adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/57b4b374-aa14-40c1-9518-4dde02de0b81.json

3246 lines
No EOL
136 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--57b4b374-aa14-40c1-9518-4dde02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-19T14:38:54.000Z",
"modified": "2016-08-19T14:38:54.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57b4b374-aa14-40c1-9518-4dde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-19T14:38:54.000Z",
"modified": "2016-08-19T14:38:54.000Z",
"name": "OSINT - Operation Ghoul: targeted attacks on industrial and engineering organizations",
"published": "2016-08-19T14:40:48Z",
"object_refs": [
"x-misp-attribute--57b4b39b-f0dc-4a8c-8796-475d02de0b81",
"observed-data--57b4b3a5-76e0-4af1-8c0e-46f602de0b81",
"url--57b4b3a5-76e0-4af1-8c0e-46f602de0b81",
"indicator--57b4b3be-da28-40e9-8512-4b1202de0b81",
"indicator--57b4b3be-9468-4140-846f-4fe702de0b81",
"indicator--57b4b3bf-0484-4431-8738-46fb02de0b81",
"indicator--57b4b3bf-bc68-4d9b-9d9f-4fce02de0b81",
"indicator--57b4b3bf-4314-4a0f-a6c4-401602de0b81",
"indicator--57b4b3bf-2570-44e0-9087-469202de0b81",
"indicator--57b4b3bf-e1e8-4ac4-952a-430502de0b81",
"indicator--57b4b3c0-d018-4f3c-a466-407502de0b81",
"indicator--57b4b3c0-f488-4ae2-b66e-41dc02de0b81",
"indicator--57b4b3c0-4eac-4c6e-9148-423f02de0b81",
"indicator--57b4b3c0-ef20-478a-b107-4d1f02de0b81",
"indicator--57b4b405-26e4-4ccd-bae7-4bc802de0b81",
"indicator--57b4b405-b644-487c-9698-4d6802de0b81",
"indicator--57b4b406-00d0-4a32-aaf3-494802de0b81",
"indicator--57b4b406-a590-491b-96b7-4ee802de0b81",
"indicator--57b4b406-e394-4de9-a676-44e202de0b81",
"indicator--57b4b406-34b4-40e9-85e3-48ca02de0b81",
"indicator--57b4b407-b258-48c6-b05d-4c0602de0b81",
"indicator--57b4b407-c314-4531-80cc-4cce02de0b81",
"indicator--57b4b407-5bdc-41cc-972d-464b02de0b81",
"indicator--57b4b407-56f0-4b04-9cdd-426a02de0b81",
"indicator--57b4b407-0598-408f-bda2-4e5d02de0b81",
"indicator--57b4b408-3bdc-4bb9-be7e-4f2a02de0b81",
"indicator--57b4b408-7fe8-4c34-8b35-447d02de0b81",
"indicator--57b4b408-d1a0-4354-a5f1-4e5f02de0b81",
"indicator--57b4b408-a83c-4139-8b56-490902de0b81",
"indicator--57b4b408-e088-4755-8874-4b5f02de0b81",
"indicator--57b4b409-9ac4-4052-ab67-4d8c02de0b81",
"indicator--57b4b409-6efc-4ce4-9b1c-4c4b02de0b81",
"indicator--57b4b409-138c-4926-8064-41f002de0b81",
"indicator--57b4b41a-3f24-4ba9-88bb-466f02de0b81",
"indicator--57b4b433-b65c-4d00-b307-44d202de0b81",
"indicator--57b4b433-17a0-49f1-aa66-4ab602de0b81",
"indicator--57b4b433-6d44-4fcf-ae6f-455002de0b81",
"indicator--57b4b433-2894-498c-9185-41a402de0b81",
"indicator--57b4b434-40b8-48c4-a723-476902de0b81",
"indicator--57b4b434-7184-4302-91e9-4b4402de0b81",
"indicator--57b4b434-d0f4-4591-8864-412602de0b81",
"indicator--57b4b434-03b8-4290-9fa6-4ef802de0b81",
"indicator--57b4b434-6134-4fc8-81a2-419402de0b81",
"indicator--57b4b434-6054-4d4d-af87-4a3e02de0b81",
"indicator--57b4b435-6074-490f-b2b9-492902de0b81",
"indicator--57b4b435-97ec-4ac8-94db-4d8a02de0b81",
"indicator--57b4b435-2ba4-4a46-886b-431802de0b81",
"indicator--57b4b435-e94c-4721-a387-4bc302de0b81",
"indicator--57b4b435-7d70-4929-9541-495902de0b81",
"indicator--57b4b436-3a64-479c-b1d6-4aa602de0b81",
"indicator--57b4b452-e338-4504-bc83-499702de0b81",
"indicator--57b4b452-65a0-4af3-b981-4a7b02de0b81",
"indicator--57b4b452-9b3c-40a2-87b2-4d4d02de0b81",
"indicator--57b4b453-7128-42d2-b595-4eb902de0b81",
"indicator--57b4b453-bd40-4703-afe5-433c02de0b81",
"indicator--57b4b453-d62c-4409-8294-41f602de0b81",
"indicator--57b4b453-f2dc-4a96-9500-491c02de0b81",
"indicator--57b4b453-04ac-4f55-906e-4a5302de0b81",
"indicator--57b4b453-3374-445c-907f-4b3c02de0b81",
"indicator--57b4b469-3790-4c64-9f1f-4ac802de0b81",
"indicator--57b4b48b-22a8-4b01-8a65-4f7e02de0b81",
"indicator--57b4b48c-c0a8-4683-812c-412702de0b81",
"indicator--57b4b48c-728c-47a8-bfd6-462602de0b81",
"indicator--57b4b48c-4ab0-4030-b08a-439a02de0b81",
"indicator--57b4b48c-dd10-4463-bde3-4c0202de0b81",
"indicator--57b4b48c-9178-4ed4-ab8b-47fd02de0b81",
"indicator--57b4b48d-c194-4c24-9500-40f302de0b81",
"indicator--57b4b48d-2c58-490c-9c78-41c702de0b81",
"indicator--57b4b48d-3f6c-46e9-a20b-401602de0b81",
"indicator--57b4b4c0-cedc-4a83-a7a4-476302de0b81",
"indicator--57b4b4c0-7ec4-4b58-be83-4dd302de0b81",
"observed-data--57b4b4c1-01f4-411e-b521-4a1d02de0b81",
"url--57b4b4c1-01f4-411e-b521-4a1d02de0b81",
"indicator--57b4b4c1-44bc-48ce-94aa-4ae102de0b81",
"indicator--57b4b4c1-cb88-4e28-983f-4f2a02de0b81",
"observed-data--57b4b4c1-a1bc-4eae-a9dd-42db02de0b81",
"url--57b4b4c1-a1bc-4eae-a9dd-42db02de0b81",
"indicator--57b4b4c1-9924-4321-9cd2-4be002de0b81",
"indicator--57b4b4c1-6aec-4dc9-a102-4c4902de0b81",
"observed-data--57b4b4c2-7564-4072-978d-480d02de0b81",
"url--57b4b4c2-7564-4072-978d-480d02de0b81",
"indicator--57b4b4c2-2de0-441c-91fb-4ea802de0b81",
"indicator--57b4b4c2-dcc0-4ee0-a8d1-4bcc02de0b81",
"observed-data--57b4b4c2-f5d0-4552-ae86-4a1602de0b81",
"url--57b4b4c2-f5d0-4552-ae86-4a1602de0b81",
"indicator--57b4b4c2-2394-4262-af3b-4e5602de0b81",
"indicator--57b4b4c3-b350-4cbd-b255-473802de0b81",
"observed-data--57b4b4c3-d870-4373-9c18-4bda02de0b81",
"url--57b4b4c3-d870-4373-9c18-4bda02de0b81",
"indicator--57b4b4c3-f03c-48c6-952b-4deb02de0b81",
"indicator--57b4b4c3-c07c-4dab-a9b8-46c702de0b81",
"observed-data--57b4b4c3-11cc-4267-9cf8-463302de0b81",
"url--57b4b4c3-11cc-4267-9cf8-463302de0b81",
"indicator--57b4b4c3-9650-4a60-836b-4f1902de0b81",
"indicator--57b4b4c4-074c-47e9-a723-423e02de0b81",
"observed-data--57b4b4c4-c470-4d03-b749-464302de0b81",
"url--57b4b4c4-c470-4d03-b749-464302de0b81",
"indicator--57b4b4c4-52fc-48b6-81e6-4fd602de0b81",
"indicator--57b4b4c4-5f44-4c32-9dd2-4b1702de0b81",
"observed-data--57b4b4c4-e1a4-4cfa-a1e5-476502de0b81",
"url--57b4b4c4-e1a4-4cfa-a1e5-476502de0b81",
"indicator--57b4b4c5-21a8-4bf7-ba0e-47ba02de0b81",
"indicator--57b4b4c5-7f48-4589-bd68-413302de0b81",
"observed-data--57b4b4c5-ee54-4ed6-a0ef-44c202de0b81",
"url--57b4b4c5-ee54-4ed6-a0ef-44c202de0b81",
"indicator--57b4b4c5-8470-4c3c-92bf-439302de0b81",
"indicator--57b4b4c5-4e18-4464-b451-435602de0b81",
"observed-data--57b4b4c6-0288-4cfc-8b24-4b6b02de0b81",
"url--57b4b4c6-0288-4cfc-8b24-4b6b02de0b81",
"indicator--57b4b4c6-0bb0-4c9b-9267-4b8302de0b81",
"indicator--57b4b4c6-bef0-4792-86f6-4f4902de0b81",
"observed-data--57b4b4c6-6764-44e8-89f9-488c02de0b81",
"url--57b4b4c6-6764-44e8-89f9-488c02de0b81",
"indicator--57b4b4c6-f490-4780-8781-4d0202de0b81",
"indicator--57b4b4c6-121c-41d3-8582-4f9d02de0b81",
"observed-data--57b4b4c7-09f4-42e9-8175-461002de0b81",
"url--57b4b4c7-09f4-42e9-8175-461002de0b81",
"indicator--57b4b4c7-a9bc-457b-9eba-457402de0b81",
"indicator--57b4b4c7-def0-42a1-ae7a-494f02de0b81",
"observed-data--57b4b4c7-f324-4ba0-a33f-4d1702de0b81",
"url--57b4b4c7-f324-4ba0-a33f-4d1702de0b81",
"indicator--57b4b4c7-06f0-4440-b904-4b7602de0b81",
"indicator--57b4b4c8-d3fc-4df0-ab06-4f4502de0b81",
"observed-data--57b4b4c8-6e84-4148-8cbf-413402de0b81",
"url--57b4b4c8-6e84-4148-8cbf-413402de0b81",
"indicator--57b4b4c8-0db4-44ad-8bf7-4b4002de0b81",
"indicator--57b4b4c8-6130-4eab-8480-491d02de0b81",
"observed-data--57b4b4c8-07a0-4d61-a84e-4c9702de0b81",
"url--57b4b4c8-07a0-4d61-a84e-4c9702de0b81",
"indicator--57b4b4c8-ceb8-4c61-a3c1-428b02de0b81",
"indicator--57b4b4c9-dcf4-4781-b840-405c02de0b81",
"observed-data--57b4b4c9-5e04-4567-9699-444602de0b81",
"url--57b4b4c9-5e04-4567-9699-444602de0b81",
"indicator--57b4b4c9-287c-44b6-9cf1-473002de0b81",
"indicator--57b4b4c9-37ec-4f6c-a76a-475002de0b81",
"observed-data--57b4b4c9-38bc-4a9d-a531-476e02de0b81",
"url--57b4b4c9-38bc-4a9d-a531-476e02de0b81",
"indicator--57b4b4ca-0ffc-4666-998a-4d8502de0b81",
"indicator--57b4b4ca-8bc4-442c-9c26-4a4f02de0b81",
"observed-data--57b4b4ca-0040-4417-b368-400302de0b81",
"url--57b4b4ca-0040-4417-b368-400302de0b81",
"indicator--57b4b4ca-cc98-47b9-afe5-42b302de0b81",
"indicator--57b4b4ca-2940-4d99-9942-46ea02de0b81",
"observed-data--57b4b4ca-8430-495b-9bc9-41f902de0b81",
"url--57b4b4ca-8430-495b-9bc9-41f902de0b81",
"indicator--57b4b4cb-ecd4-402d-a88c-4cf002de0b81",
"indicator--57b4b4cb-0e4c-43a3-85b2-402102de0b81",
"observed-data--57b4b4cb-83a4-4047-9f9e-424202de0b81",
"url--57b4b4cb-83a4-4047-9f9e-424202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57b4b39b-f0dc-4a8c-8796-475d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:57:31.000Z",
"modified": "2016-08-17T18:57:31.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Kaspersky Lab has observed new waves of attacks that started on the 8th and the 27th of June 2016. These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions. The attackers try to lure targets through spear phishing emails that include compressed executables. The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers.\r\n\r\n#OpGhoul targeting industrial, manufacturing and engineering organizations in 30+ countries\r\nTweet\r\nWe found that the group behind this campaign targeted mainly industrial, engineering and manufacturing organizations in more than 30 countries. In total, over 130 organizations have been identified as victims of this campaign. Using the Kaspersky Security Network (KSN) and artifacts from malware files and attack sites, we were able to trace the attacks back to March 2015. Noteworthy is that since the beginning of their activities, the attackers\u00e2\u20ac\u2122 motivations are apparently financial, whether through the victims\u00e2\u20ac\u2122 banking accounts or through selling their intellectual property to interested parties, most infiltrated victim organizations are considered SMBs (Small to Medium size businesses, 30-300 employees), the utilization of commercial off-the-shelf malware makes the attribution of the attacks more difficult."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b3a5-76e0-4af1-8c0e-46f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:57:41.000Z",
"modified": "2016-08-17T18:57:41.000Z",
"first_observed": "2016-08-17T18:57:41Z",
"last_observed": "2016-08-17T18:57:41Z",
"number_observed": 1,
"object_refs": [
"url--57b4b3a5-76e0-4af1-8c0e-46f602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b3a5-76e0-4af1-8c0e-46f602de0b81",
"value": "https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3be-da28-40e9-8512-4b1202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:06.000Z",
"modified": "2016-08-17T18:58:06.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Microsoft\\\\Windows\\\\bthserv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3be-9468-4140-846f-4fe702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:06.000Z",
"modified": "2016-08-17T18:58:06.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Microsoft\\\\Windows\\\\BsBhvScan.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3bf-0484-4431-8738-46fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:06.000Z",
"modified": "2016-08-17T18:58:06.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Client\\\\WinHttpAutoProxySync.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3bf-bc68-4d9b-9d9f-4fce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:07.000Z",
"modified": "2016-08-17T18:58:07.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Client\\\\WdiServiceHost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3bf-4314-4a0f-a6c4-401602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:07.000Z",
"modified": "2016-08-17T18:58:07.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\AF7B1841C6A70C858E3201422E2D0BEA.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3bf-2570-44e0-9087-469202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:07.000Z",
"modified": "2016-08-17T18:58:07.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Helper\\\\Browser.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3bf-e1e8-4ac4-952a-430502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:07.000Z",
"modified": "2016-08-17T18:58:07.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Helper\\\\Mail.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3c0-d018-4f3c-a466-407502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:08.000Z",
"modified": "2016-08-17T18:58:08.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Helper\\\\Mess.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3c0-f488-4ae2-b66e-41dc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:08.000Z",
"modified": "2016-08-17T18:58:08.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Helper\\\\OS.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3c0-4eac-4c6e-9148-423f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:08.000Z",
"modified": "2016-08-17T18:58:08.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\Mails.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b3c0-ef20-478a-b107-4d1f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:58:08.000Z",
"modified": "2016-08-17T18:58:08.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\Browsers.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:58:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b405-26e4-4ccd-bae7-4bc802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:17.000Z",
"modified": "2016-08-17T18:59:17.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'f9ef50c53a10db09fc78c123a95e8eec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b405-b644-487c-9698-4d6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:17.000Z",
"modified": "2016-08-17T18:59:17.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'b8f6e6a0cb1bcf1f100b8d8ee5cccc4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b406-00d0-4a32-aaf3-494802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:18.000Z",
"modified": "2016-08-17T18:59:18.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '07b105f15010b8c99d7d727ff3a9e70f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b406-a590-491b-96b7-4ee802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:18.000Z",
"modified": "2016-08-17T18:59:18.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'ae2a78473d4544ed2acd46af2e09633d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b406-e394-4de9-a676-44e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:18.000Z",
"modified": "2016-08-17T18:59:18.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '21ea64157c84ef6b0451513d0d11d02e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b406-34b4-40e9-85e3-48ca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:18.000Z",
"modified": "2016-08-17T18:59:18.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '08c18d38809910667bbed747b2746201']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b407-b258-48c6-b05d-4c0602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:18.000Z",
"modified": "2016-08-17T18:59:18.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'fc8da575077ae3db4f9b5991ae67dab1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b407-c314-4531-80cc-4cce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:19.000Z",
"modified": "2016-08-17T18:59:19.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '8d46ee2d141176e9543dea9bf1c079c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b407-5bdc-41cc-972d-464b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:19.000Z",
"modified": "2016-08-17T18:59:19.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '36a9ae8c6d32599f21c9d1725485f1a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b407-56f0-4b04-9cdd-426a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:19.000Z",
"modified": "2016-08-17T18:59:19.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'cc6926cde42c6e29e96474f740d12a78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b407-0598-408f-bda2-4e5d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:19.000Z",
"modified": "2016-08-17T18:59:19.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '6e959ccb692668e70780ff92757d2335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b408-3bdc-4bb9-be7e-4f2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:20.000Z",
"modified": "2016-08-17T18:59:20.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '3664d7150ac98571e7b5652fd7e44085']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b408-7fe8-4c34-8b35-447d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:20.000Z",
"modified": "2016-08-17T18:59:20.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'd87d26309ef01b162882ee5069dc0bde']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b408-d1a0-4354-a5f1-4e5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:20.000Z",
"modified": "2016-08-17T18:59:20.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '5a97d62dc84ede64846ea4f3ad4d2f93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b408-a83c-4139-8b56-490902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:20.000Z",
"modified": "2016-08-17T18:59:20.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '5a68f149c193715d13a361732f5adaa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b408-e088-4755-8874-4b5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:20.000Z",
"modified": "2016-08-17T18:59:20.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'dabc47df7ae7d921f18faf685c367889']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b409-9ac4-4052-ab67-4d8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:21.000Z",
"modified": "2016-08-17T18:59:21.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'aaee8ba81bee3deb1c95bd3aaa6b13d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b409-6efc-4ce4-9b1c-4c4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:21.000Z",
"modified": "2016-08-17T18:59:21.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = '460e18f5ae3e3eb38f8cae911d447590']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b409-138c-4926-8064-41f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:21.000Z",
"modified": "2016-08-17T18:59:21.000Z",
"description": "List of malware",
"pattern": "[file:hashes.MD5 = 'c3cf7b29426b9749ece1465a4ab4259e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b41a-3f24-4ba9-88bb-466f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T18:59:38.000Z",
"modified": "2016-08-17T18:59:38.000Z",
"pattern": "[file:hashes.MD5 = '55358155f96b67879938fe1a14a00dd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T18:59:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b433-b65c-4d00-b307-44d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:03.000Z",
"modified": "2016-08-17T19:00:03.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'indyproject.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b433-17a0-49f1-aa66-4ab602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:03.000Z",
"modified": "2016-08-17T19:00:03.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'studiousb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b433-6d44-4fcf-ae6f-455002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:03.000Z",
"modified": "2016-08-17T19:00:03.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'copylines.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b433-2894-498c-9185-41a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:03.000Z",
"modified": "2016-08-17T19:00:03.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'glazeautocaree.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b434-40b8-48c4-a723-476902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:04.000Z",
"modified": "2016-08-17T19:00:04.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'brokelimiteds.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b434-7184-4302-91e9-4b4402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:04.000Z",
"modified": "2016-08-17T19:00:04.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'meedlifespeed.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b434-d0f4-4591-8864-412602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:04.000Z",
"modified": "2016-08-17T19:00:04.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = '468213579.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b434-03b8-4290-9fa6-4ef802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:04.000Z",
"modified": "2016-08-17T19:00:04.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = '357912468.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b434-6134-4fc8-81a2-419402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:04.000Z",
"modified": "2016-08-17T19:00:04.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'aboranian.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b434-6054-4d4d-af87-4a3e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:04.000Z",
"modified": "2016-08-17T19:00:04.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'apple-recovery.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b435-6074-490f-b2b9-492902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:05.000Z",
"modified": "2016-08-17T19:00:05.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'security-block.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b435-97ec-4ac8-94db-4d8a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:05.000Z",
"modified": "2016-08-17T19:00:05.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'com-wn.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b435-2ba4-4a46-886b-431802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:05.000Z",
"modified": "2016-08-17T19:00:05.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'f444c4f547116bfd052461b0b3ab1bc2b445a.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b435-e94c-4721-a387-4bc302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:05.000Z",
"modified": "2016-08-17T19:00:05.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'deluxepharmacy.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b435-7d70-4929-9541-495902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:05.000Z",
"modified": "2016-08-17T19:00:05.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'katynew.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b436-3a64-479c-b1d6-4aa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:06.000Z",
"modified": "2016-08-17T19:00:06.000Z",
"description": "List of malware related domains",
"pattern": "[domain-name:value = 'mercadojs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b452-e338-4504-bc83-499702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:34.000Z",
"modified": "2016-08-17T19:00:34.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://free.meedlifespeed.com/ComCast/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b452-65a0-4af3-b981-4a7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:34.000Z",
"modified": "2016-08-17T19:00:34.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://emailreferentie.appleid.apple.nl.468213579.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b452-9b3c-40a2-87b2-4d4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:34.000Z",
"modified": "2016-08-17T19:00:34.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://468213579.com/emailreferentie.appleid.apple.nl/emailverificatie-40985443/home/login.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b453-7128-42d2-b595-4eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:35.000Z",
"modified": "2016-08-17T19:00:35.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://192.169.82.86/~gurgenle/verify/webmail/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b453-bd40-4703-afe5-433c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:35.000Z",
"modified": "2016-08-17T19:00:35.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://customer.comcast.com.aboranian.com/login']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b453-d62c-4409-8294-41f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:35.000Z",
"modified": "2016-08-17T19:00:35.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://apple-recovery.us/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b453-f2dc-4a96-9500-491c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:35.000Z",
"modified": "2016-08-17T19:00:35.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://apple.security-block.com/Apple\\\\%20-\\\\%20My\\\\%20Apple\\\\%20ID.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b453-04ac-4f55-906e-4a5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-19T14:38:54.000Z",
"modified": "2016-08-19T14:38:54.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://2b68.f444c4f547116bfd052461b0b3ab1bc2b445a.comb3af1139274f266b2hxxp://2b68.f444c4f547116bfd052461b0b3ab1bc2b445a.com/login.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-19T14:38:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b453-3374-445c-907f-4b3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:35.000Z",
"modified": "2016-08-17T19:00:35.000Z",
"description": "Observed phishing URLs",
"pattern": "[url:value = 'http://www.deluxepharmacy.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b469-3790-4c64-9f1f-4ac802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:00:57.000Z",
"modified": "2016-08-17T19:00:57.000Z",
"description": "Malware links observed dating back to March and April 2016",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.169.82.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48b-22a8-4b01-8a65-4f7e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:31.000Z",
"modified": "2016-08-17T19:01:31.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://glazeautocaree.com/proforma-invoice.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48c-c0a8-4683-812c-412702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:32.000Z",
"modified": "2016-08-17T19:01:32.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://brokelimiteds.in/cdn/images/bro.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48c-728c-47a8-bfd6-462602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:32.000Z",
"modified": "2016-08-17T19:01:32.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://brokelimiteds.in/cdn/images/onowu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48c-4ab0-4030-b08a-439a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:32.000Z",
"modified": "2016-08-17T19:01:32.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://brokelimiteds.in/cdn/images/obe.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48c-dd10-4463-bde3-4c0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:32.000Z",
"modified": "2016-08-17T19:01:32.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://brokelimiteds.in/wp-admin/css/upload/order.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48c-9178-4ed4-ab8b-47fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:32.000Z",
"modified": "2016-08-17T19:01:32.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://brokelimiteds.in/wp-admin/css/upload/orders.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48d-c194-4c24-9500-40f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:33.000Z",
"modified": "2016-08-17T19:01:33.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://papercuts.info/SocialMedia/java.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48d-2c58-490c-9c78-41c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:33.000Z",
"modified": "2016-08-17T19:01:33.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://studiousb.com/mercadolivrestudio/f.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b48d-3f6c-46e9-a20b-401602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:01:33.000Z",
"modified": "2016-08-17T19:01:33.000Z",
"description": "Other malware links",
"pattern": "[url:value = 'http://copylines.biz/lasagna/gate.php?request=true']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c0-cedc-4a83-a7a4-476302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:24.000Z",
"modified": "2016-08-17T19:02:24.000Z",
"description": "- Xchecked via VT: 55358155f96b67879938fe1a14a00dd6",
"pattern": "[file:hashes.SHA256 = '0772dfca662dbb8321673fb35cdddd7e12623d221707f9f06ab52adf22763046']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c0-7ec4-4b58-be83-4dd302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:24.000Z",
"modified": "2016-08-17T19:02:24.000Z",
"description": "- Xchecked via VT: 55358155f96b67879938fe1a14a00dd6",
"pattern": "[file:hashes.SHA1 = 'd88103d0a4aa6de3a6bb9b9e3aa90f550dd41a88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c1-01f4-411e-b521-4a1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:25.000Z",
"modified": "2016-08-17T19:02:25.000Z",
"first_observed": "2016-08-17T19:02:25Z",
"last_observed": "2016-08-17T19:02:25Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c1-01f4-411e-b521-4a1d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c1-01f4-411e-b521-4a1d02de0b81",
"value": "https://www.virustotal.com/file/0772dfca662dbb8321673fb35cdddd7e12623d221707f9f06ab52adf22763046/analysis/1467181382/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c1-44bc-48ce-94aa-4ae102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:25.000Z",
"modified": "2016-08-17T19:02:25.000Z",
"description": "List of malware - Xchecked via VT: c3cf7b29426b9749ece1465a4ab4259e",
"pattern": "[file:hashes.SHA256 = '96039d26d628c7ba2e5a3703237314708b10197f2d573763c21adb5c2533f78a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c1-cb88-4e28-983f-4f2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:25.000Z",
"modified": "2016-08-17T19:02:25.000Z",
"description": "List of malware - Xchecked via VT: c3cf7b29426b9749ece1465a4ab4259e",
"pattern": "[file:hashes.SHA1 = 'ba7f2d65716b95ce36d5414a3e2756cedd8434bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c1-a1bc-4eae-a9dd-42db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:25.000Z",
"modified": "2016-08-17T19:02:25.000Z",
"first_observed": "2016-08-17T19:02:25Z",
"last_observed": "2016-08-17T19:02:25Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c1-a1bc-4eae-a9dd-42db02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c1-a1bc-4eae-a9dd-42db02de0b81",
"value": "https://www.virustotal.com/file/96039d26d628c7ba2e5a3703237314708b10197f2d573763c21adb5c2533f78a/analysis/1464075072/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c1-9924-4321-9cd2-4be002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:25.000Z",
"modified": "2016-08-17T19:02:25.000Z",
"description": "List of malware - Xchecked via VT: 460e18f5ae3e3eb38f8cae911d447590",
"pattern": "[file:hashes.SHA256 = 'bb8fa31398ce2d97348146ee0f5ed0235fa8a77a283ec06207d9fb8a67de0fec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c1-6aec-4dc9-a102-4c4902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:25.000Z",
"modified": "2016-08-17T19:02:25.000Z",
"description": "List of malware - Xchecked via VT: 460e18f5ae3e3eb38f8cae911d447590",
"pattern": "[file:hashes.SHA1 = '16f69ead2be87d6d21f6211483cdf213dcb538d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c2-7564-4072-978d-480d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:26.000Z",
"modified": "2016-08-17T19:02:26.000Z",
"first_observed": "2016-08-17T19:02:26Z",
"last_observed": "2016-08-17T19:02:26Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c2-7564-4072-978d-480d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c2-7564-4072-978d-480d02de0b81",
"value": "https://www.virustotal.com/file/bb8fa31398ce2d97348146ee0f5ed0235fa8a77a283ec06207d9fb8a67de0fec/analysis/1465606872/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c2-2de0-441c-91fb-4ea802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:26.000Z",
"modified": "2016-08-17T19:02:26.000Z",
"description": "List of malware - Xchecked via VT: aaee8ba81bee3deb1c95bd3aaa6b13d7",
"pattern": "[file:hashes.SHA256 = '3006ed37daf4fd95f214bbdc8380ffec1e5cd043ef6db96dbd0090a6064ffc24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c2-dcc0-4ee0-a8d1-4bcc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:26.000Z",
"modified": "2016-08-17T19:02:26.000Z",
"description": "List of malware - Xchecked via VT: aaee8ba81bee3deb1c95bd3aaa6b13d7",
"pattern": "[file:hashes.SHA1 = '1a997856e3823b18f600f2486f2031eaf73800c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c2-f5d0-4552-ae86-4a1602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:26.000Z",
"modified": "2016-08-17T19:02:26.000Z",
"first_observed": "2016-08-17T19:02:26Z",
"last_observed": "2016-08-17T19:02:26Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c2-f5d0-4552-ae86-4a1602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c2-f5d0-4552-ae86-4a1602de0b81",
"value": "https://www.virustotal.com/file/3006ed37daf4fd95f214bbdc8380ffec1e5cd043ef6db96dbd0090a6064ffc24/analysis/1451924249/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c2-2394-4262-af3b-4e5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:26.000Z",
"modified": "2016-08-17T19:02:26.000Z",
"description": "List of malware - Xchecked via VT: dabc47df7ae7d921f18faf685c367889",
"pattern": "[file:hashes.SHA256 = 'ef92b10fdfc47e576d8053347865128ccc11dbe03ca91620aedd5ebf8b1c5ed5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c3-b350-4cbd-b255-473802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:27.000Z",
"modified": "2016-08-17T19:02:27.000Z",
"description": "List of malware - Xchecked via VT: dabc47df7ae7d921f18faf685c367889",
"pattern": "[file:hashes.SHA1 = 'c4d82a0d2958086829f21cb8c289443280a7b7f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c3-d870-4373-9c18-4bda02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:27.000Z",
"modified": "2016-08-17T19:02:27.000Z",
"first_observed": "2016-08-17T19:02:27Z",
"last_observed": "2016-08-17T19:02:27Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c3-d870-4373-9c18-4bda02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c3-d870-4373-9c18-4bda02de0b81",
"value": "https://www.virustotal.com/file/ef92b10fdfc47e576d8053347865128ccc11dbe03ca91620aedd5ebf8b1c5ed5/analysis/1470746574/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c3-f03c-48c6-952b-4deb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:27.000Z",
"modified": "2016-08-17T19:02:27.000Z",
"description": "List of malware - Xchecked via VT: 5a68f149c193715d13a361732f5adaa1",
"pattern": "[file:hashes.SHA256 = '45392f2ce54f822d8209c60efbb457d84a33517aecc35ae6c01af1aebb43ad7f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c3-c07c-4dab-a9b8-46c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:27.000Z",
"modified": "2016-08-17T19:02:27.000Z",
"description": "List of malware - Xchecked via VT: 5a68f149c193715d13a361732f5adaa1",
"pattern": "[file:hashes.SHA1 = '595acedc67537f8c76f9d7716f2ff0a64a44da77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c3-11cc-4267-9cf8-463302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:27.000Z",
"modified": "2016-08-17T19:02:27.000Z",
"first_observed": "2016-08-17T19:02:27Z",
"last_observed": "2016-08-17T19:02:27Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c3-11cc-4267-9cf8-463302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c3-11cc-4267-9cf8-463302de0b81",
"value": "https://www.virustotal.com/file/45392f2ce54f822d8209c60efbb457d84a33517aecc35ae6c01af1aebb43ad7f/analysis/1462432857/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c3-9650-4a60-836b-4f1902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:27.000Z",
"modified": "2016-08-17T19:02:27.000Z",
"description": "List of malware - Xchecked via VT: 5a97d62dc84ede64846ea4f3ad4d2f93",
"pattern": "[file:hashes.SHA256 = '337b91c266580ee06b3e1863e7b4d02e1d30a53e9e4a09524d10c43f9bebe87a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c4-074c-47e9-a723-423e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:28.000Z",
"modified": "2016-08-17T19:02:28.000Z",
"description": "List of malware - Xchecked via VT: 5a97d62dc84ede64846ea4f3ad4d2f93",
"pattern": "[file:hashes.SHA1 = 'a2c43e386b639fda382a954d10867439289fb235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c4-c470-4d03-b749-464302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:28.000Z",
"modified": "2016-08-17T19:02:28.000Z",
"first_observed": "2016-08-17T19:02:28Z",
"last_observed": "2016-08-17T19:02:28Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c4-c470-4d03-b749-464302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c4-c470-4d03-b749-464302de0b81",
"value": "https://www.virustotal.com/file/337b91c266580ee06b3e1863e7b4d02e1d30a53e9e4a09524d10c43f9bebe87a/analysis/1465328551/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c4-52fc-48b6-81e6-4fd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:28.000Z",
"modified": "2016-08-17T19:02:28.000Z",
"description": "List of malware - Xchecked via VT: d87d26309ef01b162882ee5069dc0bde",
"pattern": "[file:hashes.SHA256 = 'b1daa876b3715540a246a7d30271e82e6e5657d4862a0e8e77e64a3b2ba6a7af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c4-5f44-4c32-9dd2-4b1702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:28.000Z",
"modified": "2016-08-17T19:02:28.000Z",
"description": "List of malware - Xchecked via VT: d87d26309ef01b162882ee5069dc0bde",
"pattern": "[file:hashes.SHA1 = '845adb3fced50f06d0aedcc75f096e214a5a2064']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c4-e1a4-4cfa-a1e5-476502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:28.000Z",
"modified": "2016-08-17T19:02:28.000Z",
"first_observed": "2016-08-17T19:02:28Z",
"last_observed": "2016-08-17T19:02:28Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c4-e1a4-4cfa-a1e5-476502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c4-e1a4-4cfa-a1e5-476502de0b81",
"value": "https://www.virustotal.com/file/b1daa876b3715540a246a7d30271e82e6e5657d4862a0e8e77e64a3b2ba6a7af/analysis/1466698498/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c5-21a8-4bf7-ba0e-47ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:29.000Z",
"modified": "2016-08-17T19:02:29.000Z",
"description": "List of malware - Xchecked via VT: 3664d7150ac98571e7b5652fd7e44085",
"pattern": "[file:hashes.SHA256 = '35f50538300c2f8a4fe3eecb262db6126c794ff682102daf5c6d99b2e39a102d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c5-7f48-4589-bd68-413302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:29.000Z",
"modified": "2016-08-17T19:02:29.000Z",
"description": "List of malware - Xchecked via VT: 3664d7150ac98571e7b5652fd7e44085",
"pattern": "[file:hashes.SHA1 = 'fd96aa470e257caef4d19c6d9b95a7386786c58c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c5-ee54-4ed6-a0ef-44c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:29.000Z",
"modified": "2016-08-17T19:02:29.000Z",
"first_observed": "2016-08-17T19:02:29Z",
"last_observed": "2016-08-17T19:02:29Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c5-ee54-4ed6-a0ef-44c202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c5-ee54-4ed6-a0ef-44c202de0b81",
"value": "https://www.virustotal.com/file/35f50538300c2f8a4fe3eecb262db6126c794ff682102daf5c6d99b2e39a102d/analysis/1468921045/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c5-8470-4c3c-92bf-439302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:29.000Z",
"modified": "2016-08-17T19:02:29.000Z",
"description": "List of malware - Xchecked via VT: 6e959ccb692668e70780ff92757d2335",
"pattern": "[file:hashes.SHA256 = 'a99354b5cfd66b8c2cd7d46c0355621b4bc73f1dd6d743819c1b485eb65911ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c5-4e18-4464-b451-435602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:29.000Z",
"modified": "2016-08-17T19:02:29.000Z",
"description": "List of malware - Xchecked via VT: 6e959ccb692668e70780ff92757d2335",
"pattern": "[file:hashes.SHA1 = 'c7400c9323de956fad2a71a1aba749fc2d1e089d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c6-0288-4cfc-8b24-4b6b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:30.000Z",
"modified": "2016-08-17T19:02:30.000Z",
"first_observed": "2016-08-17T19:02:30Z",
"last_observed": "2016-08-17T19:02:30Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c6-0288-4cfc-8b24-4b6b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c6-0288-4cfc-8b24-4b6b02de0b81",
"value": "https://www.virustotal.com/file/a99354b5cfd66b8c2cd7d46c0355621b4bc73f1dd6d743819c1b485eb65911ff/analysis/1465427342/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c6-0bb0-4c9b-9267-4b8302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:30.000Z",
"modified": "2016-08-17T19:02:30.000Z",
"description": "List of malware - Xchecked via VT: cc6926cde42c6e29e96474f740d12a78",
"pattern": "[file:hashes.SHA256 = '86499b05e237f66c2cd8889db8e44bc159ea111dd03b43ac80b744d94c01c43f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c6-bef0-4792-86f6-4f4902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:30.000Z",
"modified": "2016-08-17T19:02:30.000Z",
"description": "List of malware - Xchecked via VT: cc6926cde42c6e29e96474f740d12a78",
"pattern": "[file:hashes.SHA1 = '14f8187eb30669cb2f939c1de9d3d74a2ca6f591']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c6-6764-44e8-89f9-488c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:30.000Z",
"modified": "2016-08-17T19:02:30.000Z",
"first_observed": "2016-08-17T19:02:30Z",
"last_observed": "2016-08-17T19:02:30Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c6-6764-44e8-89f9-488c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c6-6764-44e8-89f9-488c02de0b81",
"value": "https://www.virustotal.com/file/86499b05e237f66c2cd8889db8e44bc159ea111dd03b43ac80b744d94c01c43f/analysis/1465069122/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c6-f490-4780-8781-4d0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:30.000Z",
"modified": "2016-08-17T19:02:30.000Z",
"description": "List of malware - Xchecked via VT: 36a9ae8c6d32599f21c9d1725485f1a3",
"pattern": "[file:hashes.SHA256 = '38eecf22e4d5068b1b6265d90a7878ea31de8e98eb8f4c323017eeb33b054bfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c6-121c-41d3-8582-4f9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:30.000Z",
"modified": "2016-08-17T19:02:30.000Z",
"description": "List of malware - Xchecked via VT: 36a9ae8c6d32599f21c9d1725485f1a3",
"pattern": "[file:hashes.SHA1 = 'ceab5c4559b26b011a99867bdcba4ec39dedc51d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c7-09f4-42e9-8175-461002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:31.000Z",
"modified": "2016-08-17T19:02:31.000Z",
"first_observed": "2016-08-17T19:02:31Z",
"last_observed": "2016-08-17T19:02:31Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c7-09f4-42e9-8175-461002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c7-09f4-42e9-8175-461002de0b81",
"value": "https://www.virustotal.com/file/38eecf22e4d5068b1b6265d90a7878ea31de8e98eb8f4c323017eeb33b054bfa/analysis/1466932572/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c7-a9bc-457b-9eba-457402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:31.000Z",
"modified": "2016-08-17T19:02:31.000Z",
"description": "List of malware - Xchecked via VT: 8d46ee2d141176e9543dea9bf1c079c8",
"pattern": "[file:hashes.SHA256 = 'e7ef341ad0b17df0b35c191edaa77c0abf2da0d20238cf1e594aa9d0805d3f39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c7-def0-42a1-ae7a-494f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:31.000Z",
"modified": "2016-08-17T19:02:31.000Z",
"description": "List of malware - Xchecked via VT: 8d46ee2d141176e9543dea9bf1c079c8",
"pattern": "[file:hashes.SHA1 = '810c8cc0a3eb6e52e42f97ad6dfe511694952989']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c7-f324-4ba0-a33f-4d1702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:31.000Z",
"modified": "2016-08-17T19:02:31.000Z",
"first_observed": "2016-08-17T19:02:31Z",
"last_observed": "2016-08-17T19:02:31Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c7-f324-4ba0-a33f-4d1702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c7-f324-4ba0-a33f-4d1702de0b81",
"value": "https://www.virustotal.com/file/e7ef341ad0b17df0b35c191edaa77c0abf2da0d20238cf1e594aa9d0805d3f39/analysis/1465847424/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c7-06f0-4440-b904-4b7602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:31.000Z",
"modified": "2016-08-17T19:02:31.000Z",
"description": "List of malware - Xchecked via VT: fc8da575077ae3db4f9b5991ae67dab1",
"pattern": "[file:hashes.SHA256 = 'd22f9035ac8c69bb391bd478b01305c00bef0cb7b1b0b2ea716ad31a3fcc07cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c8-d3fc-4df0-ab06-4f4502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:32.000Z",
"modified": "2016-08-17T19:02:32.000Z",
"description": "List of malware - Xchecked via VT: fc8da575077ae3db4f9b5991ae67dab1",
"pattern": "[file:hashes.SHA1 = 'fc728ac471518f160347a714071ec82ebc0ca8e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c8-6e84-4148-8cbf-413402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:32.000Z",
"modified": "2016-08-17T19:02:32.000Z",
"first_observed": "2016-08-17T19:02:32Z",
"last_observed": "2016-08-17T19:02:32Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c8-6e84-4148-8cbf-413402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c8-6e84-4148-8cbf-413402de0b81",
"value": "https://www.virustotal.com/file/d22f9035ac8c69bb391bd478b01305c00bef0cb7b1b0b2ea716ad31a3fcc07cb/analysis/1465535223/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c8-0db4-44ad-8bf7-4b4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:32.000Z",
"modified": "2016-08-17T19:02:32.000Z",
"description": "List of malware - Xchecked via VT: 08c18d38809910667bbed747b2746201",
"pattern": "[file:hashes.SHA256 = '86b1ef2de5acef91c0ec340ee5ea69f4b18de2cbe546b8cef2956795f820de43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c8-6130-4eab-8480-491d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:32.000Z",
"modified": "2016-08-17T19:02:32.000Z",
"description": "List of malware - Xchecked via VT: 08c18d38809910667bbed747b2746201",
"pattern": "[file:hashes.SHA1 = 'e88422adc9c95c6cce2b48108126293050855b54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c8-07a0-4d61-a84e-4c9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:32.000Z",
"modified": "2016-08-17T19:02:32.000Z",
"first_observed": "2016-08-17T19:02:32Z",
"last_observed": "2016-08-17T19:02:32Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c8-07a0-4d61-a84e-4c9702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c8-07a0-4d61-a84e-4c9702de0b81",
"value": "https://www.virustotal.com/file/86b1ef2de5acef91c0ec340ee5ea69f4b18de2cbe546b8cef2956795f820de43/analysis/1463722275/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c8-ceb8-4c61-a3c1-428b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:32.000Z",
"modified": "2016-08-17T19:02:32.000Z",
"description": "List of malware - Xchecked via VT: 21ea64157c84ef6b0451513d0d11d02e",
"pattern": "[file:hashes.SHA256 = '095b00d2819bd48449841384f2ab123b47535081ee1ece38706e5b0b81d4f422']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c9-dcf4-4781-b840-405c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:33.000Z",
"modified": "2016-08-17T19:02:33.000Z",
"description": "List of malware - Xchecked via VT: 21ea64157c84ef6b0451513d0d11d02e",
"pattern": "[file:hashes.SHA1 = '6e9d78e3aa44a81fbf783767e132341faefe577c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c9-5e04-4567-9699-444602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:33.000Z",
"modified": "2016-08-17T19:02:33.000Z",
"first_observed": "2016-08-17T19:02:33Z",
"last_observed": "2016-08-17T19:02:33Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c9-5e04-4567-9699-444602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c9-5e04-4567-9699-444602de0b81",
"value": "https://www.virustotal.com/file/095b00d2819bd48449841384f2ab123b47535081ee1ece38706e5b0b81d4f422/analysis/1461850685/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c9-287c-44b6-9cf1-473002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:33.000Z",
"modified": "2016-08-17T19:02:33.000Z",
"description": "List of malware - Xchecked via VT: ae2a78473d4544ed2acd46af2e09633d",
"pattern": "[file:hashes.SHA256 = '328df81775d126d2d17caee9f26397cbb4ffc7a5171d4289fdade8cc54b56762']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4c9-37ec-4f6c-a76a-475002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:33.000Z",
"modified": "2016-08-17T19:02:33.000Z",
"description": "List of malware - Xchecked via VT: ae2a78473d4544ed2acd46af2e09633d",
"pattern": "[file:hashes.SHA1 = '2d011df1ce305295c173c5ec19629d4e79c010f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4c9-38bc-4a9d-a531-476e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:33.000Z",
"modified": "2016-08-17T19:02:33.000Z",
"first_observed": "2016-08-17T19:02:33Z",
"last_observed": "2016-08-17T19:02:33Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4c9-38bc-4a9d-a531-476e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4c9-38bc-4a9d-a531-476e02de0b81",
"value": "https://www.virustotal.com/file/328df81775d126d2d17caee9f26397cbb4ffc7a5171d4289fdade8cc54b56762/analysis/1468538073/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4ca-0ffc-4666-998a-4d8502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:34.000Z",
"modified": "2016-08-17T19:02:34.000Z",
"description": "List of malware - Xchecked via VT: 07b105f15010b8c99d7d727ff3a9e70f",
"pattern": "[file:hashes.SHA256 = 'd610568ee93011c399eff215a7e5a636a87e14bb33ae554e5a5c1cb454f847a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4ca-8bc4-442c-9c26-4a4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:34.000Z",
"modified": "2016-08-17T19:02:34.000Z",
"description": "List of malware - Xchecked via VT: 07b105f15010b8c99d7d727ff3a9e70f",
"pattern": "[file:hashes.SHA1 = 'ee86118c821e41050f762bcef059654a972889da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4ca-0040-4417-b368-400302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:34.000Z",
"modified": "2016-08-17T19:02:34.000Z",
"first_observed": "2016-08-17T19:02:34Z",
"last_observed": "2016-08-17T19:02:34Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4ca-0040-4417-b368-400302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4ca-0040-4417-b368-400302de0b81",
"value": "https://www.virustotal.com/file/d610568ee93011c399eff215a7e5a636a87e14bb33ae554e5a5c1cb454f847a1/analysis/1465408830/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4ca-cc98-47b9-afe5-42b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:34.000Z",
"modified": "2016-08-17T19:02:34.000Z",
"description": "List of malware - Xchecked via VT: b8f6e6a0cb1bcf1f100b8d8ee5cccc4c",
"pattern": "[file:hashes.SHA256 = '7ceabde472e5fea46dc5e6dea961272670f9975f9b47041dbd20658edb30edf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4ca-2940-4d99-9942-46ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:34.000Z",
"modified": "2016-08-17T19:02:34.000Z",
"description": "List of malware - Xchecked via VT: b8f6e6a0cb1bcf1f100b8d8ee5cccc4c",
"pattern": "[file:hashes.SHA1 = '282e8209b1a69a4d66a74f8b6eea45d0e1a3c3f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4ca-8430-495b-9bc9-41f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:34.000Z",
"modified": "2016-08-17T19:02:34.000Z",
"first_observed": "2016-08-17T19:02:34Z",
"last_observed": "2016-08-17T19:02:34Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4ca-8430-495b-9bc9-41f902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4ca-8430-495b-9bc9-41f902de0b81",
"value": "https://www.virustotal.com/file/7ceabde472e5fea46dc5e6dea961272670f9975f9b47041dbd20658edb30edf5/analysis/1462531115/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4cb-ecd4-402d-a88c-4cf002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:35.000Z",
"modified": "2016-08-17T19:02:35.000Z",
"description": "List of malware - Xchecked via VT: f9ef50c53a10db09fc78c123a95e8eec",
"pattern": "[file:hashes.SHA256 = 'aab226273a95adb193590604935306e2439264e7cbb71da6014a1ecd8815ba31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4b4cb-0e4c-43a3-85b2-402102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:35.000Z",
"modified": "2016-08-17T19:02:35.000Z",
"description": "List of malware - Xchecked via VT: f9ef50c53a10db09fc78c123a95e8eec",
"pattern": "[file:hashes.SHA1 = '203b741bf934361a0fc48c3e6553af05a5ca50d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T19:02:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4b4cb-83a4-4047-9f9e-424202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-17T19:02:35.000Z",
"modified": "2016-08-17T19:02:35.000Z",
"first_observed": "2016-08-17T19:02:35Z",
"last_observed": "2016-08-17T19:02:35Z",
"number_observed": 1,
"object_refs": [
"url--57b4b4cb-83a4-4047-9f9e-424202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4b4cb-83a4-4047-9f9e-424202de0b81",
"value": "https://www.virustotal.com/file/aab226273a95adb193590604935306e2439264e7cbb71da6014a1ecd8815ba31/analysis/1470185793/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink