48Z",
"last_observed": "2015-11-03T21:40:48Z",
"number_observed": 1,
"object_refs": [
"url--563929e0-f5c4-4344-9059-482c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e0-f5c4-4344-9059-482c950d210b",
"value": "https://www.virustotal.com/file/90d8643e7e52f095ed59ed739167421e45958984c4c9186c4a025e2fd2be668b/analysis/1445915669/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e0-db74-4916-9ee2-4849950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:48.000Z",
"modified": "2015-11-03T21:40:48.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 47181c973a8a69740b710a420ea8f6bf82ce8a613134a8b080b64ce26bb5db93",
"pattern": "[file:hashes.SHA1 = '80a09b2a3ef6831a1c50a6201c70c63880d17679']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e1-fe40-47ed-9a54-424d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:49.000Z",
"modified": "2015-11-03T21:40:49.000Z",
"first_observed": "2015-11-03T21:40:49Z",
"last_observed": "2015-11-03T21:40:49Z",
"number_observed": 1,
"object_refs": [
"url--563929e1-fe40-47ed-9a54-424d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e1-fe40-47ed-9a54-424d950d210b",
"value": "https://www.virustotal.com/file/47181c973a8a69740b710a420ea8f6bf82ce8a613134a8b080b64ce26bb5db93/analysis/1446020034/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e1-e014-4214-89d9-4487950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:49.000Z",
"modified": "2015-11-03T21:40:49.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 5b28c86d7e581e52328942b35ece0d0875585fbb4e29378666d1af5be7f56b46",
"pattern": "[file:hashes.SHA1 = '7519e1bcebf9ede8dfad9751e587f50c24b7b32c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e2-e3e8-487e-9de2-47a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:50.000Z",
"modified": "2015-11-03T21:40:50.000Z",
"first_observed": "2015-11-03T21:40:50Z",
"last_observed": "2015-11-03T21:40:50Z",
"number_observed": 1,
"object_refs": [
"url--563929e2-e3e8-487e-9de2-47a7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e2-e3e8-487e-9de2-47a7950d210b",
"value": "https://www.virustotal.com/file/5b28c86d7e581e52328942b35ece0d0875585fbb4e29378666d1af5be7f56b46/analysis/1446018719/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e2-5cbc-417a-ab48-4f2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:50.000Z",
"modified": "2015-11-03T21:40:50.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 4efeea9eeae3d668897206eeccb1444d542ea537ca5c2787f13dd5dadd0e6aaa",
"pattern": "[file:hashes.SHA1 = 'e18282e8d979e06fec57c3f046ef313ee0ea8644']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e2-18ec-412f-86e2-405b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:50.000Z",
"modified": "2015-11-03T21:40:50.000Z",
"first_observed": "2015-11-03T21:40:50Z",
"last_observed": "2015-11-03T21:40:50Z",
"number_observed": 1,
"object_refs": [
"url--563929e2-18ec-412f-86e2-405b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e2-18ec-412f-86e2-405b950d210b",
"value": "https://www.virustotal.com/file/4efeea9eeae3d668897206eeccb1444d542ea537ca5c2787f13dd5dadd0e6aaa/analysis/1446104878/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e3-9a0c-4ff2-9a16-4117950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:51.000Z",
"modified": "2015-11-03T21:40:51.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: d57d772eefa6086b5c249efff01189cf4869c2b73007af63affc353474eaafcb",
"pattern": "[file:hashes.SHA1 = '9d2b41fdd4fbde219ba9bfed2ab7d3eaebddc099']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e3-dc88-4f54-86b9-4cc7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:51.000Z",
"modified": "2015-11-03T21:40:51.000Z",
"first_observed": "2015-11-03T21:40:51Z",
"last_observed": "2015-11-03T21:40:51Z",
"number_observed": 1,
"object_refs": [
"url--563929e3-dc88-4f54-86b9-4cc7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e3-dc88-4f54-86b9-4cc7950d210b",
"value": "https://www.virustotal.com/file/d57d772eefa6086b5c249efff01189cf4869c2b73007af63affc353474eaafcb/analysis/1445915673/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e3-f038-4ebd-823f-4b44950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:51.000Z",
"modified": "2015-11-03T21:40:51.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 477ca3e7353938f75032d04e232eb2c298f06f95328bca1a34fce1d8c9d12023",
"pattern": "[file:hashes.SHA1 = '4b593297256da05324c42d86be7ace5c46eab9ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e4-3cb4-44d6-b911-453a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:52.000Z",
"modified": "2015-11-03T21:40:52.000Z",
"first_observed": "2015-11-03T21:40:52Z",
"last_observed": "2015-11-03T21:40:52Z",
"number_observed": 1,
"object_refs": [
"url--563929e4-3cb4-44d6-b911-453a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e4-3cb4-44d6-b911-453a950d210b",
"value": "https://www.virustotal.com/file/477ca3e7353938f75032d04e232eb2c298f06f95328bca1a34fce1d8c9d12023/analysis/1445915682/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e4-f4b4-473c-a9c4-44bb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:52.000Z",
"modified": "2015-11-03T21:40:52.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 5a69bce8196b048f8b98f48c8f4950c8b059c43577e35d4af5f26c624140377c",
"pattern": "[file:hashes.SHA1 = '723fd525cc3691585c251145f8076ea3f43fd963']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e5-c378-4ac9-8f6a-4b28950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:53.000Z",
"modified": "2015-11-03T21:40:53.000Z",
"first_observed": "2015-11-03T21:40:53Z",
"last_observed": "2015-11-03T21:40:53Z",
"number_observed": 1,
"object_refs": [
"url--563929e5-c378-4ac9-8f6a-4b28950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e5-c378-4ac9-8f6a-4b28950d210b",
"value": "https://www.virustotal.com/file/5a69bce8196b048f8b98f48c8f4950c8b059c43577e35d4af5f26c624140377c/analysis/1446235329/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e5-1298-47e2-9055-4a86950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:53.000Z",
"modified": "2015-11-03T21:40:53.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: c7024cf43d285ec9671e8dc1eae87281a6ee6f28e92d69d94474efc2521f03ed",
"pattern": "[file:hashes.SHA1 = 'e931ead7b9bdce553f14527e4c6b54d97d27f7d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e5-3044-4380-b47a-41f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:53.000Z",
"modified": "2015-11-03T21:40:53.000Z",
"first_observed": "2015-11-03T21:40:53Z",
"last_observed": "2015-11-03T21:40:53Z",
"number_observed": 1,
"object_refs": [
"url--563929e5-3044-4380-b47a-41f1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e5-3044-4380-b47a-41f1950d210b",
"value": "https://www.virustotal.com/file/c7024cf43d285ec9671e8dc1eae87281a6ee6f28e92d69d94474efc2521f03ed/analysis/1446234437/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e6-0f1c-4b61-9533-4fdc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:54.000Z",
"modified": "2015-11-03T21:40:54.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: a01bd92c02c9ef7c4785d8bf61ecff734e990b255bba8e22d4513f35f370fd14",
"pattern": "[file:hashes.SHA1 = 'a3c943ff5abd486a046cc5934b9b6a923f5d8ce8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e6-50b0-4774-8523-4f7b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:54.000Z",
"modified": "2015-11-03T21:40:54.000Z",
"first_observed": "2015-11-03T21:40:54Z",
"last_observed": "2015-11-03T21:40:54Z",
"number_observed": 1,
"object_refs": [
"url--563929e6-50b0-4774-8523-4f7b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e6-50b0-4774-8523-4f7b950d210b",
"value": "https://www.virustotal.com/file/a01bd92c02c9ef7c4785d8bf61ecff734e990b255bba8e22d4513f35f370fd14/analysis/1445889272/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e7-363c-4dc2-a2c1-4186950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:55.000Z",
"modified": "2015-11-03T21:40:55.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 89b25f9a454240a3f52de9bf6f9a829d2b4af04a7d9e9f4136f920f7e372909b",
"pattern": "[file:hashes.SHA1 = 'e67dc656d664f3b292366195a2be277a472a365e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e7-0fb4-4f34-9ad2-49b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:55.000Z",
"modified": "2015-11-03T21:40:55.000Z",
"first_observed": "2015-11-03T21:40:55Z",
"last_observed": "2015-11-03T21:40:55Z",
"number_observed": 1,
"object_refs": [
"url--563929e7-0fb4-4f34-9ad2-49b5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e7-0fb4-4f34-9ad2-49b5950d210b",
"value": "https://www.virustotal.com/file/89b25f9a454240a3f52de9bf6f9a829d2b4af04a7d9e9f4136f920f7e372909b/analysis/1446482834/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e7-738c-4731-a770-468b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:55.000Z",
"modified": "2015-11-03T21:40:55.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: fd5a7e54cfdd3b3f32b44d8fdd845e62d6b86c0ddb550c544d659588d06ceaee",
"pattern": "[file:hashes.SHA1 = 'b737d645192f9c5d03a14b3ee7f0ed0532735fcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e8-069c-4645-9d41-4482950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:56.000Z",
"modified": "2015-11-03T21:40:56.000Z",
"first_observed": "2015-11-03T21:40:56Z",
"last_observed": "2015-11-03T21:40:56Z",
"number_observed": 1,
"object_refs": [
"url--563929e8-069c-4645-9d41-4482950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e8-069c-4645-9d41-4482950d210b",
"value": "https://www.virustotal.com/file/fd5a7e54cfdd3b3f32b44d8fdd845e62d6b86c0ddb550c544d659588d06ceaee/analysis/1446441784/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e8-b558-4d2b-94c9-4e24950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:56.000Z",
"modified": "2015-11-03T21:40:56.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 3e6be312a28b2633c8849d3e95e487b5",
"pattern": "[file:hashes.SHA256 = 'd589043a6f460855445e35154c5a0ff9dbc8ee9e159ae880e38ca00ea2b9a94f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--563929e9-2b94-4a83-b9df-4264950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:57.000Z",
"modified": "2015-11-03T21:40:57.000Z",
"description": "Backdoor.Duuzer - Xchecked via VT: 3e6be312a28b2633c8849d3e95e487b5",
"pattern": "[file:hashes.SHA1 = '7da4dbff52c260849a19bd91abd0d573640e7dd9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-03T21:40:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--563929e9-3088-439e-9dd3-4ef3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-03T21:40:57.000Z",
"modified": "2015-11-03T21:40:57.000Z",
"first_observed": "2015-11-03T21:40:57Z",
"last_observed": "2015-11-03T21:40:57Z",
"number_observed": 1,
"object_refs": [
"url--563929e9-3088-439e-9dd3-4ef3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--563929e9-3088-439e-9dd3-4ef3950d210b",
"value": "https://www.virustotal.com/file/d589043a6f460855445e35154c5a0ff9dbc8ee9e159ae880e38ca00ea2b9a94f/analysis/1445915696/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink