19476 lines
No EOL
818 KiB
JSON
19476 lines
No EOL
818 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--573cbe55-a890-42e3-8ce9-436802de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:32.000Z",
|
|
"modified": "2016-05-18T19:26:32.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--573cbe55-a890-42e3-8ce9-436802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:32.000Z",
|
|
"modified": "2016-05-18T19:26:32.000Z",
|
|
"name": "OSINT - Operation Groundbait: Espionage in Ukrainian war zones",
|
|
"published": "2016-05-18T19:29:02Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--573cbe81-a76c-4f95-b500-2a9d02de0b81",
|
|
"observed-data--573cbe90-f7e8-4704-897d-2aa102de0b81",
|
|
"url--573cbe90-f7e8-4704-897d-2aa102de0b81",
|
|
"x-misp-attribute--573cbea5-5f5c-47ca-84f3-4b5302de0b81",
|
|
"x-misp-attribute--573cbea5-1220-4f7d-9943-448202de0b81",
|
|
"x-misp-attribute--573cbea5-2f58-4339-801a-43d302de0b81",
|
|
"x-misp-attribute--573cbea5-5ccc-4263-9e27-4c1302de0b81",
|
|
"x-misp-attribute--573cbea5-0e24-47a6-9d5a-4fc802de0b81",
|
|
"x-misp-attribute--573cbea6-b4f8-40e1-b590-4b4b02de0b81",
|
|
"x-misp-attribute--573cbea6-136c-4fb7-a6d9-41be02de0b81",
|
|
"x-misp-attribute--573cbea6-f7f8-4511-b1ec-425302de0b81",
|
|
"x-misp-attribute--573cbea6-a164-4ac0-874e-442c02de0b81",
|
|
"x-misp-attribute--573cbea6-59b0-470b-894a-46a402de0b81",
|
|
"x-misp-attribute--573cbea6-b8e4-452a-a3bc-419102de0b81",
|
|
"x-misp-attribute--573cbea6-7034-486e-9c56-49ae02de0b81",
|
|
"x-misp-attribute--573cbea7-0348-41e2-8646-4f2702de0b81",
|
|
"indicator--573cbebe-d850-4067-8ebf-40f002de0b81",
|
|
"indicator--573cbebe-e558-49f7-8d5d-488902de0b81",
|
|
"indicator--573cbebe-4714-471d-9258-433702de0b81",
|
|
"indicator--573cbebe-5074-4c07-805a-466902de0b81",
|
|
"indicator--573cbebe-9214-450e-93c8-453002de0b81",
|
|
"indicator--573cbebf-cf30-435a-9ac5-4b3702de0b81",
|
|
"indicator--573cbebf-ec04-4898-b70f-4f8d02de0b81",
|
|
"indicator--573cbebf-e740-474a-9de0-489a02de0b81",
|
|
"indicator--573cbebf-786c-4eed-a6e3-4f8802de0b81",
|
|
"indicator--573cbebf-a31c-42fe-8b02-4dc802de0b81",
|
|
"indicator--573cbebf-dca8-4933-b8ec-4dbe02de0b81",
|
|
"indicator--573cbebf-98b0-4d7b-a71c-44d102de0b81",
|
|
"indicator--573cbec0-b3c0-4c83-85b4-47f902de0b81",
|
|
"indicator--573cbec0-3e20-4c96-9f9b-47d702de0b81",
|
|
"indicator--573cbec0-2fac-446d-b5fb-4cdf02de0b81",
|
|
"indicator--573cbec0-79d0-4131-a734-406a02de0b81",
|
|
"indicator--573cbec0-e394-457a-929a-4fd002de0b81",
|
|
"indicator--573cbec0-928c-4d97-8a8c-447a02de0b81",
|
|
"indicator--573cbee1-3664-4763-987e-912302de0b81",
|
|
"indicator--573cbee1-5978-4e4a-b04b-912302de0b81",
|
|
"indicator--573cbee1-0514-4107-a4fa-912302de0b81",
|
|
"indicator--573cbee2-5ecc-490a-b9b3-912302de0b81",
|
|
"indicator--573cbee2-ab8c-4143-aa4a-912302de0b81",
|
|
"indicator--573cbee2-febc-4a1f-972c-912302de0b81",
|
|
"indicator--573cbee2-7af0-408f-898c-912302de0b81",
|
|
"indicator--573cbee2-164c-448c-96f9-912302de0b81",
|
|
"indicator--573cbee3-e438-417d-9f84-912302de0b81",
|
|
"indicator--573cbee3-bb20-4c65-8849-912302de0b81",
|
|
"indicator--573cbee3-6458-4441-b6dc-912302de0b81",
|
|
"indicator--573cbee3-3780-4ab6-b33a-912302de0b81",
|
|
"indicator--573cbee3-ba48-42b9-b066-912302de0b81",
|
|
"indicator--573cbee3-4eb8-4cb3-a81c-912302de0b81",
|
|
"indicator--573cbee4-2d20-4fd0-9153-912302de0b81",
|
|
"indicator--573cbefe-4660-4235-a5b6-912902de0b81",
|
|
"indicator--573cbeff-293c-4e11-bb23-912902de0b81",
|
|
"indicator--573cbeff-5f78-4d08-afbc-912902de0b81",
|
|
"indicator--573cbeff-13a8-45bf-b9f8-912902de0b81",
|
|
"indicator--573cbeff-4bc8-4863-9db5-912902de0b81",
|
|
"indicator--573cbeff-2748-4573-a27c-912902de0b81",
|
|
"indicator--573cbf00-d904-45d4-ad21-912902de0b81",
|
|
"indicator--573cbf00-80e4-4365-af2c-912902de0b81",
|
|
"indicator--573cbf00-6484-4c8e-ba3c-912902de0b81",
|
|
"indicator--573cbf20-5424-4115-8b4e-2aa302de0b81",
|
|
"indicator--573cbf20-9eb8-4e25-b4ab-2aa302de0b81",
|
|
"indicator--573cbf20-aa4c-4a7b-8129-2aa302de0b81",
|
|
"indicator--573cbf21-6418-4715-aa14-2aa302de0b81",
|
|
"indicator--573cbf61-dadc-42fb-b103-4b2e02de0b81",
|
|
"indicator--573cbf61-a718-48f9-ba2f-432702de0b81",
|
|
"indicator--573cbf61-6fd0-493d-b12f-4b8302de0b81",
|
|
"indicator--573cbf61-abb0-4f97-b16f-4d5902de0b81",
|
|
"indicator--573cbf61-d638-4f33-89fb-49c702de0b81",
|
|
"indicator--573cbf61-1ddc-44ab-a081-4ebb02de0b81",
|
|
"indicator--573cbf62-f608-45a4-ad5f-4ae602de0b81",
|
|
"indicator--573cbf62-78ac-496a-92b9-491702de0b81",
|
|
"indicator--573cbf62-8bf4-4539-9f08-4c8d02de0b81",
|
|
"indicator--573cbf62-0414-4b47-93a0-465e02de0b81",
|
|
"indicator--573cbf62-78dc-4030-aa31-486302de0b81",
|
|
"indicator--573cbf63-6ad8-4f1f-8ae2-45c602de0b81",
|
|
"indicator--573cbf63-0e34-4270-9969-4e0802de0b81",
|
|
"indicator--573cbf63-fd78-434f-8101-471202de0b81",
|
|
"indicator--573cbf63-1cb0-4479-b170-46e302de0b81",
|
|
"indicator--573cbf63-bb98-4e24-af49-4cf702de0b81",
|
|
"indicator--573cbf63-956c-4ca2-9ebe-41a102de0b81",
|
|
"indicator--573cbf64-8c9c-4163-af4b-4aad02de0b81",
|
|
"indicator--573cbf64-76b0-4284-af8b-462902de0b81",
|
|
"indicator--573cbf64-6c84-4787-8c24-402102de0b81",
|
|
"indicator--573cbf64-417c-40dd-9fb7-420c02de0b81",
|
|
"indicator--573cbf64-24dc-4143-a0a9-4a3c02de0b81",
|
|
"indicator--573cbf64-83d4-4d33-8d3f-4ed802de0b81",
|
|
"indicator--573cbf65-bc0c-4d51-9ae7-46ad02de0b81",
|
|
"indicator--573cbf65-68a4-493a-a7e7-40b002de0b81",
|
|
"indicator--573cbf65-83a4-4afc-ac38-4a0d02de0b81",
|
|
"indicator--573cbf65-bee8-43bf-aa30-4b6c02de0b81",
|
|
"indicator--573cbf65-eacc-4f31-859c-4ad502de0b81",
|
|
"indicator--573cbf65-1984-40d1-9696-4cf802de0b81",
|
|
"indicator--573cbf66-767c-4a31-9a18-416802de0b81",
|
|
"indicator--573cbf66-b6f0-4983-bddc-468402de0b81",
|
|
"indicator--573cbf66-2614-4eaa-a903-405602de0b81",
|
|
"indicator--573cbf66-4cb4-498b-a00c-410a02de0b81",
|
|
"indicator--573cbf66-3644-4ca0-9bea-4ac302de0b81",
|
|
"indicator--573cbf66-b3b8-49b7-b07b-4b3602de0b81",
|
|
"indicator--573cbf67-9e2c-4e1b-9854-45fe02de0b81",
|
|
"indicator--573cbf67-fb04-4507-ade9-437002de0b81",
|
|
"indicator--573cbf67-ad2c-472b-9b57-462802de0b81",
|
|
"indicator--573cbf67-c97c-4c63-bdc2-4ee802de0b81",
|
|
"indicator--573cbf67-e530-47e8-ba08-4cb802de0b81",
|
|
"indicator--573cbf67-5ae8-41cf-9c13-4cf002de0b81",
|
|
"indicator--573cbf68-f35c-469e-9260-4c7b02de0b81",
|
|
"indicator--573cbf68-7a98-4207-9e03-43d702de0b81",
|
|
"indicator--573cbf68-e718-465a-ac0e-447302de0b81",
|
|
"indicator--573cbf68-f4a0-48ec-baac-412e02de0b81",
|
|
"indicator--573cbf68-de00-4a59-a86d-4cf202de0b81",
|
|
"indicator--573cbf68-8dc8-4c89-85c5-448f02de0b81",
|
|
"indicator--573cbf68-4634-4aff-b798-4d6002de0b81",
|
|
"indicator--573cbf69-a880-41a4-b631-462202de0b81",
|
|
"indicator--573cbf69-cc20-4634-b216-41e402de0b81",
|
|
"indicator--573cbf69-0348-466f-aefe-4aa802de0b81",
|
|
"indicator--573cbf69-3ec8-442f-8c7d-442902de0b81",
|
|
"indicator--573cbf69-9bfc-4aea-9ea1-465902de0b81",
|
|
"indicator--573cbf69-54cc-468a-8703-498a02de0b81",
|
|
"indicator--573cbf6a-b4e8-4067-af11-4c0802de0b81",
|
|
"indicator--573cbf6a-04b4-4509-97f9-4f4202de0b81",
|
|
"indicator--573cbf6a-9db0-458b-902f-4eef02de0b81",
|
|
"indicator--573cbf6a-79a8-4e15-98ce-44ea02de0b81",
|
|
"indicator--573cbf6a-75cc-42c8-8214-4a8e02de0b81",
|
|
"indicator--573cbf6a-064c-4595-ae2c-456702de0b81",
|
|
"indicator--573cbf6a-ebec-4f10-b285-49ec02de0b81",
|
|
"indicator--573cbf6b-0590-4d62-9f44-4a4602de0b81",
|
|
"indicator--573cbf6b-51dc-4b6d-82df-4f8b02de0b81",
|
|
"indicator--573cbf6b-9510-4834-90c0-460802de0b81",
|
|
"indicator--573cbf6b-bc44-481e-8f03-453502de0b81",
|
|
"indicator--573cbf6b-1080-4933-b0b3-4a8b02de0b81",
|
|
"indicator--573cbf6b-4814-46a9-a60f-461402de0b81",
|
|
"indicator--573cbf6b-a6f8-42c5-b91e-489902de0b81",
|
|
"indicator--573cbf6c-3c0c-4daf-9ea4-4c2e02de0b81",
|
|
"indicator--573cbf6c-fd34-4ba6-a0b3-48d102de0b81",
|
|
"indicator--573cbf6c-2128-4c63-a469-422402de0b81",
|
|
"indicator--573cbf6c-0cbc-466a-b76e-4f6902de0b81",
|
|
"indicator--573cbf6c-05c4-4be2-83bb-4b6e02de0b81",
|
|
"indicator--573cbf6c-4be8-47a1-bee2-411202de0b81",
|
|
"indicator--573cbf6d-5fa4-415d-b347-472a02de0b81",
|
|
"indicator--573cbf6d-3038-4005-b9a9-47f302de0b81",
|
|
"indicator--573cbf6d-8e50-482a-b5b4-43cc02de0b81",
|
|
"indicator--573cbf6d-4954-489d-979d-44e602de0b81",
|
|
"indicator--573cbf6d-e598-437f-b1e9-43ce02de0b81",
|
|
"indicator--573cbf6d-caf8-4a2c-a611-424602de0b81",
|
|
"indicator--573cbf6e-bc50-45f7-95ca-4ba402de0b81",
|
|
"indicator--573cbf6e-9fcc-438e-b062-449202de0b81",
|
|
"indicator--573cbf6e-a9b8-403b-887b-4fa602de0b81",
|
|
"indicator--573cbf6e-a414-41fd-9a9a-4e1302de0b81",
|
|
"indicator--573cbf6e-4f0c-4ab8-9816-4b1c02de0b81",
|
|
"indicator--573cbf6e-b8a8-457f-8cf8-4ff002de0b81",
|
|
"indicator--573cbf6f-67f0-4723-9ace-452c02de0b81",
|
|
"indicator--573cbf6f-892c-42a9-860a-4def02de0b81",
|
|
"indicator--573cbf6f-3740-4058-8a68-4b0b02de0b81",
|
|
"indicator--573cbf6f-9b4c-448c-905d-4e4702de0b81",
|
|
"indicator--573cbf6f-9264-48a5-8c0f-415402de0b81",
|
|
"indicator--573cbf6f-89c4-46a5-a707-4cb202de0b81",
|
|
"indicator--573cbf80-59d0-4372-a898-42ac02de0b81",
|
|
"indicator--573cbf80-59d8-4bb6-9eef-4ed902de0b81",
|
|
"indicator--573cbf81-f580-4ae3-958f-496e02de0b81",
|
|
"indicator--573cbf81-f6d4-423c-81ee-46e902de0b81",
|
|
"indicator--573cbf81-5440-412e-ac4e-454602de0b81",
|
|
"indicator--573cbf81-c6a0-4a68-b084-447b02de0b81",
|
|
"indicator--573cbf93-dbd4-46b6-bd68-2aa202de0b81",
|
|
"indicator--573cbf94-fe30-406a-91da-2aa202de0b81",
|
|
"indicator--573cbf94-c40c-454c-b7b2-2aa202de0b81",
|
|
"indicator--573cbf94-f7ec-4b66-8c69-2aa202de0b81",
|
|
"indicator--573cbf94-c524-44c6-af9f-2aa202de0b81",
|
|
"indicator--573cbf94-3f30-4dc2-a214-2aa202de0b81",
|
|
"indicator--573cbf94-aac0-4ed8-9ac3-2aa202de0b81",
|
|
"indicator--573cbf95-2470-4541-a30e-2aa202de0b81",
|
|
"indicator--573cbf95-2248-4b5f-831e-2aa202de0b81",
|
|
"indicator--573cbf95-799c-4f5e-aa19-2aa202de0b81",
|
|
"indicator--573cbf95-a81c-4a6b-8a21-2aa202de0b81",
|
|
"indicator--573cbf95-6a90-4bd0-bbd2-2aa202de0b81",
|
|
"indicator--573cbf95-4cb0-4602-a486-2aa202de0b81",
|
|
"indicator--573cbf96-e874-44cd-bfbf-2aa202de0b81",
|
|
"indicator--573cbf96-8160-40f8-acc5-2aa202de0b81",
|
|
"indicator--573cbf96-f36c-4cc8-8f78-2aa202de0b81",
|
|
"indicator--573cbf96-dd98-4672-ae0f-2aa202de0b81",
|
|
"indicator--573cbf96-aef4-47d5-a861-2aa202de0b81",
|
|
"indicator--573cbf96-d580-437f-96d7-2aa202de0b81",
|
|
"indicator--573cbf97-96f0-4727-a0e1-2aa202de0b81",
|
|
"indicator--573cbf97-61d4-4bd0-98f4-2aa202de0b81",
|
|
"indicator--573cbfb4-47a4-47b8-9894-45f502de0b81",
|
|
"indicator--573cbfb4-2e74-4829-af7a-4fc102de0b81",
|
|
"indicator--573cbfb5-4d54-4dc9-9135-427802de0b81",
|
|
"indicator--573cbfb5-0e4c-4d5e-9149-476f02de0b81",
|
|
"indicator--573cbfb5-53f8-4e89-92e5-463702de0b81",
|
|
"indicator--573cbfb5-a714-4d59-bec4-499f02de0b81",
|
|
"indicator--573cbfb5-fcd0-4ba6-92eb-4ac602de0b81",
|
|
"indicator--573cbfb5-6d44-4169-9064-41f602de0b81",
|
|
"indicator--573cbfb6-2d1c-442c-bb2f-44fb02de0b81",
|
|
"indicator--573cbfb6-c2bc-45b0-9c4f-4fad02de0b81",
|
|
"indicator--573cbfb6-512c-4268-b3ce-477902de0b81",
|
|
"indicator--573cbfb6-e568-4b2a-b767-4a8d02de0b81",
|
|
"indicator--573cbfb6-23a8-49da-925a-44f402de0b81",
|
|
"indicator--573cbfb6-4f44-414f-a193-4d5202de0b81",
|
|
"indicator--573cbfb6-4ed0-4b02-8b38-4ec302de0b81",
|
|
"indicator--573cbfb7-f578-4d6d-9acf-476302de0b81",
|
|
"indicator--573cbfb7-7d94-46ab-8825-4e4b02de0b81",
|
|
"indicator--573cbfb7-c024-4b30-8fa8-4bfe02de0b81",
|
|
"indicator--573cbfb7-fd60-444f-bce0-446a02de0b81",
|
|
"indicator--573cbfb7-9f2c-47d8-92a9-4bee02de0b81",
|
|
"indicator--573cbfb7-9a18-4a33-a9c9-468002de0b81",
|
|
"indicator--573cbfb8-a16c-4101-9004-4d1002de0b81",
|
|
"indicator--573cbfb8-96d8-4233-b25c-4f4802de0b81",
|
|
"indicator--573cbfb8-40d0-4142-a2d6-485402de0b81",
|
|
"indicator--573cbfb8-2668-49c4-b309-43d402de0b81",
|
|
"indicator--573cbfe1-fb58-4c70-997e-48ee02de0b81",
|
|
"indicator--573cbfe1-8128-4051-a82e-4a8402de0b81",
|
|
"indicator--573cbfe1-69b4-45b9-a88b-407c02de0b81",
|
|
"indicator--573cbfe1-2f84-4899-ac42-45c002de0b81",
|
|
"indicator--573cbfe1-f484-402a-b55d-4aa502de0b81",
|
|
"indicator--573cbfe2-77a8-4977-9e97-4afc02de0b81",
|
|
"indicator--573cbfe2-7ba8-478a-aaaa-4a4902de0b81",
|
|
"indicator--573cbfe2-2420-4c2d-b412-49c602de0b81",
|
|
"indicator--573cbfe2-7fd4-4e8a-9cfb-4da202de0b81",
|
|
"indicator--573cbfe2-7518-4bc3-8f25-4c5502de0b81",
|
|
"indicator--573cbfe2-6c44-4bbe-8094-438502de0b81",
|
|
"indicator--573cbfe3-1eb0-439a-a25e-471902de0b81",
|
|
"indicator--573cbfe3-25d8-41b5-b86f-480802de0b81",
|
|
"indicator--573cbfe3-55b8-4740-af98-4a1102de0b81",
|
|
"indicator--573cbfe3-7ae0-48d4-bbbc-41b402de0b81",
|
|
"indicator--573cbfe3-210c-4223-9546-492302de0b81",
|
|
"indicator--573cbfe3-05a4-4ca7-872b-415502de0b81",
|
|
"indicator--573cbfe4-9ed8-44d1-96bb-45fd02de0b81",
|
|
"indicator--573cbfe4-7918-4c2e-9d4a-411002de0b81",
|
|
"indicator--573cbfe4-6404-49a2-8a97-418a02de0b81",
|
|
"indicator--573cbfe4-edb4-47f2-94e3-4eec02de0b81",
|
|
"indicator--573cbfe4-2ee8-4db4-8918-4df702de0b81",
|
|
"indicator--573cbfe4-5cb4-494d-88f3-45f902de0b81",
|
|
"indicator--573cbfe5-294c-44db-8552-4f0f02de0b81",
|
|
"indicator--573cbfe5-b368-4256-b307-4bd102de0b81",
|
|
"indicator--573cbfe5-4414-4779-aa00-45c602de0b81",
|
|
"indicator--573cbfe5-dd00-48a1-b596-4b8c02de0b81",
|
|
"indicator--573cbfe5-474c-4da0-96bb-44be02de0b81",
|
|
"indicator--573cbfe5-6a28-4734-b545-4e5a02de0b81",
|
|
"indicator--573cbfe6-0ee4-44f6-b5cd-4c7702de0b81",
|
|
"indicator--573cbfe6-8490-4b6d-af58-4d7402de0b81",
|
|
"indicator--573cbfe6-4914-407a-a862-414702de0b81",
|
|
"indicator--573cbfe6-d630-4d42-8e4c-4dd002de0b81",
|
|
"indicator--573cbfe6-aba8-494f-a1bc-437102de0b81",
|
|
"indicator--573cbfe6-7e1c-42ba-b525-40ee02de0b81",
|
|
"indicator--573cbfe6-f2e8-4c5a-8100-488402de0b81",
|
|
"indicator--573cbfe7-622c-48c0-95d9-426d02de0b81",
|
|
"indicator--573cbfe7-0284-494d-892a-4f0c02de0b81",
|
|
"indicator--573cbfe7-917c-42f6-a852-464202de0b81",
|
|
"indicator--573cbfe7-484c-4af0-a877-426202de0b81",
|
|
"indicator--573cbfe7-e758-468b-a8ac-4f1602de0b81",
|
|
"indicator--573cbfe7-69a8-470d-bb1a-4c0d02de0b81",
|
|
"indicator--573cbfe8-f050-41a1-ba8e-40c802de0b81",
|
|
"indicator--573cbfe8-db7c-4484-8add-4a9202de0b81",
|
|
"indicator--573cbfe8-6ec4-42bc-9302-450802de0b81",
|
|
"indicator--573cbfe8-a8e4-46b2-866c-498302de0b81",
|
|
"indicator--573cbfe8-5b48-4ca1-9bb0-4d4702de0b81",
|
|
"indicator--573cbfe8-32f4-4d5e-80fe-419702de0b81",
|
|
"indicator--573cbfe9-6970-40f3-a4cb-44ff02de0b81",
|
|
"indicator--573cbfe9-5400-4d63-a7f0-4a9002de0b81",
|
|
"indicator--573cbfe9-a3b4-4ff7-923b-4c7b02de0b81",
|
|
"indicator--573cbfe9-29a4-4c3e-b69f-4fb202de0b81",
|
|
"indicator--573cbfe9-1a24-448f-b6bf-469502de0b81",
|
|
"indicator--573cbfe9-d094-4327-bea2-4e6602de0b81",
|
|
"indicator--573cbfe9-fb90-4596-8de5-434002de0b81",
|
|
"indicator--573cbfea-6468-4328-a939-412502de0b81",
|
|
"indicator--573cbfea-bf70-4679-9d65-4f5c02de0b81",
|
|
"indicator--573cbfea-30dc-4978-a5b5-443002de0b81",
|
|
"indicator--573cbfea-b010-4273-8800-488102de0b81",
|
|
"indicator--573cbfea-d708-4592-b86e-4c8002de0b81",
|
|
"indicator--573cbfea-ce58-41c0-b8dd-44a902de0b81",
|
|
"indicator--573cbfeb-fb6c-4eb6-8328-47d102de0b81",
|
|
"indicator--573cbfeb-fb2c-4167-a06a-412802de0b81",
|
|
"indicator--573cbfeb-448c-40bf-9823-492b02de0b81",
|
|
"indicator--573cbfeb-30d0-40d8-af05-41ea02de0b81",
|
|
"indicator--573cbfeb-35e8-457f-8994-4d9e02de0b81",
|
|
"indicator--573cbfeb-8af8-4b93-b278-42ec02de0b81",
|
|
"indicator--573cbfec-1c64-4ea9-a183-4e5e02de0b81",
|
|
"indicator--573cbfec-314c-4561-b730-492302de0b81",
|
|
"indicator--573cbfec-9b2c-4209-9fde-42c802de0b81",
|
|
"indicator--573cbfec-34c4-4052-a64b-4e4202de0b81",
|
|
"indicator--573cbfec-7b88-4bac-99aa-493a02de0b81",
|
|
"indicator--573cbfec-884c-4735-ac5c-401502de0b81",
|
|
"indicator--573cbfed-4a7c-4398-942d-46fe02de0b81",
|
|
"indicator--573cbfed-1d54-4aa2-b61a-437102de0b81",
|
|
"indicator--573cbfed-04c4-4fce-bf91-4f8d02de0b81",
|
|
"indicator--573cbfed-7a88-41ca-a423-441502de0b81",
|
|
"indicator--573cbfed-f888-4d72-a908-4fcc02de0b81",
|
|
"indicator--573cbfed-2af8-4e75-900a-486702de0b81",
|
|
"indicator--573cbfed-52f0-4a62-a690-426502de0b81",
|
|
"indicator--573cbfee-52a0-496c-a952-488702de0b81",
|
|
"indicator--573cbfee-6494-4405-b8e3-469d02de0b81",
|
|
"indicator--573cbfee-f284-4481-b020-443502de0b81",
|
|
"indicator--573cbfee-b154-4ae3-b2f3-4bba02de0b81",
|
|
"indicator--573cbfee-836c-4305-80d0-499502de0b81",
|
|
"indicator--573cbfee-99ec-4326-aaa5-41a202de0b81",
|
|
"indicator--573cbfef-b7f4-4813-8145-4a7802de0b81",
|
|
"indicator--573cbfef-ce0c-4d45-bf4d-415002de0b81",
|
|
"indicator--573cbfef-03b4-49a2-80c4-425a02de0b81",
|
|
"indicator--573cbfef-bbec-4a25-902b-4f6802de0b81",
|
|
"indicator--573cbfef-6fe0-4f49-8798-4e1f02de0b81",
|
|
"indicator--573cbfef-b440-40ef-b15f-42b802de0b81",
|
|
"indicator--573cbff0-0a04-4c99-87e8-40dd02de0b81",
|
|
"indicator--573cbff0-7348-4079-8b70-4c4802de0b81",
|
|
"indicator--573cbff0-2d18-480e-9922-438d02de0b81",
|
|
"indicator--573cbff0-fc38-4fa2-8f7d-469902de0b81",
|
|
"indicator--573cbff0-5934-41d8-9f68-4b2a02de0b81",
|
|
"indicator--573cbff0-bcb0-497e-bd8f-404502de0b81",
|
|
"indicator--573cbff1-0ca8-4335-83b9-4fc702de0b81",
|
|
"indicator--573cbff1-f858-4e36-a5d5-4ab802de0b81",
|
|
"indicator--573cbff1-1e98-4c54-9106-424902de0b81",
|
|
"indicator--573cc000-1bcc-4ca4-9980-454602de0b81",
|
|
"indicator--573cc000-e898-481e-a18b-4c6602de0b81",
|
|
"indicator--573cc001-4e98-4d55-a39d-47d002de0b81",
|
|
"indicator--573cc001-9044-4c1e-a22a-43e302de0b81",
|
|
"indicator--573cc001-834c-4bc8-94fc-477d02de0b81",
|
|
"indicator--573cc001-b8f0-49cb-a3e5-4ae802de0b81",
|
|
"indicator--573cc001-1f8c-48eb-b4c3-45a902de0b81",
|
|
"indicator--573cc001-437c-4a30-b836-438802de0b81",
|
|
"indicator--573cc002-022c-4099-845b-453102de0b81",
|
|
"indicator--573cc002-5840-4de0-ac26-48f102de0b81",
|
|
"indicator--573cc002-c01c-4665-b5f2-4fd502de0b81",
|
|
"indicator--573cc002-f8cc-4063-a2e2-435002de0b81",
|
|
"indicator--573cc016-1760-4958-9c56-447c02de0b81",
|
|
"indicator--573cc016-4dc0-44e6-8cf0-421402de0b81",
|
|
"indicator--573cc016-51e4-45f1-be9d-492802de0b81",
|
|
"indicator--573cc016-88b4-49cf-8261-495302de0b81",
|
|
"indicator--573cc017-80a0-4f6a-ad33-4fa602de0b81",
|
|
"indicator--573cc017-bd68-45f8-91fe-4edd02de0b81",
|
|
"indicator--573cc017-e4a0-4df8-a68d-414d02de0b81",
|
|
"indicator--573cc017-442c-4389-9e92-4ba502de0b81",
|
|
"indicator--573cc017-6d94-4b0c-8971-4c5202de0b81",
|
|
"indicator--573cc017-9324-4379-b89c-442202de0b81",
|
|
"indicator--573cc018-6d7c-46f3-b663-42af02de0b81",
|
|
"indicator--573cc018-ed48-45d4-b5fc-407602de0b81",
|
|
"indicator--573cc018-defc-4612-b65a-46a102de0b81",
|
|
"indicator--573cc027-e500-4275-9340-912302de0b81",
|
|
"indicator--573cc027-6acc-4556-b6b7-912302de0b81",
|
|
"indicator--573cc039-0624-4a53-9fc9-912502de0b81",
|
|
"indicator--573cc039-5c04-4c43-aa5a-912502de0b81",
|
|
"indicator--573cc04f-edf0-476c-a7e1-2aa302de0b81",
|
|
"indicator--573cc04f-b97c-4017-be08-2aa302de0b81",
|
|
"indicator--573cc04f-3e64-47bc-bc76-2aa302de0b81",
|
|
"indicator--573cc04f-529c-4b6f-9ff6-2aa302de0b81",
|
|
"indicator--573cc04f-9764-461a-93e6-2aa302de0b81",
|
|
"indicator--573cc04f-ea60-4d6b-9c39-2aa302de0b81",
|
|
"indicator--573cc050-fd38-4165-a44e-2aa302de0b81",
|
|
"indicator--573cc050-618c-49f7-bb1f-2aa302de0b81",
|
|
"indicator--573cc050-4004-4760-be95-2aa302de0b81",
|
|
"indicator--573cc067-98b8-4848-8488-e31b02de0b81",
|
|
"indicator--573cc067-839c-4345-959a-e31b02de0b81",
|
|
"indicator--573cc067-43e0-4574-9ae1-e31b02de0b81",
|
|
"indicator--573cc067-1194-4f4a-87cc-e31b02de0b81",
|
|
"indicator--573cc067-e2e8-450f-8a94-e31b02de0b81",
|
|
"indicator--573cc068-72c8-4315-80e5-e31b02de0b81",
|
|
"indicator--573cc079-45c8-4021-9e10-912302de0b81",
|
|
"indicator--573cc08c-6720-4cc9-9d0f-2aa102de0b81",
|
|
"indicator--573cc08c-ef04-4d87-9f94-2aa102de0b81",
|
|
"indicator--573cc08c-d0b0-4906-8a30-2aa102de0b81",
|
|
"indicator--573cc08c-f574-4bd6-a9e9-2aa102de0b81",
|
|
"indicator--573cc0a3-aef0-49b3-b7e8-912302de0b81",
|
|
"indicator--573cc0a4-a438-4eff-bf19-912302de0b81",
|
|
"indicator--573cc0b7-ff58-4681-b0f1-4c4f02de0b81",
|
|
"indicator--573cc0b8-7ba4-400b-82ed-455802de0b81",
|
|
"indicator--573cc0b8-d220-4c03-bca6-459c02de0b81",
|
|
"indicator--573cc0b8-7374-4c09-9bec-45d802de0b81",
|
|
"indicator--573cc0b8-6f84-461c-8f23-4e2002de0b81",
|
|
"indicator--573cc0b8-6dac-4ce9-b8ba-428902de0b81",
|
|
"indicator--573cc0b8-dfd0-428a-9963-425e02de0b81",
|
|
"indicator--573cc0b9-d63c-4630-ad1c-4f5802de0b81",
|
|
"indicator--573cc0b9-3264-4e4f-ae96-4ac302de0b81",
|
|
"indicator--573cc0b9-2704-498b-b7f3-499602de0b81",
|
|
"indicator--573cc0b9-b070-4a39-8681-441402de0b81",
|
|
"observed-data--573cc0c6-5dc0-4f38-9b93-912602de0b81",
|
|
"url--573cc0c6-5dc0-4f38-9b93-912602de0b81",
|
|
"observed-data--573cc0dd-2884-4d12-ba7e-77ed02de0b81",
|
|
"url--573cc0dd-2884-4d12-ba7e-77ed02de0b81",
|
|
"indicator--573cc1e8-c79c-4824-9a2b-435702de0b81",
|
|
"indicator--573cc1e8-2ef8-4a01-8cd9-4b1102de0b81",
|
|
"observed-data--573cc1e8-8154-47ab-a022-494102de0b81",
|
|
"url--573cc1e8-8154-47ab-a022-494102de0b81",
|
|
"indicator--573cc1e9-cc28-44be-8972-40e102de0b81",
|
|
"indicator--573cc1e9-7b6c-4c32-b5b2-4ba102de0b81",
|
|
"observed-data--573cc1e9-8660-4774-95cb-433802de0b81",
|
|
"url--573cc1e9-8660-4774-95cb-433802de0b81",
|
|
"indicator--573cc1e9-59d0-42a6-9767-4bd202de0b81",
|
|
"indicator--573cc1e9-8ab8-4fb6-853b-47b702de0b81",
|
|
"observed-data--573cc1ea-9a50-449e-880c-4ff702de0b81",
|
|
"url--573cc1ea-9a50-449e-880c-4ff702de0b81",
|
|
"indicator--573cc1ea-ffd8-42fd-992d-428002de0b81",
|
|
"indicator--573cc1ea-03cc-45f9-997b-4fbe02de0b81",
|
|
"observed-data--573cc1ea-eb2c-449f-ae18-49bb02de0b81",
|
|
"url--573cc1ea-eb2c-449f-ae18-49bb02de0b81",
|
|
"indicator--573cc1ea-ad48-4008-ac0d-4e2602de0b81",
|
|
"indicator--573cc1eb-4828-432c-918a-4e3102de0b81",
|
|
"observed-data--573cc1eb-58c0-4c70-97eb-4d0d02de0b81",
|
|
"url--573cc1eb-58c0-4c70-97eb-4d0d02de0b81",
|
|
"indicator--573cc1eb-1050-4ada-a80e-407202de0b81",
|
|
"indicator--573cc1eb-0b40-44d8-9402-40c702de0b81",
|
|
"observed-data--573cc1eb-6734-4cfa-8b44-45f602de0b81",
|
|
"url--573cc1eb-6734-4cfa-8b44-45f602de0b81",
|
|
"indicator--573cc1ec-a550-4e9a-a3a8-4c6b02de0b81",
|
|
"indicator--573cc1ec-e850-473a-af8b-415702de0b81",
|
|
"observed-data--573cc1ec-a7fc-4d2d-87d0-428102de0b81",
|
|
"url--573cc1ec-a7fc-4d2d-87d0-428102de0b81",
|
|
"indicator--573cc1ec-97d4-415f-81fc-476402de0b81",
|
|
"indicator--573cc1ec-ea9c-4825-9084-4e3002de0b81",
|
|
"observed-data--573cc1ec-1c70-4f60-9360-4e9002de0b81",
|
|
"url--573cc1ec-1c70-4f60-9360-4e9002de0b81",
|
|
"indicator--573cc1ed-e040-415b-afa3-45cb02de0b81",
|
|
"indicator--573cc1ed-539c-44f0-ab91-452502de0b81",
|
|
"observed-data--573cc1ed-e9cc-4ee1-bbda-40c802de0b81",
|
|
"url--573cc1ed-e9cc-4ee1-bbda-40c802de0b81",
|
|
"indicator--573cc1ed-21b8-40bf-8d38-42cb02de0b81",
|
|
"indicator--573cc1ed-3bc4-4fdc-aaef-4a9302de0b81",
|
|
"observed-data--573cc1ee-ea74-437f-add1-420c02de0b81",
|
|
"url--573cc1ee-ea74-437f-add1-420c02de0b81",
|
|
"indicator--573cc1ee-38a8-4090-85d2-44c702de0b81",
|
|
"indicator--573cc1ee-c5e0-448e-98b7-4e4e02de0b81",
|
|
"observed-data--573cc1ee-2de8-4b13-84f1-4eba02de0b81",
|
|
"url--573cc1ee-2de8-4b13-84f1-4eba02de0b81",
|
|
"indicator--573cc1ee-1434-4076-9544-4eb102de0b81",
|
|
"indicator--573cc1ef-a66c-4492-ba86-443e02de0b81",
|
|
"observed-data--573cc1ef-1604-452c-90bd-4d4202de0b81",
|
|
"url--573cc1ef-1604-452c-90bd-4d4202de0b81",
|
|
"indicator--573cc1ef-7484-41ba-87ea-44e802de0b81",
|
|
"indicator--573cc1ef-ae74-4612-8aa8-452602de0b81",
|
|
"observed-data--573cc1ef-034c-44b0-a49d-4e5902de0b81",
|
|
"url--573cc1ef-034c-44b0-a49d-4e5902de0b81",
|
|
"indicator--573cc1ef-22f0-472a-a382-4dc702de0b81",
|
|
"indicator--573cc1f0-7178-40d9-b272-414502de0b81",
|
|
"observed-data--573cc1f0-8990-46ed-be5c-4f5902de0b81",
|
|
"url--573cc1f0-8990-46ed-be5c-4f5902de0b81",
|
|
"indicator--573cc1f0-6b50-4008-8830-42c502de0b81",
|
|
"indicator--573cc1f0-a388-418e-bae4-401c02de0b81",
|
|
"observed-data--573cc1f0-18e0-4e3e-9c69-4f5f02de0b81",
|
|
"url--573cc1f0-18e0-4e3e-9c69-4f5f02de0b81",
|
|
"indicator--573cc1f1-4f48-4227-badb-4cb802de0b81",
|
|
"indicator--573cc1f1-e50c-457b-ba76-4f1802de0b81",
|
|
"observed-data--573cc1f1-86f4-4d29-b40e-499a02de0b81",
|
|
"url--573cc1f1-86f4-4d29-b40e-499a02de0b81",
|
|
"indicator--573cc1f1-3330-4d13-848b-4e9402de0b81",
|
|
"indicator--573cc1f1-aacc-403c-b4e9-49a102de0b81",
|
|
"observed-data--573cc1f2-6c6c-4b50-b573-4f5102de0b81",
|
|
"url--573cc1f2-6c6c-4b50-b573-4f5102de0b81",
|
|
"indicator--573cc1f2-a548-467a-a239-4eab02de0b81",
|
|
"indicator--573cc1f2-8d0c-4e9e-8ab9-464302de0b81",
|
|
"observed-data--573cc1f2-8750-4ab2-b5be-48c602de0b81",
|
|
"url--573cc1f2-8750-4ab2-b5be-48c602de0b81",
|
|
"indicator--573cc1f2-bd68-4085-8a09-475402de0b81",
|
|
"indicator--573cc1f3-4c80-4a35-8033-4c5502de0b81",
|
|
"observed-data--573cc1f3-25d0-457a-9de1-486c02de0b81",
|
|
"url--573cc1f3-25d0-457a-9de1-486c02de0b81",
|
|
"indicator--573cc1f3-ed00-4bc4-9a33-4d8202de0b81",
|
|
"indicator--573cc1f3-5f30-4077-8420-447202de0b81",
|
|
"observed-data--573cc1f3-1170-4a8c-aa76-4ed002de0b81",
|
|
"url--573cc1f3-1170-4a8c-aa76-4ed002de0b81",
|
|
"indicator--573cc1f4-73d8-4bcc-a28a-4d6a02de0b81",
|
|
"indicator--573cc1f4-dab4-443e-baf1-4d0e02de0b81",
|
|
"observed-data--573cc1f4-f8a8-4bd5-b403-432202de0b81",
|
|
"url--573cc1f4-f8a8-4bd5-b403-432202de0b81",
|
|
"indicator--573cc1f4-3da0-4516-b599-48f302de0b81",
|
|
"indicator--573cc1f4-9f44-4e30-aec6-486f02de0b81",
|
|
"observed-data--573cc1f5-4b04-4157-b12e-4a8602de0b81",
|
|
"url--573cc1f5-4b04-4157-b12e-4a8602de0b81",
|
|
"indicator--573cc1f5-5904-4f0b-b722-465502de0b81",
|
|
"indicator--573cc1f5-f988-4358-8d63-49e002de0b81",
|
|
"observed-data--573cc1f5-1840-46c9-8443-4cc502de0b81",
|
|
"url--573cc1f5-1840-46c9-8443-4cc502de0b81",
|
|
"indicator--573cc1f5-75dc-44a9-bc05-4fe502de0b81",
|
|
"indicator--573cc1f5-afe4-4299-8e28-4d7702de0b81",
|
|
"observed-data--573cc1f6-0e00-46f7-8f89-4fe802de0b81",
|
|
"url--573cc1f6-0e00-46f7-8f89-4fe802de0b81",
|
|
"indicator--573cc1f6-0044-48f6-9185-4fd802de0b81",
|
|
"indicator--573cc1f6-a1f8-4870-a7c4-459702de0b81",
|
|
"observed-data--573cc1f6-a260-4f03-bc97-40ec02de0b81",
|
|
"url--573cc1f6-a260-4f03-bc97-40ec02de0b81",
|
|
"indicator--573cc1f6-2f9c-48d2-9af7-432502de0b81",
|
|
"indicator--573cc1f7-8618-488b-b26e-406002de0b81",
|
|
"observed-data--573cc1f7-77e0-4076-9966-41b702de0b81",
|
|
"url--573cc1f7-77e0-4076-9966-41b702de0b81",
|
|
"indicator--573cc1f7-06d0-48ac-bed1-404002de0b81",
|
|
"indicator--573cc1f7-ab34-41d8-8004-454602de0b81",
|
|
"observed-data--573cc1f7-02f8-4171-8852-4c4902de0b81",
|
|
"url--573cc1f7-02f8-4171-8852-4c4902de0b81",
|
|
"indicator--573cc1f8-3bd4-4667-9ba2-46e402de0b81",
|
|
"indicator--573cc1f8-2054-45bb-a5ec-4b8002de0b81",
|
|
"observed-data--573cc1f8-1e5c-4194-8390-457902de0b81",
|
|
"url--573cc1f8-1e5c-4194-8390-457902de0b81",
|
|
"indicator--573cc1f8-f5ac-445f-b2c3-4ca702de0b81",
|
|
"indicator--573cc1f8-7d6c-47f2-a0f5-4d2c02de0b81",
|
|
"observed-data--573cc1f8-8074-46d6-aab2-489302de0b81",
|
|
"url--573cc1f8-8074-46d6-aab2-489302de0b81",
|
|
"indicator--573cc1f9-7df0-4153-aa46-42f902de0b81",
|
|
"indicator--573cc1f9-1794-45ef-8243-47d102de0b81",
|
|
"observed-data--573cc1f9-fcec-4b08-8a1e-417902de0b81",
|
|
"url--573cc1f9-fcec-4b08-8a1e-417902de0b81",
|
|
"indicator--573cc1f9-ae18-4d2a-b190-4ba902de0b81",
|
|
"indicator--573cc1f9-46e0-492f-8ba9-4b8802de0b81",
|
|
"observed-data--573cc1fa-3d3c-4e6b-ae8f-478302de0b81",
|
|
"url--573cc1fa-3d3c-4e6b-ae8f-478302de0b81",
|
|
"indicator--573cc1fa-61d0-49d1-921f-424902de0b81",
|
|
"indicator--573cc1fa-e984-4b0e-838e-451902de0b81",
|
|
"observed-data--573cc1fa-968c-4f91-b0dd-40ac02de0b81",
|
|
"url--573cc1fa-968c-4f91-b0dd-40ac02de0b81",
|
|
"indicator--573cc1fa-a898-49ad-9795-477d02de0b81",
|
|
"indicator--573cc1fb-6c48-45cc-9def-499902de0b81",
|
|
"observed-data--573cc1fb-3724-4683-aae4-44d002de0b81",
|
|
"url--573cc1fb-3724-4683-aae4-44d002de0b81",
|
|
"indicator--573cc1fb-ba9c-4680-a86d-427b02de0b81",
|
|
"indicator--573cc1fb-9484-4562-a1c0-4fe602de0b81",
|
|
"observed-data--573cc1fb-6acc-4d88-9757-45ec02de0b81",
|
|
"url--573cc1fb-6acc-4d88-9757-45ec02de0b81",
|
|
"indicator--573cc1fc-be78-458d-96cd-425d02de0b81",
|
|
"indicator--573cc1fc-e560-4b50-898d-483c02de0b81",
|
|
"observed-data--573cc1fc-27c4-4c58-9126-4d6902de0b81",
|
|
"url--573cc1fc-27c4-4c58-9126-4d6902de0b81",
|
|
"indicator--573cc1fc-d340-4c4f-9521-478d02de0b81",
|
|
"indicator--573cc1fc-c8b8-4da7-ba22-4d6802de0b81",
|
|
"observed-data--573cc1fc-eb78-4b82-a64c-4ea702de0b81",
|
|
"url--573cc1fc-eb78-4b82-a64c-4ea702de0b81",
|
|
"indicator--573cc1fd-af00-4a36-ba53-423602de0b81",
|
|
"indicator--573cc1fd-88bc-42a8-a2ab-480602de0b81",
|
|
"observed-data--573cc1fd-d3dc-4b30-ab1a-4ff002de0b81",
|
|
"url--573cc1fd-d3dc-4b30-ab1a-4ff002de0b81",
|
|
"indicator--573cc1fd-7ba8-443d-b70d-47ec02de0b81",
|
|
"indicator--573cc1fd-c72c-4514-8be2-449402de0b81",
|
|
"observed-data--573cc1fe-b1ac-4021-95ca-4be102de0b81",
|
|
"url--573cc1fe-b1ac-4021-95ca-4be102de0b81",
|
|
"indicator--573cc1fe-45b8-465a-ab14-48d102de0b81",
|
|
"indicator--573cc1fe-1520-4097-adf7-47f302de0b81",
|
|
"observed-data--573cc1fe-8110-4b05-a3eb-4fa502de0b81",
|
|
"url--573cc1fe-8110-4b05-a3eb-4fa502de0b81",
|
|
"indicator--573cc1fe-9f18-4ed9-afc9-473e02de0b81",
|
|
"indicator--573cc1ff-fce0-4aeb-af30-444e02de0b81",
|
|
"observed-data--573cc1ff-5230-4776-b45e-413702de0b81",
|
|
"url--573cc1ff-5230-4776-b45e-413702de0b81",
|
|
"indicator--573cc1ff-ad98-4a3c-84a5-42e702de0b81",
|
|
"indicator--573cc1ff-d844-435a-8b61-486602de0b81",
|
|
"observed-data--573cc1ff-40f0-4ef4-9d25-4b9302de0b81",
|
|
"url--573cc1ff-40f0-4ef4-9d25-4b9302de0b81",
|
|
"indicator--573cc1ff-881c-4f66-a237-4ba002de0b81",
|
|
"indicator--573cc200-37c0-4dd0-859d-423502de0b81",
|
|
"observed-data--573cc200-7bf4-41ab-9b2c-475202de0b81",
|
|
"url--573cc200-7bf4-41ab-9b2c-475202de0b81",
|
|
"indicator--573cc200-a078-46a3-abb3-475002de0b81",
|
|
"indicator--573cc200-0f50-41a4-affa-463602de0b81",
|
|
"observed-data--573cc200-32fc-4274-968f-402402de0b81",
|
|
"url--573cc200-32fc-4274-968f-402402de0b81",
|
|
"indicator--573cc201-b988-46ca-b81d-475202de0b81",
|
|
"indicator--573cc201-477c-4615-9e20-44f502de0b81",
|
|
"observed-data--573cc201-8fe0-4e37-b20b-4d5002de0b81",
|
|
"url--573cc201-8fe0-4e37-b20b-4d5002de0b81",
|
|
"indicator--573cc201-19b4-4128-ae24-479202de0b81",
|
|
"indicator--573cc201-f20c-4bae-a9e4-442602de0b81",
|
|
"observed-data--573cc202-2d9c-41be-a288-4c1d02de0b81",
|
|
"url--573cc202-2d9c-41be-a288-4c1d02de0b81",
|
|
"indicator--573cc202-1b08-4fa1-a3b6-46c302de0b81",
|
|
"indicator--573cc202-f3cc-4d74-aaa0-404b02de0b81",
|
|
"observed-data--573cc202-d2d4-493d-af60-423502de0b81",
|
|
"url--573cc202-d2d4-493d-af60-423502de0b81",
|
|
"indicator--573cc202-6e4c-41a3-bc66-404002de0b81",
|
|
"indicator--573cc203-c930-4921-afb0-4bac02de0b81",
|
|
"observed-data--573cc203-ab7c-43b6-acdb-472c02de0b81",
|
|
"url--573cc203-ab7c-43b6-acdb-472c02de0b81",
|
|
"indicator--573cc203-c19c-46be-8d0b-4f1802de0b81",
|
|
"indicator--573cc203-6494-4809-a59d-455502de0b81",
|
|
"observed-data--573cc203-2798-4778-9764-41fd02de0b81",
|
|
"url--573cc203-2798-4778-9764-41fd02de0b81",
|
|
"indicator--573cc204-e738-4831-b824-49fa02de0b81",
|
|
"indicator--573cc204-e9cc-41e8-bb2e-4a9d02de0b81",
|
|
"observed-data--573cc204-226c-43e4-9c7f-498902de0b81",
|
|
"url--573cc204-226c-43e4-9c7f-498902de0b81",
|
|
"indicator--573cc204-d850-4d9c-bd5a-484802de0b81",
|
|
"indicator--573cc204-a2a4-4d6e-8a40-47b602de0b81",
|
|
"observed-data--573cc204-7b08-4145-a665-4e8802de0b81",
|
|
"url--573cc204-7b08-4145-a665-4e8802de0b81",
|
|
"indicator--573cc205-bf98-45e7-bd93-470002de0b81",
|
|
"indicator--573cc205-9900-4399-a25e-4bb002de0b81",
|
|
"observed-data--573cc205-0644-4bdd-947a-49c802de0b81",
|
|
"url--573cc205-0644-4bdd-947a-49c802de0b81",
|
|
"indicator--573cc205-1800-402a-8e61-43c602de0b81",
|
|
"indicator--573cc205-7cec-4e91-a818-433502de0b81",
|
|
"observed-data--573cc206-6458-455f-af41-4c4302de0b81",
|
|
"url--573cc206-6458-455f-af41-4c4302de0b81",
|
|
"indicator--573cc206-d5dc-40da-8548-48a102de0b81",
|
|
"indicator--573cc206-184c-4d80-b67b-46d202de0b81",
|
|
"observed-data--573cc206-729c-467f-9f0e-4d6d02de0b81",
|
|
"url--573cc206-729c-467f-9f0e-4d6d02de0b81",
|
|
"indicator--573cc206-8080-41b7-b209-4bf902de0b81",
|
|
"indicator--573cc207-2a28-457f-929b-4ab602de0b81",
|
|
"observed-data--573cc207-bdcc-4ce9-9973-4e9c02de0b81",
|
|
"url--573cc207-bdcc-4ce9-9973-4e9c02de0b81",
|
|
"indicator--573cc207-a750-44b9-866a-442d02de0b81",
|
|
"indicator--573cc207-59d0-4fd5-8db4-48d402de0b81",
|
|
"observed-data--573cc207-ca1c-4ecc-acf2-428d02de0b81",
|
|
"url--573cc207-ca1c-4ecc-acf2-428d02de0b81",
|
|
"indicator--573cc208-2c44-41fe-ad7a-4a9f02de0b81",
|
|
"indicator--573cc208-86d4-4476-9aa7-47f602de0b81",
|
|
"observed-data--573cc208-8314-48ef-8c4c-47d602de0b81",
|
|
"url--573cc208-8314-48ef-8c4c-47d602de0b81",
|
|
"indicator--573cc208-caa4-4235-927a-4fee02de0b81",
|
|
"indicator--573cc208-10a0-46de-b7b8-4f0b02de0b81",
|
|
"observed-data--573cc209-d658-467d-8c80-418902de0b81",
|
|
"url--573cc209-d658-467d-8c80-418902de0b81",
|
|
"indicator--573cc209-6470-42fd-8ad5-4a9302de0b81",
|
|
"indicator--573cc209-0bb4-4fed-bd08-4e7d02de0b81",
|
|
"observed-data--573cc209-3398-4e01-bae0-432a02de0b81",
|
|
"url--573cc209-3398-4e01-bae0-432a02de0b81",
|
|
"indicator--573cc209-27d4-4fee-89b4-49e702de0b81",
|
|
"indicator--573cc209-0538-4efb-b7b7-411002de0b81",
|
|
"observed-data--573cc209-3d58-4430-9442-4dd602de0b81",
|
|
"url--573cc209-3d58-4430-9442-4dd602de0b81",
|
|
"indicator--573cc20a-8988-40e9-bf41-4b8402de0b81",
|
|
"indicator--573cc20a-f264-4c3a-9599-4a9002de0b81",
|
|
"observed-data--573cc20a-9984-4874-8a8e-4c5b02de0b81",
|
|
"url--573cc20a-9984-4874-8a8e-4c5b02de0b81",
|
|
"indicator--573cc20a-6538-4788-917e-416d02de0b81",
|
|
"indicator--573cc20a-1cc8-434e-8d76-428802de0b81",
|
|
"observed-data--573cc20b-3b3c-44fc-8ffd-40ed02de0b81",
|
|
"url--573cc20b-3b3c-44fc-8ffd-40ed02de0b81",
|
|
"indicator--573cc20b-9b80-4621-8680-4a7b02de0b81",
|
|
"indicator--573cc20b-0d94-4c62-a949-4e7f02de0b81",
|
|
"observed-data--573cc20b-b834-4f9b-8685-4c3202de0b81",
|
|
"url--573cc20b-b834-4f9b-8685-4c3202de0b81",
|
|
"indicator--573cc20b-5848-4623-8b26-4db402de0b81",
|
|
"indicator--573cc20c-d570-4553-9e62-4ba102de0b81",
|
|
"observed-data--573cc20c-5bb8-4fb5-b3a7-4bf702de0b81",
|
|
"url--573cc20c-5bb8-4fb5-b3a7-4bf702de0b81",
|
|
"indicator--573cc20c-7a3c-4198-88fa-4d1b02de0b81",
|
|
"indicator--573cc20c-5d38-4c25-bb17-493702de0b81",
|
|
"observed-data--573cc20c-76e4-4df8-a4ca-441f02de0b81",
|
|
"url--573cc20c-76e4-4df8-a4ca-441f02de0b81",
|
|
"indicator--573cc20d-ebc0-4b00-a883-43ad02de0b81",
|
|
"indicator--573cc20d-c0b0-44bc-b210-44aa02de0b81",
|
|
"observed-data--573cc20d-d1ac-41fb-bcf1-486402de0b81",
|
|
"url--573cc20d-d1ac-41fb-bcf1-486402de0b81",
|
|
"indicator--573cc20d-79a4-4e75-b544-462102de0b81",
|
|
"indicator--573cc20d-2828-41af-94fe-49db02de0b81",
|
|
"observed-data--573cc20d-5b38-44c2-916a-40d902de0b81",
|
|
"url--573cc20d-5b38-44c2-916a-40d902de0b81",
|
|
"indicator--573cc20e-29dc-4ec1-b04c-43af02de0b81",
|
|
"indicator--573cc20e-2ebc-4ef2-83b7-488802de0b81",
|
|
"observed-data--573cc20e-c4a8-44e7-b56e-412f02de0b81",
|
|
"url--573cc20e-c4a8-44e7-b56e-412f02de0b81",
|
|
"indicator--573cc20e-e144-4548-afed-412c02de0b81",
|
|
"indicator--573cc20e-db24-417a-9fe9-4bc602de0b81",
|
|
"observed-data--573cc20e-15a8-4901-a3af-45b402de0b81",
|
|
"url--573cc20e-15a8-4901-a3af-45b402de0b81",
|
|
"indicator--573cc20f-8f5c-4657-85ff-4f5702de0b81",
|
|
"indicator--573cc20f-4bf8-4b7d-bd5b-4fc202de0b81",
|
|
"observed-data--573cc20f-54bc-4a81-a2c4-4dc502de0b81",
|
|
"url--573cc20f-54bc-4a81-a2c4-4dc502de0b81",
|
|
"indicator--573cc20f-751c-4489-8693-46b002de0b81",
|
|
"indicator--573cc20f-b2c0-4852-af5d-40ae02de0b81",
|
|
"observed-data--573cc210-8404-43da-89b7-438802de0b81",
|
|
"url--573cc210-8404-43da-89b7-438802de0b81",
|
|
"indicator--573cc210-7f98-4035-9d53-4bad02de0b81",
|
|
"indicator--573cc210-d7cc-40e9-9c82-402902de0b81",
|
|
"observed-data--573cc210-fb98-481e-ad27-4f6b02de0b81",
|
|
"url--573cc210-fb98-481e-ad27-4f6b02de0b81",
|
|
"indicator--573cc210-7c58-4813-bf59-49f102de0b81",
|
|
"indicator--573cc210-d3f8-4f21-b91e-4ea002de0b81",
|
|
"observed-data--573cc211-ac48-4dd8-9073-4b8002de0b81",
|
|
"url--573cc211-ac48-4dd8-9073-4b8002de0b81",
|
|
"indicator--573cc211-ec7c-4379-925b-429802de0b81",
|
|
"indicator--573cc211-1e08-4fdb-a498-4aaf02de0b81",
|
|
"observed-data--573cc211-2260-4e65-98b8-4f8002de0b81",
|
|
"url--573cc211-2260-4e65-98b8-4f8002de0b81",
|
|
"indicator--573cc211-cbf0-4129-b720-410c02de0b81",
|
|
"indicator--573cc212-e234-4e61-81d2-4eca02de0b81",
|
|
"observed-data--573cc212-c250-439d-a42f-416a02de0b81",
|
|
"url--573cc212-c250-439d-a42f-416a02de0b81",
|
|
"indicator--573cc212-904c-43c4-ae07-4edb02de0b81",
|
|
"indicator--573cc212-9b7c-4c2c-8b21-4afe02de0b81",
|
|
"observed-data--573cc212-17d8-4837-aebe-4bce02de0b81",
|
|
"url--573cc212-17d8-4837-aebe-4bce02de0b81",
|
|
"indicator--573cc212-9eb8-47d6-9f67-492702de0b81",
|
|
"indicator--573cc212-b68c-40ee-9575-426302de0b81",
|
|
"observed-data--573cc213-15ac-42bd-9296-473702de0b81",
|
|
"url--573cc213-15ac-42bd-9296-473702de0b81",
|
|
"indicator--573cc213-9b48-410b-a122-4e2e02de0b81",
|
|
"indicator--573cc213-9c30-4fbb-9ef4-49fb02de0b81",
|
|
"observed-data--573cc213-0d78-4bef-b3b8-4dbc02de0b81",
|
|
"url--573cc213-0d78-4bef-b3b8-4dbc02de0b81",
|
|
"indicator--573cc213-1cdc-4f3a-9368-45eb02de0b81",
|
|
"indicator--573cc213-30b4-4b41-ad38-407a02de0b81",
|
|
"observed-data--573cc214-c40c-44d3-b2a0-45ad02de0b81",
|
|
"url--573cc214-c40c-44d3-b2a0-45ad02de0b81",
|
|
"indicator--573cc214-9190-4775-bc64-48b302de0b81",
|
|
"indicator--573cc214-fb54-4bc5-bda7-4ee302de0b81",
|
|
"observed-data--573cc214-d7e8-40b7-9850-49b202de0b81",
|
|
"url--573cc214-d7e8-40b7-9850-49b202de0b81",
|
|
"indicator--573cc214-bb80-4a9f-b48d-411802de0b81",
|
|
"indicator--573cc215-b9fc-4207-a82b-4f2f02de0b81",
|
|
"observed-data--573cc215-ca44-4305-b077-40b702de0b81",
|
|
"url--573cc215-ca44-4305-b077-40b702de0b81",
|
|
"indicator--573cc215-6004-4d46-96d4-440402de0b81",
|
|
"indicator--573cc215-cb4c-43c5-930d-40f202de0b81",
|
|
"observed-data--573cc215-e70c-4138-aeab-4bf002de0b81",
|
|
"url--573cc215-e70c-4138-aeab-4bf002de0b81",
|
|
"indicator--573cc215-bbc0-4410-ac73-424802de0b81",
|
|
"indicator--573cc216-4908-464c-80e7-44b902de0b81",
|
|
"observed-data--573cc216-b4fc-46c0-bc12-4af402de0b81",
|
|
"url--573cc216-b4fc-46c0-bc12-4af402de0b81",
|
|
"indicator--573cc216-2a2c-4957-9908-45c802de0b81",
|
|
"indicator--573cc216-ab44-432f-8690-4ff202de0b81",
|
|
"observed-data--573cc216-0b8c-4617-a150-41c002de0b81",
|
|
"url--573cc216-0b8c-4617-a150-41c002de0b81",
|
|
"indicator--573cc216-959c-414a-8e94-4b4a02de0b81",
|
|
"indicator--573cc217-6450-4ce0-bfdd-40ab02de0b81",
|
|
"observed-data--573cc217-1cbc-44b7-8bb9-489e02de0b81",
|
|
"url--573cc217-1cbc-44b7-8bb9-489e02de0b81",
|
|
"indicator--573cc217-13b8-44fa-8603-4ce102de0b81",
|
|
"indicator--573cc217-b4c8-40d4-acfe-430602de0b81",
|
|
"observed-data--573cc217-be00-4cba-9cf5-459002de0b81",
|
|
"url--573cc217-be00-4cba-9cf5-459002de0b81",
|
|
"indicator--573cc217-9e5c-43ed-95ab-417702de0b81",
|
|
"indicator--573cc218-b844-40dd-9f6a-4b4502de0b81",
|
|
"observed-data--573cc218-97d4-4ff6-a047-4f0902de0b81",
|
|
"url--573cc218-97d4-4ff6-a047-4f0902de0b81",
|
|
"indicator--573cc218-3860-44bb-ac76-47a002de0b81",
|
|
"indicator--573cc218-6298-474a-8f72-402f02de0b81",
|
|
"observed-data--573cc218-0d08-4852-ac11-47db02de0b81",
|
|
"url--573cc218-0d08-4852-ac11-47db02de0b81",
|
|
"indicator--573cc218-21d8-4961-9f50-4dc902de0b81",
|
|
"indicator--573cc219-964c-490c-aa40-4b4902de0b81",
|
|
"observed-data--573cc219-8eb8-4b1a-8f6d-486702de0b81",
|
|
"url--573cc219-8eb8-4b1a-8f6d-486702de0b81",
|
|
"indicator--573cc219-a9c0-4377-96d8-491302de0b81",
|
|
"indicator--573cc219-9820-4bb2-b86c-4ff602de0b81",
|
|
"observed-data--573cc219-a504-47b4-9879-46b802de0b81",
|
|
"url--573cc219-a504-47b4-9879-46b802de0b81",
|
|
"indicator--573cc21a-2ba4-4178-bed5-409902de0b81",
|
|
"indicator--573cc21a-ee70-4064-a871-42c802de0b81",
|
|
"observed-data--573cc21a-2aa8-4139-8a12-45f202de0b81",
|
|
"url--573cc21a-2aa8-4139-8a12-45f202de0b81",
|
|
"indicator--573cc21a-f35c-4e98-8a8a-489102de0b81",
|
|
"indicator--573cc21a-0f14-4721-993d-4d8702de0b81",
|
|
"observed-data--573cc21a-0c9c-47ab-b1c8-431702de0b81",
|
|
"url--573cc21a-0c9c-47ab-b1c8-431702de0b81",
|
|
"indicator--573cc21b-84d4-468b-abfa-4c9102de0b81",
|
|
"indicator--573cc21b-59a0-4c2e-b2c4-482202de0b81",
|
|
"observed-data--573cc21b-3fb8-41d8-89e6-46d802de0b81",
|
|
"url--573cc21b-3fb8-41d8-89e6-46d802de0b81",
|
|
"indicator--573cc21b-0238-40fd-97ad-4e8702de0b81",
|
|
"indicator--573cc21b-6ba4-46ed-930a-4c1702de0b81",
|
|
"observed-data--573cc21b-e37c-45d2-ac0c-4a0002de0b81",
|
|
"url--573cc21b-e37c-45d2-ac0c-4a0002de0b81",
|
|
"indicator--573cc21c-6968-44f6-9162-416702de0b81",
|
|
"indicator--573cc21c-fc94-404d-af7c-438002de0b81",
|
|
"observed-data--573cc21c-9c40-4009-b183-43d702de0b81",
|
|
"url--573cc21c-9c40-4009-b183-43d702de0b81",
|
|
"indicator--573cc21c-a9cc-4b39-9950-462602de0b81",
|
|
"indicator--573cc21c-da7c-4166-8ac6-45b302de0b81",
|
|
"observed-data--573cc21c-d4e0-45c7-ab55-44a202de0b81",
|
|
"url--573cc21c-d4e0-45c7-ab55-44a202de0b81",
|
|
"indicator--573cc21d-8ecc-42a1-8337-4b8702de0b81",
|
|
"indicator--573cc21d-92a4-4098-a22d-48e802de0b81",
|
|
"observed-data--573cc21d-48c8-4e3b-9b1b-46ed02de0b81",
|
|
"url--573cc21d-48c8-4e3b-9b1b-46ed02de0b81",
|
|
"indicator--573cc21d-2ad4-4e71-9315-430602de0b81",
|
|
"indicator--573cc21d-8a8c-4e71-8df0-4d0502de0b81",
|
|
"observed-data--573cc21d-99a4-4056-a303-43c002de0b81",
|
|
"url--573cc21d-99a4-4056-a303-43c002de0b81",
|
|
"indicator--573cc21d-fca4-4427-88ca-46b202de0b81",
|
|
"indicator--573cc21e-4678-4a42-84e2-492502de0b81",
|
|
"observed-data--573cc21e-22c8-4672-b36f-4b1002de0b81",
|
|
"url--573cc21e-22c8-4672-b36f-4b1002de0b81",
|
|
"indicator--573cc21e-63f4-4a29-8064-4d8a02de0b81",
|
|
"indicator--573cc21e-f068-4fa2-8b8f-4dc602de0b81",
|
|
"observed-data--573cc21e-52dc-4f50-814c-49ec02de0b81",
|
|
"url--573cc21e-52dc-4f50-814c-49ec02de0b81",
|
|
"indicator--573cc21e-b0b4-4e89-a726-4f0e02de0b81",
|
|
"indicator--573cc21f-5348-4cc2-b2c7-443302de0b81",
|
|
"observed-data--573cc21f-f204-49c6-ae07-4f1602de0b81",
|
|
"url--573cc21f-f204-49c6-ae07-4f1602de0b81",
|
|
"indicator--573cc21f-930c-449b-91bf-406402de0b81",
|
|
"indicator--573cc21f-709c-46d9-8755-448102de0b81",
|
|
"observed-data--573cc21f-599c-4b7d-bec5-49cc02de0b81",
|
|
"url--573cc21f-599c-4b7d-bec5-49cc02de0b81",
|
|
"indicator--573cc21f-2468-46d0-a647-441e02de0b81",
|
|
"indicator--573cc21f-8b14-4e80-9e16-423602de0b81",
|
|
"observed-data--573cc220-2b28-4c53-ac14-4fce02de0b81",
|
|
"url--573cc220-2b28-4c53-ac14-4fce02de0b81",
|
|
"indicator--573cc220-80f8-4f44-9ecc-4a4002de0b81",
|
|
"indicator--573cc220-4de4-47b2-9a3f-4af502de0b81",
|
|
"observed-data--573cc220-489c-4173-a6f4-4d0d02de0b81",
|
|
"url--573cc220-489c-4173-a6f4-4d0d02de0b81",
|
|
"indicator--573cc220-e4ec-4d5b-a19a-4aa302de0b81",
|
|
"indicator--573cc220-6c84-46d4-a1af-424b02de0b81",
|
|
"observed-data--573cc221-c8a8-4142-a321-46e202de0b81",
|
|
"url--573cc221-c8a8-4142-a321-46e202de0b81",
|
|
"indicator--573cc221-bb84-44a3-b9e3-4f3a02de0b81",
|
|
"indicator--573cc221-5ee8-4f87-b43e-441d02de0b81",
|
|
"observed-data--573cc221-3c08-4200-bbe2-42c902de0b81",
|
|
"url--573cc221-3c08-4200-bbe2-42c902de0b81",
|
|
"indicator--573cc221-ac80-4bfd-bd3f-45db02de0b81",
|
|
"indicator--573cc221-5ab8-4d62-b151-45dc02de0b81",
|
|
"observed-data--573cc222-1888-4ca0-b72f-434702de0b81",
|
|
"url--573cc222-1888-4ca0-b72f-434702de0b81",
|
|
"indicator--573cc222-8d8c-4966-b871-465a02de0b81",
|
|
"indicator--573cc222-fe50-4a42-a2e8-4f7f02de0b81",
|
|
"observed-data--573cc222-df08-43fc-af64-472702de0b81",
|
|
"url--573cc222-df08-43fc-af64-472702de0b81",
|
|
"indicator--573cc222-ad88-4547-8db9-420902de0b81",
|
|
"indicator--573cc222-b2d8-414a-bd04-4e9102de0b81",
|
|
"observed-data--573cc222-956c-4fac-b3aa-46ea02de0b81",
|
|
"url--573cc222-956c-4fac-b3aa-46ea02de0b81",
|
|
"indicator--573cc223-d758-47d9-a5ee-46f102de0b81",
|
|
"indicator--573cc223-61e4-456b-a86f-46e102de0b81",
|
|
"observed-data--573cc223-369c-4ff6-abe3-48fb02de0b81",
|
|
"url--573cc223-369c-4ff6-abe3-48fb02de0b81",
|
|
"indicator--573cc223-0a78-41ea-a0a2-442702de0b81",
|
|
"indicator--573cc223-cccc-4ea5-af03-4c7a02de0b81",
|
|
"observed-data--573cc223-8b0c-4942-9141-418402de0b81",
|
|
"url--573cc223-8b0c-4942-9141-418402de0b81",
|
|
"indicator--573cc224-39f4-4fc7-8c8b-426602de0b81",
|
|
"indicator--573cc224-3fa8-484f-b888-47cd02de0b81",
|
|
"observed-data--573cc224-c080-4cc7-925a-47d802de0b81",
|
|
"url--573cc224-c080-4cc7-925a-47d802de0b81",
|
|
"indicator--573cc224-af5c-47ad-b29d-4f3902de0b81",
|
|
"indicator--573cc224-38c4-46e5-8350-442402de0b81",
|
|
"observed-data--573cc224-8004-4157-a053-40dc02de0b81",
|
|
"url--573cc224-8004-4157-a053-40dc02de0b81",
|
|
"indicator--573cc225-9e3c-46d3-8356-462d02de0b81",
|
|
"indicator--573cc225-71c0-43c1-baea-4dbc02de0b81",
|
|
"observed-data--573cc225-984c-4da8-bca1-4b0502de0b81",
|
|
"url--573cc225-984c-4da8-bca1-4b0502de0b81",
|
|
"indicator--573cc225-19f0-4b8c-b417-4fc102de0b81",
|
|
"indicator--573cc225-ab00-4fc7-ac52-469e02de0b81",
|
|
"observed-data--573cc225-dad0-4236-8b59-43a802de0b81",
|
|
"url--573cc225-dad0-4236-8b59-43a802de0b81",
|
|
"indicator--573cc226-f65c-435b-8f46-4d3702de0b81",
|
|
"indicator--573cc226-5b80-4248-87e1-48c902de0b81",
|
|
"observed-data--573cc226-e7e0-432e-8c48-46c802de0b81",
|
|
"url--573cc226-e7e0-432e-8c48-46c802de0b81",
|
|
"indicator--573cc226-79d8-4c40-959f-471702de0b81",
|
|
"indicator--573cc226-8c90-4d9c-9e28-4fe802de0b81",
|
|
"observed-data--573cc226-c19c-4cae-93ab-417202de0b81",
|
|
"url--573cc226-c19c-4cae-93ab-417202de0b81",
|
|
"indicator--573cc226-5458-4913-902e-474302de0b81",
|
|
"indicator--573cc227-c3d4-4278-bcb0-441102de0b81",
|
|
"observed-data--573cc227-2398-4beb-a23f-4bf502de0b81",
|
|
"url--573cc227-2398-4beb-a23f-4bf502de0b81",
|
|
"indicator--573cc227-2678-431b-93ac-43de02de0b81",
|
|
"indicator--573cc227-dcfc-42d4-ab48-412202de0b81",
|
|
"observed-data--573cc227-1514-475a-a03c-462102de0b81",
|
|
"url--573cc227-1514-475a-a03c-462102de0b81",
|
|
"indicator--573cc228-1a88-4204-a33b-49b402de0b81",
|
|
"indicator--573cc228-ac90-4009-a62c-49e302de0b81",
|
|
"observed-data--573cc228-de38-4eeb-b08c-43cc02de0b81",
|
|
"url--573cc228-de38-4eeb-b08c-43cc02de0b81",
|
|
"indicator--573cc228-2dc8-4f4b-b67f-41f802de0b81",
|
|
"indicator--573cc228-9668-4ce2-b0c9-44ad02de0b81",
|
|
"observed-data--573cc228-aa40-481f-a110-4e7102de0b81",
|
|
"url--573cc228-aa40-481f-a110-4e7102de0b81",
|
|
"indicator--573cc229-f67c-4bd1-91b9-4fc602de0b81",
|
|
"indicator--573cc229-fd24-4e1a-9261-4ac702de0b81",
|
|
"observed-data--573cc229-dfc4-418c-a220-443302de0b81",
|
|
"url--573cc229-dfc4-418c-a220-443302de0b81",
|
|
"indicator--573cc229-b520-494f-9b57-486402de0b81",
|
|
"indicator--573cc229-15e0-4129-9275-4cab02de0b81",
|
|
"observed-data--573cc22a-95f4-46c8-a2ac-44a802de0b81",
|
|
"url--573cc22a-95f4-46c8-a2ac-44a802de0b81",
|
|
"indicator--573cc22a-e834-4820-9cdc-468b02de0b81",
|
|
"indicator--573cc22a-b434-4fde-99ad-436502de0b81",
|
|
"observed-data--573cc22a-f938-438b-b060-422502de0b81",
|
|
"url--573cc22a-f938-438b-b060-422502de0b81",
|
|
"indicator--573cc22a-b860-432e-973a-492202de0b81",
|
|
"indicator--573cc22b-2b64-4b99-8031-423702de0b81",
|
|
"observed-data--573cc22b-d188-44ce-b04c-49ac02de0b81",
|
|
"url--573cc22b-d188-44ce-b04c-49ac02de0b81",
|
|
"indicator--573cc22b-6cfc-4db9-8452-4eb802de0b81",
|
|
"indicator--573cc22b-a808-42d2-8b4e-4a5f02de0b81",
|
|
"observed-data--573cc22b-ac58-40cd-a8f5-49f302de0b81",
|
|
"url--573cc22b-ac58-40cd-a8f5-49f302de0b81",
|
|
"indicator--573cc22c-8b14-4262-a3c9-481102de0b81",
|
|
"indicator--573cc22c-0570-4f84-98d5-45ea02de0b81",
|
|
"observed-data--573cc22c-99dc-4cef-b6be-472902de0b81",
|
|
"url--573cc22c-99dc-4cef-b6be-472902de0b81",
|
|
"indicator--573cc22c-df0c-48ee-b8e2-4a8402de0b81",
|
|
"indicator--573cc22c-274c-4af0-b4e4-4dde02de0b81",
|
|
"observed-data--573cc22d-c53c-4d73-ae66-49c602de0b81",
|
|
"url--573cc22d-c53c-4d73-ae66-49c602de0b81",
|
|
"indicator--573cc22d-3354-46d5-96c4-4ebc02de0b81",
|
|
"indicator--573cc22d-652c-4789-a60b-48d002de0b81",
|
|
"observed-data--573cc22d-9aa4-4d96-8a23-4d0402de0b81",
|
|
"url--573cc22d-9aa4-4d96-8a23-4d0402de0b81",
|
|
"indicator--573cc22d-a398-4934-89f7-4f6f02de0b81",
|
|
"indicator--573cc22e-7e68-4022-b4f9-497702de0b81",
|
|
"observed-data--573cc22e-88f0-45a8-9763-4d9202de0b81",
|
|
"url--573cc22e-88f0-45a8-9763-4d9202de0b81",
|
|
"indicator--573cc22e-9544-4aeb-a046-4e5402de0b81",
|
|
"indicator--573cc22e-3c1c-45db-9e84-4a0902de0b81",
|
|
"observed-data--573cc22e-3ce0-4785-88ae-47a902de0b81",
|
|
"url--573cc22e-3ce0-4785-88ae-47a902de0b81",
|
|
"indicator--573cc22e-9b4c-4ad9-bc5e-40db02de0b81",
|
|
"indicator--573cc22f-1b4c-49f2-a774-44b702de0b81",
|
|
"observed-data--573cc22f-f370-44cc-8988-43fe02de0b81",
|
|
"url--573cc22f-f370-44cc-8988-43fe02de0b81",
|
|
"indicator--573cc22f-a720-464c-90bd-4a8002de0b81",
|
|
"indicator--573cc22f-8780-43af-a256-44ec02de0b81",
|
|
"observed-data--573cc22f-5e5c-4423-a4d2-422102de0b81",
|
|
"url--573cc22f-5e5c-4423-a4d2-422102de0b81",
|
|
"indicator--573cc230-9864-468d-91b0-4fbc02de0b81",
|
|
"indicator--573cc230-7bdc-4aff-881c-42ba02de0b81",
|
|
"observed-data--573cc230-ef54-4609-a102-473d02de0b81",
|
|
"url--573cc230-ef54-4609-a102-473d02de0b81",
|
|
"indicator--573cc230-246c-48a9-b416-43a902de0b81",
|
|
"indicator--573cc230-b154-4791-a608-47bb02de0b81",
|
|
"observed-data--573cc231-9c5c-4fa4-a12c-4f3902de0b81",
|
|
"url--573cc231-9c5c-4fa4-a12c-4f3902de0b81",
|
|
"indicator--573cc231-b638-4a40-b4ba-43c902de0b81",
|
|
"indicator--573cc231-b550-481e-863f-492a02de0b81",
|
|
"observed-data--573cc231-6f58-4fa4-a0f8-4fdc02de0b81",
|
|
"url--573cc231-6f58-4fa4-a0f8-4fdc02de0b81",
|
|
"indicator--573cc231-25fc-43fc-b5b5-423f02de0b81",
|
|
"indicator--573cc232-81fc-4afb-9c9f-4c9802de0b81",
|
|
"observed-data--573cc232-23a8-42cd-b6c5-4f6102de0b81",
|
|
"url--573cc232-23a8-42cd-b6c5-4f6102de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbe81-a76c-4f95-b500-2a9d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:01.000Z",
|
|
"modified": "2016-05-18T19:12:01.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "In addition to the armed conflict in eastern Ukraine, in recent years the country has been facing a significantly higher number of targeted cyberattacks, or so-called advanced persistent threats (APTs).\r\n\r\nAfter BlackEnergy, which has, most infamously, facilitated attacks that resulted in power outages for hundreds of thousands of Ukrainian civilians, and Operation Potao Express, where attackers went after sensitive TrueCrypt-protected data from high value targets, ESET researchers have uncovered another cyberespionage operation in Ukraine: Operation Groundbait.\r\nCyber-surveillance focusing on separatists\r\n\r\nThe main point that sets Operation Groundbait apart from the other attacks is that it has mostly been targeting anti-government separatists in the self-declared Donetsk and Luhansk People\u00e2\u20ac\u2122s Republics.\r\n\r\nWhile the attackers seem to be more interested in separatists and the self-declared governments in eastern Ukrainian war zones, there have also been a large number of other targets, including, among others, Ukrainian government officials, politicians and journalists.."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cbe90-f7e8-4704-897d-2aa102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:16.000Z",
|
|
"modified": "2016-05-18T19:12:16.000Z",
|
|
"first_observed": "2016-05-18T19:12:16Z",
|
|
"last_observed": "2016-05-18T19:12:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cbe90-f7e8-4704-897d-2aa102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cbe90-f7e8-4704-897d-2aa102de0b81",
|
|
"value": "http://www.welivesecurity.com/2016/05/18/groundbait/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea5-5f5c-47ca-84f3-4b5302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:37.000Z",
|
|
"modified": "2016-05-18T19:12:37.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Agent.UIG trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea5-1220-4f7d-9943-448202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:37.000Z",
|
|
"modified": "2016-05-18T19:12:37.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Agent.XOR trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea5-2f58-4339-801a-43d302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:37.000Z",
|
|
"modified": "2016-05-18T19:12:37.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win64/Agent.XOR trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea5-5ccc-4263-9e27-4c1302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:37.000Z",
|
|
"modified": "2016-05-18T19:12:37.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Agent.XQX trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea5-0e24-47a6-9d5a-4fc802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:37.000Z",
|
|
"modified": "2016-05-18T19:12:37.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Agent.XRA trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-b4f8-40e1-b590-4b4b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Agent.XRB trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-136c-4fb7-a6d9-41be02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Agent.XRC trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-f7f8-4511-b1ec-425302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win64/Agent.DX trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-a164-4ac0-874e-442c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/TrojanDropper.Agent.RGH trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-59b0-470b-894a-46a402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/TrojanDropper.Agent.RHN trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-b8e4-452a-a3bc-419102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win32/Prikormka trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea6-7034-486e-9c56-49ae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:38.000Z",
|
|
"modified": "2016-05-18T19:12:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Win64/Prikormka trojan"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--573cbea7-0348-41e2-8646-4f2702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:12:39.000Z",
|
|
"modified": "2016-05-18T19:12:39.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "MSIL/Prikormka trojan"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebe-d850-4067-8ebf-40f002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:02.000Z",
|
|
"modified": "2016-05-18T19:13:02.000Z",
|
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\IntelRestore\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebe-e558-49f7-8d5d-488902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:02.000Z",
|
|
"modified": "2016-05-18T19:13:02.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Resent\\\\roaming\\\\ocp8.1\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebe-4714-471d-9258-433702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:02.000Z",
|
|
"modified": "2016-05-18T19:13:02.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\MMC\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebe-5074-4c07-805a-466902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:02.000Z",
|
|
"modified": "2016-05-18T19:13:02.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\PMG\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebe-9214-450e-93c8-453002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:02.000Z",
|
|
"modified": "2016-05-18T19:13:02.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\SKC\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-cf30-435a-9ac5-4b3702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\CMS\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-ec04-4898-b70f-4f8d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\VRT\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-e740-474a-9de0-489a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\ioctl\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-786c-4eed-a6e3-4f8802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\ntshrui.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-a31c-42fe-8b02-4dc802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\hauthuid.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-dca8-4933-b8ec-4dbe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\hlpuctf.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbebf-98b0-4d7b-a71c-44d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:03.000Z",
|
|
"modified": "2016-05-18T19:13:03.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\atiml.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbec0-b3c0-4c83-85b4-47f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:04.000Z",
|
|
"modified": "2016-05-18T19:13:04.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\iomus.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbec0-3e20-4c96-9f9b-47d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:04.000Z",
|
|
"modified": "2016-05-18T19:13:04.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\swma.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbec0-2fac-446d-b5fb-4cdf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:04.000Z",
|
|
"modified": "2016-05-18T19:13:04.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\helpldr.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbec0-79d0-4131-a734-406a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:04.000Z",
|
|
"modified": "2016-05-18T19:13:04.000Z",
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\rbcon.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbec0-e394-457a-929a-4fd002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:04.000Z",
|
|
"modified": "2016-05-18T19:13:04.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\CMS\\\\krman.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbec0-928c-4d97-8a8c-447a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:04.000Z",
|
|
"modified": "2016-05-18T19:13:04.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\AppData\\\\Local\\\\VRT\\\\_wputproc.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee1-3664-4763-987e-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:37.000Z",
|
|
"modified": "2016-05-18T19:13:37.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexLNKINFO64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee1-5978-4e4a-b04b-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:37.000Z",
|
|
"modified": "2016-05-18T19:13:37.000Z",
|
|
"pattern": "[mutex:name = 'Zw_&one@ldrContext43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee1-0514-4107-a4fa-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:37.000Z",
|
|
"modified": "2016-05-18T19:13:37.000Z",
|
|
"pattern": "[mutex:name = 'Paramore756Contex43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee2-5ecc-490a-b9b3-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:38.000Z",
|
|
"modified": "2016-05-18T19:13:38.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexSMD64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee2-ab8c-4143-aa4a-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:38.000Z",
|
|
"modified": "2016-05-18T19:13:38.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexWriteUSBIO64x']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee2-febc-4a1f-972c-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:38.000Z",
|
|
"modified": "2016-05-18T19:13:38.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV45scr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee2-7af0-408f-898c-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:38.000Z",
|
|
"modified": "2016-05-18T19:13:38.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV45snd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee2-164c-448c-96f9-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:38.000Z",
|
|
"modified": "2016-05-18T19:13:38.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexSkSwmA']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee3-e438-417d-9f84-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:39.000Z",
|
|
"modified": "2016-05-18T19:13:39.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexKINP64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee3-bb20-4c65-8849-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:39.000Z",
|
|
"modified": "2016-05-18T19:13:39.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee3-6458-4441-b6dc-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:39.000Z",
|
|
"modified": "2016-05-18T19:13:39.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV65new']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee3-3780-4ab6-b33a-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:39.000Z",
|
|
"modified": "2016-05-18T19:13:39.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV65xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee3-ba48-42b9-b066-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:39.000Z",
|
|
"modified": "2016-05-18T19:13:39.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV65xy']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee3-4eb8-4cb3-a81c-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:39.000Z",
|
|
"modified": "2016-05-18T19:13:39.000Z",
|
|
"pattern": "[mutex:name = 'ZxWinDeffContexRNDRV64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbee4-2d20-4fd0-9153-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:13:40.000Z",
|
|
"modified": "2016-05-18T19:13:40.000Z",
|
|
"pattern": "[mutex:name = 'Client67workProc98List3To']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:13:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbefe-4660-4235-a5b6-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:06.000Z",
|
|
"modified": "2016-05-18T19:14:06.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'disk-fulldatabase.rhcloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbeff-293c-4e11-bb23-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:07.000Z",
|
|
"modified": "2016-05-18T19:14:07.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.175.208.187']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbeff-5f78-4d08-afbc-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:07.000Z",
|
|
"modified": "2016-05-18T19:14:07.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'wallejob.in.ua']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbeff-13a8-45bf-b9f8-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:07.000Z",
|
|
"modified": "2016-05-18T19:14:07.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'wallex.ho.ua']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbeff-4bc8-4863-9db5-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:07.000Z",
|
|
"modified": "2016-05-18T19:14:07.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'gils.ho.ua']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbeff-2748-4573-a27c-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:07.000Z",
|
|
"modified": "2016-05-18T19:14:07.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'literat.ho.ua']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf00-d904-45d4-ad21-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:08.000Z",
|
|
"modified": "2016-05-18T19:14:08.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'lefting.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf00-80e4-4365-af2c-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:08.000Z",
|
|
"modified": "2016-05-18T19:14:08.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'celebrat.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf00-6484-4c8e-ba3c-912902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:08.000Z",
|
|
"modified": "2016-05-18T19:14:08.000Z",
|
|
"description": "C&C servers",
|
|
"pattern": "[domain-name:value = 'bolepaund.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf20-5424-4115-8b4e-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:40.000Z",
|
|
"modified": "2016-05-18T19:14:40.000Z",
|
|
"description": "Servers used for sending spear phishing e-mail messages",
|
|
"pattern": "[domain-name:value = 'server-eacloud.rhcloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf20-9eb8-4e25-b4ab-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:40.000Z",
|
|
"modified": "2016-05-18T19:14:40.000Z",
|
|
"description": "Servers used for sending spear phishing e-mail messages",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.152.171.48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf20-aa4c-4a7b-8129-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:40.000Z",
|
|
"modified": "2016-05-18T19:14:40.000Z",
|
|
"description": "Servers used for sending spear phishing e-mail messages",
|
|
"pattern": "[domain-name:value = 'easerver-fulldatabase.rhcloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf21-6418-4715-aa14-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:14:41.000Z",
|
|
"modified": "2016-05-18T19:14:41.000Z",
|
|
"description": "Servers used for sending spear phishing e-mail messages",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.23.164.7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:14:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf61-dadc-42fb-b103-4b2e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:45.000Z",
|
|
"modified": "2016-05-18T19:15:45.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '42041871308b5711041b7af69b78f45df642546c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf61-a718-48f9-ba2f-432702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:45.000Z",
|
|
"modified": "2016-05-18T19:15:45.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '37f75844c0d0f7f80a699153af131984d2ce2b6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf61-6fd0-493d-b12f-4b8302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:45.000Z",
|
|
"modified": "2016-05-18T19:15:45.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '029f054a52fe93b0cd6c4d1d815a795eae9caab4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf61-abb0-4f97-b16f-4d5902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:45.000Z",
|
|
"modified": "2016-05-18T19:15:45.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '66c143d7c33666903b174f4b94d609be8791914d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf61-d638-4f33-89fb-49c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:45.000Z",
|
|
"modified": "2016-05-18T19:15:45.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '60351035ecdeed071e3fb80affe08872a0b582c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf61-1ddc-44ab-a081-4ebb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:45.000Z",
|
|
"modified": "2016-05-18T19:15:45.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '0296191b323900b2bc014e2acb5e0614c679b682']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf62-f608-45a4-ad5f-4ae602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:46.000Z",
|
|
"modified": "2016-05-18T19:15:46.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '1bf0e90027ef798727a4496b1928f1fa79146051']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf62-78ac-496a-92b9-491702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:46.000Z",
|
|
"modified": "2016-05-18T19:15:46.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '76cae58e4df4d029155bf2e44ba0f8075dc99020']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf62-8bf4-4539-9f08-4c8d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:46.000Z",
|
|
"modified": "2016-05-18T19:15:46.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'c0fbe31f1e6e56e93932076ba55a5229e22b5c4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf62-0414-4b47-93a0-465e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:46.000Z",
|
|
"modified": "2016-05-18T19:15:46.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'cf09b0cd03c9d0553f0b82827c989d04f1a1faf1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf62-78dc-4030-aa31-486302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:46.000Z",
|
|
"modified": "2016-05-18T19:15:46.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '7c28b907e1053f825478a74fdc1090fbf71dd878']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf63-6ad8-4f1f-8ae2-45c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:47.000Z",
|
|
"modified": "2016-05-18T19:15:47.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'd7f35b66c554ee1076279df54c4e931651a7a211']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf63-0e34-4270-9969-4e0802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:47.000Z",
|
|
"modified": "2016-05-18T19:15:47.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '2b0fb236ddc0098addf051531912fc2601ffccdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf63-fd78-434f-8101-471202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:47.000Z",
|
|
"modified": "2016-05-18T19:15:47.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'eab122e5857df838469b5b00da0a3bd06df8da05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf63-1cb0-4479-b170-46e302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:47.000Z",
|
|
"modified": "2016-05-18T19:15:47.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '00bccebb7614ba270ca2908ee5711f25d3740e7e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf63-bb98-4e24-af49-4cf702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:47.000Z",
|
|
"modified": "2016-05-18T19:15:47.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'f908824db35efd589449d04e41f8bcea057f6e52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf63-956c-4ca2-9ebe-41a102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:47.000Z",
|
|
"modified": "2016-05-18T19:15:47.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'a8ced2ff8f3d4b77160cb81843652d971469a30b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf64-8c9c-4163-af4b-4aad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:48.000Z",
|
|
"modified": "2016-05-18T19:15:48.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '6002357fb96a786401baa40a89a85dba3a7d7ad4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf64-76b0-4284-af8b-462902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:48.000Z",
|
|
"modified": "2016-05-18T19:15:48.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'e3e9ca2ac83cfadd80fecd002b377b6b41ac5250']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf64-6c84-4787-8c24-402102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:48.000Z",
|
|
"modified": "2016-05-18T19:15:48.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'eafc458aac3f1564e940bac7d45c1e659636cc86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf64-417c-40dd-9fb7-420c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:48.000Z",
|
|
"modified": "2016-05-18T19:15:48.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'fcbc8c75246511f9e4d49fe501f956a857face84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf64-24dc-4143-a0a9-4a3c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:48.000Z",
|
|
"modified": "2016-05-18T19:15:48.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '803c48a93785581aa89422b6b1e73677bf8dc749']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf64-83d4-4d33-8d3f-4ed802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:48.000Z",
|
|
"modified": "2016-05-18T19:15:48.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '87c34623ebec481fd430f6ce26849220c641742c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf65-bc0c-4d51-9ae7-46ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:49.000Z",
|
|
"modified": "2016-05-18T19:15:49.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'a1ee4e4ba27b4035f29fa6ab943ae072d42e65b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf65-68a4-493a-a7e7-40b002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:49.000Z",
|
|
"modified": "2016-05-18T19:15:49.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '19aab5fae0809f87ef27a18208a3c0c52dea182a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf65-83a4-4afc-ac38-4a0d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:49.000Z",
|
|
"modified": "2016-05-18T19:15:49.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'c88218c2c23555d5e39596b2110bda54a7ad50db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf65-bee8-43bf-aa30-4b6c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:49.000Z",
|
|
"modified": "2016-05-18T19:15:49.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'ec16141d6c0399b74a26b7b572580b3ac4cbc811']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf65-eacc-4f31-859c-4ad502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:49.000Z",
|
|
"modified": "2016-05-18T19:15:49.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '76b77e40182da242307272b9f77132abb0b46515']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf65-1984-40d1-9696-4cf802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:49.000Z",
|
|
"modified": "2016-05-18T19:15:49.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '7ab44936e5545c5778c697abcc20fd8955e35f36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf66-767c-4a31-9a18-416802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:50.000Z",
|
|
"modified": "2016-05-18T19:15:50.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '86dd049877b564158020ab9b1a6ca3c30371979d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf66-b6f0-4983-bddc-468402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:50.000Z",
|
|
"modified": "2016-05-18T19:15:50.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '8665c7a753ba5f619fe79d52dc49724f17d81dac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf66-2614-4eaa-a903-405602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:50.000Z",
|
|
"modified": "2016-05-18T19:15:50.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '8839ed42ec1440cbf30cc345f11b88450ea8fe46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf66-4cb4-498b-a00c-410a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:50.000Z",
|
|
"modified": "2016-05-18T19:15:50.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '4d2c8cd6c514202cbc133347e2c35f63f03a77bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf66-3644-4ca0-9bea-4ac302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:50.000Z",
|
|
"modified": "2016-05-18T19:15:50.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'cdf0734730ea786ad2d3b0e9d0d82f85d3c4ad07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf66-b3b8-49b7-b07b-4b3602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:50.000Z",
|
|
"modified": "2016-05-18T19:15:50.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '99345c5e6fc6901b630c044dd5c6a5015a94b046']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf67-9e2c-4e1b-9854-45fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:51.000Z",
|
|
"modified": "2016-05-18T19:15:51.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '93fe501bcdf62060798e35643b7e5f4e3fff05a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf67-fb04-4507-ade9-437002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:51.000Z",
|
|
"modified": "2016-05-18T19:15:51.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '1287205fe5b83583cb28d39d965d182ea1dfcfdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf67-ad2c-472b-9b57-462802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:51.000Z",
|
|
"modified": "2016-05-18T19:15:51.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'c0c4db689f393a26611b7f8fe08f38b456a173da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf67-c97c-4c63-bdc2-4ee802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:51.000Z",
|
|
"modified": "2016-05-18T19:15:51.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '3f867cf4ae4b1232b08e40adabe7bc21ef856fe2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf67-e530-47e8-ba08-4cb802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:51.000Z",
|
|
"modified": "2016-05-18T19:15:51.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'e9a2b1611edc105fba65affcdab062d6fa5c67b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf67-5ae8-41cf-9c13-4cf002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:51.000Z",
|
|
"modified": "2016-05-18T19:15:51.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'addf8193442d145c6bcb4c54b95a5cfe759c6436']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-f35c-469e-9260-4c7b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'cd5aa66ad7c8d418f19b486211591e31b5b74ab6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-7a98-4207-9e03-43d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '8a01c06df6e59f1513146dfe07936e4aca59b152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-e718-465a-ac0e-447302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'e35081b99c5445952ad4e204a4c42f06d7c3707d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-f4a0-48ec-baac-412e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'a6d8431efba501864c4646a63071d28b30eebf99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-de00-4a59-a86d-4cf202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '613f631d0e384954d2fea5be39124ad821c8e5d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-8dc8-4c89-85c5-448f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'd45cecd9ddd79259c6518300ed77257a9abbdf92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf68-4634-4aff-b798-4d6002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:52.000Z",
|
|
"modified": "2016-05-18T19:15:52.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '642033a50ef2c51e1f391d85ed870b09a308469a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf69-a880-41a4-b631-462202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:53.000Z",
|
|
"modified": "2016-05-18T19:15:53.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'fd95c6b33af4b29efbd26d388c50164c3167cb68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf69-cc20-4634-b216-41e402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:53.000Z",
|
|
"modified": "2016-05-18T19:15:53.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '9a578c7c305be62167ef87ab52e59a12f336186a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf69-0348-466f-aefe-4aa802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:53.000Z",
|
|
"modified": "2016-05-18T19:15:53.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'fe9f5018198567f3d3fb3aa09279c65dbe981171']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf69-3ec8-442f-8c7d-442902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:53.000Z",
|
|
"modified": "2016-05-18T19:15:53.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '62487dd8ec172462f9b4cbb790ef6f7878d20352']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf69-9bfc-4aea-9ea1-465902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:53.000Z",
|
|
"modified": "2016-05-18T19:15:53.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'e397f1d784b4a9eee7eeac427c549a301dec0c7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf69-54cc-468a-8703-498a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:53.000Z",
|
|
"modified": "2016-05-18T19:15:53.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'e8a2734c3ffecb76dd4d1c28d646ee59188be7bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-b4e8-4067-af11-4c0802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '8df79b2734bcd83b3d55ff99521d10e550dfcff3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-04b4-4509-97f9-4f4202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '64d31bbcf8e224e06bb5f1b350d2f18bfdd78a8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-9db0-458b-902f-4eef02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'd5b785f8f92c7588cfad7a1a21daffa6eb9cfa5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-79a8-4e15-98ce-44ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '8327a743756fa1b051725bf8ec3fdd9b9e844e9a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-75cc-42c8-8214-4a8e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '98440ec18a7e78925cb760f5016111115c89f1f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-064c-4595-ae2c-456702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '6e56bc6023085d6e88668d1c66b91ab5aa92f294']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6a-ebec-4f10-b285-49ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:54.000Z",
|
|
"modified": "2016-05-18T19:15:54.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '160cf2abb25495188a0acb523bd201b0369cffd2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-0590-4d62-9f44-4a4602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '6e5a098a3eddeec2e4986de84fb00d7ea7ee26b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-51dc-4b6d-82df-4f8b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '8358ea16a0de64994fbece1aac69e847f91bb1b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-9510-4834-90c0-460802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '3a6c8cb6688e2a56057ba9b3680e5911d96b2c8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-bc44-481e-8f03-453502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'ab011cd03b3f211f43930aabd909b5611a829d9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-1080-4933-b0b3-4a8b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '279711b6828b6cf642c0dab4d16411c87956f566']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-4814-46a9-a60f-461402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '2bf9ca8b16bcd679afb6e9e53c3bb0b04e65044a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6b-a6f8-42c5-b91e-489902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:55.000Z",
|
|
"modified": "2016-05-18T19:15:55.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '9551c390b2df178ded895d531f440fddbae122aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6c-3c0c-4daf-9ea4-4c2e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:56.000Z",
|
|
"modified": "2016-05-18T19:15:56.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'bb8d93a4049968c6d5a243dcfb65a6f4b4de22a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6c-fd34-4ba6-a0b3-48d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:56.000Z",
|
|
"modified": "2016-05-18T19:15:56.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '80cb14652e8251c79187df8a01d29abd46a3118c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6c-2128-4c63-a469-422402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:56.000Z",
|
|
"modified": "2016-05-18T19:15:56.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '6e24c2403dafae05c351c5a0a16e2b6403e0f398']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6c-0cbc-466a-b76e-4f6902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:56.000Z",
|
|
"modified": "2016-05-18T19:15:56.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '09ea7b2f67797915bbfed16f0b21e4e31f4980a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6c-05c4-4be2-83bb-4b6e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:56.000Z",
|
|
"modified": "2016-05-18T19:15:56.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '0aa48dee8f528b037d8d72aad039bb2759f362e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6c-4be8-47a1-bee2-411202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:56.000Z",
|
|
"modified": "2016-05-18T19:15:56.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '40d7d09053bf60925cbb820417a42dbc6293e017']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6d-5fa4-415d-b347-472a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:57.000Z",
|
|
"modified": "2016-05-18T19:15:57.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'a6600bd9752e041ed7ee026123a60b19c96259ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6d-3038-4005-b9a9-47f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:57.000Z",
|
|
"modified": "2016-05-18T19:15:57.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '506ccebdac5754d1e20d9c3fb280cec7782eea6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6d-8e50-482a-b5b4-43cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:57.000Z",
|
|
"modified": "2016-05-18T19:15:57.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '40f33cd2ad98fe1e6bf4ab199021498f9e3125a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6d-4954-489d-979d-44e602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:57.000Z",
|
|
"modified": "2016-05-18T19:15:57.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '9f03a4e0acd38635104292b8054485e6bf898c48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6d-e598-437f-b1e9-43ce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:57.000Z",
|
|
"modified": "2016-05-18T19:15:57.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'b373bf4b3aa28ff6d373da5eaa848af9772f6454']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6d-caf8-4a2c-a611-424602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:57.000Z",
|
|
"modified": "2016-05-18T19:15:57.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'fd83c2484e2986f22b09623e5971aa54fbd8bcd3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6e-bc50-45f7-95ca-4ba402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:58.000Z",
|
|
"modified": "2016-05-18T19:15:58.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '065b075293968732f2be433b7b492869e4260ee5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6e-9fcc-438e-b062-449202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:58.000Z",
|
|
"modified": "2016-05-18T19:15:58.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'b358687593febdfd0e1858726098dcfd61d9f8b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6e-a9b8-403b-887b-4fa602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:58.000Z",
|
|
"modified": "2016-05-18T19:15:58.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'fd2fbb8e4676673a35276b46f2c74562703bcf39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6e-a414-41fd-9a9a-4e1302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:58.000Z",
|
|
"modified": "2016-05-18T19:15:58.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'ccd19fd4a1408fcd855b7909578340846904e707']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6e-4f0c-4ab8-9816-4b1c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:58.000Z",
|
|
"modified": "2016-05-18T19:15:58.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '9d84665c00f81c2835e2a41711a139547351d850']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6e-b8a8-457f-8cf8-4ff002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:58.000Z",
|
|
"modified": "2016-05-18T19:15:58.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '69536caf0522c1a915d6ac4c65177a26efa7944b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6f-67f0-4723-9ace-452c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:59.000Z",
|
|
"modified": "2016-05-18T19:15:59.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '243421fe7c1fc007efa0c9ccab6f6e2a0c94fcc2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6f-892c-42a9-860a-4def02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:59.000Z",
|
|
"modified": "2016-05-18T19:15:59.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '5b7d6d7c3c4ad74a7f1e32b780776db41ff18ddd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6f-3740-4058-8a68-4b0b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:59.000Z",
|
|
"modified": "2016-05-18T19:15:59.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '4418a32bbd215f5de7b0063b91731b71804e7225']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6f-9b4c-448c-905d-4e4702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:59.000Z",
|
|
"modified": "2016-05-18T19:15:59.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'ee1e5d95fcad429126944804d80d7c2412af492e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6f-9264-48a5-8c0f-415402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:59.000Z",
|
|
"modified": "2016-05-18T19:15:59.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = 'e494328255ef2b9ed9b332ee845513a93339217f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf6f-89c4-46a5-a707-4cb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:15:59.000Z",
|
|
"modified": "2016-05-18T19:15:59.000Z",
|
|
"description": "Prikormka droppers",
|
|
"pattern": "[file:hashes.SHA1 = '6b53a3a3cb9d87d5925c82839015dad16042c2ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf80-59d0-4372-a898-42ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:16.000Z",
|
|
"modified": "2016-05-18T19:16:16.000Z",
|
|
"description": "Prikormka early versions",
|
|
"pattern": "[file:hashes.SHA1 = '1b8bc6924f4cfc641032578622ba8c7b4a92f65e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf80-59d8-4bb6-9eef-4ed902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:16.000Z",
|
|
"modified": "2016-05-18T19:16:16.000Z",
|
|
"description": "Prikormka early versions",
|
|
"pattern": "[file:hashes.SHA1 = 'b5f1b3bd6ad281c8eb9d633a37e0be63b97a8beb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf81-f580-4ae3-958f-496e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:17.000Z",
|
|
"modified": "2016-05-18T19:16:17.000Z",
|
|
"description": "Prikormka early versions",
|
|
"pattern": "[file:hashes.SHA1 = 'bcedab81cc5f4d2ea1da8a71f91df6e16362723b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf81-f6d4-423c-81ee-46e902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:17.000Z",
|
|
"modified": "2016-05-18T19:16:17.000Z",
|
|
"description": "Prikormka early versions",
|
|
"pattern": "[file:hashes.SHA1 = 'dc52ee62b94dc38790c3ef855ce5773e48d6cd55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf81-5440-412e-ac4e-454602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:17.000Z",
|
|
"modified": "2016-05-18T19:16:17.000Z",
|
|
"description": "Prikormka early versions",
|
|
"pattern": "[file:hashes.SHA1 = '44b6b8375cf788076c0dd64a93e27f69a01f5dfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf81-c6a0-4a68-b084-447b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:17.000Z",
|
|
"modified": "2016-05-18T19:16:17.000Z",
|
|
"description": "Prikormka early versions",
|
|
"pattern": "[file:hashes.SHA1 = '539033de14539d485481549ef84c9e49d743fc4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf93-dbd4-46b6-bd68-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:35.000Z",
|
|
"modified": "2016-05-18T19:16:35.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ad9a6f7ba895769844663b4936e776239d3a3d17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf94-fe30-406a-91da-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:36.000Z",
|
|
"modified": "2016-05-18T19:16:36.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'e1b5cd1978f6c6d72aa6b07add1ee83e9bb8480d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf94-c40c-454c-b7b2-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:36.000Z",
|
|
"modified": "2016-05-18T19:16:36.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6e312a999ee7dcd9ec8eb4f0a216f50f50eb09f6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf94-f7ec-4b66-8c69-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:36.000Z",
|
|
"modified": "2016-05-18T19:16:36.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8f8bd3c4ce2f932abfb31b9f586c40d1e22ee210']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf94-c524-44c6-af9f-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:36.000Z",
|
|
"modified": "2016-05-18T19:16:36.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3f8d8b20b8fcc200939bbb92fb3b93bb3b4ecd24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf94-3f30-4dc2-a214-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:36.000Z",
|
|
"modified": "2016-05-18T19:16:36.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '756730d1c542b57792f68f0c3bc9bcde149cf7c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf94-aac0-4ed8-9ac3-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:36.000Z",
|
|
"modified": "2016-05-18T19:16:36.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '4f1441f16e80272f488bb114db6508f0bb9b9e1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf95-2470-4541-a30e-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:37.000Z",
|
|
"modified": "2016-05-18T19:16:37.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2e1c7ffab7b1047e3438e6ba920d0914f8cc4e35']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf95-2248-4b5f-831e-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:37.000Z",
|
|
"modified": "2016-05-18T19:16:37.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3c9990b5d66f3ae9ad9a39a10ac6d291dd86a8f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf95-799c-4f5e-aa19-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:37.000Z",
|
|
"modified": "2016-05-18T19:16:37.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'cc7091228c1b5a0daf39ecda570f75f122be8a16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf95-a81c-4a6b-8a21-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:37.000Z",
|
|
"modified": "2016-05-18T19:16:37.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '26faeaae2c042c0a416287a7c54d63d5b4c781b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf95-6a90-4bd0-bbd2-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:37.000Z",
|
|
"modified": "2016-05-18T19:16:37.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '854f7cb3a436721f445e0d13fb3beff11bf4153d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf95-4cb0-4602-a486-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:37.000Z",
|
|
"modified": "2016-05-18T19:16:37.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '0596efe47d6c143be21294eb4e631a4892a0651a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf96-e874-44cd-bfbf-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:38.000Z",
|
|
"modified": "2016-05-18T19:16:38.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7dae2a15e364ee06c9301236ae8fc140884cea95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf96-8160-40f8-acc5-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:38.000Z",
|
|
"modified": "2016-05-18T19:16:38.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c2f720def2264f08e5211671d46e73311dc6c473']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf96-f36c-4cc8-8f78-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:38.000Z",
|
|
"modified": "2016-05-18T19:16:38.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '36215d9a691d826e6cebc65925bfa6b579675158']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf96-dd98-4672-ae0f-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:38.000Z",
|
|
"modified": "2016-05-18T19:16:38.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '0354a768508f6b9d88588641397b76a0cbb10bf2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf96-aef4-47d5-a861-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:38.000Z",
|
|
"modified": "2016-05-18T19:16:38.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '1790b3d73a5dd676d17b39c01a079debd6d9f5c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf96-d580-437f-96d7-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:38.000Z",
|
|
"modified": "2016-05-18T19:16:38.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2f1e4af1a5a95b3483e901abdd96454c57419ba4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf97-96f0-4727-a0e1-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:39.000Z",
|
|
"modified": "2016-05-18T19:16:39.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = '53174f09c4edb68ed7d9028b86154b9c7f321a30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbf97-61d4-4bd0-98f4-2aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:16:39.000Z",
|
|
"modified": "2016-05-18T19:16:39.000Z",
|
|
"description": "Prikormka PERSISTENCE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'fcd81737ff261a84b9899cb713933aa795279364']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:16:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb4-47a4-47b8-9894-45f502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:08.000Z",
|
|
"modified": "2016-05-18T19:17:08.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd12cd6c4ca3388b68fcf3e46e206064caa75f893']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb4-2e74-4829-af7a-4fc102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:08.000Z",
|
|
"modified": "2016-05-18T19:17:08.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c2ea09d162bdad2541c97d30a4e171f267305671']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb5-4d54-4dc9-9135-427802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:09.000Z",
|
|
"modified": "2016-05-18T19:17:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c10d6e4adb3b29c968d7f3086c8e7005dd1e36f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb5-0e4c-4d5e-9149-476f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:09.000Z",
|
|
"modified": "2016-05-18T19:17:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ce4605994e514086ada5a767296db66d7ea84175']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb5-53f8-4e89-92e5-463702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:09.000Z",
|
|
"modified": "2016-05-18T19:17:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '148218ecdde9ecc19b1343080884eb819783d9b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb5-a714-4d59-bec4-499f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:09.000Z",
|
|
"modified": "2016-05-18T19:17:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '5b256971f332498acc833b36cbe9ad0cec71384c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb5-fcd0-4ba6-92eb-4ac602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:09.000Z",
|
|
"modified": "2016-05-18T19:17:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '4a8452575ff69bdd0806aa8915e459e8adc66df1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb5-6d44-4169-9064-41f602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:09.000Z",
|
|
"modified": "2016-05-18T19:17:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '04dfc621649511e1ab6cb800124dd5e2874a1629']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-2d1c-442c-bb2f-44fb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd51863cbc1ac4bfc2b87f247dc75975e2a9cd992']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-c2bc-45b0-9c4f-4fad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c8af6a8270cbd030f09c24888480aef093accf48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-512c-4268-b3ce-477902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ef127184967be14a3719978e0236fff5c0af811b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-e568-4b2a-b767-4a8d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '2ff9e3ab4912a4aea3c511d9355b8edd13888e2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-23a8-49da-925a-44f402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '40b163e8e74397e69f18805bd7dab67f06d3d9e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-4f44-414f-a193-4d5202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a8dfcd6cdb0755966f3d6766b94989cdaa0c35f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb6-4ed0-4b02-8b38-4ec302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:10.000Z",
|
|
"modified": "2016-05-18T19:17:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '6d4a80fe57d57b43daf85401dfdd2cda48d1f023']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb7-f578-4d6d-9acf-476302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:11.000Z",
|
|
"modified": "2016-05-18T19:17:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '7844678942383f8116bac656bc56d4b230ff62e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb7-7d94-46ab-8825-4e4b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:11.000Z",
|
|
"modified": "2016-05-18T19:17:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '8b9460431296daf13bbe8d0f81ebfc19a84bb741']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb7-c024-4b30-8fa8-4bfe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:11.000Z",
|
|
"modified": "2016-05-18T19:17:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '995ee9772dddf2d6b4a55acf26fa41f40786532d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb7-fd60-444f-bce0-446a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:11.000Z",
|
|
"modified": "2016-05-18T19:17:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ed7b147766c1370367d277f7ba7e354dbdde5e09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb7-9f2c-47d8-92a9-4bee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:11.000Z",
|
|
"modified": "2016-05-18T19:17:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '37316b972f5c22d069764800475eed7cd3279802']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb7-9a18-4a33-a9c9-468002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:11.000Z",
|
|
"modified": "2016-05-18T19:17:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '1df0b7239e48cf8e7391085be5b835c892a5b3e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb8-a16c-4101-9004-4d1002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:12.000Z",
|
|
"modified": "2016-05-18T19:17:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '0323d1c5d565627c32ff08780a59eb45d6c0c7c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb8-96d8-4233-b25c-4f4802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:12.000Z",
|
|
"modified": "2016-05-18T19:17:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '4673475bd3307fe8869aca0402b861dde5ec43ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb8-40d0-4142-a2d6-485402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:12.000Z",
|
|
"modified": "2016-05-18T19:17:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'f38cfc487481d2b0167e5b76f06500bc312081b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfb8-2668-49c4-b309-43d402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:12.000Z",
|
|
"modified": "2016-05-18T19:17:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules",
|
|
"pattern": "[file:hashes.SHA1 = '35159c96f695b96773c5c1dcf8206dbe75a83d86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe1-fb58-4c70-997e-48ee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:53.000Z",
|
|
"modified": "2016-05-18T19:17:53.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2a64606db1db872e7176f0c6c3ff932e2146bfc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe1-8128-4051-a82e-4a8402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:53.000Z",
|
|
"modified": "2016-05-18T19:17:53.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '328de44a4b6140ef49ce1465482efe0e4c195399']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe1-69b4-45b9-a88b-407c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:53.000Z",
|
|
"modified": "2016-05-18T19:17:53.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '520aa689066d0c69f6fd9c623e263211022ccf21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe1-2f84-4899-ac42-45c002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:53.000Z",
|
|
"modified": "2016-05-18T19:17:53.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '790367a2032951488fc6f56dcf12062ae56caa61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe1-f484-402a-b55d-4aa502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:53.000Z",
|
|
"modified": "2016-05-18T19:17:53.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '551cd9d950a9c610e12451550bd6a3fbf5b00b77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe2-77a8-4977-9e97-4afc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:54.000Z",
|
|
"modified": "2016-05-18T19:17:54.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ef3244ab1df7d74f1fc1d8c3af26a3d3ea4364a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe2-7ba8-478a-aaaa-4a4902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:54.000Z",
|
|
"modified": "2016-05-18T19:17:54.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '1636112d8441a6616b68cbe9dc32ddb5d836bba1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe2-2420-4c2d-b412-49c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:54.000Z",
|
|
"modified": "2016-05-18T19:17:54.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8a57e5eed18a6db6f221b1b9e8831fe4a9cad08c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe2-7fd4-4e8a-9cfb-4da202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:54.000Z",
|
|
"modified": "2016-05-18T19:17:54.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'dcb813e5d2a1c63027aadc7197fd91505fd13380']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe2-7518-4bc3-8f25-4c5502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:54.000Z",
|
|
"modified": "2016-05-18T19:17:54.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a360eac305946ff468e1a33e84ed38176d95cac9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe2-6c44-4bbe-8094-438502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:54.000Z",
|
|
"modified": "2016-05-18T19:17:54.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8f67c4bd2ee7c68249dcd49ad7a3924d3ec6810c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe3-1eb0-439a-a25e-471902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c020effd3c7ad06907ecfea424be1dcb60c7447d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe3-25d8-41b5-b86f-480802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd2a98115df0c17648ccb653af649d24b528b471d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe3-55b8-4740-af98-4a1102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd7eeb8db22aad913b38e695a470e8b2f1440d4d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe3-7ae0-48d4-bbbc-41b402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '154aa820d552abd65c028ded7e970c8defa8c237']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe3-210c-4223-9546-492302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '83b492a2905ce6acfade43ab52bf52e6f02fdcd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe3-05a4-4ca7-872b-415502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '4f945a3b3eb058668c3dfc0a8469b42e16c277a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe4-9ed8-44d1-96bb-45fd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:55.000Z",
|
|
"modified": "2016-05-18T19:17:55.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '963963004e4ca0d966d84324ec8ed3694f6a7f5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe4-7918-4c2e-9d4a-411002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:56.000Z",
|
|
"modified": "2016-05-18T19:17:56.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '9de8860ad499e64f8bdcfc800ddaff49d4f948e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe4-6404-49a2-8a97-418a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:56.000Z",
|
|
"modified": "2016-05-18T19:17:56.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c9c2510654081d621a5b1768520d7d7c04219fcb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe4-edb4-47f2-94e3-4eec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:56.000Z",
|
|
"modified": "2016-05-18T19:17:56.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '9d025a015fdb720c0fdebcfe54661f3aced94e3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe4-2ee8-4db4-8918-4df702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:56.000Z",
|
|
"modified": "2016-05-18T19:17:56.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd09b6194453bfc59eb438e455d14621b280df4a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe4-5cb4-494d-88f3-45f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:56.000Z",
|
|
"modified": "2016-05-18T19:17:56.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '1a865e934eff339a826979c70a2fc055e3c9d12f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe5-294c-44db-8552-4f0f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:57.000Z",
|
|
"modified": "2016-05-18T19:17:57.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '4c5f412c915fb3f178a81bc4fbda336f69a22086']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe5-b368-4256-b307-4bd102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:57.000Z",
|
|
"modified": "2016-05-18T19:17:57.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7372639a9e5c274dffaa35abf4c8e7a0bebd4305']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe5-4414-4779-aa00-45c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:57.000Z",
|
|
"modified": "2016-05-18T19:17:57.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '311672ecb756e52ad396227dd884d1c47234961a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe5-dd00-48a1-b596-4b8c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:57.000Z",
|
|
"modified": "2016-05-18T19:17:57.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7a22e549be02f7f4753bb9cba34079ceb15ca381']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe5-474c-4da0-96bb-44be02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:57.000Z",
|
|
"modified": "2016-05-18T19:17:57.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6ab00fcabc6bc06586f749f54c4955592285608c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe5-6a28-4734-b545-4e5a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:57.000Z",
|
|
"modified": "2016-05-18T19:17:57.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '66248ae0a3d6b5091c629343cc535f98e08a2947']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-0ee4-44f6-b5cd-4c7702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '0dd8e1922ceb96061c9f6678728dd45cbdc6f675']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-8490-4b6d-af58-4d7402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a093993b9488a9427300b2ac41460be8164a0f9a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-4914-407a-a862-414702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6d861826206d834a224583898be6af1a3d46e7cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-d630-4d42-8e4c-4dd002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '64679bdb8a65d278cda0975f279d8881e1abd40a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-aba8-494f-a1bc-437102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '92476c6ae5f976c58d11bdd956878451f361776d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-7e1c-42ba-b525-40ee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '202637ef3c9b236d62be627c6e1a8c779eb2976b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe6-f2e8-4c5a-8100-488402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:58.000Z",
|
|
"modified": "2016-05-18T19:17:58.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c41bb97c203d6221fb494d732cb905ff37376622']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe7-622c-48c0-95d9-426d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:59.000Z",
|
|
"modified": "2016-05-18T19:17:59.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '986e739948e3b5c303f7766f9f9af3d2e1a5bca7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe7-0284-494d-892a-4f0c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:59.000Z",
|
|
"modified": "2016-05-18T19:17:59.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3ab61fec417686afc1ac430aaf5a17254d05a14a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe7-917c-42f6-a852-464202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:59.000Z",
|
|
"modified": "2016-05-18T19:17:59.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '0d7785e53ab1a7f43902aff50e7a722c0e0b428f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe7-484c-4af0-a877-426202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:59.000Z",
|
|
"modified": "2016-05-18T19:17:59.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'b5eeae045f1082438e4c7b7f12f7f4630043a48e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe7-e758-468b-a8ac-4f1602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:59.000Z",
|
|
"modified": "2016-05-18T19:17:59.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '57e345893f508f390f2947e83092a47d845ea445']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe7-69a8-470d-bb1a-4c0d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:17:59.000Z",
|
|
"modified": "2016-05-18T19:17:59.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c9756e95679ead052d53adcfa39bb4b1402c9126']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe8-f050-41a1-ba8e-40c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:00.000Z",
|
|
"modified": "2016-05-18T19:18:00.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd864067bfa52383bc012ba1aaf8ffb893d419c07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe8-db7c-4484-8add-4a9202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:00.000Z",
|
|
"modified": "2016-05-18T19:18:00.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'cdd58347f873eb7e0bc602da9930a519683c67c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe8-6ec4-42bc-9302-450802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:00.000Z",
|
|
"modified": "2016-05-18T19:18:00.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'dfabe31e58334c873aedd361d69d5c80016f9f42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe8-a8e4-46b2-866c-498302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:00.000Z",
|
|
"modified": "2016-05-18T19:18:00.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '625d822ee0d95c6e581b929c6c4e4b44d749d2bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe8-5b48-4ca1-9bb0-4d4702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:00.000Z",
|
|
"modified": "2016-05-18T19:18:00.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a224a76dabe62bd7ca055ca1119108ad5812af06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe8-32f4-4d5e-80fe-419702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:00.000Z",
|
|
"modified": "2016-05-18T19:18:00.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'e4c56d11e84497eec3e275043e36845eb2f3f57e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-6970-40f3-a4cb-44ff02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'b43713cbd307bc12ad7ba61c87975f74221a3439']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-5400-4d63-a7f0-4a9002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'aed9c3bca2b42889a9110b92d3d31b5fd3324bdf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-a3b4-4ff7-923b-4c7b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6ae2c768d932eda538983dd7a50cf7de14bf54d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-29a4-4c3e-b69f-4fb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'be73a2c17aae689bc1a20761850374636b67bf0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-1a24-448f-b6bf-469502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '80ffa899cb3a6595fafa66421bccd6e5aaad8552']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-d094-4327-bea2-4e6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7c5f7296ddda9b188b572df348843f822bd6ed21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfe9-fb90-4596-8de5-434002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:01.000Z",
|
|
"modified": "2016-05-18T19:18:01.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'f9eb705d8a1edc7ff9b93d9cf9211840c4482865']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfea-6468-4328-a939-412502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:02.000Z",
|
|
"modified": "2016-05-18T19:18:02.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7979bec789770860a6f12b7a7d41470de4afc873']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfea-bf70-4679-9d65-4f5c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:02.000Z",
|
|
"modified": "2016-05-18T19:18:02.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6df75137e8966537bb921eab30df4f7bc2c6feb4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfea-30dc-4978-a5b5-443002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:02.000Z",
|
|
"modified": "2016-05-18T19:18:02.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2115c50caf8d1b365d78818df84a8ce29f7fd9e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfea-b010-4273-8800-488102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:02.000Z",
|
|
"modified": "2016-05-18T19:18:02.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'afdad724a2c351c750db43688d107b1300b1d1d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfea-d708-4592-b86e-4c8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:02.000Z",
|
|
"modified": "2016-05-18T19:18:02.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '64002d2c4c6678776c64bb018736c9b0745f47f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfea-ce58-41c0-b8dd-44a902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:02.000Z",
|
|
"modified": "2016-05-18T19:18:02.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7843cb7de03c8b564fd72d923b4bd6d28a466a3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfeb-fb6c-4eb6-8328-47d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:03.000Z",
|
|
"modified": "2016-05-18T19:18:03.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'eb4647ca60fea9049a34ec59d9658946a2c26d9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfeb-fb2c-4167-a06a-412802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:03.000Z",
|
|
"modified": "2016-05-18T19:18:03.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ed3d4eef28174f60f1653f35000b871f6e023d21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfeb-448c-40bf-9823-492b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:03.000Z",
|
|
"modified": "2016-05-18T19:18:03.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '860d0cdfc065e91083979dd50a72251c26a638a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfeb-30d0-40d8-af05-41ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:03.000Z",
|
|
"modified": "2016-05-18T19:18:03.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'fc2c689c507fed54432ad1726e524b38f52b187a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfeb-35e8-457f-8994-4d9e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:03.000Z",
|
|
"modified": "2016-05-18T19:18:03.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd219640ba205a7013a23ba19cd6c2b32439f105e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfeb-8af8-4b93-b278-42ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:03.000Z",
|
|
"modified": "2016-05-18T19:18:03.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'de60c2a81ae2f3e5dbd2b2d0dbebdb56fed62f7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfec-1c64-4ea9-a183-4e5e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:04.000Z",
|
|
"modified": "2016-05-18T19:18:04.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd38fdae48eabf2642f3327fac865b079233cc7c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfec-314c-4561-b730-492302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:04.000Z",
|
|
"modified": "2016-05-18T19:18:04.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'b23995462751edfad19b72bea4a047cc89533a59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfec-9b2c-4209-9fde-42c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:04.000Z",
|
|
"modified": "2016-05-18T19:18:04.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '88ed6686cf59f12aa984216ec60097c4bd319007']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfec-34c4-4052-a64b-4e4202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:04.000Z",
|
|
"modified": "2016-05-18T19:18:04.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'def9b207bfd7c6d4b216df2b37c33cd851dc7fe1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfec-7b88-4bac-99aa-493a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:04.000Z",
|
|
"modified": "2016-05-18T19:18:04.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8d49305fd140b179d2293fbaff6e7ce46a03af16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfec-884c-4735-ac5c-401502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:04.000Z",
|
|
"modified": "2016-05-18T19:18:04.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'f35b1d2165ec00a56ee6de89d09963dd3fd02744']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-4a7c-4398-942d-46fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'b42234f5a5efb6423e9d4904ba282127f1282c8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-1d54-4aa2-b61a-437102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '326adea3ac1f8fac3b522e6b47941263da110a42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-04c4-4fce-bf91-4f8d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3e023a83eaa85a77b935b2d3a00aeb5b1adcd9cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-7a88-41ca-a423-441502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '129b852e62cb7bf487d5f37e17f6e3cc9a838db8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-f888-4d72-a908-4fcc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'f030559f81b8dc3cc0ded6c46c6d1bbb67a2ca65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-2af8-4e75-900a-486702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3c904afb938efcf210f388e5aa46379aeadbcd50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfed-52f0-4a62-a690-426502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:05.000Z",
|
|
"modified": "2016-05-18T19:18:05.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd8921385adaff131c9d452a4d9bba2c7d755880e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfee-52a0-496c-a952-488702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:06.000Z",
|
|
"modified": "2016-05-18T19:18:06.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '915f7f5471a94a6e095ee8d90fcfe84e7a5fe1d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfee-6494-4405-b8e3-469d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:06.000Z",
|
|
"modified": "2016-05-18T19:18:06.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '0db71aa8b51faacea7d4c5819ec6af9c342d02fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfee-f284-4481-b020-443502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:06.000Z",
|
|
"modified": "2016-05-18T19:18:06.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a4847b06e603e90640051fcdd5d1515f007f7bd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfee-b154-4ae3-b2f3-4bba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:06.000Z",
|
|
"modified": "2016-05-18T19:18:06.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7c9e4cc3f5b260439d69e93376aa668bf32123d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfee-836c-4305-80d0-499502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:06.000Z",
|
|
"modified": "2016-05-18T19:18:06.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3246b5f43756dc8dc4438933005df66a3c8ce25f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfee-99ec-4326-aaa5-41a202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:06.000Z",
|
|
"modified": "2016-05-18T19:18:06.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'e97b383e3cf55d0792f22d57273c18848b849c6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfef-b7f4-4813-8145-4a7802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:07.000Z",
|
|
"modified": "2016-05-18T19:18:07.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7c6fa82657b291fafe423b7b45d0ed732f4d5352']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfef-ce0c-4d45-bf4d-415002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:07.000Z",
|
|
"modified": "2016-05-18T19:18:07.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '4595eab593594860985f5fb501b85386f1f1a5b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfef-03b4-49a2-80c4-425a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:07.000Z",
|
|
"modified": "2016-05-18T19:18:07.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '45f1f06c3a27ce8329e2bdcdeea3c530711b5b72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfef-bbec-4a25-902b-4f6802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:07.000Z",
|
|
"modified": "2016-05-18T19:18:07.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '476dca86de7af1f15327084021a3bb7f42818248']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfef-6fe0-4f49-8798-4e1f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:07.000Z",
|
|
"modified": "2016-05-18T19:18:07.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '70a362985d5237acd6282e16a238b0fdb1002a1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbfef-b440-40ef-b15f-42b802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:07.000Z",
|
|
"modified": "2016-05-18T19:18:07.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '73596d1587549dc234588fcb5666beefd7c90d81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff0-0a04-4c99-87e8-40dd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:08.000Z",
|
|
"modified": "2016-05-18T19:18:08.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '97958b3124ec5dcab64dd88a1e97e6b585b04628']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff0-7348-4079-8b70-4c4802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:08.000Z",
|
|
"modified": "2016-05-18T19:18:08.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'b47640c4952acc2705f7ead9e8eaa163059fd659']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff0-2d18-480e-9922-438d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:08.000Z",
|
|
"modified": "2016-05-18T19:18:08.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '596f945ab52ae0e780905e150acd2017ab2ecdfc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff0-fc38-4fa2-8f7d-469902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:08.000Z",
|
|
"modified": "2016-05-18T19:18:08.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '5cefff9c7d016364d40f841cb74d65bb478ba0c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff0-5934-41d8-9f68-4b2a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:08.000Z",
|
|
"modified": "2016-05-18T19:18:08.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '424dd485fa8572db84cf6845c27c1f8679a61aec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff0-bcb0-497e-bd8f-404502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:08.000Z",
|
|
"modified": "2016-05-18T19:18:08.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '099c5611f3bdbb8d453dfbf7967f30891906ff2c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff1-0ca8-4335-83b9-4fc702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:09.000Z",
|
|
"modified": "2016-05-18T19:18:09.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '7c2587b85178ad89389d957f11af1065c46f66db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff1-f858-4e36-a5d5-4ab802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:09.000Z",
|
|
"modified": "2016-05-18T19:18:09.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '840afb728fda57195e53f225cb3f6e788b96a579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cbff1-1e98-4c54-9106-424902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:09.000Z",
|
|
"modified": "2016-05-18T19:18:09.000Z",
|
|
"description": "Prikormka CORE modules",
|
|
"pattern": "[file:hashes.SHA1 = '12acc64605d4fe2f3ceeefbd0a7c4fd655e6aeaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc000-1bcc-4ca4-9980-454602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:24.000Z",
|
|
"modified": "2016-05-18T19:18:24.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ba434fb6169e8a1785e353eebf9b907505759a07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc000-e898-481e-a18b-4c6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:24.000Z",
|
|
"modified": "2016-05-18T19:18:24.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a34bd2a059f57fb1fe281a2bd7247a9a72a467b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc001-4e98-4d55-a39d-47d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:24.000Z",
|
|
"modified": "2016-05-18T19:18:24.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '04deb60b6a1d53448effb34ea7c55e6916fe32b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc001-9044-4c1e-a22a-43e302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:25.000Z",
|
|
"modified": "2016-05-18T19:18:25.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c75d8850273431a41f0efcf8f74e86bcfe1dfa5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc001-834c-4bc8-94fc-477d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:25.000Z",
|
|
"modified": "2016-05-18T19:18:25.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '7c9cb1619ffcf36b32273e1a78a58d817d2b7c8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc001-b8f0-49cb-a3e5-4ae802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:25.000Z",
|
|
"modified": "2016-05-18T19:18:25.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'a580856fa6ac3159f0a7e91d5992810b953a36a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc001-1f8c-48eb-b4c3-45a902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:25.000Z",
|
|
"modified": "2016-05-18T19:18:25.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '5c82ca8b2e8320e6b6c071ccb0d4ef9b03001caa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc001-437c-4a30-b836-438802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:25.000Z",
|
|
"modified": "2016-05-18T19:18:25.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '7275a6ed8ee314600a9b93038876f853b957b316']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc002-022c-4099-845b-453102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:26.000Z",
|
|
"modified": "2016-05-18T19:18:26.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '9286b96452c519d5e1e74d1cddbdd76b51f4fbaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc002-5840-4de0-ac26-48f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:26.000Z",
|
|
"modified": "2016-05-18T19:18:26.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'fab3b3371aa5878b6508da487735e3a674a9f61b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc002-c01c-4665-b5f2-4fd502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:26.000Z",
|
|
"modified": "2016-05-18T19:18:26.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '0d4839f99c30ad76e082851a214a32116ce932a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc002-f8cc-4063-a2e2-435002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:26.000Z",
|
|
"modified": "2016-05-18T19:18:26.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules",
|
|
"pattern": "[file:hashes.SHA1 = '652b012e0acacb78221caa7a3c3ee461f07264ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc016-1760-4958-9c56-447c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:46.000Z",
|
|
"modified": "2016-05-18T19:18:46.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'bfdcd0a3f7495c43d8d42b4272bdc90695dc44d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc016-4dc0-44e6-8cf0-421402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:46.000Z",
|
|
"modified": "2016-05-18T19:18:46.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'cc42c6beeb70d3a9bc7e1159c644e54de2be5cbc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc016-51e4-45f1-be9d-492802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:46.000Z",
|
|
"modified": "2016-05-18T19:18:46.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '6a4f24665569dd61fd29af8fdcb3e2c90961dff0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc016-88b4-49cf-8261-495302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:46.000Z",
|
|
"modified": "2016-05-18T19:18:46.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd1da3076830813ec6fff0b0de3462bb5b713a090']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc017-80a0-4f6a-ad33-4fa602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:47.000Z",
|
|
"modified": "2016-05-18T19:18:47.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'e6d92c025cf726b08288b6798aeefcf550d51c31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc017-bd68-45f8-91fe-4edd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:47.000Z",
|
|
"modified": "2016-05-18T19:18:47.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '0b81ba761c6ba88c0afc682693d99355e55f5a76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc017-e4a0-4df8-a68d-414d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:47.000Z",
|
|
"modified": "2016-05-18T19:18:47.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '0cdc66acbb5b7d6faa85f7df8d747a96ced7a9bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc017-442c-4389-9e92-4ba502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:47.000Z",
|
|
"modified": "2016-05-18T19:18:47.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '194316adc74aeded98ee2696b4ab54900a6edf15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc017-6d94-4b0c-8971-4c5202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:47.000Z",
|
|
"modified": "2016-05-18T19:18:47.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '45959818dba4924e129e22cf1b0bdf02c2dd7b49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc017-9324-4379-b89c-442202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:47.000Z",
|
|
"modified": "2016-05-18T19:18:47.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '820eac424fc27296fe725e1c5daa8f6c53e104a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc018-6d7c-46f3-b663-42af02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:48.000Z",
|
|
"modified": "2016-05-18T19:18:48.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '25d6f1efd758aace399c6d62a89be039281cff69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc018-ed48-45d4-b5fc-407602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:48.000Z",
|
|
"modified": "2016-05-18T19:18:48.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = '722e1cda3c516d43f17a6d4f5f1390d16113bc30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc018-defc-4612-b65a-46a102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:18:48.000Z",
|
|
"modified": "2016-05-18T19:18:48.000Z",
|
|
"description": "Prikormka KEYLOGGER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'de966273dd5ad4daa01562109932ebd39a13a5a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:18:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc027-e500-4275-9340-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:03.000Z",
|
|
"modified": "2016-05-18T19:19:03.000Z",
|
|
"description": "Prikormka SCREENSHOTS modules",
|
|
"pattern": "[file:hashes.SHA1 = '645dfa35e41f6442793cf7647a75956e05563de8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc027-6acc-4556-b6b7-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:03.000Z",
|
|
"modified": "2016-05-18T19:19:03.000Z",
|
|
"description": "Prikormka SCREENSHOTS modules",
|
|
"pattern": "[file:hashes.SHA1 = 'ad74abea34a20d0196a152e6668e3c29135b22d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc039-0624-4a53-9fc9-912502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:21.000Z",
|
|
"modified": "2016-05-18T19:19:21.000Z",
|
|
"description": "Prikormka MICROPHONE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'fce83df7018a49072f9a28a8e135eb00c011d9eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc039-5c04-4c43-aa5a-912502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:21.000Z",
|
|
"modified": "2016-05-18T19:19:21.000Z",
|
|
"description": "Prikormka MICROPHONE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2c76974722287c7cdb0fca2bc6ccedee62e77d24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc04f-edf0-476c-a7e1-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:43.000Z",
|
|
"modified": "2016-05-18T19:19:43.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'c3aa3dbd33751f85002f2f65562098f516737435']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc04f-b97c-4017-be08-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:43.000Z",
|
|
"modified": "2016-05-18T19:19:43.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2a0ea9e0f3f8e6507d212640594acf52910275e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc04f-3e64-47bc-bc76-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:43.000Z",
|
|
"modified": "2016-05-18T19:19:43.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = '1bb3bbca79ba45e4215dfc2a6960e03ba60a2b71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc04f-529c-4b6f-9ff6-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:43.000Z",
|
|
"modified": "2016-05-18T19:19:43.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = '0cb528c69706a6513a0e70d3a07a75822f79e6ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc04f-9764-461a-93e6-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:43.000Z",
|
|
"modified": "2016-05-18T19:19:43.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = '423bcefc82a14258bdc2cd9740454d28f894dc06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc04f-ea60-4d6b-9c39-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:43.000Z",
|
|
"modified": "2016-05-18T19:19:43.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'feab6e92b905114980b5633f8742e4a7dcd0b4fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc050-fd38-4165-a44e-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:44.000Z",
|
|
"modified": "2016-05-18T19:19:44.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'bb6ce0957f7e8430007fa4de1e47c190e1c97ac5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc050-618c-49f7-bb1f-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:44.000Z",
|
|
"modified": "2016-05-18T19:19:44.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = '658df9b4bb13459a9507466bb7d22b723c85d1c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc050-4004-4760-be95-2aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:19:44.000Z",
|
|
"modified": "2016-05-18T19:19:44.000Z",
|
|
"description": "Prikormka SKYPE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6c24e244a0dda2caded4d1b5cc8b820a46dc19f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:19:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc067-98b8-4848-8488-e31b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:07.000Z",
|
|
"modified": "2016-05-18T19:20:07.000Z",
|
|
"description": "Prikormka LOGS_ENCRYPTER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd5c2c7c3d670d63ad6998848747a0418665ea2cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc067-839c-4345-959a-e31b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:07.000Z",
|
|
"modified": "2016-05-18T19:20:07.000Z",
|
|
"description": "Prikormka LOGS_ENCRYPTER modules",
|
|
"pattern": "[file:hashes.SHA1 = '352c36ed1bf7eb74c9649615f9a40c13d80ee55d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc067-43e0-4574-9ae1-e31b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:07.000Z",
|
|
"modified": "2016-05-18T19:20:07.000Z",
|
|
"description": "Prikormka LOGS_ENCRYPTER modules",
|
|
"pattern": "[file:hashes.SHA1 = '6740a385ab33b9cc3ec22fb7971f93538be44997']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc067-1194-4f4a-87cc-e31b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:07.000Z",
|
|
"modified": "2016-05-18T19:20:07.000Z",
|
|
"description": "Prikormka LOGS_ENCRYPTER modules",
|
|
"pattern": "[file:hashes.SHA1 = '22f10f17ab9f18d9bf1fe9eeea413a9787b29d4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc067-e2e8-450f-8a94-e31b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:07.000Z",
|
|
"modified": "2016-05-18T19:20:07.000Z",
|
|
"description": "Prikormka LOGS_ENCRYPTER modules",
|
|
"pattern": "[file:hashes.SHA1 = 'e95458ca9663e4fab94dd232121d5e994a76015d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc068-72c8-4315-80e5-e31b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:08.000Z",
|
|
"modified": "2016-05-18T19:20:08.000Z",
|
|
"description": "Prikormka LOGS_ENCRYPTER modules",
|
|
"pattern": "[file:hashes.SHA1 = '2bd3fe012486bd89c87858cc4c3dc9d86742738c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc079-45c8-4021-9e10-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:25.000Z",
|
|
"modified": "2016-05-18T19:20:25.000Z",
|
|
"description": "Prikormka GEOLOCATION modules",
|
|
"pattern": "[file:hashes.SHA1 = '50cccd576a815ac8effb160a628646c876df8cb0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc08c-6720-4cc9-9d0f-2aa102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:44.000Z",
|
|
"modified": "2016-05-18T19:20:44.000Z",
|
|
"description": "Prikormka OS_INFO modules",
|
|
"pattern": "[file:hashes.SHA1 = '4b8ee967f44eca2eeb3b8420a858cecfe0231208']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc08c-ef04-4d87-9f94-2aa102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:44.000Z",
|
|
"modified": "2016-05-18T19:20:44.000Z",
|
|
"description": "Prikormka OS_INFO modules",
|
|
"pattern": "[file:hashes.SHA1 = '72c17994336fe4e1b3cf0d7a6cbc45aa43a8ddf0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc08c-d0b0-4906-8a30-2aa102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:44.000Z",
|
|
"modified": "2016-05-18T19:20:44.000Z",
|
|
"description": "Prikormka OS_INFO modules",
|
|
"pattern": "[file:hashes.SHA1 = '824f0e198a8a6e08fb95920aef06870a6305fe3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc08c-f574-4bd6-a9e9-2aa102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:20:44.000Z",
|
|
"modified": "2016-05-18T19:20:44.000Z",
|
|
"description": "Prikormka OS_INFO modules",
|
|
"pattern": "[file:hashes.SHA1 = '6c902496ac1fef60d343b03822f49db5f66be038']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0a3-aef0-49b3-b7e8-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:07.000Z",
|
|
"modified": "2016-05-18T19:21:07.000Z",
|
|
"description": "Prikormka PASSWORDS modules",
|
|
"pattern": "[file:hashes.SHA1 = 'b986114c5173052fcb9583a55d5099d99b709352']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0a4-a438-4eff-bf19-912302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:08.000Z",
|
|
"modified": "2016-05-18T19:21:08.000Z",
|
|
"description": "Prikormka PASSWORDS modules",
|
|
"pattern": "[file:hashes.SHA1 = '17f5e1fc52d6c617cd81b0983b70fac7a60f528c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b7-ff58-4681-b0f1-4c4f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:27.000Z",
|
|
"modified": "2016-05-18T19:21:27.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3edd14e6fa0297ed3162d7f119d8d126662ed28b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b8-7ba4-400b-82ed-455802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:28.000Z",
|
|
"modified": "2016-05-18T19:21:28.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '2a5af8e43887051c1f1b488756aac204b95561ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b8-d220-4c03-bca6-459c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:28.000Z",
|
|
"modified": "2016-05-18T19:21:28.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '4e40286676fcbac48070ba86b72761a21ac2466c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b8-7374-4c09-9bec-45d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:28.000Z",
|
|
"modified": "2016-05-18T19:21:28.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '3e4be58421dbaea7651da13b16cb900db82a7def']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b8-6f84-461c-8f23-4e2002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:28.000Z",
|
|
"modified": "2016-05-18T19:21:28.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = 'd1396938e981dd807103b7b9f9442b99952c21aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b8-6dac-4ce9-b8ba-428902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:28.000Z",
|
|
"modified": "2016-05-18T19:21:28.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '74cda4d4c776ca2a661ac49b6d0e0f0560380a04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b8-dfd0-428a-9963-425e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:28.000Z",
|
|
"modified": "2016-05-18T19:21:28.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8efdc716fdfd704ec0296860e61aff9c952946d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b9-d63c-4630-ad1c-4f5802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:29.000Z",
|
|
"modified": "2016-05-18T19:21:29.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '93e196b59771647828bbc3c3b61831150fe1fe02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b9-3264-4e4f-ae96-4ac302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:29.000Z",
|
|
"modified": "2016-05-18T19:21:29.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8384ed4ea9e299306f15a1082231c427a8742271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b9-2704-498b-b7f3-499602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:29.000Z",
|
|
"modified": "2016-05-18T19:21:29.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '6e70be32954e41faffc496eaf890b279832b4530']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc0b9-b070-4a39-8681-441402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:29.000Z",
|
|
"modified": "2016-05-18T19:21:29.000Z",
|
|
"description": "Prikormka FILE_TREE modules",
|
|
"pattern": "[file:hashes.SHA1 = '8ea98a8d3d8f62c4543b3dd36e6d6f79f1acb9e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:21:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc0c6-5dc0-4f38-9b93-912602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:21:42.000Z",
|
|
"modified": "2016-05-18T19:21:42.000Z",
|
|
"first_observed": "2016-05-18T19:21:42Z",
|
|
"last_observed": "2016-05-18T19:21:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc0c6-5dc0-4f38-9b93-912602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc0c6-5dc0-4f38-9b93-912602de0b81",
|
|
"value": "https://github.com/eset/malware-ioc/tree/master/groundbait"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc0dd-2884-4d12-ba7e-77ed02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:22:05.000Z",
|
|
"modified": "2016-05-18T19:22:05.000Z",
|
|
"first_observed": "2016-05-18T19:22:05Z",
|
|
"last_observed": "2016-05-18T19:22:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc0dd-2884-4d12-ba7e-77ed02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc0dd-2884-4d12-ba7e-77ed02de0b81",
|
|
"value": "http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1e8-c79c-4824-9a2b-435702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:32.000Z",
|
|
"modified": "2016-05-18T19:26:32.000Z",
|
|
"description": "Prikormka FILE_TREE modules - Xchecked via VT: 74cda4d4c776ca2a661ac49b6d0e0f0560380a04",
|
|
"pattern": "[file:hashes.SHA256 = '8c834c4c54e308f327cb7e8b92de34bf02296f5bddc8e9204ef720916076174c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1e8-2ef8-4a01-8cd9-4b1102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:32.000Z",
|
|
"modified": "2016-05-18T19:26:32.000Z",
|
|
"description": "Prikormka FILE_TREE modules - Xchecked via VT: 74cda4d4c776ca2a661ac49b6d0e0f0560380a04",
|
|
"pattern": "[file:hashes.MD5 = '8a46e8f374ebcc48e896d55405411b91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1e8-8154-47ab-a022-494102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:32.000Z",
|
|
"modified": "2016-05-18T19:26:32.000Z",
|
|
"first_observed": "2016-05-18T19:26:32Z",
|
|
"last_observed": "2016-05-18T19:26:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1e8-8154-47ab-a022-494102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1e8-8154-47ab-a022-494102de0b81",
|
|
"value": "https://www.virustotal.com/file/8c834c4c54e308f327cb7e8b92de34bf02296f5bddc8e9204ef720916076174c/analysis/1462296482/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1e9-cc28-44be-8972-40e102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:33.000Z",
|
|
"modified": "2016-05-18T19:26:33.000Z",
|
|
"description": "Prikormka SKYPE modules - Xchecked via VT: 6c24e244a0dda2caded4d1b5cc8b820a46dc19f4",
|
|
"pattern": "[file:hashes.SHA256 = '809156809cbdfc75a988ce9006b5310872d0194a2b36b554ebe447332d9290a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1e9-7b6c-4c32-b5b2-4ba102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:33.000Z",
|
|
"modified": "2016-05-18T19:26:33.000Z",
|
|
"description": "Prikormka SKYPE modules - Xchecked via VT: 6c24e244a0dda2caded4d1b5cc8b820a46dc19f4",
|
|
"pattern": "[file:hashes.MD5 = 'd17c2bced2432f6f98ab91349cbc6e3b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1e9-8660-4774-95cb-433802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:33.000Z",
|
|
"modified": "2016-05-18T19:26:33.000Z",
|
|
"first_observed": "2016-05-18T19:26:33Z",
|
|
"last_observed": "2016-05-18T19:26:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1e9-8660-4774-95cb-433802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1e9-8660-4774-95cb-433802de0b81",
|
|
"value": "https://www.virustotal.com/file/809156809cbdfc75a988ce9006b5310872d0194a2b36b554ebe447332d9290a6/analysis/1459877332/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1e9-59d0-42a6-9767-4bd202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:33.000Z",
|
|
"modified": "2016-05-18T19:26:33.000Z",
|
|
"description": "Prikormka SKYPE modules - Xchecked via VT: feab6e92b905114980b5633f8742e4a7dcd0b4fa",
|
|
"pattern": "[file:hashes.SHA256 = '1f2cca202152efca8c102e16f5ad1120d4c9863b06ce89a8d04aab4f3d87da24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1e9-8ab8-4fb6-853b-47b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:33.000Z",
|
|
"modified": "2016-05-18T19:26:33.000Z",
|
|
"description": "Prikormka SKYPE modules - Xchecked via VT: feab6e92b905114980b5633f8742e4a7dcd0b4fa",
|
|
"pattern": "[file:hashes.MD5 = 'c83d0b06e3a9ef1f6aa26907c3961021']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ea-9a50-449e-880c-4ff702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:34.000Z",
|
|
"modified": "2016-05-18T19:26:34.000Z",
|
|
"first_observed": "2016-05-18T19:26:34Z",
|
|
"last_observed": "2016-05-18T19:26:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ea-9a50-449e-880c-4ff702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ea-9a50-449e-880c-4ff702de0b81",
|
|
"value": "https://www.virustotal.com/file/1f2cca202152efca8c102e16f5ad1120d4c9863b06ce89a8d04aab4f3d87da24/analysis/1435839286/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ea-ffd8-42fd-992d-428002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:34.000Z",
|
|
"modified": "2016-05-18T19:26:34.000Z",
|
|
"description": "Prikormka SCREENSHOTS modules - Xchecked via VT: ad74abea34a20d0196a152e6668e3c29135b22d4",
|
|
"pattern": "[file:hashes.SHA256 = '249e6ab11febfd87f9698f9c1eb2ab96f865ec2bc7f01d98cb25e1879d86b705']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ea-03cc-45f9-997b-4fbe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:34.000Z",
|
|
"modified": "2016-05-18T19:26:34.000Z",
|
|
"description": "Prikormka SCREENSHOTS modules - Xchecked via VT: ad74abea34a20d0196a152e6668e3c29135b22d4",
|
|
"pattern": "[file:hashes.MD5 = '16793d6c3f2d56708e5fc68c883805b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ea-eb2c-449f-ae18-49bb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:34.000Z",
|
|
"modified": "2016-05-18T19:26:34.000Z",
|
|
"first_observed": "2016-05-18T19:26:34Z",
|
|
"last_observed": "2016-05-18T19:26:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ea-eb2c-449f-ae18-49bb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ea-eb2c-449f-ae18-49bb02de0b81",
|
|
"value": "https://www.virustotal.com/file/249e6ab11febfd87f9698f9c1eb2ab96f865ec2bc7f01d98cb25e1879d86b705/analysis/1459877149/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ea-ad48-4008-ac0d-4e2602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:34.000Z",
|
|
"modified": "2016-05-18T19:26:34.000Z",
|
|
"description": "Prikormka SCREENSHOTS modules - Xchecked via VT: 645dfa35e41f6442793cf7647a75956e05563de8",
|
|
"pattern": "[file:hashes.SHA256 = 'fcdaf0c292f8a95b6f7d3e2029b29dc7f522885cf7abd9ae2324f3c1fd67fadd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1eb-4828-432c-918a-4e3102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:35.000Z",
|
|
"modified": "2016-05-18T19:26:35.000Z",
|
|
"description": "Prikormka SCREENSHOTS modules - Xchecked via VT: 645dfa35e41f6442793cf7647a75956e05563de8",
|
|
"pattern": "[file:hashes.MD5 = 'e7f835e5c6bc2204d966bc729e68b315']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1eb-58c0-4c70-97eb-4d0d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:35.000Z",
|
|
"modified": "2016-05-18T19:26:35.000Z",
|
|
"first_observed": "2016-05-18T19:26:35Z",
|
|
"last_observed": "2016-05-18T19:26:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1eb-58c0-4c70-97eb-4d0d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1eb-58c0-4c70-97eb-4d0d02de0b81",
|
|
"value": "https://www.virustotal.com/file/fcdaf0c292f8a95b6f7d3e2029b29dc7f522885cf7abd9ae2324f3c1fd67fadd/analysis/1445345856/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1eb-1050-4ada-a80e-407202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:35.000Z",
|
|
"modified": "2016-05-18T19:26:35.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: 722e1cda3c516d43f17a6d4f5f1390d16113bc30",
|
|
"pattern": "[file:hashes.SHA256 = '13397c16dd80051ee25603694b0b1dbc9a72749eb367afc89ead5d1926cdb303']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1eb-0b40-44d8-9402-40c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:35.000Z",
|
|
"modified": "2016-05-18T19:26:35.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: 722e1cda3c516d43f17a6d4f5f1390d16113bc30",
|
|
"pattern": "[file:hashes.MD5 = '6fcf5c0e9736701fa9f79bd3e4e3f502']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1eb-6734-4cfa-8b44-45f602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:35.000Z",
|
|
"modified": "2016-05-18T19:26:35.000Z",
|
|
"first_observed": "2016-05-18T19:26:35Z",
|
|
"last_observed": "2016-05-18T19:26:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1eb-6734-4cfa-8b44-45f602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1eb-6734-4cfa-8b44-45f602de0b81",
|
|
"value": "https://www.virustotal.com/file/13397c16dd80051ee25603694b0b1dbc9a72749eb367afc89ead5d1926cdb303/analysis/1459876838/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ec-a550-4e9a-a3a8-4c6b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:35.000Z",
|
|
"modified": "2016-05-18T19:26:35.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: 25d6f1efd758aace399c6d62a89be039281cff69",
|
|
"pattern": "[file:hashes.SHA256 = '30667b8c87b1123d97d8fe05127ea3f3b4b7bd26d9013a404d635b1fff0f1876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ec-e850-473a-af8b-415702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:36.000Z",
|
|
"modified": "2016-05-18T19:26:36.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: 25d6f1efd758aace399c6d62a89be039281cff69",
|
|
"pattern": "[file:hashes.MD5 = 'd330e0a48acab2406705c27a5fa6ae91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ec-a7fc-4d2d-87d0-428102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:36.000Z",
|
|
"modified": "2016-05-18T19:26:36.000Z",
|
|
"first_observed": "2016-05-18T19:26:36Z",
|
|
"last_observed": "2016-05-18T19:26:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ec-a7fc-4d2d-87d0-428102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ec-a7fc-4d2d-87d0-428102de0b81",
|
|
"value": "https://www.virustotal.com/file/30667b8c87b1123d97d8fe05127ea3f3b4b7bd26d9013a404d635b1fff0f1876/analysis/1461341635/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ec-97d4-415f-81fc-476402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:36.000Z",
|
|
"modified": "2016-05-18T19:26:36.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: 0cdc66acbb5b7d6faa85f7df8d747a96ced7a9bd",
|
|
"pattern": "[file:hashes.SHA256 = 'b7f3a9b51c3bc94b9f4e431fd517236768f850d4e05ade92495870afaa7ac9a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ec-ea9c-4825-9084-4e3002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:36.000Z",
|
|
"modified": "2016-05-18T19:26:36.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: 0cdc66acbb5b7d6faa85f7df8d747a96ced7a9bd",
|
|
"pattern": "[file:hashes.MD5 = '97baf3b25611ebd99be05e01aafb5a17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ec-1c70-4f60-9360-4e9002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:36.000Z",
|
|
"modified": "2016-05-18T19:26:36.000Z",
|
|
"first_observed": "2016-05-18T19:26:36Z",
|
|
"last_observed": "2016-05-18T19:26:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ec-1c70-4f60-9360-4e9002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ec-1c70-4f60-9360-4e9002de0b81",
|
|
"value": "https://www.virustotal.com/file/b7f3a9b51c3bc94b9f4e431fd517236768f850d4e05ade92495870afaa7ac9a2/analysis/1435839285/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ed-e040-415b-afa3-45cb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:37.000Z",
|
|
"modified": "2016-05-18T19:26:37.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: cc42c6beeb70d3a9bc7e1159c644e54de2be5cbc",
|
|
"pattern": "[file:hashes.SHA256 = '08791b60bba6c62e1642b8e6bab2f534424803b3a2cdb5e424677dca01b0afd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ed-539c-44f0-ab91-452502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:37.000Z",
|
|
"modified": "2016-05-18T19:26:37.000Z",
|
|
"description": "Prikormka KEYLOGGER modules - Xchecked via VT: cc42c6beeb70d3a9bc7e1159c644e54de2be5cbc",
|
|
"pattern": "[file:hashes.MD5 = 'ee315bab0d6a74809a925ef00437ede7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ed-e9cc-4ee1-bbda-40c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:37.000Z",
|
|
"modified": "2016-05-18T19:26:37.000Z",
|
|
"first_observed": "2016-05-18T19:26:37Z",
|
|
"last_observed": "2016-05-18T19:26:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ed-e9cc-4ee1-bbda-40c802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ed-e9cc-4ee1-bbda-40c802de0b81",
|
|
"value": "https://www.virustotal.com/file/08791b60bba6c62e1642b8e6bab2f534424803b3a2cdb5e424677dca01b0afd6/analysis/1462820754/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ed-21b8-40bf-8d38-42cb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:37.000Z",
|
|
"modified": "2016-05-18T19:26:37.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules - Xchecked via VT: 7275a6ed8ee314600a9b93038876f853b957b316",
|
|
"pattern": "[file:hashes.SHA256 = '89d236b0bc6bce722d314b3b868a59678c45320d9707582c3c1a1c3625e6b516']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ed-3bc4-4fdc-aaef-4a9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:37.000Z",
|
|
"modified": "2016-05-18T19:26:37.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules - Xchecked via VT: 7275a6ed8ee314600a9b93038876f853b957b316",
|
|
"pattern": "[file:hashes.MD5 = '1f9b32047c25e49ff8bfffa6e8a2efe9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ee-ea74-437f-add1-420c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:38.000Z",
|
|
"modified": "2016-05-18T19:26:38.000Z",
|
|
"first_observed": "2016-05-18T19:26:38Z",
|
|
"last_observed": "2016-05-18T19:26:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ee-ea74-437f-add1-420c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ee-ea74-437f-add1-420c02de0b81",
|
|
"value": "https://www.virustotal.com/file/89d236b0bc6bce722d314b3b868a59678c45320d9707582c3c1a1c3625e6b516/analysis/1459876999/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ee-38a8-4090-85d2-44c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:38.000Z",
|
|
"modified": "2016-05-18T19:26:38.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules - Xchecked via VT: c75d8850273431a41f0efcf8f74e86bcfe1dfa5a",
|
|
"pattern": "[file:hashes.SHA256 = 'bff8bafe6a528d2038bb118be8577dee0468e71dda8f904ce6f266759cad7119']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ee-c5e0-448e-98b7-4e4e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:38.000Z",
|
|
"modified": "2016-05-18T19:26:38.000Z",
|
|
"description": "Prikormka DOCS_STEALER modules - Xchecked via VT: c75d8850273431a41f0efcf8f74e86bcfe1dfa5a",
|
|
"pattern": "[file:hashes.MD5 = '7253137a38484cc4be9ee9516f1e00f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ee-2de8-4b13-84f1-4eba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:38.000Z",
|
|
"modified": "2016-05-18T19:26:38.000Z",
|
|
"first_observed": "2016-05-18T19:26:38Z",
|
|
"last_observed": "2016-05-18T19:26:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ee-2de8-4b13-84f1-4eba02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ee-2de8-4b13-84f1-4eba02de0b81",
|
|
"value": "https://www.virustotal.com/file/bff8bafe6a528d2038bb118be8577dee0468e71dda8f904ce6f266759cad7119/analysis/1435839283/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ee-1434-4076-9544-4eb102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:38.000Z",
|
|
"modified": "2016-05-18T19:26:38.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 840afb728fda57195e53f225cb3f6e788b96a579",
|
|
"pattern": "[file:hashes.SHA256 = 'b7161b1a5b7c17c5418cbe9959110c681e53afbd13f9a95984b9c9e3ec90443d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ef-a66c-4492-ba86-443e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:39.000Z",
|
|
"modified": "2016-05-18T19:26:39.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 840afb728fda57195e53f225cb3f6e788b96a579",
|
|
"pattern": "[file:hashes.MD5 = 'f910da945cb35db7b1027881bd284d65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ef-1604-452c-90bd-4d4202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:39.000Z",
|
|
"modified": "2016-05-18T19:26:39.000Z",
|
|
"first_observed": "2016-05-18T19:26:39Z",
|
|
"last_observed": "2016-05-18T19:26:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ef-1604-452c-90bd-4d4202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ef-1604-452c-90bd-4d4202de0b81",
|
|
"value": "https://www.virustotal.com/file/b7161b1a5b7c17c5418cbe9959110c681e53afbd13f9a95984b9c9e3ec90443d/analysis/1462920424/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ef-7484-41ba-87ea-44e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:39.000Z",
|
|
"modified": "2016-05-18T19:26:39.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7c2587b85178ad89389d957f11af1065c46f66db",
|
|
"pattern": "[file:hashes.SHA256 = 'dad588a500f0a66928e4e56a33de117e9c2dda433b78b16847abecdcab693633']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ef-ae74-4612-8aa8-452602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:39.000Z",
|
|
"modified": "2016-05-18T19:26:39.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7c2587b85178ad89389d957f11af1065c46f66db",
|
|
"pattern": "[file:hashes.MD5 = '3dba48b7aed8ddff801fd0dec644fa82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ef-034c-44b0-a49d-4e5902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:39.000Z",
|
|
"modified": "2016-05-18T19:26:39.000Z",
|
|
"first_observed": "2016-05-18T19:26:39Z",
|
|
"last_observed": "2016-05-18T19:26:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ef-034c-44b0-a49d-4e5902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ef-034c-44b0-a49d-4e5902de0b81",
|
|
"value": "https://www.virustotal.com/file/dad588a500f0a66928e4e56a33de117e9c2dda433b78b16847abecdcab693633/analysis/1461753660/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ef-22f0-472a-a382-4dc702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:39.000Z",
|
|
"modified": "2016-05-18T19:26:39.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 596f945ab52ae0e780905e150acd2017ab2ecdfc",
|
|
"pattern": "[file:hashes.SHA256 = '5f545b7fe1dd3f41fb95b0745af80af8389753b466e204f6c50e78e392df6b02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f0-7178-40d9-b272-414502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:40.000Z",
|
|
"modified": "2016-05-18T19:26:40.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 596f945ab52ae0e780905e150acd2017ab2ecdfc",
|
|
"pattern": "[file:hashes.MD5 = '7de6153f433fff96182c50f3a95e19a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f0-8990-46ed-be5c-4f5902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:40.000Z",
|
|
"modified": "2016-05-18T19:26:40.000Z",
|
|
"first_observed": "2016-05-18T19:26:40Z",
|
|
"last_observed": "2016-05-18T19:26:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f0-8990-46ed-be5c-4f5902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f0-8990-46ed-be5c-4f5902de0b81",
|
|
"value": "https://www.virustotal.com/file/5f545b7fe1dd3f41fb95b0745af80af8389753b466e204f6c50e78e392df6b02/analysis/1445347477/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f0-6b50-4008-8830-42c502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:40.000Z",
|
|
"modified": "2016-05-18T19:26:40.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: b47640c4952acc2705f7ead9e8eaa163059fd659",
|
|
"pattern": "[file:hashes.SHA256 = '6e7d7e285063dd1ade2e9be45ebadc8bbdef7fd0e2605f3957146e29530b08a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f0-a388-418e-bae4-401c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:40.000Z",
|
|
"modified": "2016-05-18T19:26:40.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: b47640c4952acc2705f7ead9e8eaa163059fd659",
|
|
"pattern": "[file:hashes.MD5 = '171cd8436f4a55244d60b7274414786d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f0-18e0-4e3e-9c69-4f5f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:40.000Z",
|
|
"modified": "2016-05-18T19:26:40.000Z",
|
|
"first_observed": "2016-05-18T19:26:40Z",
|
|
"last_observed": "2016-05-18T19:26:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f0-18e0-4e3e-9c69-4f5f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f0-18e0-4e3e-9c69-4f5f02de0b81",
|
|
"value": "https://www.virustotal.com/file/6e7d7e285063dd1ade2e9be45ebadc8bbdef7fd0e2605f3957146e29530b08a9/analysis/1445341220/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f1-4f48-4227-badb-4cb802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:41.000Z",
|
|
"modified": "2016-05-18T19:26:41.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 45f1f06c3a27ce8329e2bdcdeea3c530711b5b72",
|
|
"pattern": "[file:hashes.SHA256 = '37cc927aabd16c8134d0a9ab20fee1a80a5e533615ec75664a5275a2f8d193bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f1-e50c-457b-ba76-4f1802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:41.000Z",
|
|
"modified": "2016-05-18T19:26:41.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 45f1f06c3a27ce8329e2bdcdeea3c530711b5b72",
|
|
"pattern": "[file:hashes.MD5 = 'd2ec49b4ac4e1e4ca9be77396541829a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f1-86f4-4d29-b40e-499a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:41.000Z",
|
|
"modified": "2016-05-18T19:26:41.000Z",
|
|
"first_observed": "2016-05-18T19:26:41Z",
|
|
"last_observed": "2016-05-18T19:26:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f1-86f4-4d29-b40e-499a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f1-86f4-4d29-b40e-499a02de0b81",
|
|
"value": "https://www.virustotal.com/file/37cc927aabd16c8134d0a9ab20fee1a80a5e533615ec75664a5275a2f8d193bd/analysis/1444918626/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f1-3330-4d13-848b-4e9402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:41.000Z",
|
|
"modified": "2016-05-18T19:26:41.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7c9e4cc3f5b260439d69e93376aa668bf32123d0",
|
|
"pattern": "[file:hashes.SHA256 = '87c2c8f7608dd26ec1f96cadcbaa46c20da97e907a712b0bf6895db72adede56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f1-aacc-403c-b4e9-49a102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:41.000Z",
|
|
"modified": "2016-05-18T19:26:41.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7c9e4cc3f5b260439d69e93376aa668bf32123d0",
|
|
"pattern": "[file:hashes.MD5 = 'b6e2f0f3c6a2268014f7d6c26dd5c39e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f2-6c6c-4b50-b573-4f5102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:42.000Z",
|
|
"modified": "2016-05-18T19:26:42.000Z",
|
|
"first_observed": "2016-05-18T19:26:42Z",
|
|
"last_observed": "2016-05-18T19:26:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f2-6c6c-4b50-b573-4f5102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f2-6c6c-4b50-b573-4f5102de0b81",
|
|
"value": "https://www.virustotal.com/file/87c2c8f7608dd26ec1f96cadcbaa46c20da97e907a712b0bf6895db72adede56/analysis/1456156456/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f2-a548-467a-a239-4eab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:42.000Z",
|
|
"modified": "2016-05-18T19:26:42.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: a4847b06e603e90640051fcdd5d1515f007f7bd5",
|
|
"pattern": "[file:hashes.SHA256 = 'fab00716bf6b669802c02ecb2fb4dc0ccbc2b73551b9cf63a705c402940c00d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f2-8d0c-4e9e-8ab9-464302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:42.000Z",
|
|
"modified": "2016-05-18T19:26:42.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: a4847b06e603e90640051fcdd5d1515f007f7bd5",
|
|
"pattern": "[file:hashes.MD5 = '38c4031e12040678455092f42f0fce49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f2-8750-4ab2-b5be-48c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:42.000Z",
|
|
"modified": "2016-05-18T19:26:42.000Z",
|
|
"first_observed": "2016-05-18T19:26:42Z",
|
|
"last_observed": "2016-05-18T19:26:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f2-8750-4ab2-b5be-48c602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f2-8750-4ab2-b5be-48c602de0b81",
|
|
"value": "https://www.virustotal.com/file/fab00716bf6b669802c02ecb2fb4dc0ccbc2b73551b9cf63a705c402940c00d1/analysis/1461049368/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f2-bd68-4085-8a09-475402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:42.000Z",
|
|
"modified": "2016-05-18T19:26:42.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 3c904afb938efcf210f388e5aa46379aeadbcd50",
|
|
"pattern": "[file:hashes.SHA256 = '8270b16cd9c2fc8bdde20ef96501eed16bedf70ddc8e25ea31532222880b90fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f3-4c80-4a35-8033-4c5502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:43.000Z",
|
|
"modified": "2016-05-18T19:26:43.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 3c904afb938efcf210f388e5aa46379aeadbcd50",
|
|
"pattern": "[file:hashes.MD5 = '8aef327d7f778b36aace9ad40455d67f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f3-25d0-457a-9de1-486c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:43.000Z",
|
|
"modified": "2016-05-18T19:26:43.000Z",
|
|
"first_observed": "2016-05-18T19:26:43Z",
|
|
"last_observed": "2016-05-18T19:26:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f3-25d0-457a-9de1-486c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f3-25d0-457a-9de1-486c02de0b81",
|
|
"value": "https://www.virustotal.com/file/8270b16cd9c2fc8bdde20ef96501eed16bedf70ddc8e25ea31532222880b90fe/analysis/1453000596/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f3-ed00-4bc4-9a33-4d8202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:43.000Z",
|
|
"modified": "2016-05-18T19:26:43.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: f030559f81b8dc3cc0ded6c46c6d1bbb67a2ca65",
|
|
"pattern": "[file:hashes.SHA256 = '9665083b8d586a8d87dd8a7b1810076ef19da68a40694d9c735b12c46302fc0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f3-5f30-4077-8420-447202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:43.000Z",
|
|
"modified": "2016-05-18T19:26:43.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: f030559f81b8dc3cc0ded6c46c6d1bbb67a2ca65",
|
|
"pattern": "[file:hashes.MD5 = '16e458269f20ee863415f24339fd98d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f3-1170-4a8c-aa76-4ed002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:43.000Z",
|
|
"modified": "2016-05-18T19:26:43.000Z",
|
|
"first_observed": "2016-05-18T19:26:43Z",
|
|
"last_observed": "2016-05-18T19:26:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f3-1170-4a8c-aa76-4ed002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f3-1170-4a8c-aa76-4ed002de0b81",
|
|
"value": "https://www.virustotal.com/file/9665083b8d586a8d87dd8a7b1810076ef19da68a40694d9c735b12c46302fc0e/analysis/1453605486/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f4-73d8-4bcc-a28a-4d6a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:44.000Z",
|
|
"modified": "2016-05-18T19:26:44.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 3e023a83eaa85a77b935b2d3a00aeb5b1adcd9cc",
|
|
"pattern": "[file:hashes.SHA256 = '6a49d5193f22eec3a23795fe48be4eb7b0b029cbd6148b0dfc1d44bad78c7e6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f4-dab4-443e-baf1-4d0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:44.000Z",
|
|
"modified": "2016-05-18T19:26:44.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 3e023a83eaa85a77b935b2d3a00aeb5b1adcd9cc",
|
|
"pattern": "[file:hashes.MD5 = '8f1de7be72d172eb270b3d8ed4d91276']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f4-f8a8-4bd5-b403-432202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:44.000Z",
|
|
"modified": "2016-05-18T19:26:44.000Z",
|
|
"first_observed": "2016-05-18T19:26:44Z",
|
|
"last_observed": "2016-05-18T19:26:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f4-f8a8-4bd5-b403-432202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f4-f8a8-4bd5-b403-432202de0b81",
|
|
"value": "https://www.virustotal.com/file/6a49d5193f22eec3a23795fe48be4eb7b0b029cbd6148b0dfc1d44bad78c7e6a/analysis/1444741743/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f4-3da0-4516-b599-48f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:44.000Z",
|
|
"modified": "2016-05-18T19:26:44.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 326adea3ac1f8fac3b522e6b47941263da110a42",
|
|
"pattern": "[file:hashes.SHA256 = 'e6df7c462728bac7803b61310fb6d41099e30b088682bd029ab0cba670b2f90e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f4-9f44-4e30-aec6-486f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:44.000Z",
|
|
"modified": "2016-05-18T19:26:44.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 326adea3ac1f8fac3b522e6b47941263da110a42",
|
|
"pattern": "[file:hashes.MD5 = '8a655288b1a890256710bb7385b8b684']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f5-4b04-4157-b12e-4a8602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:45.000Z",
|
|
"modified": "2016-05-18T19:26:45.000Z",
|
|
"first_observed": "2016-05-18T19:26:45Z",
|
|
"last_observed": "2016-05-18T19:26:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f5-4b04-4157-b12e-4a8602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f5-4b04-4157-b12e-4a8602de0b81",
|
|
"value": "https://www.virustotal.com/file/e6df7c462728bac7803b61310fb6d41099e30b088682bd029ab0cba670b2f90e/analysis/1443135806/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f5-5904-4f0b-b722-465502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:45.000Z",
|
|
"modified": "2016-05-18T19:26:45.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: b42234f5a5efb6423e9d4904ba282127f1282c8e",
|
|
"pattern": "[file:hashes.SHA256 = '137037205ee20c122db16f163502acfc242af0fa943353cd6e83c562833fa529']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f5-f988-4358-8d63-49e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:45.000Z",
|
|
"modified": "2016-05-18T19:26:45.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: b42234f5a5efb6423e9d4904ba282127f1282c8e",
|
|
"pattern": "[file:hashes.MD5 = 'ede34caaa582cf73f41bc9b6a14f5f01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f5-1840-46c9-8443-4cc502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:45.000Z",
|
|
"modified": "2016-05-18T19:26:45.000Z",
|
|
"first_observed": "2016-05-18T19:26:45Z",
|
|
"last_observed": "2016-05-18T19:26:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f5-1840-46c9-8443-4cc502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f5-1840-46c9-8443-4cc502de0b81",
|
|
"value": "https://www.virustotal.com/file/137037205ee20c122db16f163502acfc242af0fa943353cd6e83c562833fa529/analysis/1446173053/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f5-75dc-44a9-bc05-4fe502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:45.000Z",
|
|
"modified": "2016-05-18T19:26:45.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 8d49305fd140b179d2293fbaff6e7ce46a03af16",
|
|
"pattern": "[file:hashes.SHA256 = '8d3d07bf51725f9e3a05ff225e601ecd382527fa3fb978cb79486ad729eba43c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f5-afe4-4299-8e28-4d7702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:45.000Z",
|
|
"modified": "2016-05-18T19:26:45.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 8d49305fd140b179d2293fbaff6e7ce46a03af16",
|
|
"pattern": "[file:hashes.MD5 = '3fa9a0138f59c9dfcedb7ec00a87ca62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f6-0e00-46f7-8f89-4fe802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:46.000Z",
|
|
"modified": "2016-05-18T19:26:46.000Z",
|
|
"first_observed": "2016-05-18T19:26:46Z",
|
|
"last_observed": "2016-05-18T19:26:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f6-0e00-46f7-8f89-4fe802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f6-0e00-46f7-8f89-4fe802de0b81",
|
|
"value": "https://www.virustotal.com/file/8d3d07bf51725f9e3a05ff225e601ecd382527fa3fb978cb79486ad729eba43c/analysis/1437727093/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f6-0044-48f6-9185-4fd802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:46.000Z",
|
|
"modified": "2016-05-18T19:26:46.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: def9b207bfd7c6d4b216df2b37c33cd851dc7fe1",
|
|
"pattern": "[file:hashes.SHA256 = 'f965c4baad0522b40b003c06075e2986276e0c2b71e131d8d0c8fec36c16d266']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f6-a1f8-4870-a7c4-459702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:46.000Z",
|
|
"modified": "2016-05-18T19:26:46.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: def9b207bfd7c6d4b216df2b37c33cd851dc7fe1",
|
|
"pattern": "[file:hashes.MD5 = '593c15b31afca317d47a591ccca448c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f6-a260-4f03-bc97-40ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:46.000Z",
|
|
"modified": "2016-05-18T19:26:46.000Z",
|
|
"first_observed": "2016-05-18T19:26:46Z",
|
|
"last_observed": "2016-05-18T19:26:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f6-a260-4f03-bc97-40ec02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f6-a260-4f03-bc97-40ec02de0b81",
|
|
"value": "https://www.virustotal.com/file/f965c4baad0522b40b003c06075e2986276e0c2b71e131d8d0c8fec36c16d266/analysis/1444136845/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f6-2f9c-48d2-9af7-432502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:46.000Z",
|
|
"modified": "2016-05-18T19:26:46.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 88ed6686cf59f12aa984216ec60097c4bd319007",
|
|
"pattern": "[file:hashes.SHA256 = '3f37a48a0d7688de88084f3140276e381092fa6b931569afe5c34c3f08c664b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f7-8618-488b-b26e-406002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:47.000Z",
|
|
"modified": "2016-05-18T19:26:47.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 88ed6686cf59f12aa984216ec60097c4bd319007",
|
|
"pattern": "[file:hashes.MD5 = '426c90b677780f7fa2c3e6f5e2dc6602']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f7-77e0-4076-9966-41b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:47.000Z",
|
|
"modified": "2016-05-18T19:26:47.000Z",
|
|
"first_observed": "2016-05-18T19:26:47Z",
|
|
"last_observed": "2016-05-18T19:26:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f7-77e0-4076-9966-41b702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f7-77e0-4076-9966-41b702de0b81",
|
|
"value": "https://www.virustotal.com/file/3f37a48a0d7688de88084f3140276e381092fa6b931569afe5c34c3f08c664b0/analysis/1444126367/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f7-06d0-48ac-bed1-404002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:47.000Z",
|
|
"modified": "2016-05-18T19:26:47.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: d38fdae48eabf2642f3327fac865b079233cc7c6",
|
|
"pattern": "[file:hashes.SHA256 = 'bb03630a0a3bc7f565024379227a672e7070364b5dda2b67c49a0df15cefeb05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f7-ab34-41d8-8004-454602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:47.000Z",
|
|
"modified": "2016-05-18T19:26:47.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: d38fdae48eabf2642f3327fac865b079233cc7c6",
|
|
"pattern": "[file:hashes.MD5 = '4846a7fd46c5615234348df46f65492d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f7-02f8-4171-8852-4c4902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:47.000Z",
|
|
"modified": "2016-05-18T19:26:47.000Z",
|
|
"first_observed": "2016-05-18T19:26:47Z",
|
|
"last_observed": "2016-05-18T19:26:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f7-02f8-4171-8852-4c4902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f7-02f8-4171-8852-4c4902de0b81",
|
|
"value": "https://www.virustotal.com/file/bb03630a0a3bc7f565024379227a672e7070364b5dda2b67c49a0df15cefeb05/analysis/1448989656/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f8-3bd4-4667-9ba2-46e402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:48.000Z",
|
|
"modified": "2016-05-18T19:26:48.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: ed3d4eef28174f60f1653f35000b871f6e023d21",
|
|
"pattern": "[file:hashes.SHA256 = '8ba2494cb7b5c457cd80668d147ccba445053d5da0f2ab5c178652e7c3b7b58f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f8-2054-45bb-a5ec-4b8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:48.000Z",
|
|
"modified": "2016-05-18T19:26:48.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: ed3d4eef28174f60f1653f35000b871f6e023d21",
|
|
"pattern": "[file:hashes.MD5 = '28d45f025a7611c672b0b29cc5fe624b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f8-1e5c-4194-8390-457902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:48.000Z",
|
|
"modified": "2016-05-18T19:26:48.000Z",
|
|
"first_observed": "2016-05-18T19:26:48Z",
|
|
"last_observed": "2016-05-18T19:26:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f8-1e5c-4194-8390-457902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f8-1e5c-4194-8390-457902de0b81",
|
|
"value": "https://www.virustotal.com/file/8ba2494cb7b5c457cd80668d147ccba445053d5da0f2ab5c178652e7c3b7b58f/analysis/1446359090/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f8-f5ac-445f-b2c3-4ca702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:48.000Z",
|
|
"modified": "2016-05-18T19:26:48.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7843cb7de03c8b564fd72d923b4bd6d28a466a3c",
|
|
"pattern": "[file:hashes.SHA256 = '08d930773f3628d259a64dd722a751c16b6c98927dcd97531a3667f336bcb48e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f8-7d6c-47f2-a0f5-4d2c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:48.000Z",
|
|
"modified": "2016-05-18T19:26:48.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7843cb7de03c8b564fd72d923b4bd6d28a466a3c",
|
|
"pattern": "[file:hashes.MD5 = 'cdf2823397c60159cfbce2172b7875d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f8-8074-46d6-aab2-489302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:48.000Z",
|
|
"modified": "2016-05-18T19:26:48.000Z",
|
|
"first_observed": "2016-05-18T19:26:48Z",
|
|
"last_observed": "2016-05-18T19:26:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f8-8074-46d6-aab2-489302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f8-8074-46d6-aab2-489302de0b81",
|
|
"value": "https://www.virustotal.com/file/08d930773f3628d259a64dd722a751c16b6c98927dcd97531a3667f336bcb48e/analysis/1430934954/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f9-7df0-4153-aa46-42f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:49.000Z",
|
|
"modified": "2016-05-18T19:26:49.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 64002d2c4c6678776c64bb018736c9b0745f47f4",
|
|
"pattern": "[file:hashes.SHA256 = 'c036f71ff5ae7f839b62fce453a7a15fcb115de9bf3e8956dbab972a76587aea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f9-1794-45ef-8243-47d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:49.000Z",
|
|
"modified": "2016-05-18T19:26:49.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 64002d2c4c6678776c64bb018736c9b0745f47f4",
|
|
"pattern": "[file:hashes.MD5 = '4928a6fd2a7da2ddae99079b12618c20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1f9-fcec-4b08-8a1e-417902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:49.000Z",
|
|
"modified": "2016-05-18T19:26:49.000Z",
|
|
"first_observed": "2016-05-18T19:26:49Z",
|
|
"last_observed": "2016-05-18T19:26:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1f9-fcec-4b08-8a1e-417902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1f9-fcec-4b08-8a1e-417902de0b81",
|
|
"value": "https://www.virustotal.com/file/c036f71ff5ae7f839b62fce453a7a15fcb115de9bf3e8956dbab972a76587aea/analysis/1433386437/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f9-ae18-4d2a-b190-4ba902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:49.000Z",
|
|
"modified": "2016-05-18T19:26:49.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6df75137e8966537bb921eab30df4f7bc2c6feb4",
|
|
"pattern": "[file:hashes.SHA256 = '9cf5f43543517be5ff9c78cd52566439607b11f0dbe2508b4e4cc150680ad83a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1f9-46e0-492f-8ba9-4b8802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:49.000Z",
|
|
"modified": "2016-05-18T19:26:49.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6df75137e8966537bb921eab30df4f7bc2c6feb4",
|
|
"pattern": "[file:hashes.MD5 = '724fccabe242068852b3121e13779eed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fa-3d3c-4e6b-ae8f-478302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:50.000Z",
|
|
"modified": "2016-05-18T19:26:50.000Z",
|
|
"first_observed": "2016-05-18T19:26:50Z",
|
|
"last_observed": "2016-05-18T19:26:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fa-3d3c-4e6b-ae8f-478302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fa-3d3c-4e6b-ae8f-478302de0b81",
|
|
"value": "https://www.virustotal.com/file/9cf5f43543517be5ff9c78cd52566439607b11f0dbe2508b4e4cc150680ad83a/analysis/1460536650/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fa-61d0-49d1-921f-424902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:50.000Z",
|
|
"modified": "2016-05-18T19:26:50.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 80ffa899cb3a6595fafa66421bccd6e5aaad8552",
|
|
"pattern": "[file:hashes.SHA256 = '251cb0d43dc05409ec2410d7bab0704694aa93904d6ee3878e7c918b21c37c36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fa-e984-4b0e-838e-451902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:50.000Z",
|
|
"modified": "2016-05-18T19:26:50.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 80ffa899cb3a6595fafa66421bccd6e5aaad8552",
|
|
"pattern": "[file:hashes.MD5 = '3eb871aec1cf8c456601a311310bcf9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fa-968c-4f91-b0dd-40ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:50.000Z",
|
|
"modified": "2016-05-18T19:26:50.000Z",
|
|
"first_observed": "2016-05-18T19:26:50Z",
|
|
"last_observed": "2016-05-18T19:26:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fa-968c-4f91-b0dd-40ac02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fa-968c-4f91-b0dd-40ac02de0b81",
|
|
"value": "https://www.virustotal.com/file/251cb0d43dc05409ec2410d7bab0704694aa93904d6ee3878e7c918b21c37c36/analysis/1444143719/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fa-a898-49ad-9795-477d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:50.000Z",
|
|
"modified": "2016-05-18T19:26:50.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: be73a2c17aae689bc1a20761850374636b67bf0f",
|
|
"pattern": "[file:hashes.SHA256 = '9f76249c964289d2266eac5a9bd35ee05d9018a5858a8d615f7773ef89907c4d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fb-6c48-45cc-9def-499902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:51.000Z",
|
|
"modified": "2016-05-18T19:26:51.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: be73a2c17aae689bc1a20761850374636b67bf0f",
|
|
"pattern": "[file:hashes.MD5 = 'fd1f3016a591114790197b5027897554']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fb-3724-4683-aae4-44d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:51.000Z",
|
|
"modified": "2016-05-18T19:26:51.000Z",
|
|
"first_observed": "2016-05-18T19:26:51Z",
|
|
"last_observed": "2016-05-18T19:26:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fb-3724-4683-aae4-44d002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fb-3724-4683-aae4-44d002de0b81",
|
|
"value": "https://www.virustotal.com/file/9f76249c964289d2266eac5a9bd35ee05d9018a5858a8d615f7773ef89907c4d/analysis/1427202309/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fb-ba9c-4680-a86d-427b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:51.000Z",
|
|
"modified": "2016-05-18T19:26:51.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6ae2c768d932eda538983dd7a50cf7de14bf54d2",
|
|
"pattern": "[file:hashes.SHA256 = 'd374633a70b11e8552699a6e1cab1a2ca92c0d80e5a98379188000179b8c29aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fb-9484-4562-a1c0-4fe602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:51.000Z",
|
|
"modified": "2016-05-18T19:26:51.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6ae2c768d932eda538983dd7a50cf7de14bf54d2",
|
|
"pattern": "[file:hashes.MD5 = '115c80ee9c2b04dc1793a3cacf643ecd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fb-6acc-4d88-9757-45ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:51.000Z",
|
|
"modified": "2016-05-18T19:26:51.000Z",
|
|
"first_observed": "2016-05-18T19:26:51Z",
|
|
"last_observed": "2016-05-18T19:26:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fb-6acc-4d88-9757-45ec02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fb-6acc-4d88-9757-45ec02de0b81",
|
|
"value": "https://www.virustotal.com/file/d374633a70b11e8552699a6e1cab1a2ca92c0d80e5a98379188000179b8c29aa/analysis/1445903144/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fc-be78-458d-96cd-425d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:52.000Z",
|
|
"modified": "2016-05-18T19:26:52.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: aed9c3bca2b42889a9110b92d3d31b5fd3324bdf",
|
|
"pattern": "[file:hashes.SHA256 = '941e6b46000dc5aaf60d7c768112afcef11f12e00f95af04aa34ca9d463eacb0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fc-e560-4b50-898d-483c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:52.000Z",
|
|
"modified": "2016-05-18T19:26:52.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: aed9c3bca2b42889a9110b92d3d31b5fd3324bdf",
|
|
"pattern": "[file:hashes.MD5 = '6d17267476e018be45e6f0ade5fbdb1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fc-27c4-4c58-9126-4d6902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:52.000Z",
|
|
"modified": "2016-05-18T19:26:52.000Z",
|
|
"first_observed": "2016-05-18T19:26:52Z",
|
|
"last_observed": "2016-05-18T19:26:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fc-27c4-4c58-9126-4d6902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fc-27c4-4c58-9126-4d6902de0b81",
|
|
"value": "https://www.virustotal.com/file/941e6b46000dc5aaf60d7c768112afcef11f12e00f95af04aa34ca9d463eacb0/analysis/1444118094/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fc-d340-4c4f-9521-478d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:52.000Z",
|
|
"modified": "2016-05-18T19:26:52.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: cdd58347f873eb7e0bc602da9930a519683c67c7",
|
|
"pattern": "[file:hashes.SHA256 = '19958ac484b15d15a427a5f3cd6be44beb170314eb8ee0d154241b36ccb214c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fc-c8b8-4da7-ba22-4d6802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:52.000Z",
|
|
"modified": "2016-05-18T19:26:52.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: cdd58347f873eb7e0bc602da9930a519683c67c7",
|
|
"pattern": "[file:hashes.MD5 = 'c5698dd28dbabb6147d784a88d87b30b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fc-eb78-4b82-a64c-4ea702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:52.000Z",
|
|
"modified": "2016-05-18T19:26:52.000Z",
|
|
"first_observed": "2016-05-18T19:26:52Z",
|
|
"last_observed": "2016-05-18T19:26:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fc-eb78-4b82-a64c-4ea702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fc-eb78-4b82-a64c-4ea702de0b81",
|
|
"value": "https://www.virustotal.com/file/19958ac484b15d15a427a5f3cd6be44beb170314eb8ee0d154241b36ccb214c8/analysis/1460535701/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fd-af00-4a36-ba53-423602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:53.000Z",
|
|
"modified": "2016-05-18T19:26:53.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: d864067bfa52383bc012ba1aaf8ffb893d419c07",
|
|
"pattern": "[file:hashes.SHA256 = 'e898f786e2cdd62c571b0a81548db1bc9355ec039800786ea735b098f4d55b13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fd-88bc-42a8-a2ab-480602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:53.000Z",
|
|
"modified": "2016-05-18T19:26:53.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: d864067bfa52383bc012ba1aaf8ffb893d419c07",
|
|
"pattern": "[file:hashes.MD5 = 'b51a36f2a5cbfd3b9a147e5cb1a7042c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fd-d3dc-4b30-ab1a-4ff002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:53.000Z",
|
|
"modified": "2016-05-18T19:26:53.000Z",
|
|
"first_observed": "2016-05-18T19:26:53Z",
|
|
"last_observed": "2016-05-18T19:26:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fd-d3dc-4b30-ab1a-4ff002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fd-d3dc-4b30-ab1a-4ff002de0b81",
|
|
"value": "https://www.virustotal.com/file/e898f786e2cdd62c571b0a81548db1bc9355ec039800786ea735b098f4d55b13/analysis/1460094169/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fd-7ba8-443d-b70d-47ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:53.000Z",
|
|
"modified": "2016-05-18T19:26:53.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 57e345893f508f390f2947e83092a47d845ea445",
|
|
"pattern": "[file:hashes.SHA256 = 'd9e15fe65bd77749fa5b70be7425856eb65e1d4080d60699380b1c87f524c8e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fd-c72c-4514-8be2-449402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:53.000Z",
|
|
"modified": "2016-05-18T19:26:53.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 57e345893f508f390f2947e83092a47d845ea445",
|
|
"pattern": "[file:hashes.MD5 = '350da943d5000f08d526488411103264']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fe-b1ac-4021-95ca-4be102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:54.000Z",
|
|
"modified": "2016-05-18T19:26:54.000Z",
|
|
"first_observed": "2016-05-18T19:26:54Z",
|
|
"last_observed": "2016-05-18T19:26:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fe-b1ac-4021-95ca-4be102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fe-b1ac-4021-95ca-4be102de0b81",
|
|
"value": "https://www.virustotal.com/file/d9e15fe65bd77749fa5b70be7425856eb65e1d4080d60699380b1c87f524c8e4/analysis/1424094395/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fe-45b8-465a-ab14-48d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:54.000Z",
|
|
"modified": "2016-05-18T19:26:54.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: b5eeae045f1082438e4c7b7f12f7f4630043a48e",
|
|
"pattern": "[file:hashes.SHA256 = '04f77c0c1f5a1a0a05a3084655e99bd5a318f4244c0a6407fd46d04595a308b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fe-1520-4097-adf7-47f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:54.000Z",
|
|
"modified": "2016-05-18T19:26:54.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: b5eeae045f1082438e4c7b7f12f7f4630043a48e",
|
|
"pattern": "[file:hashes.MD5 = '9b1f086720ee962214f218428baa6fba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1fe-8110-4b05-a3eb-4fa502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:54.000Z",
|
|
"modified": "2016-05-18T19:26:54.000Z",
|
|
"first_observed": "2016-05-18T19:26:54Z",
|
|
"last_observed": "2016-05-18T19:26:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1fe-8110-4b05-a3eb-4fa502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1fe-8110-4b05-a3eb-4fa502de0b81",
|
|
"value": "https://www.virustotal.com/file/04f77c0c1f5a1a0a05a3084655e99bd5a318f4244c0a6407fd46d04595a308b6/analysis/1426524556/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1fe-9f18-4ed9-afc9-473e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:54.000Z",
|
|
"modified": "2016-05-18T19:26:54.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 3ab61fec417686afc1ac430aaf5a17254d05a14a",
|
|
"pattern": "[file:hashes.SHA256 = '986aafa0c47eeedf129a6877d31d369d5a5b543b6052a169aac2281b93a8cd03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ff-fce0-4aeb-af30-444e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:55.000Z",
|
|
"modified": "2016-05-18T19:26:55.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 3ab61fec417686afc1ac430aaf5a17254d05a14a",
|
|
"pattern": "[file:hashes.MD5 = '9623868671cb3613bfebaefed6ce301b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ff-5230-4776-b45e-413702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:55.000Z",
|
|
"modified": "2016-05-18T19:26:55.000Z",
|
|
"first_observed": "2016-05-18T19:26:55Z",
|
|
"last_observed": "2016-05-18T19:26:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ff-5230-4776-b45e-413702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ff-5230-4776-b45e-413702de0b81",
|
|
"value": "https://www.virustotal.com/file/986aafa0c47eeedf129a6877d31d369d5a5b543b6052a169aac2281b93a8cd03/analysis/1423122642/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ff-ad98-4a3c-84a5-42e702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:55.000Z",
|
|
"modified": "2016-05-18T19:26:55.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 986e739948e3b5c303f7766f9f9af3d2e1a5bca7",
|
|
"pattern": "[file:hashes.SHA256 = '6dbbfe12cf282ef3094e2d1ff9c2d291d019d133f6a1713843396b50aa65f1f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ff-d844-435a-8b61-486602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:55.000Z",
|
|
"modified": "2016-05-18T19:26:55.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 986e739948e3b5c303f7766f9f9af3d2e1a5bca7",
|
|
"pattern": "[file:hashes.MD5 = 'fff47c7b8c1eda68a8b226f6a42504e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc1ff-40f0-4ef4-9d25-4b9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:55.000Z",
|
|
"modified": "2016-05-18T19:26:55.000Z",
|
|
"first_observed": "2016-05-18T19:26:55Z",
|
|
"last_observed": "2016-05-18T19:26:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc1ff-40f0-4ef4-9d25-4b9302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc1ff-40f0-4ef4-9d25-4b9302de0b81",
|
|
"value": "https://www.virustotal.com/file/6dbbfe12cf282ef3094e2d1ff9c2d291d019d133f6a1713843396b50aa65f1f3/analysis/1424344517/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc1ff-881c-4f66-a237-4ba002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:55.000Z",
|
|
"modified": "2016-05-18T19:26:55.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: c41bb97c203d6221fb494d732cb905ff37376622",
|
|
"pattern": "[file:hashes.SHA256 = '5691baf66fbc1667181a247f534398cbf5ac34c079a1d674a955fe4bed0384dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc200-37c0-4dd0-859d-423502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:56.000Z",
|
|
"modified": "2016-05-18T19:26:56.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: c41bb97c203d6221fb494d732cb905ff37376622",
|
|
"pattern": "[file:hashes.MD5 = 'ff9ae989405a1b735e2ca69548d4e286']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc200-7bf4-41ab-9b2c-475202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:56.000Z",
|
|
"modified": "2016-05-18T19:26:56.000Z",
|
|
"first_observed": "2016-05-18T19:26:56Z",
|
|
"last_observed": "2016-05-18T19:26:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc200-7bf4-41ab-9b2c-475202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc200-7bf4-41ab-9b2c-475202de0b81",
|
|
"value": "https://www.virustotal.com/file/5691baf66fbc1667181a247f534398cbf5ac34c079a1d674a955fe4bed0384dc/analysis/1419680623/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc200-a078-46a3-abb3-475002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:56.000Z",
|
|
"modified": "2016-05-18T19:26:56.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 202637ef3c9b236d62be627c6e1a8c779eb2976b",
|
|
"pattern": "[file:hashes.SHA256 = '237ab63fb32e4783701689bed0b9a3d9333071e401b3b0308f7da00face3a2b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc200-0f50-41a4-affa-463602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:56.000Z",
|
|
"modified": "2016-05-18T19:26:56.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 202637ef3c9b236d62be627c6e1a8c779eb2976b",
|
|
"pattern": "[file:hashes.MD5 = '49859a617182391b86b6b4a4e77c7ce2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc200-32fc-4274-968f-402402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:56.000Z",
|
|
"modified": "2016-05-18T19:26:56.000Z",
|
|
"first_observed": "2016-05-18T19:26:56Z",
|
|
"last_observed": "2016-05-18T19:26:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc200-32fc-4274-968f-402402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc200-32fc-4274-968f-402402de0b81",
|
|
"value": "https://www.virustotal.com/file/237ab63fb32e4783701689bed0b9a3d9333071e401b3b0308f7da00face3a2b5/analysis/1417789302/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc201-b988-46ca-b81d-475202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:57.000Z",
|
|
"modified": "2016-05-18T19:26:57.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 92476c6ae5f976c58d11bdd956878451f361776d",
|
|
"pattern": "[file:hashes.SHA256 = '8704e119bbc67f8916e5b8693b62fafd3823d3abf570e4dc0deb112418268347']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc201-477c-4615-9e20-44f502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:57.000Z",
|
|
"modified": "2016-05-18T19:26:57.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 92476c6ae5f976c58d11bdd956878451f361776d",
|
|
"pattern": "[file:hashes.MD5 = 'fae7c7b4a97f3fd2bbb9937bcf9d8eb6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc201-8fe0-4e37-b20b-4d5002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:57.000Z",
|
|
"modified": "2016-05-18T19:26:57.000Z",
|
|
"first_observed": "2016-05-18T19:26:57Z",
|
|
"last_observed": "2016-05-18T19:26:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc201-8fe0-4e37-b20b-4d5002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc201-8fe0-4e37-b20b-4d5002de0b81",
|
|
"value": "https://www.virustotal.com/file/8704e119bbc67f8916e5b8693b62fafd3823d3abf570e4dc0deb112418268347/analysis/1418232017/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc201-19b4-4128-ae24-479202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:57.000Z",
|
|
"modified": "2016-05-18T19:26:57.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 64679bdb8a65d278cda0975f279d8881e1abd40a",
|
|
"pattern": "[file:hashes.SHA256 = '89fdae94f443d89c2129c335ab6b3d70d4ba80277792ceca566e76b9cbd5e66a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc201-f20c-4bae-a9e4-442602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:57.000Z",
|
|
"modified": "2016-05-18T19:26:57.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 64679bdb8a65d278cda0975f279d8881e1abd40a",
|
|
"pattern": "[file:hashes.MD5 = 'e1099ab029be468fd9b82c153a5f28ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc202-2d9c-41be-a288-4c1d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:58.000Z",
|
|
"modified": "2016-05-18T19:26:58.000Z",
|
|
"first_observed": "2016-05-18T19:26:58Z",
|
|
"last_observed": "2016-05-18T19:26:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc202-2d9c-41be-a288-4c1d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc202-2d9c-41be-a288-4c1d02de0b81",
|
|
"value": "https://www.virustotal.com/file/89fdae94f443d89c2129c335ab6b3d70d4ba80277792ceca566e76b9cbd5e66a/analysis/1420508913/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc202-1b08-4fa1-a3b6-46c302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:58.000Z",
|
|
"modified": "2016-05-18T19:26:58.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6d861826206d834a224583898be6af1a3d46e7cf",
|
|
"pattern": "[file:hashes.SHA256 = '3ce26892633ab8306789527064e8af4e8c589eee9abf36c501c407f93dbc7c47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc202-f3cc-4d74-aaa0-404b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:58.000Z",
|
|
"modified": "2016-05-18T19:26:58.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6d861826206d834a224583898be6af1a3d46e7cf",
|
|
"pattern": "[file:hashes.MD5 = '0386459b27c9ea82a9660807a884c048']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc202-d2d4-493d-af60-423502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:58.000Z",
|
|
"modified": "2016-05-18T19:26:58.000Z",
|
|
"first_observed": "2016-05-18T19:26:58Z",
|
|
"last_observed": "2016-05-18T19:26:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc202-d2d4-493d-af60-423502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc202-d2d4-493d-af60-423502de0b81",
|
|
"value": "https://www.virustotal.com/file/3ce26892633ab8306789527064e8af4e8c589eee9abf36c501c407f93dbc7c47/analysis/1461135452/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc202-6e4c-41a3-bc66-404002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:58.000Z",
|
|
"modified": "2016-05-18T19:26:58.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: a093993b9488a9427300b2ac41460be8164a0f9a",
|
|
"pattern": "[file:hashes.SHA256 = '037d35a1c04969e33f230fc5cd6155b89e58c7437c822d24bf10a93c7bcc3d50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc203-c930-4921-afb0-4bac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:59.000Z",
|
|
"modified": "2016-05-18T19:26:59.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: a093993b9488a9427300b2ac41460be8164a0f9a",
|
|
"pattern": "[file:hashes.MD5 = '40dbf52ff7ae1444f3568e67d7917a7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc203-ab7c-43b6-acdb-472c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:59.000Z",
|
|
"modified": "2016-05-18T19:26:59.000Z",
|
|
"first_observed": "2016-05-18T19:26:59Z",
|
|
"last_observed": "2016-05-18T19:26:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc203-ab7c-43b6-acdb-472c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc203-ab7c-43b6-acdb-472c02de0b81",
|
|
"value": "https://www.virustotal.com/file/037d35a1c04969e33f230fc5cd6155b89e58c7437c822d24bf10a93c7bcc3d50/analysis/1416929090/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc203-c19c-46be-8d0b-4f1802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:59.000Z",
|
|
"modified": "2016-05-18T19:26:59.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 0dd8e1922ceb96061c9f6678728dd45cbdc6f675",
|
|
"pattern": "[file:hashes.SHA256 = 'c1c3765fddf52421dd521fa3dbb9031cfd92dab68d32e37a588c18cc77bb83fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc203-6494-4809-a59d-455502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:59.000Z",
|
|
"modified": "2016-05-18T19:26:59.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 0dd8e1922ceb96061c9f6678728dd45cbdc6f675",
|
|
"pattern": "[file:hashes.MD5 = '4b65e96c95af91d42d7605e949a5e558']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:26:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc203-2798-4778-9764-41fd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:26:59.000Z",
|
|
"modified": "2016-05-18T19:26:59.000Z",
|
|
"first_observed": "2016-05-18T19:26:59Z",
|
|
"last_observed": "2016-05-18T19:26:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc203-2798-4778-9764-41fd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc203-2798-4778-9764-41fd02de0b81",
|
|
"value": "https://www.virustotal.com/file/c1c3765fddf52421dd521fa3dbb9031cfd92dab68d32e37a588c18cc77bb83fa/analysis/1421727974/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc204-e738-4831-b824-49fa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:00.000Z",
|
|
"modified": "2016-05-18T19:27:00.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 66248ae0a3d6b5091c629343cc535f98e08a2947",
|
|
"pattern": "[file:hashes.SHA256 = 'a468274ddc7c300f4633a4772a88c2e6b4ebc777e86c7924cf802392e8b44853']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc204-e9cc-41e8-bb2e-4a9d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:00.000Z",
|
|
"modified": "2016-05-18T19:27:00.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 66248ae0a3d6b5091c629343cc535f98e08a2947",
|
|
"pattern": "[file:hashes.MD5 = 'd89d21f53b9a7926cd7b90e25873465f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc204-226c-43e4-9c7f-498902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:00.000Z",
|
|
"modified": "2016-05-18T19:27:00.000Z",
|
|
"first_observed": "2016-05-18T19:27:00Z",
|
|
"last_observed": "2016-05-18T19:27:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc204-226c-43e4-9c7f-498902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc204-226c-43e4-9c7f-498902de0b81",
|
|
"value": "https://www.virustotal.com/file/a468274ddc7c300f4633a4772a88c2e6b4ebc777e86c7924cf802392e8b44853/analysis/1424275307/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc204-d850-4d9c-bd5a-484802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:00.000Z",
|
|
"modified": "2016-05-18T19:27:00.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6ab00fcabc6bc06586f749f54c4955592285608c",
|
|
"pattern": "[file:hashes.SHA256 = 'e18b8e7bdb3b58d1f827471002fe5787ea131369a3e09f1f205ab21daf0ed30c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc204-a2a4-4d6e-8a40-47b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:00.000Z",
|
|
"modified": "2016-05-18T19:27:00.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 6ab00fcabc6bc06586f749f54c4955592285608c",
|
|
"pattern": "[file:hashes.MD5 = '53cd9a02d7e41c916a2970612fd2eb25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc204-7b08-4145-a665-4e8802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:00.000Z",
|
|
"modified": "2016-05-18T19:27:00.000Z",
|
|
"first_observed": "2016-05-18T19:27:00Z",
|
|
"last_observed": "2016-05-18T19:27:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc204-7b08-4145-a665-4e8802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc204-7b08-4145-a665-4e8802de0b81",
|
|
"value": "https://www.virustotal.com/file/e18b8e7bdb3b58d1f827471002fe5787ea131369a3e09f1f205ab21daf0ed30c/analysis/1415282400/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc205-bf98-45e7-bd93-470002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:01.000Z",
|
|
"modified": "2016-05-18T19:27:01.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7a22e549be02f7f4753bb9cba34079ceb15ca381",
|
|
"pattern": "[file:hashes.SHA256 = '72864fa3b351b8d2219bdb9f0a4b08b1c5221f062c3e76e6368212526deeeccd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc205-9900-4399-a25e-4bb002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:01.000Z",
|
|
"modified": "2016-05-18T19:27:01.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 7a22e549be02f7f4753bb9cba34079ceb15ca381",
|
|
"pattern": "[file:hashes.MD5 = '475c0ddec52d53b60c8222707041f766']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc205-0644-4bdd-947a-49c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:01.000Z",
|
|
"modified": "2016-05-18T19:27:01.000Z",
|
|
"first_observed": "2016-05-18T19:27:01Z",
|
|
"last_observed": "2016-05-18T19:27:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc205-0644-4bdd-947a-49c802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc205-0644-4bdd-947a-49c802de0b81",
|
|
"value": "https://www.virustotal.com/file/72864fa3b351b8d2219bdb9f0a4b08b1c5221f062c3e76e6368212526deeeccd/analysis/1417704582/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc205-1800-402a-8e61-43c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:01.000Z",
|
|
"modified": "2016-05-18T19:27:01.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 4c5f412c915fb3f178a81bc4fbda336f69a22086",
|
|
"pattern": "[file:hashes.SHA256 = 'af8f639c4986b892cf6a8a2505850c474ce11bbb718a6b610cc0e51fdb4be00e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc205-7cec-4e91-a818-433502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:01.000Z",
|
|
"modified": "2016-05-18T19:27:01.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 4c5f412c915fb3f178a81bc4fbda336f69a22086",
|
|
"pattern": "[file:hashes.MD5 = '39014b4605eacd661d5061d8ed5f86c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc206-6458-455f-af41-4c4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:02.000Z",
|
|
"modified": "2016-05-18T19:27:02.000Z",
|
|
"first_observed": "2016-05-18T19:27:02Z",
|
|
"last_observed": "2016-05-18T19:27:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc206-6458-455f-af41-4c4302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc206-6458-455f-af41-4c4302de0b81",
|
|
"value": "https://www.virustotal.com/file/af8f639c4986b892cf6a8a2505850c474ce11bbb718a6b610cc0e51fdb4be00e/analysis/1447129873/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc206-d5dc-40da-8548-48a102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:02.000Z",
|
|
"modified": "2016-05-18T19:27:02.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 1a865e934eff339a826979c70a2fc055e3c9d12f",
|
|
"pattern": "[file:hashes.SHA256 = 'eaf7d1fdb8e05f2887f5302337c57b93d87a166dddf5b1e5ecd3afa1ee7851ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc206-184c-4d80-b67b-46d202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:02.000Z",
|
|
"modified": "2016-05-18T19:27:02.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 1a865e934eff339a826979c70a2fc055e3c9d12f",
|
|
"pattern": "[file:hashes.MD5 = '7d6e193e91a850387a0391b50a43a847']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc206-729c-467f-9f0e-4d6d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:02.000Z",
|
|
"modified": "2016-05-18T19:27:02.000Z",
|
|
"first_observed": "2016-05-18T19:27:02Z",
|
|
"last_observed": "2016-05-18T19:27:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc206-729c-467f-9f0e-4d6d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc206-729c-467f-9f0e-4d6d02de0b81",
|
|
"value": "https://www.virustotal.com/file/eaf7d1fdb8e05f2887f5302337c57b93d87a166dddf5b1e5ecd3afa1ee7851ad/analysis/1446172578/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc206-8080-41b7-b209-4bf902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:02.000Z",
|
|
"modified": "2016-05-18T19:27:02.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 4f945a3b3eb058668c3dfc0a8469b42e16c277a7",
|
|
"pattern": "[file:hashes.SHA256 = 'd5dc2b164d460ed315cb8a9cd5a4468efbd305e6578933d2b0ee59115e44a16c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc207-2a28-457f-929b-4ab602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:03.000Z",
|
|
"modified": "2016-05-18T19:27:03.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 4f945a3b3eb058668c3dfc0a8469b42e16c277a7",
|
|
"pattern": "[file:hashes.MD5 = 'b1384766ff4e7fcf86781bd86c86c44e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc207-bdcc-4ce9-9973-4e9c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:03.000Z",
|
|
"modified": "2016-05-18T19:27:03.000Z",
|
|
"first_observed": "2016-05-18T19:27:03Z",
|
|
"last_observed": "2016-05-18T19:27:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc207-bdcc-4ce9-9973-4e9c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc207-bdcc-4ce9-9973-4e9c02de0b81",
|
|
"value": "https://www.virustotal.com/file/d5dc2b164d460ed315cb8a9cd5a4468efbd305e6578933d2b0ee59115e44a16c/analysis/1412323456/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc207-a750-44b9-866a-442d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:03.000Z",
|
|
"modified": "2016-05-18T19:27:03.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 83b492a2905ce6acfade43ab52bf52e6f02fdcd5",
|
|
"pattern": "[file:hashes.SHA256 = 'b5954a2ac3e10b6fca237fe02cd0698bc3e60474f711095b4be02e36cbd3eb8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc207-59d0-4fd5-8db4-48d402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:03.000Z",
|
|
"modified": "2016-05-18T19:27:03.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 83b492a2905ce6acfade43ab52bf52e6f02fdcd5",
|
|
"pattern": "[file:hashes.MD5 = 'a0ea8771d01929bd35bc8521f85c9d08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc207-ca1c-4ecc-acf2-428d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:03.000Z",
|
|
"modified": "2016-05-18T19:27:03.000Z",
|
|
"first_observed": "2016-05-18T19:27:03Z",
|
|
"last_observed": "2016-05-18T19:27:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc207-ca1c-4ecc-acf2-428d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc207-ca1c-4ecc-acf2-428d02de0b81",
|
|
"value": "https://www.virustotal.com/file/b5954a2ac3e10b6fca237fe02cd0698bc3e60474f711095b4be02e36cbd3eb8c/analysis/1463592158/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc208-2c44-41fe-ad7a-4a9f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:04.000Z",
|
|
"modified": "2016-05-18T19:27:04.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 154aa820d552abd65c028ded7e970c8defa8c237",
|
|
"pattern": "[file:hashes.SHA256 = 'c2cb8dfde74db71df9c4fb983b5f5994c51ea6853eccb4536c8a76e9229920e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc208-86d4-4476-9aa7-47f602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:04.000Z",
|
|
"modified": "2016-05-18T19:27:04.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 154aa820d552abd65c028ded7e970c8defa8c237",
|
|
"pattern": "[file:hashes.MD5 = 'c84217ceb66f2bb28ea3381ed7187881']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc208-8314-48ef-8c4c-47d602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:04.000Z",
|
|
"modified": "2016-05-18T19:27:04.000Z",
|
|
"first_observed": "2016-05-18T19:27:04Z",
|
|
"last_observed": "2016-05-18T19:27:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc208-8314-48ef-8c4c-47d602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc208-8314-48ef-8c4c-47d602de0b81",
|
|
"value": "https://www.virustotal.com/file/c2cb8dfde74db71df9c4fb983b5f5994c51ea6853eccb4536c8a76e9229920e8/analysis/1463592158/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc208-caa4-4235-927a-4fee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:04.000Z",
|
|
"modified": "2016-05-18T19:27:04.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 8f67c4bd2ee7c68249dcd49ad7a3924d3ec6810c",
|
|
"pattern": "[file:hashes.SHA256 = 'd739efa432bd546ee6f978eaabb2c877770019a7f8982a92706f44f4f3ee32d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc208-10a0-46de-b7b8-4f0b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:04.000Z",
|
|
"modified": "2016-05-18T19:27:04.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 8f67c4bd2ee7c68249dcd49ad7a3924d3ec6810c",
|
|
"pattern": "[file:hashes.MD5 = '44428a50c903e518191959ed2967f13f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc209-d658-467d-8c80-418902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"first_observed": "2016-05-18T19:27:05Z",
|
|
"last_observed": "2016-05-18T19:27:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc209-d658-467d-8c80-418902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc209-d658-467d-8c80-418902de0b81",
|
|
"value": "https://www.virustotal.com/file/d739efa432bd546ee6f978eaabb2c877770019a7f8982a92706f44f4f3ee32d4/analysis/1463592156/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc209-6470-42fd-8ad5-4a9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: a360eac305946ff468e1a33e84ed38176d95cac9",
|
|
"pattern": "[file:hashes.SHA256 = 'b90e4e23f4d8de16aa99bb3d7b82bdf5f26f13a43147534216e1188351e8209b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc209-0bb4-4fed-bd08-4e7d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: a360eac305946ff468e1a33e84ed38176d95cac9",
|
|
"pattern": "[file:hashes.MD5 = '7176ea2e120be511d16ea7016b4c650a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc209-3398-4e01-bae0-432a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"first_observed": "2016-05-18T19:27:05Z",
|
|
"last_observed": "2016-05-18T19:27:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc209-3398-4e01-bae0-432a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc209-3398-4e01-bae0-432a02de0b81",
|
|
"value": "https://www.virustotal.com/file/b90e4e23f4d8de16aa99bb3d7b82bdf5f26f13a43147534216e1188351e8209b/analysis/1463592156/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc209-27d4-4fee-89b4-49e702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: dcb813e5d2a1c63027aadc7197fd91505fd13380",
|
|
"pattern": "[file:hashes.SHA256 = '7527e4b5703b6e9cf33000c7dfd26ed96328bce1089d005c8add87693bbdfdcc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc209-0538-4efb-b7b7-411002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: dcb813e5d2a1c63027aadc7197fd91505fd13380",
|
|
"pattern": "[file:hashes.MD5 = 'de758a3de9b64e4317d517cac959b10c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc209-3d58-4430-9442-4dd602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:05.000Z",
|
|
"modified": "2016-05-18T19:27:05.000Z",
|
|
"first_observed": "2016-05-18T19:27:05Z",
|
|
"last_observed": "2016-05-18T19:27:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc209-3d58-4430-9442-4dd602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc209-3d58-4430-9442-4dd602de0b81",
|
|
"value": "https://www.virustotal.com/file/7527e4b5703b6e9cf33000c7dfd26ed96328bce1089d005c8add87693bbdfdcc/analysis/1463592156/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20a-8988-40e9-bf41-4b8402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:06.000Z",
|
|
"modified": "2016-05-18T19:27:06.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 8a57e5eed18a6db6f221b1b9e8831fe4a9cad08c",
|
|
"pattern": "[file:hashes.SHA256 = 'ffb2142cc50b9fa3e809635ebc4411c39125cec81bb6230a888067a609046203']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20a-f264-4c3a-9599-4a9002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:06.000Z",
|
|
"modified": "2016-05-18T19:27:06.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 8a57e5eed18a6db6f221b1b9e8831fe4a9cad08c",
|
|
"pattern": "[file:hashes.MD5 = '26406e0f29ce42a3126d661cfd8534be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20a-9984-4874-8a8e-4c5b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:06.000Z",
|
|
"modified": "2016-05-18T19:27:06.000Z",
|
|
"first_observed": "2016-05-18T19:27:06Z",
|
|
"last_observed": "2016-05-18T19:27:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20a-9984-4874-8a8e-4c5b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20a-9984-4874-8a8e-4c5b02de0b81",
|
|
"value": "https://www.virustotal.com/file/ffb2142cc50b9fa3e809635ebc4411c39125cec81bb6230a888067a609046203/analysis/1463592155/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20a-6538-4788-917e-416d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:06.000Z",
|
|
"modified": "2016-05-18T19:27:06.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 520aa689066d0c69f6fd9c623e263211022ccf21",
|
|
"pattern": "[file:hashes.SHA256 = '23fbd53713a01f9c2759cfc5b5713c04c3ff9bfb82fbad8f4fc4b3b80108e8e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20a-1cc8-434e-8d76-428802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:06.000Z",
|
|
"modified": "2016-05-18T19:27:06.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 520aa689066d0c69f6fd9c623e263211022ccf21",
|
|
"pattern": "[file:hashes.MD5 = '2a405eca7f33f886a11ec4f5d2480689']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20b-3b3c-44fc-8ffd-40ed02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:07.000Z",
|
|
"modified": "2016-05-18T19:27:07.000Z",
|
|
"first_observed": "2016-05-18T19:27:07Z",
|
|
"last_observed": "2016-05-18T19:27:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20b-3b3c-44fc-8ffd-40ed02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20b-3b3c-44fc-8ffd-40ed02de0b81",
|
|
"value": "https://www.virustotal.com/file/23fbd53713a01f9c2759cfc5b5713c04c3ff9bfb82fbad8f4fc4b3b80108e8e9/analysis/1463592155/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20b-9b80-4621-8680-4a7b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:07.000Z",
|
|
"modified": "2016-05-18T19:27:07.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 328de44a4b6140ef49ce1465482efe0e4c195399",
|
|
"pattern": "[file:hashes.SHA256 = 'bb16d14a6f35bef1f05aa34b8a3f4db162ff0a28507a5ff907da73a1f666a431']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20b-0d94-4c62-a949-4e7f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:07.000Z",
|
|
"modified": "2016-05-18T19:27:07.000Z",
|
|
"description": "Prikormka CORE modules - Xchecked via VT: 328de44a4b6140ef49ce1465482efe0e4c195399",
|
|
"pattern": "[file:hashes.MD5 = '674bc3de3775d3eb62c19a2d2be6da7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20b-b834-4f9b-8685-4c3202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:07.000Z",
|
|
"modified": "2016-05-18T19:27:07.000Z",
|
|
"first_observed": "2016-05-18T19:27:07Z",
|
|
"last_observed": "2016-05-18T19:27:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20b-b834-4f9b-8685-4c3202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20b-b834-4f9b-8685-4c3202de0b81",
|
|
"value": "https://www.virustotal.com/file/bb16d14a6f35bef1f05aa34b8a3f4db162ff0a28507a5ff907da73a1f666a431/analysis/1463592156/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20b-5848-4623-8b26-4db402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:07.000Z",
|
|
"modified": "2016-05-18T19:27:07.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: f38cfc487481d2b0167e5b76f06500bc312081b6",
|
|
"pattern": "[file:hashes.SHA256 = 'b02b69ec9d2c0a19386df0c88b5540317d246a2ccb2fdf5975b157a7089b3dd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20c-d570-4553-9e62-4ba102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:08.000Z",
|
|
"modified": "2016-05-18T19:27:08.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: f38cfc487481d2b0167e5b76f06500bc312081b6",
|
|
"pattern": "[file:hashes.MD5 = '2e3bb8e27cb9bbdd72b436cbb610344c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20c-5bb8-4fb5-b3a7-4bf702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:08.000Z",
|
|
"modified": "2016-05-18T19:27:08.000Z",
|
|
"first_observed": "2016-05-18T19:27:08Z",
|
|
"last_observed": "2016-05-18T19:27:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20c-5bb8-4fb5-b3a7-4bf702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20c-5bb8-4fb5-b3a7-4bf702de0b81",
|
|
"value": "https://www.virustotal.com/file/b02b69ec9d2c0a19386df0c88b5540317d246a2ccb2fdf5975b157a7089b3dd5/analysis/1461829008/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20c-7a3c-4198-88fa-4d1b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:08.000Z",
|
|
"modified": "2016-05-18T19:27:08.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 6d4a80fe57d57b43daf85401dfdd2cda48d1f023",
|
|
"pattern": "[file:hashes.SHA256 = 'e01efa282b5be2e0d5640cdaeb6a01fc8a8d631509a1c417652c6adf292fd251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20c-5d38-4c25-bb17-493702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:08.000Z",
|
|
"modified": "2016-05-18T19:27:08.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 6d4a80fe57d57b43daf85401dfdd2cda48d1f023",
|
|
"pattern": "[file:hashes.MD5 = '375170d6c580938678cdf79ebd96f401']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20c-76e4-4df8-a4ca-441f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:08.000Z",
|
|
"modified": "2016-05-18T19:27:08.000Z",
|
|
"first_observed": "2016-05-18T19:27:08Z",
|
|
"last_observed": "2016-05-18T19:27:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20c-76e4-4df8-a4ca-441f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20c-76e4-4df8-a4ca-441f02de0b81",
|
|
"value": "https://www.virustotal.com/file/e01efa282b5be2e0d5640cdaeb6a01fc8a8d631509a1c417652c6adf292fd251/analysis/1455913922/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20d-ebc0-4b00-a883-43ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:09.000Z",
|
|
"modified": "2016-05-18T19:27:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: a8dfcd6cdb0755966f3d6766b94989cdaa0c35f9",
|
|
"pattern": "[file:hashes.SHA256 = '3be101bb5aae28473f768238be097f92e9b2dd21707665dc41571b48d6ab7d0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20d-c0b0-44bc-b210-44aa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:09.000Z",
|
|
"modified": "2016-05-18T19:27:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: a8dfcd6cdb0755966f3d6766b94989cdaa0c35f9",
|
|
"pattern": "[file:hashes.MD5 = '598de9aa33416239bce3c42a24698a91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20d-d1ac-41fb-bcf1-486402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:09.000Z",
|
|
"modified": "2016-05-18T19:27:09.000Z",
|
|
"first_observed": "2016-05-18T19:27:09Z",
|
|
"last_observed": "2016-05-18T19:27:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20d-d1ac-41fb-bcf1-486402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20d-d1ac-41fb-bcf1-486402de0b81",
|
|
"value": "https://www.virustotal.com/file/3be101bb5aae28473f768238be097f92e9b2dd21707665dc41571b48d6ab7d0d/analysis/1444918627/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20d-79a4-4e75-b544-462102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:09.000Z",
|
|
"modified": "2016-05-18T19:27:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 40b163e8e74397e69f18805bd7dab67f06d3d9e2",
|
|
"pattern": "[file:hashes.SHA256 = '6f41b65b58fd7871e2975713d96aeee16f639f9851bf8c9394d92ced2df4efa6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20d-2828-41af-94fe-49db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:09.000Z",
|
|
"modified": "2016-05-18T19:27:09.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 40b163e8e74397e69f18805bd7dab67f06d3d9e2",
|
|
"pattern": "[file:hashes.MD5 = '30276517733701f14de86718d6b006fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20d-5b38-44c2-916a-40d902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:09.000Z",
|
|
"modified": "2016-05-18T19:27:09.000Z",
|
|
"first_observed": "2016-05-18T19:27:09Z",
|
|
"last_observed": "2016-05-18T19:27:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20d-5b38-44c2-916a-40d902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20d-5b38-44c2-916a-40d902de0b81",
|
|
"value": "https://www.virustotal.com/file/6f41b65b58fd7871e2975713d96aeee16f639f9851bf8c9394d92ced2df4efa6/analysis/1461242616/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20e-29dc-4ec1-b04c-43af02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:10.000Z",
|
|
"modified": "2016-05-18T19:27:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: ef127184967be14a3719978e0236fff5c0af811b",
|
|
"pattern": "[file:hashes.SHA256 = '963af46cabcf8c3dffa50e346fca451dea4817bf10cb4c11afeecdb8e71d2039']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20e-2ebc-4ef2-83b7-488802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:10.000Z",
|
|
"modified": "2016-05-18T19:27:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: ef127184967be14a3719978e0236fff5c0af811b",
|
|
"pattern": "[file:hashes.MD5 = 'f483777b4e2856d3047cfb6d2c1f8226']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20e-c4a8-44e7-b56e-412f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:10.000Z",
|
|
"modified": "2016-05-18T19:27:10.000Z",
|
|
"first_observed": "2016-05-18T19:27:10Z",
|
|
"last_observed": "2016-05-18T19:27:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20e-c4a8-44e7-b56e-412f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20e-c4a8-44e7-b56e-412f02de0b81",
|
|
"value": "https://www.virustotal.com/file/963af46cabcf8c3dffa50e346fca451dea4817bf10cb4c11afeecdb8e71d2039/analysis/1461755964/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20e-e144-4548-afed-412c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:10.000Z",
|
|
"modified": "2016-05-18T19:27:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: c8af6a8270cbd030f09c24888480aef093accf48",
|
|
"pattern": "[file:hashes.SHA256 = '33b09887fca313d4074b713697180e22747a18fe1e8d7c35db222399360e0d6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20e-db24-417a-9fe9-4bc602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:10.000Z",
|
|
"modified": "2016-05-18T19:27:10.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: c8af6a8270cbd030f09c24888480aef093accf48",
|
|
"pattern": "[file:hashes.MD5 = 'bdd3e1e9ad389cfc3fcbb6db1e152075']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20e-15a8-4901-a3af-45b402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:10.000Z",
|
|
"modified": "2016-05-18T19:27:10.000Z",
|
|
"first_observed": "2016-05-18T19:27:10Z",
|
|
"last_observed": "2016-05-18T19:27:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20e-15a8-4901-a3af-45b402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20e-15a8-4901-a3af-45b402de0b81",
|
|
"value": "https://www.virustotal.com/file/33b09887fca313d4074b713697180e22747a18fe1e8d7c35db222399360e0d6d/analysis/1461049451/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20f-8f5c-4657-85ff-4f5702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:11.000Z",
|
|
"modified": "2016-05-18T19:27:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: d51863cbc1ac4bfc2b87f247dc75975e2a9cd992",
|
|
"pattern": "[file:hashes.SHA256 = 'd849b671d5dc31e8822ca204c1d653f4805c7703846760477365d4b55e2e55d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20f-4bf8-4b7d-bd5b-4fc202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:11.000Z",
|
|
"modified": "2016-05-18T19:27:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: d51863cbc1ac4bfc2b87f247dc75975e2a9cd992",
|
|
"pattern": "[file:hashes.MD5 = '009588178b2c7e9e824c1c2c28701298']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc20f-54bc-4a81-a2c4-4dc502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:11.000Z",
|
|
"modified": "2016-05-18T19:27:11.000Z",
|
|
"first_observed": "2016-05-18T19:27:11Z",
|
|
"last_observed": "2016-05-18T19:27:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc20f-54bc-4a81-a2c4-4dc502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc20f-54bc-4a81-a2c4-4dc502de0b81",
|
|
"value": "https://www.virustotal.com/file/d849b671d5dc31e8822ca204c1d653f4805c7703846760477365d4b55e2e55d5/analysis/1456424701/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20f-751c-4489-8693-46b002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:11.000Z",
|
|
"modified": "2016-05-18T19:27:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 04dfc621649511e1ab6cb800124dd5e2874a1629",
|
|
"pattern": "[file:hashes.SHA256 = 'c2b408b913aff686c45d6681ab7276c2fa5f9e4ecee5ab9668cb7bcd072d8f2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc20f-b2c0-4852-af5d-40ae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:11.000Z",
|
|
"modified": "2016-05-18T19:27:11.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 04dfc621649511e1ab6cb800124dd5e2874a1629",
|
|
"pattern": "[file:hashes.MD5 = '50dd9cff0463ab2332286a5bddb89ba3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc210-8404-43da-89b7-438802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:12.000Z",
|
|
"modified": "2016-05-18T19:27:12.000Z",
|
|
"first_observed": "2016-05-18T19:27:12Z",
|
|
"last_observed": "2016-05-18T19:27:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc210-8404-43da-89b7-438802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc210-8404-43da-89b7-438802de0b81",
|
|
"value": "https://www.virustotal.com/file/c2b408b913aff686c45d6681ab7276c2fa5f9e4ecee5ab9668cb7bcd072d8f2d/analysis/1461756055/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc210-7f98-4035-9d53-4bad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:12.000Z",
|
|
"modified": "2016-05-18T19:27:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 148218ecdde9ecc19b1343080884eb819783d9b2",
|
|
"pattern": "[file:hashes.SHA256 = '1054906bb0b693d35d344277daea2d5c95a03bf2b6519462e4005ef57f8a13ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc210-d7cc-40e9-9c82-402902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:12.000Z",
|
|
"modified": "2016-05-18T19:27:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: 148218ecdde9ecc19b1343080884eb819783d9b2",
|
|
"pattern": "[file:hashes.MD5 = 'c04ac68e3bcaf38ec40a97e5ea6b4b35']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc210-fb98-481e-ad27-4f6b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:12.000Z",
|
|
"modified": "2016-05-18T19:27:12.000Z",
|
|
"first_observed": "2016-05-18T19:27:12Z",
|
|
"last_observed": "2016-05-18T19:27:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc210-fb98-481e-ad27-4f6b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc210-fb98-481e-ad27-4f6b02de0b81",
|
|
"value": "https://www.virustotal.com/file/1054906bb0b693d35d344277daea2d5c95a03bf2b6519462e4005ef57f8a13ca/analysis/1439894007/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc210-7c58-4813-bf59-49f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:12.000Z",
|
|
"modified": "2016-05-18T19:27:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: ce4605994e514086ada5a767296db66d7ea84175",
|
|
"pattern": "[file:hashes.SHA256 = '64093c062e73ed0fc37c2c675beaf4fd0ae585736582794c9b5f2e19fba6f535']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc210-d3f8-4f21-b91e-4ea002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:12.000Z",
|
|
"modified": "2016-05-18T19:27:12.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: ce4605994e514086ada5a767296db66d7ea84175",
|
|
"pattern": "[file:hashes.MD5 = '86b8526ffcbd09828aa67a10cf69c4b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc211-ac48-4dd8-9073-4b8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:13.000Z",
|
|
"modified": "2016-05-18T19:27:13.000Z",
|
|
"first_observed": "2016-05-18T19:27:13Z",
|
|
"last_observed": "2016-05-18T19:27:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc211-ac48-4dd8-9073-4b8002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc211-ac48-4dd8-9073-4b8002de0b81",
|
|
"value": "https://www.virustotal.com/file/64093c062e73ed0fc37c2c675beaf4fd0ae585736582794c9b5f2e19fba6f535/analysis/1436544066/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc211-ec7c-4379-925b-429802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:13.000Z",
|
|
"modified": "2016-05-18T19:27:13.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: c10d6e4adb3b29c968d7f3086c8e7005dd1e36f4",
|
|
"pattern": "[file:hashes.SHA256 = 'dcff806c96ba36d2a7ed3da035b371a37aa65990e358ce811494467514de3e19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc211-1e08-4fdb-a498-4aaf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:13.000Z",
|
|
"modified": "2016-05-18T19:27:13.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: c10d6e4adb3b29c968d7f3086c8e7005dd1e36f4",
|
|
"pattern": "[file:hashes.MD5 = '80534935d6e0efa5dea941f177751ed1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc211-2260-4e65-98b8-4f8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:13.000Z",
|
|
"modified": "2016-05-18T19:27:13.000Z",
|
|
"first_observed": "2016-05-18T19:27:13Z",
|
|
"last_observed": "2016-05-18T19:27:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc211-2260-4e65-98b8-4f8002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc211-2260-4e65-98b8-4f8002de0b81",
|
|
"value": "https://www.virustotal.com/file/dcff806c96ba36d2a7ed3da035b371a37aa65990e358ce811494467514de3e19/analysis/1449285007/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc211-cbf0-4129-b720-410c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:13.000Z",
|
|
"modified": "2016-05-18T19:27:13.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: c2ea09d162bdad2541c97d30a4e171f267305671",
|
|
"pattern": "[file:hashes.SHA256 = '741f4566baa2585a47259872b45aa84ac8a443a8c46ab25025e3efffe5bce38f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc212-e234-4e61-81d2-4eca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: c2ea09d162bdad2541c97d30a4e171f267305671",
|
|
"pattern": "[file:hashes.MD5 = '37bc3f6fae4025d4f1ef365efd3ebe9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc212-c250-439d-a42f-416a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"first_observed": "2016-05-18T19:27:14Z",
|
|
"last_observed": "2016-05-18T19:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc212-c250-439d-a42f-416a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc212-c250-439d-a42f-416a02de0b81",
|
|
"value": "https://www.virustotal.com/file/741f4566baa2585a47259872b45aa84ac8a443a8c46ab25025e3efffe5bce38f/analysis/1434203580/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc212-904c-43c4-ae07-4edb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: d12cd6c4ca3388b68fcf3e46e206064caa75f893",
|
|
"pattern": "[file:hashes.SHA256 = '36b7beed29f47ade3a3657bef9fb941e64c37ebd2385433279a6b4133b723772']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc212-9b7c-4c2c-8b21-4afe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"description": "Prikormka DOWNLOADER modules - Xchecked via VT: d12cd6c4ca3388b68fcf3e46e206064caa75f893",
|
|
"pattern": "[file:hashes.MD5 = '9dcd8787c83e61b5874c4b30ed34ff3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc212-17d8-4837-aebe-4bce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"first_observed": "2016-05-18T19:27:14Z",
|
|
"last_observed": "2016-05-18T19:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc212-17d8-4837-aebe-4bce02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc212-17d8-4837-aebe-4bce02de0b81",
|
|
"value": "https://www.virustotal.com/file/36b7beed29f47ade3a3657bef9fb941e64c37ebd2385433279a6b4133b723772/analysis/1436715630/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc212-9eb8-47d6-9f67-492702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: fcd81737ff261a84b9899cb713933aa795279364",
|
|
"pattern": "[file:hashes.SHA256 = '3c7c3689da4d19be3192f5ab43739d2c5eef693cc2636b52898fd2867e8ee23c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc212-b68c-40ee-9575-426302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:14.000Z",
|
|
"modified": "2016-05-18T19:27:14.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: fcd81737ff261a84b9899cb713933aa795279364",
|
|
"pattern": "[file:hashes.MD5 = '66efb9808c971670d89330e6574249a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc213-15ac-42bd-9296-473702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:15.000Z",
|
|
"modified": "2016-05-18T19:27:15.000Z",
|
|
"first_observed": "2016-05-18T19:27:15Z",
|
|
"last_observed": "2016-05-18T19:27:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc213-15ac-42bd-9296-473702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc213-15ac-42bd-9296-473702de0b81",
|
|
"value": "https://www.virustotal.com/file/3c7c3689da4d19be3192f5ab43739d2c5eef693cc2636b52898fd2867e8ee23c/analysis/1463592132/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc213-9b48-410b-a122-4e2e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:15.000Z",
|
|
"modified": "2016-05-18T19:27:15.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 53174f09c4edb68ed7d9028b86154b9c7f321a30",
|
|
"pattern": "[file:hashes.SHA256 = '96cfa5e0bcfd905e571db378bc9938d1465755ec55c5c1df41ee739cfa06d000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc213-9c30-4fbb-9ef4-49fb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:15.000Z",
|
|
"modified": "2016-05-18T19:27:15.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 53174f09c4edb68ed7d9028b86154b9c7f321a30",
|
|
"pattern": "[file:hashes.MD5 = '84cc825871610cf67ba7828e78c9c8c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc213-0d78-4bef-b3b8-4dbc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:15.000Z",
|
|
"modified": "2016-05-18T19:27:15.000Z",
|
|
"first_observed": "2016-05-18T19:27:15Z",
|
|
"last_observed": "2016-05-18T19:27:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc213-0d78-4bef-b3b8-4dbc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc213-0d78-4bef-b3b8-4dbc02de0b81",
|
|
"value": "https://www.virustotal.com/file/96cfa5e0bcfd905e571db378bc9938d1465755ec55c5c1df41ee739cfa06d000/analysis/1461048356/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc213-1cdc-4f3a-9368-45eb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:15.000Z",
|
|
"modified": "2016-05-18T19:27:15.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 2f1e4af1a5a95b3483e901abdd96454c57419ba4",
|
|
"pattern": "[file:hashes.SHA256 = 'bc009f49800ad491bd879949263674ab59f967a5fded5b897b7a8320e541fecb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc213-30b4-4b41-ad38-407a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:15.000Z",
|
|
"modified": "2016-05-18T19:27:15.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 2f1e4af1a5a95b3483e901abdd96454c57419ba4",
|
|
"pattern": "[file:hashes.MD5 = '4b7a2db3114a1149feaffb7bd47d66e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc214-c40c-44d3-b2a0-45ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:16.000Z",
|
|
"modified": "2016-05-18T19:27:16.000Z",
|
|
"first_observed": "2016-05-18T19:27:16Z",
|
|
"last_observed": "2016-05-18T19:27:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc214-c40c-44d3-b2a0-45ad02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc214-c40c-44d3-b2a0-45ad02de0b81",
|
|
"value": "https://www.virustotal.com/file/bc009f49800ad491bd879949263674ab59f967a5fded5b897b7a8320e541fecb/analysis/1463592131/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc214-9190-4775-bc64-48b302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:16.000Z",
|
|
"modified": "2016-05-18T19:27:16.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 1790b3d73a5dd676d17b39c01a079debd6d9f5c5",
|
|
"pattern": "[file:hashes.SHA256 = '882187e5b10dde9031444fd073beff305fa128e2ce780949ca0956685c4fa7f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc214-fb54-4bc5-bda7-4ee302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:16.000Z",
|
|
"modified": "2016-05-18T19:27:16.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 1790b3d73a5dd676d17b39c01a079debd6d9f5c5",
|
|
"pattern": "[file:hashes.MD5 = '0a007f6d906b9626e030f05c0384e10a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc214-d7e8-40b7-9850-49b202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:16.000Z",
|
|
"modified": "2016-05-18T19:27:16.000Z",
|
|
"first_observed": "2016-05-18T19:27:16Z",
|
|
"last_observed": "2016-05-18T19:27:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc214-d7e8-40b7-9850-49b202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc214-d7e8-40b7-9850-49b202de0b81",
|
|
"value": "https://www.virustotal.com/file/882187e5b10dde9031444fd073beff305fa128e2ce780949ca0956685c4fa7f5/analysis/1463592133/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc214-bb80-4a9f-b48d-411802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:16.000Z",
|
|
"modified": "2016-05-18T19:27:16.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: c2f720def2264f08e5211671d46e73311dc6c473",
|
|
"pattern": "[file:hashes.SHA256 = '66c5dc4979a40ad3f7259541ed2af8757180cab3228604ac903b5e5012ad4731']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc215-b9fc-4207-a82b-4f2f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:17.000Z",
|
|
"modified": "2016-05-18T19:27:17.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: c2f720def2264f08e5211671d46e73311dc6c473",
|
|
"pattern": "[file:hashes.MD5 = '40bd45408a5ed23099e23007383cca07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc215-ca44-4305-b077-40b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:17.000Z",
|
|
"modified": "2016-05-18T19:27:17.000Z",
|
|
"first_observed": "2016-05-18T19:27:17Z",
|
|
"last_observed": "2016-05-18T19:27:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc215-ca44-4305-b077-40b702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc215-ca44-4305-b077-40b702de0b81",
|
|
"value": "https://www.virustotal.com/file/66c5dc4979a40ad3f7259541ed2af8757180cab3228604ac903b5e5012ad4731/analysis/1463592132/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc215-6004-4d46-96d4-440402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:17.000Z",
|
|
"modified": "2016-05-18T19:27:17.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 7dae2a15e364ee06c9301236ae8fc140884cea95",
|
|
"pattern": "[file:hashes.SHA256 = '97d9775cfea79b2285fe3fdc6e0a2d977ee3c5f0e7053a9a55e550e7027f12be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc215-cb4c-43c5-930d-40f202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:17.000Z",
|
|
"modified": "2016-05-18T19:27:17.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 7dae2a15e364ee06c9301236ae8fc140884cea95",
|
|
"pattern": "[file:hashes.MD5 = '820fc202c567c4562f0992e1e9a1be63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc215-e70c-4138-aeab-4bf002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:17.000Z",
|
|
"modified": "2016-05-18T19:27:17.000Z",
|
|
"first_observed": "2016-05-18T19:27:17Z",
|
|
"last_observed": "2016-05-18T19:27:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc215-e70c-4138-aeab-4bf002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc215-e70c-4138-aeab-4bf002de0b81",
|
|
"value": "https://www.virustotal.com/file/97d9775cfea79b2285fe3fdc6e0a2d977ee3c5f0e7053a9a55e550e7027f12be/analysis/1463592131/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc215-bbc0-4410-ac73-424802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:17.000Z",
|
|
"modified": "2016-05-18T19:27:17.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 2e1c7ffab7b1047e3438e6ba920d0914f8cc4e35",
|
|
"pattern": "[file:hashes.SHA256 = '22c5b71437604ccbf0a0959a219c8ed522b85354c5493eec32b75c433e14af28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc216-4908-464c-80e7-44b902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:18.000Z",
|
|
"modified": "2016-05-18T19:27:18.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 2e1c7ffab7b1047e3438e6ba920d0914f8cc4e35",
|
|
"pattern": "[file:hashes.MD5 = '6e213b4014c5c9aa6ec2c00c6f100f65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc216-b4fc-46c0-bc12-4af402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:18.000Z",
|
|
"modified": "2016-05-18T19:27:18.000Z",
|
|
"first_observed": "2016-05-18T19:27:18Z",
|
|
"last_observed": "2016-05-18T19:27:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc216-b4fc-46c0-bc12-4af402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc216-b4fc-46c0-bc12-4af402de0b81",
|
|
"value": "https://www.virustotal.com/file/22c5b71437604ccbf0a0959a219c8ed522b85354c5493eec32b75c433e14af28/analysis/1463592130/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc216-2a2c-4957-9908-45c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:18.000Z",
|
|
"modified": "2016-05-18T19:27:18.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 756730d1c542b57792f68f0c3bc9bcde149cf7c6",
|
|
"pattern": "[file:hashes.SHA256 = '39bed88a0805084a747ddf86d1a6006aaa56f71aee98b59c5b2f9d0074507daa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc216-ab44-432f-8690-4ff202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:18.000Z",
|
|
"modified": "2016-05-18T19:27:18.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 756730d1c542b57792f68f0c3bc9bcde149cf7c6",
|
|
"pattern": "[file:hashes.MD5 = '9c9fc92d86f4e943e7deed22c29435f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc216-0b8c-4617-a150-41c002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:18.000Z",
|
|
"modified": "2016-05-18T19:27:18.000Z",
|
|
"first_observed": "2016-05-18T19:27:18Z",
|
|
"last_observed": "2016-05-18T19:27:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc216-0b8c-4617-a150-41c002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc216-0b8c-4617-a150-41c002de0b81",
|
|
"value": "https://www.virustotal.com/file/39bed88a0805084a747ddf86d1a6006aaa56f71aee98b59c5b2f9d0074507daa/analysis/1463592129/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc216-959c-414a-8e94-4b4a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:18.000Z",
|
|
"modified": "2016-05-18T19:27:18.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 8f8bd3c4ce2f932abfb31b9f586c40d1e22ee210",
|
|
"pattern": "[file:hashes.SHA256 = '7ef04f0347ca411ccdbf3ea32023eb5f05e01c200367091de3cd74521737cded']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc217-6450-4ce0-bfdd-40ab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:19.000Z",
|
|
"modified": "2016-05-18T19:27:19.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 8f8bd3c4ce2f932abfb31b9f586c40d1e22ee210",
|
|
"pattern": "[file:hashes.MD5 = '8313ac545d59feb89e3b7b17f4a9650c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc217-1cbc-44b7-8bb9-489e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:19.000Z",
|
|
"modified": "2016-05-18T19:27:19.000Z",
|
|
"first_observed": "2016-05-18T19:27:19Z",
|
|
"last_observed": "2016-05-18T19:27:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc217-1cbc-44b7-8bb9-489e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc217-1cbc-44b7-8bb9-489e02de0b81",
|
|
"value": "https://www.virustotal.com/file/7ef04f0347ca411ccdbf3ea32023eb5f05e01c200367091de3cd74521737cded/analysis/1463592129/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc217-13b8-44fa-8603-4ce102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:19.000Z",
|
|
"modified": "2016-05-18T19:27:19.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 6e312a999ee7dcd9ec8eb4f0a216f50f50eb09f6",
|
|
"pattern": "[file:hashes.SHA256 = 'b3534bde9c24f637d675d18bf8dd33e8ce643324c4d66864498115673a96ce2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc217-b4c8-40d4-acfe-430602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:19.000Z",
|
|
"modified": "2016-05-18T19:27:19.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: 6e312a999ee7dcd9ec8eb4f0a216f50f50eb09f6",
|
|
"pattern": "[file:hashes.MD5 = '4c1af80b301256b2cb11e74154964b0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc217-be00-4cba-9cf5-459002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:19.000Z",
|
|
"modified": "2016-05-18T19:27:19.000Z",
|
|
"first_observed": "2016-05-18T19:27:19Z",
|
|
"last_observed": "2016-05-18T19:27:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc217-be00-4cba-9cf5-459002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc217-be00-4cba-9cf5-459002de0b81",
|
|
"value": "https://www.virustotal.com/file/b3534bde9c24f637d675d18bf8dd33e8ce643324c4d66864498115673a96ce2a/analysis/1463592129/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc217-9e5c-43ed-95ab-417702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:19.000Z",
|
|
"modified": "2016-05-18T19:27:19.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: e1b5cd1978f6c6d72aa6b07add1ee83e9bb8480d",
|
|
"pattern": "[file:hashes.SHA256 = '7eb0e35c48133b88b92c0138cb2e1c5a5641eafb19ec747266a7dcc8ea379288']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc218-b844-40dd-9f6a-4b4502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:20.000Z",
|
|
"modified": "2016-05-18T19:27:20.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: e1b5cd1978f6c6d72aa6b07add1ee83e9bb8480d",
|
|
"pattern": "[file:hashes.MD5 = '3b529bff40eff3e30859f874007a56ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc218-97d4-4ff6-a047-4f0902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:20.000Z",
|
|
"modified": "2016-05-18T19:27:20.000Z",
|
|
"first_observed": "2016-05-18T19:27:20Z",
|
|
"last_observed": "2016-05-18T19:27:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc218-97d4-4ff6-a047-4f0902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc218-97d4-4ff6-a047-4f0902de0b81",
|
|
"value": "https://www.virustotal.com/file/7eb0e35c48133b88b92c0138cb2e1c5a5641eafb19ec747266a7dcc8ea379288/analysis/1463592129/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc218-3860-44bb-ac76-47a002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:20.000Z",
|
|
"modified": "2016-05-18T19:27:20.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: ad9a6f7ba895769844663b4936e776239d3a3d17",
|
|
"pattern": "[file:hashes.SHA256 = 'b41a2e72f4383b0fdf0196868b927d8b77f641262f6f447fbee68d32fb850ada']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc218-6298-474a-8f72-402f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:20.000Z",
|
|
"modified": "2016-05-18T19:27:20.000Z",
|
|
"description": "Prikormka PERSISTENCE modules - Xchecked via VT: ad9a6f7ba895769844663b4936e776239d3a3d17",
|
|
"pattern": "[file:hashes.MD5 = '5dec45098bd2dede870513ea58e76300']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc218-0d08-4852-ac11-47db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:20.000Z",
|
|
"modified": "2016-05-18T19:27:20.000Z",
|
|
"first_observed": "2016-05-18T19:27:20Z",
|
|
"last_observed": "2016-05-18T19:27:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc218-0d08-4852-ac11-47db02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc218-0d08-4852-ac11-47db02de0b81",
|
|
"value": "https://www.virustotal.com/file/b41a2e72f4383b0fdf0196868b927d8b77f641262f6f447fbee68d32fb850ada/analysis/1463592129/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc218-21d8-4961-9f50-4dc902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:20.000Z",
|
|
"modified": "2016-05-18T19:27:20.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: 539033de14539d485481549ef84c9e49d743fc4c",
|
|
"pattern": "[file:hashes.SHA256 = '70bf89949423fae5dfad2b208ada55100436ee3d61e36cf43a203eebd6050563']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc219-964c-490c-aa40-4b4902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:21.000Z",
|
|
"modified": "2016-05-18T19:27:21.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: 539033de14539d485481549ef84c9e49d743fc4c",
|
|
"pattern": "[file:hashes.MD5 = '788c3e3302b2fc61c3bffe31bdeab1b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc219-8eb8-4b1a-8f6d-486702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:21.000Z",
|
|
"modified": "2016-05-18T19:27:21.000Z",
|
|
"first_observed": "2016-05-18T19:27:21Z",
|
|
"last_observed": "2016-05-18T19:27:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc219-8eb8-4b1a-8f6d-486702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc219-8eb8-4b1a-8f6d-486702de0b81",
|
|
"value": "https://www.virustotal.com/file/70bf89949423fae5dfad2b208ada55100436ee3d61e36cf43a203eebd6050563/analysis/1299056441/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc219-a9c0-4377-96d8-491302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:21.000Z",
|
|
"modified": "2016-05-18T19:27:21.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: 44b6b8375cf788076c0dd64a93e27f69a01f5dfd",
|
|
"pattern": "[file:hashes.SHA256 = '1bde0a5b463343c582f80c9033ff00d075447cee5b136b5b2d32b597a665644a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc219-9820-4bb2-b86c-4ff602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:21.000Z",
|
|
"modified": "2016-05-18T19:27:21.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: 44b6b8375cf788076c0dd64a93e27f69a01f5dfd",
|
|
"pattern": "[file:hashes.MD5 = '4d0bb3cd0e3744b289df2ce77e058d44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc219-a504-47b4-9879-46b802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:21.000Z",
|
|
"modified": "2016-05-18T19:27:21.000Z",
|
|
"first_observed": "2016-05-18T19:27:21Z",
|
|
"last_observed": "2016-05-18T19:27:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc219-a504-47b4-9879-46b802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc219-a504-47b4-9879-46b802de0b81",
|
|
"value": "https://www.virustotal.com/file/1bde0a5b463343c582f80c9033ff00d075447cee5b136b5b2d32b597a665644a/analysis/1299056596/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21a-2ba4-4178-bed5-409902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:22.000Z",
|
|
"modified": "2016-05-18T19:27:22.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: bcedab81cc5f4d2ea1da8a71f91df6e16362723b",
|
|
"pattern": "[file:hashes.SHA256 = '23fdd88d2c794434c099a3581e7c1ff80c39fceea61f5aea1d77459cc92304c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21a-ee70-4064-a871-42c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:22.000Z",
|
|
"modified": "2016-05-18T19:27:22.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: bcedab81cc5f4d2ea1da8a71f91df6e16362723b",
|
|
"pattern": "[file:hashes.MD5 = '1e54bf0743b7d3411b6a26516e62777a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21a-2aa8-4139-8a12-45f202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:22.000Z",
|
|
"modified": "2016-05-18T19:27:22.000Z",
|
|
"first_observed": "2016-05-18T19:27:22Z",
|
|
"last_observed": "2016-05-18T19:27:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21a-2aa8-4139-8a12-45f202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21a-2aa8-4139-8a12-45f202de0b81",
|
|
"value": "https://www.virustotal.com/file/23fdd88d2c794434c099a3581e7c1ff80c39fceea61f5aea1d77459cc92304c6/analysis/1347697596/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21a-f35c-4e98-8a8a-489102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:22.000Z",
|
|
"modified": "2016-05-18T19:27:22.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: b5f1b3bd6ad281c8eb9d633a37e0be63b97a8beb",
|
|
"pattern": "[file:hashes.SHA256 = 'd8eb8e8b8adbcbc03639d2373884623d5a25d1c1fd0bc9f60c7ed1208ca30f52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21a-0f14-4721-993d-4d8702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:22.000Z",
|
|
"modified": "2016-05-18T19:27:22.000Z",
|
|
"description": "Prikormka early versions - Xchecked via VT: b5f1b3bd6ad281c8eb9d633a37e0be63b97a8beb",
|
|
"pattern": "[file:hashes.MD5 = '89c8f0631aabcb5d60ca1516130db769']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21a-0c9c-47ab-b1c8-431702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:22.000Z",
|
|
"modified": "2016-05-18T19:27:22.000Z",
|
|
"first_observed": "2016-05-18T19:27:22Z",
|
|
"last_observed": "2016-05-18T19:27:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21a-0c9c-47ab-b1c8-431702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21a-0c9c-47ab-b1c8-431702de0b81",
|
|
"value": "https://www.virustotal.com/file/d8eb8e8b8adbcbc03639d2373884623d5a25d1c1fd0bc9f60c7ed1208ca30f52/analysis/1396809171/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21b-84d4-468b-abfa-4c9102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:23.000Z",
|
|
"modified": "2016-05-18T19:27:23.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: e494328255ef2b9ed9b332ee845513a93339217f",
|
|
"pattern": "[file:hashes.SHA256 = '6f19a2747576f953d42bf9140826f50b2c1ca48c6e94190b1efb0f36c3c03b45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21b-59a0-4c2e-b2c4-482202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:23.000Z",
|
|
"modified": "2016-05-18T19:27:23.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: e494328255ef2b9ed9b332ee845513a93339217f",
|
|
"pattern": "[file:hashes.MD5 = '07b3830f8791119b9365471386247f21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21b-3fb8-41d8-89e6-46d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:23.000Z",
|
|
"modified": "2016-05-18T19:27:23.000Z",
|
|
"first_observed": "2016-05-18T19:27:23Z",
|
|
"last_observed": "2016-05-18T19:27:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21b-3fb8-41d8-89e6-46d802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21b-3fb8-41d8-89e6-46d802de0b81",
|
|
"value": "https://www.virustotal.com/file/6f19a2747576f953d42bf9140826f50b2c1ca48c6e94190b1efb0f36c3c03b45/analysis/1462214518/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21b-0238-40fd-97ad-4e8702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:23.000Z",
|
|
"modified": "2016-05-18T19:27:23.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: ee1e5d95fcad429126944804d80d7c2412af492e",
|
|
"pattern": "[file:hashes.SHA256 = '081a6b99de513d88207b03c5955b0cb2658f775ce5af0cf78e1ab3dc8782779f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21b-6ba4-46ed-930a-4c1702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:23.000Z",
|
|
"modified": "2016-05-18T19:27:23.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: ee1e5d95fcad429126944804d80d7c2412af492e",
|
|
"pattern": "[file:hashes.MD5 = 'ab9dfa3f23111aa6304615ea53652e6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21b-e37c-45d2-ac0c-4a0002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:23.000Z",
|
|
"modified": "2016-05-18T19:27:23.000Z",
|
|
"first_observed": "2016-05-18T19:27:23Z",
|
|
"last_observed": "2016-05-18T19:27:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21b-e37c-45d2-ac0c-4a0002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21b-e37c-45d2-ac0c-4a0002de0b81",
|
|
"value": "https://www.virustotal.com/file/081a6b99de513d88207b03c5955b0cb2658f775ce5af0cf78e1ab3dc8782779f/analysis/1462871938/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21c-6968-44f6-9162-416702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:24.000Z",
|
|
"modified": "2016-05-18T19:27:24.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 5b7d6d7c3c4ad74a7f1e32b780776db41ff18ddd",
|
|
"pattern": "[file:hashes.SHA256 = 'e61bc880b62d8751ac47379bfbd193b7e8c586766a54eccc2aa3983b3352df61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21c-fc94-404d-af7c-438002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:24.000Z",
|
|
"modified": "2016-05-18T19:27:24.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 5b7d6d7c3c4ad74a7f1e32b780776db41ff18ddd",
|
|
"pattern": "[file:hashes.MD5 = '54e73c486ec06c941694e1e0b2c48f04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21c-9c40-4009-b183-43d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:24.000Z",
|
|
"modified": "2016-05-18T19:27:24.000Z",
|
|
"first_observed": "2016-05-18T19:27:24Z",
|
|
"last_observed": "2016-05-18T19:27:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21c-9c40-4009-b183-43d702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21c-9c40-4009-b183-43d702de0b81",
|
|
"value": "https://www.virustotal.com/file/e61bc880b62d8751ac47379bfbd193b7e8c586766a54eccc2aa3983b3352df61/analysis/1461163238/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21c-a9cc-4b39-9950-462602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:24.000Z",
|
|
"modified": "2016-05-18T19:27:24.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 243421fe7c1fc007efa0c9ccab6f6e2a0c94fcc2",
|
|
"pattern": "[file:hashes.SHA256 = '46c18c798c7186559828eb8b60db7c28af95320393f6cc43701995a3f7e530d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21c-da7c-4166-8ac6-45b302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:24.000Z",
|
|
"modified": "2016-05-18T19:27:24.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 243421fe7c1fc007efa0c9ccab6f6e2a0c94fcc2",
|
|
"pattern": "[file:hashes.MD5 = '98b867d5e5ea7bc3db20608ac34489a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21c-d4e0-45c7-ab55-44a202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:24.000Z",
|
|
"modified": "2016-05-18T19:27:24.000Z",
|
|
"first_observed": "2016-05-18T19:27:24Z",
|
|
"last_observed": "2016-05-18T19:27:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21c-d4e0-45c7-ab55-44a202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21c-d4e0-45c7-ab55-44a202de0b81",
|
|
"value": "https://www.virustotal.com/file/46c18c798c7186559828eb8b60db7c28af95320393f6cc43701995a3f7e530d8/analysis/1458553468/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21d-8ecc-42a1-8337-4b8702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 69536caf0522c1a915d6ac4c65177a26efa7944b",
|
|
"pattern": "[file:hashes.SHA256 = 'efcec363b2636118e3fc701c637eec7767e83b6a9959172db22b3999a87b8958']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21d-92a4-4098-a22d-48e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 69536caf0522c1a915d6ac4c65177a26efa7944b",
|
|
"pattern": "[file:hashes.MD5 = 'b6dbd6ae64f8cbd8b08442214e5baa56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21d-48c8-4e3b-9b1b-46ed02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"first_observed": "2016-05-18T19:27:25Z",
|
|
"last_observed": "2016-05-18T19:27:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21d-48c8-4e3b-9b1b-46ed02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21d-48c8-4e3b-9b1b-46ed02de0b81",
|
|
"value": "https://www.virustotal.com/file/efcec363b2636118e3fc701c637eec7767e83b6a9959172db22b3999a87b8958/analysis/1461634998/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21d-2ad4-4e71-9315-430602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 065b075293968732f2be433b7b492869e4260ee5",
|
|
"pattern": "[file:hashes.SHA256 = '088997bd4720cb4f8176645b350518bb23f11e2fbb61da07928df8d08ff80c1a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21d-8a8c-4e71-8df0-4d0502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 065b075293968732f2be433b7b492869e4260ee5",
|
|
"pattern": "[file:hashes.MD5 = '9ad5e8bdfd4ec77c5fce5134ee89aa58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21d-99a4-4056-a303-43c002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"first_observed": "2016-05-18T19:27:25Z",
|
|
"last_observed": "2016-05-18T19:27:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21d-99a4-4056-a303-43c002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21d-99a4-4056-a303-43c002de0b81",
|
|
"value": "https://www.virustotal.com/file/088997bd4720cb4f8176645b350518bb23f11e2fbb61da07928df8d08ff80c1a/analysis/1456159833/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21d-fca4-4427-88ca-46b202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:25.000Z",
|
|
"modified": "2016-05-18T19:27:25.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 40f33cd2ad98fe1e6bf4ab199021498f9e3125a1",
|
|
"pattern": "[file:hashes.SHA256 = '1bea8c0398df41ea2bd7e3611b4380d9277bee0e0b603f1229cbc56e84f367e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21e-4678-4a42-84e2-492502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:26.000Z",
|
|
"modified": "2016-05-18T19:27:26.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 40f33cd2ad98fe1e6bf4ab199021498f9e3125a1",
|
|
"pattern": "[file:hashes.MD5 = 'dc80c9102c1dd5e52d2f6e999a161a95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21e-22c8-4672-b36f-4b1002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:26.000Z",
|
|
"modified": "2016-05-18T19:27:26.000Z",
|
|
"first_observed": "2016-05-18T19:27:26Z",
|
|
"last_observed": "2016-05-18T19:27:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21e-22c8-4672-b36f-4b1002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21e-22c8-4672-b36f-4b1002de0b81",
|
|
"value": "https://www.virustotal.com/file/1bea8c0398df41ea2bd7e3611b4380d9277bee0e0b603f1229cbc56e84f367e0/analysis/1456484794/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21e-63f4-4a29-8064-4d8a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:26.000Z",
|
|
"modified": "2016-05-18T19:27:26.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 80cb14652e8251c79187df8a01d29abd46a3118c",
|
|
"pattern": "[file:hashes.SHA256 = '7ccb5cfc5fc9348bf635838beca2506b2da543af24b70f8415d6d5f214b7a142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21e-f068-4fa2-8b8f-4dc602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:26.000Z",
|
|
"modified": "2016-05-18T19:27:26.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 80cb14652e8251c79187df8a01d29abd46a3118c",
|
|
"pattern": "[file:hashes.MD5 = '94de88fc27baac4005dd812473042e36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21e-52dc-4f50-814c-49ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:26.000Z",
|
|
"modified": "2016-05-18T19:27:26.000Z",
|
|
"first_observed": "2016-05-18T19:27:26Z",
|
|
"last_observed": "2016-05-18T19:27:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21e-52dc-4f50-814c-49ec02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21e-52dc-4f50-814c-49ec02de0b81",
|
|
"value": "https://www.virustotal.com/file/7ccb5cfc5fc9348bf635838beca2506b2da543af24b70f8415d6d5f214b7a142/analysis/1454131924/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21e-b0b4-4e89-a726-4f0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:26.000Z",
|
|
"modified": "2016-05-18T19:27:26.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 279711b6828b6cf642c0dab4d16411c87956f566",
|
|
"pattern": "[file:hashes.SHA256 = 'd3e65b159bc75e8e5bf855294069fa0f2d558cf21aabaea88ca28f50d9d71e38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21f-5348-4cc2-b2c7-443302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 279711b6828b6cf642c0dab4d16411c87956f566",
|
|
"pattern": "[file:hashes.MD5 = '0d7aae0e4845f974dbd7ab2422633e71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21f-f204-49c6-ae07-4f1602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"first_observed": "2016-05-18T19:27:27Z",
|
|
"last_observed": "2016-05-18T19:27:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21f-f204-49c6-ae07-4f1602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21f-f204-49c6-ae07-4f1602de0b81",
|
|
"value": "https://www.virustotal.com/file/d3e65b159bc75e8e5bf855294069fa0f2d558cf21aabaea88ca28f50d9d71e38/analysis/1452583116/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21f-930c-449b-91bf-406402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 3a6c8cb6688e2a56057ba9b3680e5911d96b2c8c",
|
|
"pattern": "[file:hashes.SHA256 = '37918ca8964bb402d2e7829b49d8a0b2efc0a8e41807a4eeb552371a01fa36ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21f-709c-46d9-8755-448102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 3a6c8cb6688e2a56057ba9b3680e5911d96b2c8c",
|
|
"pattern": "[file:hashes.MD5 = 'f8c414e0058cbe7ffb4cb2b56892fcdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc21f-599c-4b7d-bec5-49cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"first_observed": "2016-05-18T19:27:27Z",
|
|
"last_observed": "2016-05-18T19:27:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc21f-599c-4b7d-bec5-49cc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc21f-599c-4b7d-bec5-49cc02de0b81",
|
|
"value": "https://www.virustotal.com/file/37918ca8964bb402d2e7829b49d8a0b2efc0a8e41807a4eeb552371a01fa36ff/analysis/1456107968/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21f-2468-46d0-a647-441e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 160cf2abb25495188a0acb523bd201b0369cffd2",
|
|
"pattern": "[file:hashes.SHA256 = '5339628aa132b77f6909888b00fba61d140b8b736a94a9f1eb11560d6a946228']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc21f-8b14-4e80-9e16-423602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:27.000Z",
|
|
"modified": "2016-05-18T19:27:27.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 160cf2abb25495188a0acb523bd201b0369cffd2",
|
|
"pattern": "[file:hashes.MD5 = '23a254284bbfc12f3ad71dc22bd98f12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc220-2b28-4c53-ac14-4fce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:28.000Z",
|
|
"modified": "2016-05-18T19:27:28.000Z",
|
|
"first_observed": "2016-05-18T19:27:28Z",
|
|
"last_observed": "2016-05-18T19:27:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc220-2b28-4c53-ac14-4fce02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc220-2b28-4c53-ac14-4fce02de0b81",
|
|
"value": "https://www.virustotal.com/file/5339628aa132b77f6909888b00fba61d140b8b736a94a9f1eb11560d6a946228/analysis/1460573970/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc220-80f8-4f44-9ecc-4a4002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:28.000Z",
|
|
"modified": "2016-05-18T19:27:28.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: d5b785f8f92c7588cfad7a1a21daffa6eb9cfa5c",
|
|
"pattern": "[file:hashes.SHA256 = '319e9dc36678c4d774ba0765ec93d3160bd476ab0f98bac1b7e5b92e7994a88a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc220-4de4-47b2-9a3f-4af502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:28.000Z",
|
|
"modified": "2016-05-18T19:27:28.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: d5b785f8f92c7588cfad7a1a21daffa6eb9cfa5c",
|
|
"pattern": "[file:hashes.MD5 = '7accb6fed266a2023659f438ad1b3546']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc220-489c-4173-a6f4-4d0d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:28.000Z",
|
|
"modified": "2016-05-18T19:27:28.000Z",
|
|
"first_observed": "2016-05-18T19:27:28Z",
|
|
"last_observed": "2016-05-18T19:27:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc220-489c-4173-a6f4-4d0d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc220-489c-4173-a6f4-4d0d02de0b81",
|
|
"value": "https://www.virustotal.com/file/319e9dc36678c4d774ba0765ec93d3160bd476ab0f98bac1b7e5b92e7994a88a/analysis/1460573987/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc220-e4ec-4d5b-a19a-4aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:28.000Z",
|
|
"modified": "2016-05-18T19:27:28.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 8df79b2734bcd83b3d55ff99521d10e550dfcff3",
|
|
"pattern": "[file:hashes.SHA256 = '9c40bd71680049814ed521d43c3772a92cbf02e33dce61c9a8f7d31942a624f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc220-6c84-46d4-a1af-424b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:28.000Z",
|
|
"modified": "2016-05-18T19:27:28.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 8df79b2734bcd83b3d55ff99521d10e550dfcff3",
|
|
"pattern": "[file:hashes.MD5 = 'a5cdb465d7150a07371fa8e996e26905']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc221-c8a8-4142-a321-46e202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:29.000Z",
|
|
"modified": "2016-05-18T19:27:29.000Z",
|
|
"first_observed": "2016-05-18T19:27:29Z",
|
|
"last_observed": "2016-05-18T19:27:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc221-c8a8-4142-a321-46e202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc221-c8a8-4142-a321-46e202de0b81",
|
|
"value": "https://www.virustotal.com/file/9c40bd71680049814ed521d43c3772a92cbf02e33dce61c9a8f7d31942a624f8/analysis/1455913925/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc221-bb84-44a3-b9e3-4f3a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:29.000Z",
|
|
"modified": "2016-05-18T19:27:29.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 62487dd8ec172462f9b4cbb790ef6f7878d20352",
|
|
"pattern": "[file:hashes.SHA256 = 'a0ffd62b17ef194a7f26a05d2a1c54b4fbc03efced7d9c4af7127b99c1714500']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc221-5ee8-4f87-b43e-441d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:29.000Z",
|
|
"modified": "2016-05-18T19:27:29.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 62487dd8ec172462f9b4cbb790ef6f7878d20352",
|
|
"pattern": "[file:hashes.MD5 = 'ecab150a20ea0be5ceeaf725166fb7e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc221-3c08-4200-bbe2-42c902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:29.000Z",
|
|
"modified": "2016-05-18T19:27:29.000Z",
|
|
"first_observed": "2016-05-18T19:27:29Z",
|
|
"last_observed": "2016-05-18T19:27:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc221-3c08-4200-bbe2-42c902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc221-3c08-4200-bbe2-42c902de0b81",
|
|
"value": "https://www.virustotal.com/file/a0ffd62b17ef194a7f26a05d2a1c54b4fbc03efced7d9c4af7127b99c1714500/analysis/1446737181/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc221-ac80-4bfd-bd3f-45db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:29.000Z",
|
|
"modified": "2016-05-18T19:27:29.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: fd95c6b33af4b29efbd26d388c50164c3167cb68",
|
|
"pattern": "[file:hashes.SHA256 = 'b06a86deeefca30a7bd535fd16588890acb34498e339c8626e7776686ecb7a50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc221-5ab8-4d62-b151-45dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:29.000Z",
|
|
"modified": "2016-05-18T19:27:29.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: fd95c6b33af4b29efbd26d388c50164c3167cb68",
|
|
"pattern": "[file:hashes.MD5 = 'f3bb0cbeded4ca5e7907b9f0cc8c68c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc222-1888-4ca0-b72f-434702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"first_observed": "2016-05-18T19:27:30Z",
|
|
"last_observed": "2016-05-18T19:27:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc222-1888-4ca0-b72f-434702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc222-1888-4ca0-b72f-434702de0b81",
|
|
"value": "https://www.virustotal.com/file/b06a86deeefca30a7bd535fd16588890acb34498e339c8626e7776686ecb7a50/analysis/1445665750/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc222-8d8c-4966-b871-465a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 642033a50ef2c51e1f391d85ed870b09a308469a",
|
|
"pattern": "[file:hashes.SHA256 = '20a5a7a77c44f9c79fd4c54378f2027ea8427319d1963ac669e8592e6a05db5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc222-fe50-4a42-a2e8-4f7f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 642033a50ef2c51e1f391d85ed870b09a308469a",
|
|
"pattern": "[file:hashes.MD5 = '463d75d636d3bf7a47b995d01bb900cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc222-df08-43fc-af64-472702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"first_observed": "2016-05-18T19:27:30Z",
|
|
"last_observed": "2016-05-18T19:27:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc222-df08-43fc-af64-472702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc222-df08-43fc-af64-472702de0b81",
|
|
"value": "https://www.virustotal.com/file/20a5a7a77c44f9c79fd4c54378f2027ea8427319d1963ac669e8592e6a05db5a/analysis/1453605391/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc222-ad88-4547-8db9-420902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: d45cecd9ddd79259c6518300ed77257a9abbdf92",
|
|
"pattern": "[file:hashes.SHA256 = 'c049b68f305f63bd2ff6ed4ce79946240df74bef33060d321035f242835f5b5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc222-b2d8-414a-bd04-4e9102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: d45cecd9ddd79259c6518300ed77257a9abbdf92",
|
|
"pattern": "[file:hashes.MD5 = '232e1e7fbf13c602dc5f80391da3e6bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc222-956c-4fac-b3aa-46ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:30.000Z",
|
|
"modified": "2016-05-18T19:27:30.000Z",
|
|
"first_observed": "2016-05-18T19:27:30Z",
|
|
"last_observed": "2016-05-18T19:27:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc222-956c-4fac-b3aa-46ea02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc222-956c-4fac-b3aa-46ea02de0b81",
|
|
"value": "https://www.virustotal.com/file/c049b68f305f63bd2ff6ed4ce79946240df74bef33060d321035f242835f5b5b/analysis/1462243218/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc223-d758-47d9-a5ee-46f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:31.000Z",
|
|
"modified": "2016-05-18T19:27:31.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 613f631d0e384954d2fea5be39124ad821c8e5d6",
|
|
"pattern": "[file:hashes.SHA256 = '7fdbeb7c62cfac319389a0ee3b528b03a898c48c7305b09e3563acb8ad820221']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc223-61e4-456b-a86f-46e102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:31.000Z",
|
|
"modified": "2016-05-18T19:27:31.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 613f631d0e384954d2fea5be39124ad821c8e5d6",
|
|
"pattern": "[file:hashes.MD5 = 'e945e3d7ff86066e49933adfd79ef3a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc223-369c-4ff6-abe3-48fb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:31.000Z",
|
|
"modified": "2016-05-18T19:27:31.000Z",
|
|
"first_observed": "2016-05-18T19:27:31Z",
|
|
"last_observed": "2016-05-18T19:27:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc223-369c-4ff6-abe3-48fb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc223-369c-4ff6-abe3-48fb02de0b81",
|
|
"value": "https://www.virustotal.com/file/7fdbeb7c62cfac319389a0ee3b528b03a898c48c7305b09e3563acb8ad820221/analysis/1444905385/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc223-0a78-41ea-a0a2-442702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:31.000Z",
|
|
"modified": "2016-05-18T19:27:31.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: a6d8431efba501864c4646a63071d28b30eebf99",
|
|
"pattern": "[file:hashes.SHA256 = '0da76985933a306a716317b84d12c08a2f18c4b3719a9dcb06de0029360c5449']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc223-cccc-4ea5-af03-4c7a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:31.000Z",
|
|
"modified": "2016-05-18T19:27:31.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: a6d8431efba501864c4646a63071d28b30eebf99",
|
|
"pattern": "[file:hashes.MD5 = '7686e147f670c203e4798f23014b6ddf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc223-8b0c-4942-9141-418402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:31.000Z",
|
|
"modified": "2016-05-18T19:27:31.000Z",
|
|
"first_observed": "2016-05-18T19:27:31Z",
|
|
"last_observed": "2016-05-18T19:27:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc223-8b0c-4942-9141-418402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc223-8b0c-4942-9141-418402de0b81",
|
|
"value": "https://www.virustotal.com/file/0da76985933a306a716317b84d12c08a2f18c4b3719a9dcb06de0029360c5449/analysis/1444314606/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc224-39f4-4fc7-8c8b-426602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:32.000Z",
|
|
"modified": "2016-05-18T19:27:32.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 8a01c06df6e59f1513146dfe07936e4aca59b152",
|
|
"pattern": "[file:hashes.SHA256 = 'c87dea7e2d8763fb23b24c21e6880d4779c646675bc28bb6d00380b4f5ca4ec7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc224-3fa8-484f-b888-47cd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:32.000Z",
|
|
"modified": "2016-05-18T19:27:32.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 8a01c06df6e59f1513146dfe07936e4aca59b152",
|
|
"pattern": "[file:hashes.MD5 = '09ca0c9d37bf8ed5f7c65189bd625b80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc224-c080-4cc7-925a-47d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:32.000Z",
|
|
"modified": "2016-05-18T19:27:32.000Z",
|
|
"first_observed": "2016-05-18T19:27:32Z",
|
|
"last_observed": "2016-05-18T19:27:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc224-c080-4cc7-925a-47d802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc224-c080-4cc7-925a-47d802de0b81",
|
|
"value": "https://www.virustotal.com/file/c87dea7e2d8763fb23b24c21e6880d4779c646675bc28bb6d00380b4f5ca4ec7/analysis/1439625122/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc224-af5c-47ad-b29d-4f3902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:32.000Z",
|
|
"modified": "2016-05-18T19:27:32.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: cd5aa66ad7c8d418f19b486211591e31b5b74ab6",
|
|
"pattern": "[file:hashes.SHA256 = '1e8afe769032c8b6b2c964d2b938583b01dc1292e7ff78765751bd333de4eb6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc224-38c4-46e5-8350-442402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:32.000Z",
|
|
"modified": "2016-05-18T19:27:32.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: cd5aa66ad7c8d418f19b486211591e31b5b74ab6",
|
|
"pattern": "[file:hashes.MD5 = '4ccf939e28d127e9d901d5e541dd1456']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc224-8004-4157-a053-40dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:32.000Z",
|
|
"modified": "2016-05-18T19:27:32.000Z",
|
|
"first_observed": "2016-05-18T19:27:32Z",
|
|
"last_observed": "2016-05-18T19:27:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc224-8004-4157-a053-40dc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc224-8004-4157-a053-40dc02de0b81",
|
|
"value": "https://www.virustotal.com/file/1e8afe769032c8b6b2c964d2b938583b01dc1292e7ff78765751bd333de4eb6a/analysis/1438944653/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc225-9e3c-46d3-8356-462d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:33.000Z",
|
|
"modified": "2016-05-18T19:27:33.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: addf8193442d145c6bcb4c54b95a5cfe759c6436",
|
|
"pattern": "[file:hashes.SHA256 = '8d1e1d768062c246225713aad58af4943c081bf69f7987ce20799622e96e48dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc225-71c0-43c1-baea-4dbc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:33.000Z",
|
|
"modified": "2016-05-18T19:27:33.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: addf8193442d145c6bcb4c54b95a5cfe759c6436",
|
|
"pattern": "[file:hashes.MD5 = 'a39144ba5642441453a0c4cdaa52bf04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc225-984c-4da8-bca1-4b0502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:33.000Z",
|
|
"modified": "2016-05-18T19:27:33.000Z",
|
|
"first_observed": "2016-05-18T19:27:33Z",
|
|
"last_observed": "2016-05-18T19:27:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc225-984c-4da8-bca1-4b0502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc225-984c-4da8-bca1-4b0502de0b81",
|
|
"value": "https://www.virustotal.com/file/8d1e1d768062c246225713aad58af4943c081bf69f7987ce20799622e96e48dc/analysis/1439971332/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc225-19f0-4b8c-b417-4fc102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:33.000Z",
|
|
"modified": "2016-05-18T19:27:33.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: e9a2b1611edc105fba65affcdab062d6fa5c67b0",
|
|
"pattern": "[file:hashes.SHA256 = '6214ac9bdf15df2e1e53523bf6840576ef8cc6372bb7faf58ae566760cf8c3db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc225-ab00-4fc7-ac52-469e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:33.000Z",
|
|
"modified": "2016-05-18T19:27:33.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: e9a2b1611edc105fba65affcdab062d6fa5c67b0",
|
|
"pattern": "[file:hashes.MD5 = 'deb1072e83f73a0107c2ae7ef20ffc47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc225-dad0-4236-8b59-43a802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:33.000Z",
|
|
"modified": "2016-05-18T19:27:33.000Z",
|
|
"first_observed": "2016-05-18T19:27:33Z",
|
|
"last_observed": "2016-05-18T19:27:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc225-dad0-4236-8b59-43a802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc225-dad0-4236-8b59-43a802de0b81",
|
|
"value": "https://www.virustotal.com/file/6214ac9bdf15df2e1e53523bf6840576ef8cc6372bb7faf58ae566760cf8c3db/analysis/1442226486/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc226-f65c-435b-8f46-4d3702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: c0c4db689f393a26611b7f8fe08f38b456a173da",
|
|
"pattern": "[file:hashes.SHA256 = 'dd81c74311a0c88c47ff7902b3bec47289349b622cfdaa4806e5071f8e68f548']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc226-5b80-4248-87e1-48c902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: c0c4db689f393a26611b7f8fe08f38b456a173da",
|
|
"pattern": "[file:hashes.MD5 = '01dcc96e0c1e6e2c5230510c7994fd27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc226-e7e0-432e-8c48-46c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"first_observed": "2016-05-18T19:27:34Z",
|
|
"last_observed": "2016-05-18T19:27:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc226-e7e0-432e-8c48-46c802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc226-e7e0-432e-8c48-46c802de0b81",
|
|
"value": "https://www.virustotal.com/file/dd81c74311a0c88c47ff7902b3bec47289349b622cfdaa4806e5071f8e68f548/analysis/1439847477/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc226-79d8-4c40-959f-471702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 1287205fe5b83583cb28d39d965d182ea1dfcfdb",
|
|
"pattern": "[file:hashes.SHA256 = '8532a45be3b554c26b3d3043de4d5e2f2cd15bb4612efb591171c96f7ffb79d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc226-8c90-4d9c-9e28-4fe802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 1287205fe5b83583cb28d39d965d182ea1dfcfdb",
|
|
"pattern": "[file:hashes.MD5 = 'a6a0ef1110ea677fe9f1ea3f152cb598']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc226-c19c-4cae-93ab-417202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"first_observed": "2016-05-18T19:27:34Z",
|
|
"last_observed": "2016-05-18T19:27:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc226-c19c-4cae-93ab-417202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc226-c19c-4cae-93ab-417202de0b81",
|
|
"value": "https://www.virustotal.com/file/8532a45be3b554c26b3d3043de4d5e2f2cd15bb4612efb591171c96f7ffb79d5/analysis/1438008430/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc226-5458-4913-902e-474302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:34.000Z",
|
|
"modified": "2016-05-18T19:27:34.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 8665c7a753ba5f619fe79d52dc49724f17d81dac",
|
|
"pattern": "[file:hashes.SHA256 = '67ef56c5ecada38cd9c5ce0f718d07ddf3a08a808a86aa3809cb64de066f013f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc227-c3d4-4278-bcb0-441102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:35.000Z",
|
|
"modified": "2016-05-18T19:27:35.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 8665c7a753ba5f619fe79d52dc49724f17d81dac",
|
|
"pattern": "[file:hashes.MD5 = '4ff208448fd6d5c1bd1b46b654e2b978']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc227-2398-4beb-a23f-4bf502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:35.000Z",
|
|
"modified": "2016-05-18T19:27:35.000Z",
|
|
"first_observed": "2016-05-18T19:27:35Z",
|
|
"last_observed": "2016-05-18T19:27:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc227-2398-4beb-a23f-4bf502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc227-2398-4beb-a23f-4bf502de0b81",
|
|
"value": "https://www.virustotal.com/file/67ef56c5ecada38cd9c5ce0f718d07ddf3a08a808a86aa3809cb64de066f013f/analysis/1463592096/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc227-2678-431b-93ac-43de02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:35.000Z",
|
|
"modified": "2016-05-18T19:27:35.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 86dd049877b564158020ab9b1a6ca3c30371979d",
|
|
"pattern": "[file:hashes.SHA256 = '3ba655cbadfd763e6219be646a698914e77644513bdf3bd5a20b804adcdd8ca9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc227-dcfc-42d4-ab48-412202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:35.000Z",
|
|
"modified": "2016-05-18T19:27:35.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 86dd049877b564158020ab9b1a6ca3c30371979d",
|
|
"pattern": "[file:hashes.MD5 = 'bc362f7d1ee313f8a3068ce4c2ef1c98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc227-1514-475a-a03c-462102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:35.000Z",
|
|
"modified": "2016-05-18T19:27:35.000Z",
|
|
"first_observed": "2016-05-18T19:27:35Z",
|
|
"last_observed": "2016-05-18T19:27:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc227-1514-475a-a03c-462102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc227-1514-475a-a03c-462102de0b81",
|
|
"value": "https://www.virustotal.com/file/3ba655cbadfd763e6219be646a698914e77644513bdf3bd5a20b804adcdd8ca9/analysis/1463592094/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc228-1a88-4204-a33b-49b402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:36.000Z",
|
|
"modified": "2016-05-18T19:27:36.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 7ab44936e5545c5778c697abcc20fd8955e35f36",
|
|
"pattern": "[file:hashes.SHA256 = 'ed150dbb6f54c3ac74e3359a4dee9dea9400655d1bc87a3407fe441b14f7ea68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc228-ac90-4009-a62c-49e302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:36.000Z",
|
|
"modified": "2016-05-18T19:27:36.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 7ab44936e5545c5778c697abcc20fd8955e35f36",
|
|
"pattern": "[file:hashes.MD5 = '8d1eca9f02b5b171db78b37c34668b56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc228-de38-4eeb-b08c-43cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:36.000Z",
|
|
"modified": "2016-05-18T19:27:36.000Z",
|
|
"first_observed": "2016-05-18T19:27:36Z",
|
|
"last_observed": "2016-05-18T19:27:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc228-de38-4eeb-b08c-43cc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc228-de38-4eeb-b08c-43cc02de0b81",
|
|
"value": "https://www.virustotal.com/file/ed150dbb6f54c3ac74e3359a4dee9dea9400655d1bc87a3407fe441b14f7ea68/analysis/1463592094/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc228-2dc8-4f4b-b67f-41f802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:36.000Z",
|
|
"modified": "2016-05-18T19:27:36.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 76b77e40182da242307272b9f77132abb0b46515",
|
|
"pattern": "[file:hashes.SHA256 = '8911d769d59d6a85222fd68975cd8362e2e88ec54fb7377cff9db5794bea66c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc228-9668-4ce2-b0c9-44ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:36.000Z",
|
|
"modified": "2016-05-18T19:27:36.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 76b77e40182da242307272b9f77132abb0b46515",
|
|
"pattern": "[file:hashes.MD5 = '52d976e34795854b035166764b20ca9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc228-aa40-481f-a110-4e7102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:36.000Z",
|
|
"modified": "2016-05-18T19:27:36.000Z",
|
|
"first_observed": "2016-05-18T19:27:36Z",
|
|
"last_observed": "2016-05-18T19:27:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc228-aa40-481f-a110-4e7102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc228-aa40-481f-a110-4e7102de0b81",
|
|
"value": "https://www.virustotal.com/file/8911d769d59d6a85222fd68975cd8362e2e88ec54fb7377cff9db5794bea66c5/analysis/1463592094/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc229-f67c-4bd1-91b9-4fc602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:37.000Z",
|
|
"modified": "2016-05-18T19:27:37.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: c88218c2c23555d5e39596b2110bda54a7ad50db",
|
|
"pattern": "[file:hashes.SHA256 = 'e57f0f1e5a144ccc0eb4a2ea0d3b4863a49e99c32758c9c413e250ae0654cc63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc229-fd24-4e1a-9261-4ac702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:37.000Z",
|
|
"modified": "2016-05-18T19:27:37.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: c88218c2c23555d5e39596b2110bda54a7ad50db",
|
|
"pattern": "[file:hashes.MD5 = '646acb416773cdd2141728174723824f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc229-dfc4-418c-a220-443302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:37.000Z",
|
|
"modified": "2016-05-18T19:27:37.000Z",
|
|
"first_observed": "2016-05-18T19:27:37Z",
|
|
"last_observed": "2016-05-18T19:27:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc229-dfc4-418c-a220-443302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc229-dfc4-418c-a220-443302de0b81",
|
|
"value": "https://www.virustotal.com/file/e57f0f1e5a144ccc0eb4a2ea0d3b4863a49e99c32758c9c413e250ae0654cc63/analysis/1463592093/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc229-b520-494f-9b57-486402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:37.000Z",
|
|
"modified": "2016-05-18T19:27:37.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: a1ee4e4ba27b4035f29fa6ab943ae072d42e65b8",
|
|
"pattern": "[file:hashes.SHA256 = '27ec3955527a606dea9450c5c38c8f22cc1eea6e6448ac88e840eeaee4af2b97']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc229-15e0-4129-9275-4cab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:37.000Z",
|
|
"modified": "2016-05-18T19:27:37.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: a1ee4e4ba27b4035f29fa6ab943ae072d42e65b8",
|
|
"pattern": "[file:hashes.MD5 = '4ad1b7d18f50691f38fc303dc8855184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22a-95f4-46c8-a2ac-44a802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:38.000Z",
|
|
"modified": "2016-05-18T19:27:38.000Z",
|
|
"first_observed": "2016-05-18T19:27:38Z",
|
|
"last_observed": "2016-05-18T19:27:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22a-95f4-46c8-a2ac-44a802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22a-95f4-46c8-a2ac-44a802de0b81",
|
|
"value": "https://www.virustotal.com/file/27ec3955527a606dea9450c5c38c8f22cc1eea6e6448ac88e840eeaee4af2b97/analysis/1463592093/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22a-e834-4820-9cdc-468b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:38.000Z",
|
|
"modified": "2016-05-18T19:27:38.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 803c48a93785581aa89422b6b1e73677bf8dc749",
|
|
"pattern": "[file:hashes.SHA256 = '14106ffda72ac73d23b90e7c7d612e376b5331ede5b2d149db43101a09a41378']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22a-b434-4fde-99ad-436502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:38.000Z",
|
|
"modified": "2016-05-18T19:27:38.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 803c48a93785581aa89422b6b1e73677bf8dc749",
|
|
"pattern": "[file:hashes.MD5 = '86b3ed96fbf0c58b87e141db204bea1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22a-f938-438b-b060-422502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:38.000Z",
|
|
"modified": "2016-05-18T19:27:38.000Z",
|
|
"first_observed": "2016-05-18T19:27:38Z",
|
|
"last_observed": "2016-05-18T19:27:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22a-f938-438b-b060-422502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22a-f938-438b-b060-422502de0b81",
|
|
"value": "https://www.virustotal.com/file/14106ffda72ac73d23b90e7c7d612e376b5331ede5b2d149db43101a09a41378/analysis/1463592093/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22a-b860-432e-973a-492202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:38.000Z",
|
|
"modified": "2016-05-18T19:27:38.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: eafc458aac3f1564e940bac7d45c1e659636cc86",
|
|
"pattern": "[file:hashes.SHA256 = '0fc2dd3e36bad9c14289428d83dbb2ff1659b100fdfecd32a232314deb87f831']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22b-2b64-4b99-8031-423702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:39.000Z",
|
|
"modified": "2016-05-18T19:27:39.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: eafc458aac3f1564e940bac7d45c1e659636cc86",
|
|
"pattern": "[file:hashes.MD5 = '5f9c1ef5b44f2873c3d8c32f087140f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22b-d188-44ce-b04c-49ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:39.000Z",
|
|
"modified": "2016-05-18T19:27:39.000Z",
|
|
"first_observed": "2016-05-18T19:27:39Z",
|
|
"last_observed": "2016-05-18T19:27:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22b-d188-44ce-b04c-49ac02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22b-d188-44ce-b04c-49ac02de0b81",
|
|
"value": "https://www.virustotal.com/file/0fc2dd3e36bad9c14289428d83dbb2ff1659b100fdfecd32a232314deb87f831/analysis/1463592092/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22b-6cfc-4db9-8452-4eb802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:39.000Z",
|
|
"modified": "2016-05-18T19:27:39.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: e3e9ca2ac83cfadd80fecd002b377b6b41ac5250",
|
|
"pattern": "[file:hashes.SHA256 = '573220ef6be2a2babd39c42b16924dc3882da2d34cdbc0a513cb3a4546f7feba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22b-a808-42d2-8b4e-4a5f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:39.000Z",
|
|
"modified": "2016-05-18T19:27:39.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: e3e9ca2ac83cfadd80fecd002b377b6b41ac5250",
|
|
"pattern": "[file:hashes.MD5 = 'b639ca1c4898ffa4883d69c378fd0355']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22b-ac58-40cd-a8f5-49f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:39.000Z",
|
|
"modified": "2016-05-18T19:27:39.000Z",
|
|
"first_observed": "2016-05-18T19:27:39Z",
|
|
"last_observed": "2016-05-18T19:27:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22b-ac58-40cd-a8f5-49f302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22b-ac58-40cd-a8f5-49f302de0b81",
|
|
"value": "https://www.virustotal.com/file/573220ef6be2a2babd39c42b16924dc3882da2d34cdbc0a513cb3a4546f7feba/analysis/1463592091/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22c-8b14-4262-a3c9-481102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:40.000Z",
|
|
"modified": "2016-05-18T19:27:40.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 00bccebb7614ba270ca2908ee5711f25d3740e7e",
|
|
"pattern": "[file:hashes.SHA256 = '6bfba104e5acde54a53ec248018c9646b30d1938ec07e24fea478123de9726b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22c-0570-4f84-98d5-45ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:40.000Z",
|
|
"modified": "2016-05-18T19:27:40.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 00bccebb7614ba270ca2908ee5711f25d3740e7e",
|
|
"pattern": "[file:hashes.MD5 = 'd7f253f2236fc349fa08b5ca00314986']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22c-99dc-4cef-b6be-472902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:40.000Z",
|
|
"modified": "2016-05-18T19:27:40.000Z",
|
|
"first_observed": "2016-05-18T19:27:40Z",
|
|
"last_observed": "2016-05-18T19:27:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22c-99dc-4cef-b6be-472902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22c-99dc-4cef-b6be-472902de0b81",
|
|
"value": "https://www.virustotal.com/file/6bfba104e5acde54a53ec248018c9646b30d1938ec07e24fea478123de9726b7/analysis/1463592091/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22c-df0c-48ee-b8e2-4a8402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:40.000Z",
|
|
"modified": "2016-05-18T19:27:40.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: eab122e5857df838469b5b00da0a3bd06df8da05",
|
|
"pattern": "[file:hashes.SHA256 = 'bcea26e2c945c1dc011a7912aa093fd17bd9e228db03152948d6cdba45ad2d07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22c-274c-4af0-b4e4-4dde02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:40.000Z",
|
|
"modified": "2016-05-18T19:27:40.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: eab122e5857df838469b5b00da0a3bd06df8da05",
|
|
"pattern": "[file:hashes.MD5 = 'f27dddb682b6fc74e62c221697c335b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22d-c53c-4d73-ae66-49c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:41.000Z",
|
|
"modified": "2016-05-18T19:27:41.000Z",
|
|
"first_observed": "2016-05-18T19:27:41Z",
|
|
"last_observed": "2016-05-18T19:27:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22d-c53c-4d73-ae66-49c602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22d-c53c-4d73-ae66-49c602de0b81",
|
|
"value": "https://www.virustotal.com/file/bcea26e2c945c1dc011a7912aa093fd17bd9e228db03152948d6cdba45ad2d07/analysis/1463592089/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22d-3354-46d5-96c4-4ebc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:41.000Z",
|
|
"modified": "2016-05-18T19:27:41.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 2b0fb236ddc0098addf051531912fc2601ffccdc",
|
|
"pattern": "[file:hashes.SHA256 = '86a1c920637ecc243859e91a8c077397ce193184a435f0935c0de80740330508']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22d-652c-4789-a60b-48d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:41.000Z",
|
|
"modified": "2016-05-18T19:27:41.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 2b0fb236ddc0098addf051531912fc2601ffccdc",
|
|
"pattern": "[file:hashes.MD5 = 'd7ddbc1a073350349920d29d3dfccbe0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22d-9aa4-4d96-8a23-4d0402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:41.000Z",
|
|
"modified": "2016-05-18T19:27:41.000Z",
|
|
"first_observed": "2016-05-18T19:27:41Z",
|
|
"last_observed": "2016-05-18T19:27:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22d-9aa4-4d96-8a23-4d0402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22d-9aa4-4d96-8a23-4d0402de0b81",
|
|
"value": "https://www.virustotal.com/file/86a1c920637ecc243859e91a8c077397ce193184a435f0935c0de80740330508/analysis/1463592090/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22d-a398-4934-89f7-4f6f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:41.000Z",
|
|
"modified": "2016-05-18T19:27:41.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: d7f35b66c554ee1076279df54c4e931651a7a211",
|
|
"pattern": "[file:hashes.SHA256 = 'e8528c3d2f4d0ee91ffc96a266c21c111441227e665f0d219ede7c2d3d5dba85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22e-7e68-4022-b4f9-497702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:42.000Z",
|
|
"modified": "2016-05-18T19:27:42.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: d7f35b66c554ee1076279df54c4e931651a7a211",
|
|
"pattern": "[file:hashes.MD5 = '839dd0d8a603151e4e486f5958aa1140']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22e-88f0-45a8-9763-4d9202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:42.000Z",
|
|
"modified": "2016-05-18T19:27:42.000Z",
|
|
"first_observed": "2016-05-18T19:27:42Z",
|
|
"last_observed": "2016-05-18T19:27:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22e-88f0-45a8-9763-4d9202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22e-88f0-45a8-9763-4d9202de0b81",
|
|
"value": "https://www.virustotal.com/file/e8528c3d2f4d0ee91ffc96a266c21c111441227e665f0d219ede7c2d3d5dba85/analysis/1463592089/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22e-9544-4aeb-a046-4e5402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:42.000Z",
|
|
"modified": "2016-05-18T19:27:42.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 7c28b907e1053f825478a74fdc1090fbf71dd878",
|
|
"pattern": "[file:hashes.SHA256 = '2639a62b2ab8ac81ad5f644837da3a900c592d650617b8fe74cb87585383ac6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22e-3c1c-45db-9e84-4a0902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:42.000Z",
|
|
"modified": "2016-05-18T19:27:42.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 7c28b907e1053f825478a74fdc1090fbf71dd878",
|
|
"pattern": "[file:hashes.MD5 = '82df9bbb4e08f059ec4c08b15c106d3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22e-3ce0-4785-88ae-47a902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:42.000Z",
|
|
"modified": "2016-05-18T19:27:42.000Z",
|
|
"first_observed": "2016-05-18T19:27:42Z",
|
|
"last_observed": "2016-05-18T19:27:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22e-3ce0-4785-88ae-47a902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22e-3ce0-4785-88ae-47a902de0b81",
|
|
"value": "https://www.virustotal.com/file/2639a62b2ab8ac81ad5f644837da3a900c592d650617b8fe74cb87585383ac6c/analysis/1463592089/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22e-9b4c-4ad9-bc5e-40db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:42.000Z",
|
|
"modified": "2016-05-18T19:27:42.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: cf09b0cd03c9d0553f0b82827c989d04f1a1faf1",
|
|
"pattern": "[file:hashes.SHA256 = 'cd82d0867534296a192faf8058d47c201c54511b3fe3667c75b1479321d1320b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22f-1b4c-49f2-a774-44b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:43.000Z",
|
|
"modified": "2016-05-18T19:27:43.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: cf09b0cd03c9d0553f0b82827c989d04f1a1faf1",
|
|
"pattern": "[file:hashes.MD5 = '6612bd400e8d43f7edabbf961eb23d66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22f-f370-44cc-8988-43fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:43.000Z",
|
|
"modified": "2016-05-18T19:27:43.000Z",
|
|
"first_observed": "2016-05-18T19:27:43Z",
|
|
"last_observed": "2016-05-18T19:27:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22f-f370-44cc-8988-43fe02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22f-f370-44cc-8988-43fe02de0b81",
|
|
"value": "https://www.virustotal.com/file/cd82d0867534296a192faf8058d47c201c54511b3fe3667c75b1479321d1320b/analysis/1463592089/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22f-a720-464c-90bd-4a8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:43.000Z",
|
|
"modified": "2016-05-18T19:27:43.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: c0fbe31f1e6e56e93932076ba55a5229e22b5c4a",
|
|
"pattern": "[file:hashes.SHA256 = '8421bc0f086fe51755c4255e1b67907ffdac715f3b5a57086a60079448a38b30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc22f-8780-43af-a256-44ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:43.000Z",
|
|
"modified": "2016-05-18T19:27:43.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: c0fbe31f1e6e56e93932076ba55a5229e22b5c4a",
|
|
"pattern": "[file:hashes.MD5 = 'd67a526e0117deebe49aeef4a036b4b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc22f-5e5c-4423-a4d2-422102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:43.000Z",
|
|
"modified": "2016-05-18T19:27:43.000Z",
|
|
"first_observed": "2016-05-18T19:27:43Z",
|
|
"last_observed": "2016-05-18T19:27:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc22f-5e5c-4423-a4d2-422102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc22f-5e5c-4423-a4d2-422102de0b81",
|
|
"value": "https://www.virustotal.com/file/8421bc0f086fe51755c4255e1b67907ffdac715f3b5a57086a60079448a38b30/analysis/1463592090/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc230-9864-468d-91b0-4fbc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:44.000Z",
|
|
"modified": "2016-05-18T19:27:44.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 0296191b323900b2bc014e2acb5e0614c679b682",
|
|
"pattern": "[file:hashes.SHA256 = '97e46209346be8d297ae928b26d1bb196214810524ff7fc422e385bca7f67d8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc230-7bdc-4aff-881c-42ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:44.000Z",
|
|
"modified": "2016-05-18T19:27:44.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 0296191b323900b2bc014e2acb5e0614c679b682",
|
|
"pattern": "[file:hashes.MD5 = '1876fd377ff655e308d1c9b8dbd13e10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc230-ef54-4609-a102-473d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:44.000Z",
|
|
"modified": "2016-05-18T19:27:44.000Z",
|
|
"first_observed": "2016-05-18T19:27:44Z",
|
|
"last_observed": "2016-05-18T19:27:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc230-ef54-4609-a102-473d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc230-ef54-4609-a102-473d02de0b81",
|
|
"value": "https://www.virustotal.com/file/97e46209346be8d297ae928b26d1bb196214810524ff7fc422e385bca7f67d8c/analysis/1463592088/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc230-246c-48a9-b416-43a902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:44.000Z",
|
|
"modified": "2016-05-18T19:27:44.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 66c143d7c33666903b174f4b94d609be8791914d",
|
|
"pattern": "[file:hashes.SHA256 = '7bc4b4e7796eaedb7e6fc8314391c0d0a91ccd8f331c4ebcf4957f1c50a2bd80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc230-b154-4791-a608-47bb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:44.000Z",
|
|
"modified": "2016-05-18T19:27:44.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 66c143d7c33666903b174f4b94d609be8791914d",
|
|
"pattern": "[file:hashes.MD5 = 'a3b791bc2675c9fe205be414511c39b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc231-9c5c-4fa4-a12c-4f3902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:45.000Z",
|
|
"modified": "2016-05-18T19:27:45.000Z",
|
|
"first_observed": "2016-05-18T19:27:45Z",
|
|
"last_observed": "2016-05-18T19:27:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc231-9c5c-4fa4-a12c-4f3902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc231-9c5c-4fa4-a12c-4f3902de0b81",
|
|
"value": "https://www.virustotal.com/file/7bc4b4e7796eaedb7e6fc8314391c0d0a91ccd8f331c4ebcf4957f1c50a2bd80/analysis/1463592088/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc231-b638-4a40-b4ba-43c902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:45.000Z",
|
|
"modified": "2016-05-18T19:27:45.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 029f054a52fe93b0cd6c4d1d815a795eae9caab4",
|
|
"pattern": "[file:hashes.SHA256 = '9b74ea3668e00e39ae00d363866dd195728c1b790d88e76b5197150d523d7c04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc231-b550-481e-863f-492a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:45.000Z",
|
|
"modified": "2016-05-18T19:27:45.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 029f054a52fe93b0cd6c4d1d815a795eae9caab4",
|
|
"pattern": "[file:hashes.MD5 = '2e3d9e4fa96276771e9d88e8161bf5a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc231-6f58-4fa4-a0f8-4fdc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:45.000Z",
|
|
"modified": "2016-05-18T19:27:45.000Z",
|
|
"first_observed": "2016-05-18T19:27:45Z",
|
|
"last_observed": "2016-05-18T19:27:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc231-6f58-4fa4-a0f8-4fdc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc231-6f58-4fa4-a0f8-4fdc02de0b81",
|
|
"value": "https://www.virustotal.com/file/9b74ea3668e00e39ae00d363866dd195728c1b790d88e76b5197150d523d7c04/analysis/1463592088/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc231-25fc-43fc-b5b5-423f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:45.000Z",
|
|
"modified": "2016-05-18T19:27:45.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 37f75844c0d0f7f80a699153af131984d2ce2b6d",
|
|
"pattern": "[file:hashes.SHA256 = '79ecab9dbbf2fb0a73409379662f416518f03a1f5f540ab87675d1cf052b3b31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--573cc232-81fc-4afb-9c9f-4c9802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:46.000Z",
|
|
"modified": "2016-05-18T19:27:46.000Z",
|
|
"description": "Prikormka droppers - Xchecked via VT: 37f75844c0d0f7f80a699153af131984d2ce2b6d",
|
|
"pattern": "[file:hashes.MD5 = '35dd4e1df7424df6e6f7ffb7467d7062']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-18T19:27:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--573cc232-23a8-42cd-b6c5-4f6102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-18T19:27:46.000Z",
|
|
"modified": "2016-05-18T19:27:46.000Z",
|
|
"first_observed": "2016-05-18T19:27:46Z",
|
|
"last_observed": "2016-05-18T19:27:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--573cc232-23a8-42cd-b6c5-4f6102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--573cc232-23a8-42cd-b6c5-4f6102de0b81",
|
|
"value": "https://www.virustotal.com/file/79ecab9dbbf2fb0a73409379662f416518f03a1f5f540ab87675d1cf052b3b31/analysis/1463592088/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |