adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5642582d-78dc-4e92-b42f-6d9d950d210b.json

2120 lines
No EOL
88 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5642582d-78dc-4e92-b42f-6d9d950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:36:47.000Z",
"modified": "2015-11-11T06:36:47.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5642582d-78dc-4e92-b42f-6d9d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:36:47.000Z",
"modified": "2015-11-11T06:36:47.000Z",
"name": "OSINT Bookworm Trojan: A Model of Modular Architecture by Palo Alto Unit 42",
"published": "2015-11-11T06:37:00Z",
"object_refs": [
"observed-data--56425841-0dbc-4bc7-9bb8-6d9d950d210b",
"url--56425841-0dbc-4bc7-9bb8-6d9d950d210b",
"indicator--56425890-6bc4-42f8-8589-606d950d210b",
"indicator--56425891-ca24-437a-a590-606d950d210b",
"indicator--56425891-52e8-4b07-bb8f-606d950d210b",
"indicator--56425892-c1cc-409d-b824-606d950d210b",
"indicator--56425892-d218-49bd-a652-606d950d210b",
"indicator--56425893-28f8-43b4-b8ed-606d950d210b",
"indicator--56425893-1728-4f1a-a6a5-606d950d210b",
"indicator--56425894-1b78-4686-be13-606d950d210b",
"indicator--56425894-f18c-4c7a-a608-606d950d210b",
"indicator--56425894-5d20-4a12-868d-606d950d210b",
"indicator--56425895-1ac8-4007-9445-606d950d210b",
"indicator--56425895-c524-4124-8ed8-606d950d210b",
"indicator--56425896-8664-4a0e-9144-606d950d210b",
"indicator--56425896-47cc-4474-9a75-606d950d210b",
"indicator--56425896-8508-465d-9e55-606d950d210b",
"indicator--56425897-8304-4382-a5ea-606d950d210b",
"indicator--56425897-e9c0-4c8f-b3c0-606d950d210b",
"indicator--56425898-f478-4665-b301-606d950d210b",
"indicator--56425898-e934-4e91-bde0-606d950d210b",
"indicator--56425898-8a9c-420c-a63d-606d950d210b",
"indicator--56425899-ce88-4132-901c-606d950d210b",
"indicator--56425899-baa4-42a6-b198-606d950d210b",
"indicator--5642589a-9400-4502-8379-606d950d210b",
"indicator--5642589a-d010-425e-bf07-606d950d210b",
"indicator--5642589a-50d8-453c-a120-606d950d210b",
"indicator--5642589b-d870-4df1-b86a-606d950d210b",
"indicator--5642589b-99a4-48c3-b954-606d950d210b",
"indicator--5642589c-417c-43ff-b919-606d950d210b",
"indicator--5642589c-fa44-40d3-a416-606d950d210b",
"indicator--5642589c-8cdc-4043-b9ba-606d950d210b",
"indicator--5642589d-9d6c-401b-a50d-606d950d210b",
"indicator--5642589d-096c-4f7e-b788-606d950d210b",
"indicator--5642589e-f7c0-47eb-acdb-606d950d210b",
"indicator--5642589e-c224-4568-ace8-606d950d210b",
"indicator--5642e0b0-e260-47b5-93dd-cf3b950d210b",
"indicator--5642e0b0-5c74-411d-8cb7-cf3b950d210b",
"observed-data--5642e0b1-64d4-4d94-b945-cf3b950d210b",
"url--5642e0b1-64d4-4d94-b945-cf3b950d210b",
"indicator--5642e0b1-f574-4ada-b57f-cf3b950d210b",
"indicator--5642e0b2-c404-400e-95e5-cf3b950d210b",
"observed-data--5642e0b2-c460-4c34-bf43-cf3b950d210b",
"url--5642e0b2-c460-4c34-bf43-cf3b950d210b",
"indicator--5642e0b2-1b64-4bfe-9838-cf3b950d210b",
"indicator--5642e0b3-358c-4a4f-89f0-cf3b950d210b",
"observed-data--5642e0b3-6d30-40c5-97e3-cf3b950d210b",
"url--5642e0b3-6d30-40c5-97e3-cf3b950d210b",
"indicator--5642e0b4-0194-4516-a2e8-cf3b950d210b",
"indicator--5642e0b4-45d8-43b3-9437-cf3b950d210b",
"observed-data--5642e0b4-2434-4938-9a58-cf3b950d210b",
"url--5642e0b4-2434-4938-9a58-cf3b950d210b",
"indicator--5642e0b5-c668-4109-95d7-cf3b950d210b",
"indicator--5642e0b5-0a40-4018-bd35-cf3b950d210b",
"observed-data--5642e0b6-7570-4293-b82b-cf3b950d210b",
"url--5642e0b6-7570-4293-b82b-cf3b950d210b",
"indicator--5642e0b6-d7b4-4262-b343-cf3b950d210b",
"indicator--5642e0b6-7b68-431d-922a-cf3b950d210b",
"observed-data--5642e0b7-4ef4-4a70-825f-cf3b950d210b",
"url--5642e0b7-4ef4-4a70-825f-cf3b950d210b",
"indicator--5642e0b7-8e10-4fbe-9383-cf3b950d210b",
"indicator--5642e0b8-0104-4b7b-8000-cf3b950d210b",
"observed-data--5642e0b8-b6a0-43b1-82f8-cf3b950d210b",
"url--5642e0b8-b6a0-43b1-82f8-cf3b950d210b",
"indicator--5642e0b8-9a84-4225-8595-cf3b950d210b",
"indicator--5642e0b9-3258-4d3f-bf85-cf3b950d210b",
"observed-data--5642e0b9-55e4-440c-a7f0-cf3b950d210b",
"url--5642e0b9-55e4-440c-a7f0-cf3b950d210b",
"indicator--5642e0ba-52d8-428e-94bd-cf3b950d210b",
"indicator--5642e0ba-4018-480f-a451-cf3b950d210b",
"observed-data--5642e0ba-a664-4cdd-88ee-cf3b950d210b",
"url--5642e0ba-a664-4cdd-88ee-cf3b950d210b",
"indicator--5642e0bb-6d9c-46c0-99a1-cf3b950d210b",
"indicator--5642e0bb-3fa0-4e26-8593-cf3b950d210b",
"observed-data--5642e0bc-d580-4ae1-a7e1-cf3b950d210b",
"url--5642e0bc-d580-4ae1-a7e1-cf3b950d210b",
"indicator--5642e0bc-b8d0-4dca-9fcb-cf3b950d210b",
"indicator--5642e0bc-289c-4a58-a9c1-cf3b950d210b",
"observed-data--5642e0bd-3d48-4b93-a322-cf3b950d210b",
"url--5642e0bd-3d48-4b93-a322-cf3b950d210b",
"indicator--5642e0bd-06b8-4594-b6fd-cf3b950d210b",
"indicator--5642e0be-8460-46a9-8503-cf3b950d210b",
"observed-data--5642e0be-7718-4d56-880c-cf3b950d210b",
"url--5642e0be-7718-4d56-880c-cf3b950d210b",
"indicator--5642e0be-7f4c-4836-9096-cf3b950d210b",
"indicator--5642e0bf-6a88-48e1-885f-cf3b950d210b",
"observed-data--5642e0bf-2d84-47bf-875f-cf3b950d210b",
"url--5642e0bf-2d84-47bf-875f-cf3b950d210b",
"indicator--5642e0c0-ada8-457f-b058-cf3b950d210b",
"indicator--5642e0c0-8274-4588-b098-cf3b950d210b",
"observed-data--5642e0c0-e790-4e70-ba95-cf3b950d210b",
"url--5642e0c0-e790-4e70-ba95-cf3b950d210b",
"indicator--5642e0c1-d174-4ffe-bb82-cf3b950d210b",
"indicator--5642e0c1-e6f8-4658-be72-cf3b950d210b",
"observed-data--5642e0c2-5228-470c-ad18-cf3b950d210b",
"url--5642e0c2-5228-470c-ad18-cf3b950d210b",
"indicator--5642e0c2-1764-40e4-b33a-cf3b950d210b",
"indicator--5642e0c2-f640-4dd8-80b3-cf3b950d210b",
"observed-data--5642e0c3-3ba4-4d18-b464-cf3b950d210b",
"url--5642e0c3-3ba4-4d18-b464-cf3b950d210b",
"x-misp-attribute--5642e1ff-38a8-4008-9817-a5c4950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56425841-0dbc-4bc7-9bb8-6d9d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:49:05.000Z",
"modified": "2015-11-10T20:49:05.000Z",
"first_observed": "2015-11-10T20:49:05Z",
"last_observed": "2015-11-10T20:49:05Z",
"number_observed": 1,
"object_refs": [
"url--56425841-0dbc-4bc7-9bb8-6d9d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56425841-0dbc-4bc7-9bb8-6d9d950d210b",
"value": "http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-modular-architecture/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425890-6bc4-42f8-8589-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:24.000Z",
"modified": "2015-11-10T20:50:24.000Z",
"pattern": "[domain-name:value = 'bkmail.blogdns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425891-ca24-437a-a590-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:25.000Z",
"modified": "2015-11-10T20:50:25.000Z",
"pattern": "[domain-name:value = 'debain.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425891-52e8-4b07-bb8f-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:25.000Z",
"modified": "2015-11-10T20:50:25.000Z",
"pattern": "[domain-name:value = 'linuxdns.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425892-c1cc-409d-b824-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:26.000Z",
"modified": "2015-11-10T20:50:26.000Z",
"pattern": "[domain-name:value = 'news.nhknews.hk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425892-d218-49bd-a652-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:26.000Z",
"modified": "2015-11-10T20:50:26.000Z",
"pattern": "[domain-name:value = 'sswmail.gotdns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425893-28f8-43b4-b8ed-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:27.000Z",
"modified": "2015-11-10T20:50:27.000Z",
"pattern": "[domain-name:value = 'sswwmail.gotdns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425893-1728-4f1a-a6a5-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:27.000Z",
"modified": "2015-11-10T20:50:27.000Z",
"pattern": "[domain-name:value = 'sysnc.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425894-1b78-4686-be13-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:28.000Z",
"modified": "2015-11-10T20:50:28.000Z",
"pattern": "[domain-name:value = 'systeminfothai.gotdns.ch']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425894-f18c-4c7a-a608-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:28.000Z",
"modified": "2015-11-10T20:50:28.000Z",
"pattern": "[domain-name:value = 'thailandbbs.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425894-5d20-4a12-868d-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:28.000Z",
"modified": "2015-11-10T20:50:28.000Z",
"pattern": "[domain-name:value = 'ubuntudns.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425895-1ac8-4007-9445-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:29.000Z",
"modified": "2015-11-10T20:50:29.000Z",
"pattern": "[domain-name:value = 'web12.nhkews.hk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425895-c524-4124-8ed8-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:29.000Z",
"modified": "2015-11-10T20:50:29.000Z",
"pattern": "[file:hashes.MD5 = '0f41c853a2d522e326f2c30b4b951b04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425896-8664-4a0e-9144-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:30.000Z",
"modified": "2015-11-10T20:50:30.000Z",
"pattern": "[file:hashes.MD5 = '8ae2468d3f208d07fb47ebb1e0e297d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425896-47cc-4474-9a75-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:30.000Z",
"modified": "2015-11-10T20:50:30.000Z",
"pattern": "[file:hashes.MD5 = '35755a6839f3c54e602d777cd11ef557']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425896-8508-465d-9e55-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:30.000Z",
"modified": "2015-11-10T20:50:30.000Z",
"pattern": "[file:hashes.MD5 = '87d71401e2b8978c2084eb9a1d59c172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425897-8304-4382-a5ea-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:31.000Z",
"modified": "2015-11-10T20:50:31.000Z",
"pattern": "[file:hashes.MD5 = '599b6e05a38329081b80a461b57cec37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425897-e9c0-4c8f-b3c0-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:31.000Z",
"modified": "2015-11-10T20:50:31.000Z",
"pattern": "[file:hashes.MD5 = 'ba1aea40182861e1d1de8c0c2ae78cb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425898-f478-4665-b301-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:32.000Z",
"modified": "2015-11-10T20:50:32.000Z",
"pattern": "[file:hashes.MD5 = 'de1595a7585219967a87a909f38acaa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425898-e934-4e91-bde0-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:32.000Z",
"modified": "2015-11-10T20:50:32.000Z",
"pattern": "[file:hashes.MD5 = 'f8c8c6683d6ca880293f7c1a78d7f8ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425898-8a9c-420c-a63d-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:32.000Z",
"modified": "2015-11-10T20:50:32.000Z",
"pattern": "[file:hashes.MD5 = '0b4ad1bd093e0a2eb8968e308e900180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425899-ce88-4132-901c-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:33.000Z",
"modified": "2015-11-10T20:50:33.000Z",
"pattern": "[file:hashes.MD5 = 'cba74e507e9741740d251b1fb34a1874']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56425899-baa4-42a6-b198-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:33.000Z",
"modified": "2015-11-10T20:50:33.000Z",
"pattern": "[file:hashes.MD5 = 'fcd68032c39cca3385c539ea38914735']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589a-9400-4502-8379-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:34.000Z",
"modified": "2015-11-10T20:50:34.000Z",
"pattern": "[file:hashes.MD5 = '3e69c34298a8fd5169259a2fef506d63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589a-d010-425e-bf07-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:34.000Z",
"modified": "2015-11-10T20:50:34.000Z",
"pattern": "[file:hashes.MD5 = '04d63e2a3da0a171e5c15d8e904387b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589a-50d8-453c-a120-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:34.000Z",
"modified": "2015-11-10T20:50:34.000Z",
"pattern": "[file:hashes.MD5 = '0d57d2bef1296be62a3e791bfad33bcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589b-d870-4df1-b86a-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:35.000Z",
"modified": "2015-11-10T20:50:35.000Z",
"pattern": "[file:hashes.MD5 = '4389fc820d0edd96bac26fa0b7448aee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589b-99a4-48c3-b954-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:35.000Z",
"modified": "2015-11-10T20:50:35.000Z",
"pattern": "[file:hashes.MD5 = '74c293acdda0d2c3b5087763dae27ec6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589c-417c-43ff-b919-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:36.000Z",
"modified": "2015-11-10T20:50:36.000Z",
"pattern": "[file:hashes.MD5 = 'b030c619bb24804cbcc05065530fcf2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589c-fa44-40d3-a416-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:36.000Z",
"modified": "2015-11-10T20:50:36.000Z",
"pattern": "[file:hashes.MD5 = '29df124f370752a87b3426dcad539ec6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589c-8cdc-4043-b9ba-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:36.000Z",
"modified": "2015-11-10T20:50:36.000Z",
"pattern": "[file:hashes.MD5 = '9df45e8d8619e234d0449daf2f617ba3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589d-9d6c-401b-a50d-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:37.000Z",
"modified": "2015-11-10T20:50:37.000Z",
"pattern": "[file:hashes.MD5 = '40f1b160b88ff98934017f3f1e7879a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589d-096c-4f7e-b788-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:37.000Z",
"modified": "2015-11-10T20:50:37.000Z",
"pattern": "[file:hashes.MD5 = '210816c8bde338bf206f13bb923327a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589e-f7c0-47eb-acdb-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:38.000Z",
"modified": "2015-11-10T20:50:38.000Z",
"pattern": "[file:hashes.MD5 = '187cdb58fbc30046a35793818229c573']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642589e-c224-4568-ace8-606d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T20:50:38.000Z",
"modified": "2015-11-10T20:50:38.000Z",
"pattern": "[file:hashes.MD5 = '499ccc8d6d7c08e135a91928ccc2fd7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T20:50:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b0-e260-47b5-93dd-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:12.000Z",
"modified": "2015-11-11T06:31:12.000Z",
"description": "- Xchecked via VT: 499ccc8d6d7c08e135a91928ccc2fd7a",
"pattern": "[file:hashes.SHA256 = '1fa5d83a5766556cf2ff16ad279e73cb40584746bd388e0a4e818a2cc06613d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b0-5c74-411d-8cb7-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:12.000Z",
"modified": "2015-11-11T06:31:12.000Z",
"description": "- Xchecked via VT: 499ccc8d6d7c08e135a91928ccc2fd7a",
"pattern": "[file:hashes.SHA1 = '78b2b70ad8e49cd2e8518501a29d1af1e714a16f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b1-64d4-4d94-b945-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:13.000Z",
"modified": "2015-11-11T06:31:13.000Z",
"first_observed": "2015-11-11T06:31:13Z",
"last_observed": "2015-11-11T06:31:13Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b1-64d4-4d94-b945-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b1-64d4-4d94-b945-cf3b950d210b",
"value": "https://www.virustotal.com/file/1fa5d83a5766556cf2ff16ad279e73cb40584746bd388e0a4e818a2cc06613d3/analysis/1426027731/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b1-f574-4ada-b57f-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:13.000Z",
"modified": "2015-11-11T06:31:13.000Z",
"description": "- Xchecked via VT: 40f1b160b88ff98934017f3f1e7879a5",
"pattern": "[file:hashes.SHA256 = '80bfe4c4758a93e315da8bbcbfbc48cd8f280b871e1bcf1cf6a126454895e05a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b2-c404-400e-95e5-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:14.000Z",
"modified": "2015-11-11T06:31:14.000Z",
"description": "- Xchecked via VT: 40f1b160b88ff98934017f3f1e7879a5",
"pattern": "[file:hashes.SHA1 = '468e2a5779e415ec2df359b410d208d32a279604']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b2-c460-4c34-bf43-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:14.000Z",
"modified": "2015-11-11T06:31:14.000Z",
"first_observed": "2015-11-11T06:31:14Z",
"last_observed": "2015-11-11T06:31:14Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b2-c460-4c34-bf43-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b2-c460-4c34-bf43-cf3b950d210b",
"value": "https://www.virustotal.com/file/80bfe4c4758a93e315da8bbcbfbc48cd8f280b871e1bcf1cf6a126454895e05a/analysis/1445861223/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b2-1b64-4bfe-9838-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:14.000Z",
"modified": "2015-11-11T06:31:14.000Z",
"description": "- Xchecked via VT: 29df124f370752a87b3426dcad539ec6",
"pattern": "[file:hashes.SHA256 = '9044fe4924a76e409a292cc1bd041f3a16aa70acd656e14d904b98dc82cc82ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b3-358c-4a4f-89f0-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:15.000Z",
"modified": "2015-11-11T06:31:15.000Z",
"description": "- Xchecked via VT: 29df124f370752a87b3426dcad539ec6",
"pattern": "[file:hashes.SHA1 = '0bcbd480ace28d852a84ecdb36655a2aaabddc9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b3-6d30-40c5-97e3-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:15.000Z",
"modified": "2015-11-11T06:31:15.000Z",
"first_observed": "2015-11-11T06:31:15Z",
"last_observed": "2015-11-11T06:31:15Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b3-6d30-40c5-97e3-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b3-6d30-40c5-97e3-cf3b950d210b",
"value": "https://www.virustotal.com/file/9044fe4924a76e409a292cc1bd041f3a16aa70acd656e14d904b98dc82cc82ab/analysis/1446196462/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b4-0194-4516-a2e8-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:16.000Z",
"modified": "2015-11-11T06:31:16.000Z",
"description": "- Xchecked via VT: b030c619bb24804cbcc05065530fcf2e",
"pattern": "[file:hashes.SHA256 = 'c28fd4336214e8836f8eea548d523c1c5ca3df53c9c30b8d720e6d00dc632323']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b4-45d8-43b3-9437-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:16.000Z",
"modified": "2015-11-11T06:31:16.000Z",
"description": "- Xchecked via VT: b030c619bb24804cbcc05065530fcf2e",
"pattern": "[file:hashes.SHA1 = '07c49d6dbb411b871943ef857be55310a5a4d22e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b4-2434-4938-9a58-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:16.000Z",
"modified": "2015-11-11T06:31:16.000Z",
"first_observed": "2015-11-11T06:31:16Z",
"last_observed": "2015-11-11T06:31:16Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b4-2434-4938-9a58-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b4-2434-4938-9a58-cf3b950d210b",
"value": "https://www.virustotal.com/file/c28fd4336214e8836f8eea548d523c1c5ca3df53c9c30b8d720e6d00dc632323/analysis/1444222895/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b5-c668-4109-95d7-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:17.000Z",
"modified": "2015-11-11T06:31:17.000Z",
"description": "- Xchecked via VT: 74c293acdda0d2c3b5087763dae27ec6",
"pattern": "[file:hashes.SHA256 = 'e2dce038ea6a354da4d34d579a02f14c67ceba6a1b4acea59d12101aa1c5585d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b5-0a40-4018-bd35-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:17.000Z",
"modified": "2015-11-11T06:31:17.000Z",
"description": "- Xchecked via VT: 74c293acdda0d2c3b5087763dae27ec6",
"pattern": "[file:hashes.SHA1 = '1afd72a119a7261179b2f58d1e9ccec7abdd4353']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b6-7570-4293-b82b-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:18.000Z",
"modified": "2015-11-11T06:31:18.000Z",
"first_observed": "2015-11-11T06:31:18Z",
"last_observed": "2015-11-11T06:31:18Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b6-7570-4293-b82b-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b6-7570-4293-b82b-cf3b950d210b",
"value": "https://www.virustotal.com/file/e2dce038ea6a354da4d34d579a02f14c67ceba6a1b4acea59d12101aa1c5585d/analysis/1442205914/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b6-d7b4-4262-b343-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:18.000Z",
"modified": "2015-11-11T06:31:18.000Z",
"description": "- Xchecked via VT: 0d57d2bef1296be62a3e791bfad33bcd",
"pattern": "[file:hashes.SHA256 = 'c9434a3b15609527d6a986d747aa13a90786d1e86fddd864cbfbaf2f01bfe1fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b6-7b68-431d-922a-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:18.000Z",
"modified": "2015-11-11T06:31:18.000Z",
"description": "- Xchecked via VT: 0d57d2bef1296be62a3e791bfad33bcd",
"pattern": "[file:hashes.SHA1 = '084abcb69b8a1db256b363746ce6ef6f7cd547d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b7-4ef4-4a70-825f-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:19.000Z",
"modified": "2015-11-11T06:31:19.000Z",
"first_observed": "2015-11-11T06:31:19Z",
"last_observed": "2015-11-11T06:31:19Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b7-4ef4-4a70-825f-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b7-4ef4-4a70-825f-cf3b950d210b",
"value": "https://www.virustotal.com/file/c9434a3b15609527d6a986d747aa13a90786d1e86fddd864cbfbaf2f01bfe1fb/analysis/1445869975/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b7-8e10-4fbe-9383-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:19.000Z",
"modified": "2015-11-11T06:31:19.000Z",
"description": "- Xchecked via VT: 3e69c34298a8fd5169259a2fef506d63",
"pattern": "[file:hashes.SHA256 = '1b0355f699196bc33b3791150fd9b3b58c1208cc18b5b89f5918df8cf026ffb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b8-0104-4b7b-8000-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:20.000Z",
"modified": "2015-11-11T06:31:20.000Z",
"description": "- Xchecked via VT: 3e69c34298a8fd5169259a2fef506d63",
"pattern": "[file:hashes.SHA1 = '0ed5dfd91654c715c806595b39b4060af649aafd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b8-b6a0-43b1-82f8-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:20.000Z",
"modified": "2015-11-11T06:31:20.000Z",
"first_observed": "2015-11-11T06:31:20Z",
"last_observed": "2015-11-11T06:31:20Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b8-b6a0-43b1-82f8-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b8-b6a0-43b1-82f8-cf3b950d210b",
"value": "https://www.virustotal.com/file/1b0355f699196bc33b3791150fd9b3b58c1208cc18b5b89f5918df8cf026ffb7/analysis/1446805687/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b8-9a84-4225-8595-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:20.000Z",
"modified": "2015-11-11T06:31:20.000Z",
"description": "- Xchecked via VT: fcd68032c39cca3385c539ea38914735",
"pattern": "[file:hashes.SHA256 = '613d0c5951aa8473982edd766d2e01f542be1280ebaef634c079441686b27978']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0b9-3258-4d3f-bf85-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:21.000Z",
"modified": "2015-11-11T06:31:21.000Z",
"description": "- Xchecked via VT: fcd68032c39cca3385c539ea38914735",
"pattern": "[file:hashes.SHA1 = 'bb273ce38e24b1fd092a90f785497f5f2d28886f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0b9-55e4-440c-a7f0-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:21.000Z",
"modified": "2015-11-11T06:31:21.000Z",
"first_observed": "2015-11-11T06:31:21Z",
"last_observed": "2015-11-11T06:31:21Z",
"number_observed": 1,
"object_refs": [
"url--5642e0b9-55e4-440c-a7f0-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0b9-55e4-440c-a7f0-cf3b950d210b",
"value": "https://www.virustotal.com/file/613d0c5951aa8473982edd766d2e01f542be1280ebaef634c079441686b27978/analysis/1441600914/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0ba-52d8-428e-94bd-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:22.000Z",
"modified": "2015-11-11T06:31:22.000Z",
"description": "- Xchecked via VT: cba74e507e9741740d251b1fb34a1874",
"pattern": "[file:hashes.SHA256 = '755a4b2ec15da6bb01248b2dfbad206c340ba937eae9c35f04f6cedfe5e99d63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0ba-4018-480f-a451-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:22.000Z",
"modified": "2015-11-11T06:31:22.000Z",
"description": "- Xchecked via VT: cba74e507e9741740d251b1fb34a1874",
"pattern": "[file:hashes.SHA1 = '56ee57de81ecea6a2c83d5430238fa98a041e8eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0ba-a664-4cdd-88ee-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:22.000Z",
"modified": "2015-11-11T06:31:22.000Z",
"first_observed": "2015-11-11T06:31:22Z",
"last_observed": "2015-11-11T06:31:22Z",
"number_observed": 1,
"object_refs": [
"url--5642e0ba-a664-4cdd-88ee-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0ba-a664-4cdd-88ee-cf3b950d210b",
"value": "https://www.virustotal.com/file/755a4b2ec15da6bb01248b2dfbad206c340ba937eae9c35f04f6cedfe5e99d63/analysis/1441858084/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0bb-6d9c-46c0-99a1-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:23.000Z",
"modified": "2015-11-11T06:31:23.000Z",
"description": "- Xchecked via VT: de1595a7585219967a87a909f38acaa2",
"pattern": "[file:hashes.SHA256 = 'e96b37592d42800a5a46e3bb3bc9ceb6dbaaaf5448f84cf69098815f8c233566']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0bb-3fa0-4e26-8593-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:23.000Z",
"modified": "2015-11-11T06:31:23.000Z",
"description": "- Xchecked via VT: de1595a7585219967a87a909f38acaa2",
"pattern": "[file:hashes.SHA1 = 'bad66e5bbf8775c0f5683428f93a64eb84c75772']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0bc-d580-4ae1-a7e1-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:24.000Z",
"modified": "2015-11-11T06:31:24.000Z",
"first_observed": "2015-11-11T06:31:24Z",
"last_observed": "2015-11-11T06:31:24Z",
"number_observed": 1,
"object_refs": [
"url--5642e0bc-d580-4ae1-a7e1-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0bc-d580-4ae1-a7e1-cf3b950d210b",
"value": "https://www.virustotal.com/file/e96b37592d42800a5a46e3bb3bc9ceb6dbaaaf5448f84cf69098815f8c233566/analysis/1441609817/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0bc-b8d0-4dca-9fcb-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:24.000Z",
"modified": "2015-11-11T06:31:24.000Z",
"description": "- Xchecked via VT: ba1aea40182861e1d1de8c0c2ae78cb7",
"pattern": "[file:hashes.SHA256 = 'ca7cd0d3b5582ac4257c8ed31799d4fd577cdff1bf7ff018946b6284c0bbd617']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0bc-289c-4a58-a9c1-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:24.000Z",
"modified": "2015-11-11T06:31:24.000Z",
"description": "- Xchecked via VT: ba1aea40182861e1d1de8c0c2ae78cb7",
"pattern": "[file:hashes.SHA1 = 'f3fda6f46c7316381a65ccc26e94cb0ac448ec46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0bd-3d48-4b93-a322-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:25.000Z",
"modified": "2015-11-11T06:31:25.000Z",
"first_observed": "2015-11-11T06:31:25Z",
"last_observed": "2015-11-11T06:31:25Z",
"number_observed": 1,
"object_refs": [
"url--5642e0bd-3d48-4b93-a322-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0bd-3d48-4b93-a322-cf3b950d210b",
"value": "https://www.virustotal.com/file/ca7cd0d3b5582ac4257c8ed31799d4fd577cdff1bf7ff018946b6284c0bbd617/analysis/1442660730/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0bd-06b8-4594-b6fd-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:25.000Z",
"modified": "2015-11-11T06:31:25.000Z",
"description": "- Xchecked via VT: 599b6e05a38329081b80a461b57cec37",
"pattern": "[file:hashes.SHA256 = 'e52b87d95794977261728f9a25c3f59df86a3a7246f7607fbb1fbf9a0e85631d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0be-8460-46a9-8503-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:26.000Z",
"modified": "2015-11-11T06:31:26.000Z",
"description": "- Xchecked via VT: 599b6e05a38329081b80a461b57cec37",
"pattern": "[file:hashes.SHA1 = '2c4d72f47165bfd207d6c52f1bf5ab4fd1c27513']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0be-7718-4d56-880c-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:26.000Z",
"modified": "2015-11-11T06:31:26.000Z",
"first_observed": "2015-11-11T06:31:26Z",
"last_observed": "2015-11-11T06:31:26Z",
"number_observed": 1,
"object_refs": [
"url--5642e0be-7718-4d56-880c-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0be-7718-4d56-880c-cf3b950d210b",
"value": "https://www.virustotal.com/file/e52b87d95794977261728f9a25c3f59df86a3a7246f7607fbb1fbf9a0e85631d/analysis/1442604140/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0be-7f4c-4836-9096-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:26.000Z",
"modified": "2015-11-11T06:31:26.000Z",
"description": "- Xchecked via VT: 87d71401e2b8978c2084eb9a1d59c172",
"pattern": "[file:hashes.SHA256 = 'a7bfa55f4e228edf7add4879728be2640cce5f6cfda9dcaa574d53f4c9bfbcef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0bf-6a88-48e1-885f-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:27.000Z",
"modified": "2015-11-11T06:31:27.000Z",
"description": "- Xchecked via VT: 87d71401e2b8978c2084eb9a1d59c172",
"pattern": "[file:hashes.SHA1 = '30308413fa56398d096ae41f6fa323940ef279cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0bf-2d84-47bf-875f-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:27.000Z",
"modified": "2015-11-11T06:31:27.000Z",
"first_observed": "2015-11-11T06:31:27Z",
"last_observed": "2015-11-11T06:31:27Z",
"number_observed": 1,
"object_refs": [
"url--5642e0bf-2d84-47bf-875f-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0bf-2d84-47bf-875f-cf3b950d210b",
"value": "https://www.virustotal.com/file/a7bfa55f4e228edf7add4879728be2640cce5f6cfda9dcaa574d53f4c9bfbcef/analysis/1441776206/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0c0-ada8-457f-b058-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:28.000Z",
"modified": "2015-11-11T06:31:28.000Z",
"description": "- Xchecked via VT: 35755a6839f3c54e602d777cd11ef557",
"pattern": "[file:hashes.SHA256 = 'ac5742bf871c7cabf9415721d88f38834d6f73bb926479b338861ab398090f81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0c0-8274-4588-b098-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:28.000Z",
"modified": "2015-11-11T06:31:28.000Z",
"description": "- Xchecked via VT: 35755a6839f3c54e602d777cd11ef557",
"pattern": "[file:hashes.SHA1 = '8d3de4210bc0dd68df7d9a47fa6081043b268852']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0c0-e790-4e70-ba95-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:28.000Z",
"modified": "2015-11-11T06:31:28.000Z",
"first_observed": "2015-11-11T06:31:28Z",
"last_observed": "2015-11-11T06:31:28Z",
"number_observed": 1,
"object_refs": [
"url--5642e0c0-e790-4e70-ba95-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0c0-e790-4e70-ba95-cf3b950d210b",
"value": "https://www.virustotal.com/file/ac5742bf871c7cabf9415721d88f38834d6f73bb926479b338861ab398090f81/analysis/1444808057/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0c1-d174-4ffe-bb82-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:29.000Z",
"modified": "2015-11-11T06:31:29.000Z",
"description": "- Xchecked via VT: 8ae2468d3f208d07fb47ebb1e0e297d7",
"pattern": "[file:hashes.SHA256 = '2e3a2cea18bb9cd7a65df2a9c972ee1d4553acd67925b5d42aff24d5a61adae3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0c1-e6f8-4658-be72-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:29.000Z",
"modified": "2015-11-11T06:31:29.000Z",
"description": "- Xchecked via VT: 8ae2468d3f208d07fb47ebb1e0e297d7",
"pattern": "[file:hashes.SHA1 = '4e1ae6a67262c263f2b73226e8156b372af946c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0c2-5228-470c-ad18-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:30.000Z",
"modified": "2015-11-11T06:31:30.000Z",
"first_observed": "2015-11-11T06:31:30Z",
"last_observed": "2015-11-11T06:31:30Z",
"number_observed": 1,
"object_refs": [
"url--5642e0c2-5228-470c-ad18-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0c2-5228-470c-ad18-cf3b950d210b",
"value": "https://www.virustotal.com/file/2e3a2cea18bb9cd7a65df2a9c972ee1d4553acd67925b5d42aff24d5a61adae3/analysis/1444376908/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0c2-1764-40e4-b33a-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:30.000Z",
"modified": "2015-11-11T06:31:30.000Z",
"description": "- Xchecked via VT: 0f41c853a2d522e326f2c30b4b951b04",
"pattern": "[file:hashes.SHA256 = '2b02460613d888536b83ec9e658e33e98cb8d8d89eb811cf5528fed78cebd062']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e0c2-f640-4dd8-80b3-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:30.000Z",
"modified": "2015-11-11T06:31:30.000Z",
"description": "- Xchecked via VT: 0f41c853a2d522e326f2c30b4b951b04",
"pattern": "[file:hashes.SHA1 = '34e1450acc35a3d18c5dcd2e27331fff67e873fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:31:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e0c3-3ba4-4d18-b464-cf3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:31:31.000Z",
"modified": "2015-11-11T06:31:31.000Z",
"first_observed": "2015-11-11T06:31:31Z",
"last_observed": "2015-11-11T06:31:31Z",
"number_observed": 1,
"object_refs": [
"url--5642e0c3-3ba4-4d18-b464-cf3b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e0c3-3ba4-4d18-b464-cf3b950d210b",
"value": "https://www.virustotal.com/file/2b02460613d888536b83ec9e658e33e98cb8d8d89eb811cf5528fed78cebd062/analysis/1444641135/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5642e1ff-38a8-4008-9817-a5c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:36:47.000Z",
"modified": "2015-11-11T06:36:47.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have dubbed Bookworm and track in Autofocus using the tag Bookworm.\r\n\r\nBookworm\u00e2\u20ac\u2122s functional code is radically different from PlugX and has a rather unique modular architecture that warranted additional analysis by Unit 42. Bookworm has little malicious functionality built-in, with its only core ability involving stealing keystrokes and clipboard contents. However, Bookworm expands on its capabilities through its ability to load additional modules directly from its command and control (C2) server. This blog will provide an analysis of the Bookworm Trojan and known indicators of compromise. A later blog will explore the associated attack campaigns and attributions surrounding Bookworm."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink