8747 lines
No EOL
369 KiB
JSON
8747 lines
No EOL
369 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5813b05e-cd38-401b-8b21-449502de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:16.000Z",
|
|
"modified": "2016-10-28T20:17:16.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5813b05e-cd38-401b-8b21-449502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:16.000Z",
|
|
"modified": "2016-10-28T20:17:16.000Z",
|
|
"name": "OSINT - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List",
|
|
"published": "2016-10-28T20:19:52Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5813b06b-0e88-43fb-85fe-4e6d02de0b81",
|
|
"observed-data--5813b077-5d40-47b2-9aed-43fd02de0b81",
|
|
"url--5813b077-5d40-47b2-9aed-43fd02de0b81",
|
|
"indicator--5813b0bb-59f8-41f4-8cfe-4c6602de0b81",
|
|
"indicator--5813b0bc-2b9c-4036-be9f-450902de0b81",
|
|
"indicator--5813b0bc-0f94-463a-bd9c-41c802de0b81",
|
|
"indicator--5813b0bd-d19c-4dd5-8b7b-4d2a02de0b81",
|
|
"indicator--5813b0cc-ee64-486b-8844-491502de0b81",
|
|
"indicator--5813b0cc-9850-4b0c-a966-468f02de0b81",
|
|
"indicator--5813b0cc-0b78-4615-a7fe-4fc002de0b81",
|
|
"indicator--5813b0db-a9cc-4ef1-a43c-4a1a02de0b81",
|
|
"indicator--5813b0db-e8b4-4a74-9697-4cb702de0b81",
|
|
"indicator--5813b0ef-6230-4650-9f44-421902de0b81",
|
|
"indicator--5813b0f0-4c5c-42e6-bda5-4f9002de0b81",
|
|
"indicator--5813b0f0-af94-4009-97a8-4fc102de0b81",
|
|
"indicator--5813b0f1-b5a0-48d9-ac1a-434802de0b81",
|
|
"indicator--5813b0f1-e458-4250-b1c6-44d502de0b81",
|
|
"indicator--5813b0f2-6098-455f-90e5-4ab702de0b81",
|
|
"indicator--5813b0f2-6164-4fa7-af74-45a302de0b81",
|
|
"indicator--5813b0f3-86b0-4376-b22d-4bed02de0b81",
|
|
"indicator--5813b0f3-fc48-46be-beb2-443402de0b81",
|
|
"indicator--5813b0f4-ccfc-4fdf-aa33-41f502de0b81",
|
|
"indicator--5813b0f4-2f30-484a-8b25-4d8702de0b81",
|
|
"indicator--5813b139-8d34-4c7c-870a-4c8902de0b81",
|
|
"indicator--5813b13a-8648-4286-8232-4e9e02de0b81",
|
|
"indicator--5813b13a-df00-49a3-9180-4faf02de0b81",
|
|
"indicator--5813b13b-1780-4cee-aed9-454902de0b81",
|
|
"indicator--5813b13c-d42c-4d26-a729-463002de0b81",
|
|
"indicator--5813b13c-ac3c-488c-94db-406202de0b81",
|
|
"indicator--5813b13d-a4f0-4e9d-9e35-454802de0b81",
|
|
"indicator--5813b13e-28e8-4251-b93c-492002de0b81",
|
|
"indicator--5813b13e-8b80-4bfb-be21-43dc02de0b81",
|
|
"indicator--5813b13f-c040-4e01-a60f-4c0302de0b81",
|
|
"indicator--5813b13f-667c-4a78-b6c8-42c602de0b81",
|
|
"indicator--5813b140-2b28-4c77-aea6-42aa02de0b81",
|
|
"indicator--5813b141-51e8-4211-a39e-4c1602de0b81",
|
|
"indicator--5813b141-6ee4-4fc8-a6ee-4fed02de0b81",
|
|
"indicator--5813b142-fd98-4913-9c0a-4a4602de0b81",
|
|
"indicator--5813b142-fe90-425e-9091-468202de0b81",
|
|
"indicator--5813b143-7bc8-4a6f-86ed-454302de0b81",
|
|
"indicator--5813b144-17d4-4bb9-babf-464902de0b81",
|
|
"indicator--5813b144-4950-4edb-a9fb-43e002de0b81",
|
|
"indicator--5813b145-8958-494d-b6ef-475402de0b81",
|
|
"indicator--5813b145-dfc0-4fcc-af12-407902de0b81",
|
|
"indicator--5813b146-431c-40ab-a3f0-4c3602de0b81",
|
|
"indicator--5813b146-6f90-4d33-9ab1-479302de0b81",
|
|
"indicator--5813b147-cff0-4f3b-ac61-4f3502de0b81",
|
|
"indicator--5813b147-8b4c-4737-9d1d-454302de0b81",
|
|
"indicator--5813b148-c48c-4c9c-ae81-411102de0b81",
|
|
"indicator--5813b148-8864-457d-bd0b-42c202de0b81",
|
|
"indicator--5813b149-0304-4531-aa5b-4fb202de0b81",
|
|
"indicator--5813b149-06c4-43ad-8d3d-40bc02de0b81",
|
|
"indicator--5813b14a-b164-4818-b093-4e5e02de0b81",
|
|
"indicator--5813b14a-f0c4-4ebb-b37a-480a02de0b81",
|
|
"indicator--5813b14a-4828-4eb4-b4c7-49de02de0b81",
|
|
"indicator--5813b14b-48cc-4bfd-9415-4dd302de0b81",
|
|
"indicator--5813b14b-5b60-4df6-ba13-4bf902de0b81",
|
|
"indicator--5813b14c-e3bc-4917-93f4-40d402de0b81",
|
|
"indicator--5813b14c-1a2c-4917-852b-48c502de0b81",
|
|
"indicator--5813b14d-d9f0-4e05-916f-422602de0b81",
|
|
"indicator--5813b14d-69b0-4a19-9970-4ae202de0b81",
|
|
"indicator--5813b14e-a7d4-43c1-9b52-43d802de0b81",
|
|
"indicator--5813b14e-b1ac-4267-b2f7-4dac02de0b81",
|
|
"indicator--5813b14f-190c-4ac3-91ab-4f2102de0b81",
|
|
"indicator--5813b14f-3428-43f2-a6b8-4f9702de0b81",
|
|
"indicator--5813b14f-29f0-49d1-8589-47dd02de0b81",
|
|
"indicator--5813b150-0640-47c7-87f9-43a902de0b81",
|
|
"indicator--5813b150-7174-49aa-9137-406702de0b81",
|
|
"indicator--5813b151-3c9c-46bf-b0f0-483e02de0b81",
|
|
"indicator--5813b151-3950-438e-9856-49b702de0b81",
|
|
"indicator--5813b151-588c-470d-9d7a-45c302de0b81",
|
|
"indicator--5813b152-72dc-492b-9d0e-4db102de0b81",
|
|
"indicator--5813b152-f678-4bed-86d3-452002de0b81",
|
|
"indicator--5813b152-da10-4853-8c68-4ebf02de0b81",
|
|
"indicator--5813b153-86b8-4e7b-95a9-4ec802de0b81",
|
|
"indicator--5813b153-aa98-42ca-940a-42c802de0b81",
|
|
"indicator--5813b153-6080-4505-8ff6-4b1b02de0b81",
|
|
"indicator--5813b154-c25c-4924-aeb7-4b7702de0b81",
|
|
"indicator--5813b155-0d14-4f1c-893e-420302de0b81",
|
|
"indicator--5813b156-58c4-4a80-abad-466002de0b81",
|
|
"indicator--5813b156-d040-4827-9f7a-4b1102de0b81",
|
|
"indicator--5813b157-1588-4336-9852-4b5e02de0b81",
|
|
"indicator--5813b157-6ac8-446c-9122-43d102de0b81",
|
|
"indicator--5813b157-859c-4f7d-9664-4dad02de0b81",
|
|
"indicator--5813b158-92cc-42b8-a923-43f302de0b81",
|
|
"indicator--5813b158-b198-44be-b7fb-49ef02de0b81",
|
|
"indicator--5813b158-f5b4-44e7-b30a-42d902de0b81",
|
|
"indicator--5813b159-e400-43f3-93a6-400902de0b81",
|
|
"indicator--5813b159-ad10-4f8f-a04c-4a3202de0b81",
|
|
"indicator--5813b15a-da18-45e5-b601-4bac02de0b81",
|
|
"indicator--5813b15a-c2bc-42ea-9a9e-4b4e02de0b81",
|
|
"indicator--5813b15a-cb80-47fb-ba14-4d0102de0b81",
|
|
"indicator--5813b15b-76a4-403c-b9f1-4f5b02de0b81",
|
|
"indicator--5813b15b-5564-4969-a8e3-474202de0b81",
|
|
"indicator--5813b24c-cc58-4975-b86a-4f7902de0b81",
|
|
"indicator--5813b24c-db44-4eb7-995c-4af102de0b81",
|
|
"observed-data--5813b24d-a1dc-491b-968b-497e02de0b81",
|
|
"url--5813b24d-a1dc-491b-968b-497e02de0b81",
|
|
"indicator--5813b24d-2fd4-489e-82ea-461002de0b81",
|
|
"indicator--5813b24d-69d0-4a1f-bf37-4b2c02de0b81",
|
|
"observed-data--5813b24d-0194-4642-9476-4bc602de0b81",
|
|
"url--5813b24d-0194-4642-9476-4bc602de0b81",
|
|
"indicator--5813b24e-a190-447e-b87b-4e5002de0b81",
|
|
"indicator--5813b24e-3e14-4763-8fdd-49aa02de0b81",
|
|
"observed-data--5813b24e-0050-4d4b-9b62-436902de0b81",
|
|
"url--5813b24e-0050-4d4b-9b62-436902de0b81",
|
|
"indicator--5813b24e-c7e4-433d-8284-494d02de0b81",
|
|
"indicator--5813b24f-3080-4145-a419-499f02de0b81",
|
|
"observed-data--5813b24f-6160-41db-9903-47d802de0b81",
|
|
"url--5813b24f-6160-41db-9903-47d802de0b81",
|
|
"indicator--5813b24f-b6d0-4087-9abb-460e02de0b81",
|
|
"indicator--5813b24f-65b0-45a1-9d43-47b802de0b81",
|
|
"observed-data--5813b24f-0890-43c2-b97a-437702de0b81",
|
|
"url--5813b24f-0890-43c2-b97a-437702de0b81",
|
|
"indicator--5813b250-f804-4b70-a0a0-4ddc02de0b81",
|
|
"indicator--5813b250-4094-4b47-8537-4adb02de0b81",
|
|
"observed-data--5813b250-ba5c-4f88-b027-432f02de0b81",
|
|
"url--5813b250-ba5c-4f88-b027-432f02de0b81",
|
|
"indicator--5813b250-5c3c-4ee5-af80-4e9602de0b81",
|
|
"indicator--5813b251-ff8c-4a18-9a2b-43f502de0b81",
|
|
"observed-data--5813b251-6794-4e3a-a548-491d02de0b81",
|
|
"url--5813b251-6794-4e3a-a548-491d02de0b81",
|
|
"indicator--5813b251-6744-466c-bd3a-43a602de0b81",
|
|
"indicator--5813b251-29ac-4d9e-8d56-42b202de0b81",
|
|
"observed-data--5813b252-48b8-4933-98bd-47f702de0b81",
|
|
"url--5813b252-48b8-4933-98bd-47f702de0b81",
|
|
"indicator--5813b252-5304-465d-b5f2-4a5702de0b81",
|
|
"indicator--5813b252-3ac0-4c72-a279-44ff02de0b81",
|
|
"observed-data--5813b252-7cc0-4095-bb4b-432d02de0b81",
|
|
"url--5813b252-7cc0-4095-bb4b-432d02de0b81",
|
|
"indicator--5813b253-e6cc-4f09-8ed2-4f9202de0b81",
|
|
"indicator--5813b253-a07c-4442-bd76-4a2402de0b81",
|
|
"observed-data--5813b253-beb0-4e78-818b-407402de0b81",
|
|
"url--5813b253-beb0-4e78-818b-407402de0b81",
|
|
"indicator--5813b253-d5ac-4792-922d-45d802de0b81",
|
|
"indicator--5813b254-390c-4fe9-9352-433502de0b81",
|
|
"observed-data--5813b254-ec8c-4107-906e-472d02de0b81",
|
|
"url--5813b254-ec8c-4107-906e-472d02de0b81",
|
|
"indicator--5813b254-dce4-44a8-8de5-44ea02de0b81",
|
|
"indicator--5813b254-5d3c-46c4-a908-497302de0b81",
|
|
"observed-data--5813b254-356c-42cc-b7df-480a02de0b81",
|
|
"url--5813b254-356c-42cc-b7df-480a02de0b81",
|
|
"indicator--5813b255-1858-4747-b45e-449602de0b81",
|
|
"indicator--5813b255-0164-4b86-86e7-42e602de0b81",
|
|
"observed-data--5813b255-e51c-4817-9bea-430802de0b81",
|
|
"url--5813b255-e51c-4817-9bea-430802de0b81",
|
|
"indicator--5813b255-d130-4dc7-9419-4c5d02de0b81",
|
|
"indicator--5813b256-028c-44e0-b205-461402de0b81",
|
|
"observed-data--5813b256-d70c-4161-87a2-49a602de0b81",
|
|
"url--5813b256-d70c-4161-87a2-49a602de0b81",
|
|
"indicator--5813b256-744c-4dcc-bdaf-443202de0b81",
|
|
"indicator--5813b256-0610-49a0-a7ab-4ace02de0b81",
|
|
"observed-data--5813b256-e44c-47b8-9bae-457302de0b81",
|
|
"url--5813b256-e44c-47b8-9bae-457302de0b81",
|
|
"indicator--5813b257-b3f0-4f5b-89d7-478002de0b81",
|
|
"indicator--5813b257-9938-4038-96ea-4e5302de0b81",
|
|
"observed-data--5813b257-4628-4e8c-b5f1-41d602de0b81",
|
|
"url--5813b257-4628-4e8c-b5f1-41d602de0b81",
|
|
"indicator--5813b257-8c10-408f-86fe-484102de0b81",
|
|
"indicator--5813b258-5808-481b-bd7b-499302de0b81",
|
|
"observed-data--5813b258-7104-4f65-99c5-4fde02de0b81",
|
|
"url--5813b258-7104-4f65-99c5-4fde02de0b81",
|
|
"indicator--5813b258-e398-4440-b793-41ca02de0b81",
|
|
"indicator--5813b258-90f4-4c40-b088-433d02de0b81",
|
|
"observed-data--5813b259-05ac-4f0b-a959-440702de0b81",
|
|
"url--5813b259-05ac-4f0b-a959-440702de0b81",
|
|
"indicator--5813b259-6420-4df6-86b7-48c602de0b81",
|
|
"indicator--5813b259-2d70-4643-b286-40d602de0b81",
|
|
"observed-data--5813b259-81c8-42a3-b133-46e702de0b81",
|
|
"url--5813b259-81c8-42a3-b133-46e702de0b81",
|
|
"indicator--5813b25a-89c0-483b-bbfa-445702de0b81",
|
|
"indicator--5813b25a-9774-4a7a-a224-4f2f02de0b81",
|
|
"observed-data--5813b25a-22cc-46d5-9e21-4fe402de0b81",
|
|
"url--5813b25a-22cc-46d5-9e21-4fe402de0b81",
|
|
"indicator--5813b25a-8bc8-4b4c-afd1-487902de0b81",
|
|
"indicator--5813b25b-faa8-496c-b34b-48ce02de0b81",
|
|
"observed-data--5813b25b-1b0c-49da-8abd-44e102de0b81",
|
|
"url--5813b25b-1b0c-49da-8abd-44e102de0b81",
|
|
"indicator--5813b25b-6a28-47b5-8908-4d6002de0b81",
|
|
"indicator--5813b25b-a4bc-4f64-91e7-418202de0b81",
|
|
"observed-data--5813b25b-09b4-441e-b936-4f4802de0b81",
|
|
"url--5813b25b-09b4-441e-b936-4f4802de0b81",
|
|
"indicator--5813b25c-ff0c-4652-912e-408202de0b81",
|
|
"indicator--5813b25c-8c1c-4939-ba62-439a02de0b81",
|
|
"observed-data--5813b25c-a950-4bbb-a10a-491102de0b81",
|
|
"url--5813b25c-a950-4bbb-a10a-491102de0b81",
|
|
"indicator--5813b25d-a1a4-4c2a-8ae5-451c02de0b81",
|
|
"indicator--5813b25d-29b8-488e-b9f7-4a8c02de0b81",
|
|
"observed-data--5813b25d-d808-4b73-b2fb-4aee02de0b81",
|
|
"url--5813b25d-d808-4b73-b2fb-4aee02de0b81",
|
|
"indicator--5813b25d-d50c-48af-a8de-43ec02de0b81",
|
|
"indicator--5813b25e-e7f0-4842-89d8-4b6902de0b81",
|
|
"observed-data--5813b25e-1480-4ac5-b5b8-485b02de0b81",
|
|
"url--5813b25e-1480-4ac5-b5b8-485b02de0b81",
|
|
"indicator--5813b25e-c22c-45f6-a895-4efb02de0b81",
|
|
"indicator--5813b25e-c594-4c6f-a636-457102de0b81",
|
|
"observed-data--5813b25f-4d80-4ff0-958d-4fb602de0b81",
|
|
"url--5813b25f-4d80-4ff0-958d-4fb602de0b81",
|
|
"indicator--5813b25f-5620-45ca-82f5-426002de0b81",
|
|
"indicator--5813b25f-9834-4ba5-b9a1-4dc402de0b81",
|
|
"observed-data--5813b25f-50b8-45e9-a111-4bbc02de0b81",
|
|
"url--5813b25f-50b8-45e9-a111-4bbc02de0b81",
|
|
"indicator--5813b260-82e8-4812-b7db-471902de0b81",
|
|
"indicator--5813b260-4b5c-46cd-ab81-445a02de0b81",
|
|
"observed-data--5813b260-6324-49b1-9875-4b3e02de0b81",
|
|
"url--5813b260-6324-49b1-9875-4b3e02de0b81",
|
|
"indicator--5813b260-8538-4d9b-a6ee-42a302de0b81",
|
|
"indicator--5813b260-e1a0-4179-8536-47aa02de0b81",
|
|
"observed-data--5813b261-fdd8-4993-bc91-4a0f02de0b81",
|
|
"url--5813b261-fdd8-4993-bc91-4a0f02de0b81",
|
|
"indicator--5813b261-9f94-4de9-924e-44c402de0b81",
|
|
"indicator--5813b261-01c0-42af-bec9-441b02de0b81",
|
|
"observed-data--5813b261-b0f8-4c34-b672-49e302de0b81",
|
|
"url--5813b261-b0f8-4c34-b672-49e302de0b81",
|
|
"indicator--5813b262-c1dc-43b2-bde3-4d4c02de0b81",
|
|
"indicator--5813b262-9bd0-4fcb-b510-415a02de0b81",
|
|
"observed-data--5813b262-22fc-4c75-a6c8-427902de0b81",
|
|
"url--5813b262-22fc-4c75-a6c8-427902de0b81",
|
|
"indicator--5813b262-1ddc-46da-9f5a-41e102de0b81",
|
|
"indicator--5813b263-b518-431b-a8d7-49f102de0b81",
|
|
"observed-data--5813b263-c7e0-4b2f-bbae-433a02de0b81",
|
|
"url--5813b263-c7e0-4b2f-bbae-433a02de0b81",
|
|
"indicator--5813b263-6728-46a2-b442-4f3002de0b81",
|
|
"indicator--5813b263-9d70-4908-ad9f-468102de0b81",
|
|
"observed-data--5813b263-3730-4062-84c3-40f902de0b81",
|
|
"url--5813b263-3730-4062-84c3-40f902de0b81",
|
|
"indicator--5813b264-e230-4f6e-a844-4cb802de0b81",
|
|
"indicator--5813b264-2d9c-40d0-99d4-436b02de0b81",
|
|
"observed-data--5813b264-8774-4788-9b69-4fae02de0b81",
|
|
"url--5813b264-8774-4788-9b69-4fae02de0b81",
|
|
"indicator--5813b264-72a4-4499-bff8-4ab102de0b81",
|
|
"indicator--5813b265-c2a4-4662-bba4-45fc02de0b81",
|
|
"observed-data--5813b265-6b24-4193-a796-4b0102de0b81",
|
|
"url--5813b265-6b24-4193-a796-4b0102de0b81",
|
|
"indicator--5813b265-0fc8-424d-82f4-4d0602de0b81",
|
|
"indicator--5813b265-7f6c-4a58-9946-49c802de0b81",
|
|
"observed-data--5813b265-de0c-4678-b758-40e802de0b81",
|
|
"url--5813b265-de0c-4678-b758-40e802de0b81",
|
|
"indicator--5813b266-a8d8-4b03-bd75-4dd902de0b81",
|
|
"indicator--5813b266-eb44-433c-9d63-4c7002de0b81",
|
|
"observed-data--5813b266-77d8-4a6e-ad54-426702de0b81",
|
|
"url--5813b266-77d8-4a6e-ad54-426702de0b81",
|
|
"indicator--5813b266-5780-4c21-958a-4eda02de0b81",
|
|
"indicator--5813b267-2d98-4c8d-b4bf-4f7002de0b81",
|
|
"observed-data--5813b267-640c-47b7-be5a-485b02de0b81",
|
|
"url--5813b267-640c-47b7-be5a-485b02de0b81",
|
|
"indicator--5813b267-038c-4e18-9eb1-448402de0b81",
|
|
"indicator--5813b267-6ea0-496a-853a-4b7f02de0b81",
|
|
"observed-data--5813b268-77ac-4d8c-986f-4d0c02de0b81",
|
|
"url--5813b268-77ac-4d8c-986f-4d0c02de0b81",
|
|
"indicator--5813b268-3410-4dcc-ab29-4dfc02de0b81",
|
|
"indicator--5813b268-dcd0-4229-a297-4f2102de0b81",
|
|
"observed-data--5813b268-58d4-48c0-ba9a-47b202de0b81",
|
|
"url--5813b268-58d4-48c0-ba9a-47b202de0b81",
|
|
"indicator--5813b269-a8ec-4383-8a42-41ee02de0b81",
|
|
"indicator--5813b269-5264-4335-b7f9-497402de0b81",
|
|
"observed-data--5813b269-1f78-442f-8fce-410202de0b81",
|
|
"url--5813b269-1f78-442f-8fce-410202de0b81",
|
|
"indicator--5813b269-a428-411b-993f-48ba02de0b81",
|
|
"indicator--5813b26a-76b0-4a69-9490-4ce302de0b81",
|
|
"observed-data--5813b26a-b430-4023-b951-4bfd02de0b81",
|
|
"url--5813b26a-b430-4023-b951-4bfd02de0b81",
|
|
"indicator--5813b26a-550c-4c7c-ba49-4fc302de0b81",
|
|
"indicator--5813b26a-4474-4f11-92bf-4b1e02de0b81",
|
|
"observed-data--5813b26b-2224-4408-89f9-459702de0b81",
|
|
"url--5813b26b-2224-4408-89f9-459702de0b81",
|
|
"indicator--5813b26b-e688-4855-96f7-461502de0b81",
|
|
"indicator--5813b26b-a4fc-428c-b7a8-499202de0b81",
|
|
"observed-data--5813b26b-80d8-4265-a8d5-42ae02de0b81",
|
|
"url--5813b26b-80d8-4265-a8d5-42ae02de0b81",
|
|
"indicator--5813b26b-46e8-4732-8e36-4c6d02de0b81",
|
|
"indicator--5813b26c-d3d8-4dad-ac12-445502de0b81",
|
|
"observed-data--5813b26c-97d8-4f00-9992-4a1002de0b81",
|
|
"url--5813b26c-97d8-4f00-9992-4a1002de0b81",
|
|
"indicator--5813b26c-3f44-432e-89c0-494602de0b81",
|
|
"indicator--5813b26c-88f8-4b52-90a5-4e2b02de0b81",
|
|
"observed-data--5813b26d-fadc-4134-8063-448e02de0b81",
|
|
"url--5813b26d-fadc-4134-8063-448e02de0b81",
|
|
"indicator--5813b26d-3eb8-434b-bca7-426902de0b81",
|
|
"indicator--5813b26d-51b0-4f64-9767-4a3102de0b81",
|
|
"observed-data--5813b26e-e5c8-4ded-8bf4-4a6502de0b81",
|
|
"url--5813b26e-e5c8-4ded-8bf4-4a6502de0b81",
|
|
"indicator--5813b26e-0814-4301-8ad9-4cbf02de0b81",
|
|
"indicator--5813b26e-197c-4a53-8cc7-41b602de0b81",
|
|
"observed-data--5813b26e-43a8-4219-b093-42ec02de0b81",
|
|
"url--5813b26e-43a8-4219-b093-42ec02de0b81",
|
|
"indicator--5813b26f-5c14-4977-a69c-4a3402de0b81",
|
|
"indicator--5813b26f-215c-4b01-8c84-48be02de0b81",
|
|
"observed-data--5813b26f-e07c-4f44-ac11-49f302de0b81",
|
|
"url--5813b26f-e07c-4f44-ac11-49f302de0b81",
|
|
"indicator--5813b26f-c044-4521-bf7e-47ea02de0b81",
|
|
"indicator--5813b26f-2dd4-4bb7-913a-46a502de0b81",
|
|
"observed-data--5813b270-c8d4-48b8-ba0b-412f02de0b81",
|
|
"url--5813b270-c8d4-48b8-ba0b-412f02de0b81",
|
|
"indicator--5813b270-d32c-4880-ba68-4b1c02de0b81",
|
|
"indicator--5813b270-fcfc-48d3-afad-459c02de0b81",
|
|
"observed-data--5813b270-588c-4595-9db8-4f9a02de0b81",
|
|
"url--5813b270-588c-4595-9db8-4f9a02de0b81",
|
|
"indicator--5813b271-2b38-4014-802c-492f02de0b81",
|
|
"indicator--5813b271-10bc-4541-9a8f-4d0e02de0b81",
|
|
"observed-data--5813b271-4e54-4f5c-9c75-42cc02de0b81",
|
|
"url--5813b271-4e54-4f5c-9c75-42cc02de0b81",
|
|
"indicator--5813b271-6f54-4df8-bff0-4a1e02de0b81",
|
|
"indicator--5813b272-2744-439c-9b31-429e02de0b81",
|
|
"observed-data--5813b272-1ec4-4032-a7c1-4e5402de0b81",
|
|
"url--5813b272-1ec4-4032-a7c1-4e5402de0b81",
|
|
"indicator--5813b272-1d8c-4ff7-ae12-4d7402de0b81",
|
|
"indicator--5813b272-6e78-4901-aa48-411402de0b81",
|
|
"observed-data--5813b273-092c-4662-802f-455902de0b81",
|
|
"url--5813b273-092c-4662-802f-455902de0b81",
|
|
"indicator--5813b273-0e0c-45b4-8eef-4adf02de0b81",
|
|
"indicator--5813b273-dd44-464c-b045-499502de0b81",
|
|
"observed-data--5813b273-9cec-4d0c-8fd0-422f02de0b81",
|
|
"url--5813b273-9cec-4d0c-8fd0-422f02de0b81",
|
|
"indicator--5813b274-afd4-425a-a7a9-434a02de0b81",
|
|
"indicator--5813b274-0ef0-4aba-8351-46be02de0b81",
|
|
"observed-data--5813b274-0cd0-4576-997f-400702de0b81",
|
|
"url--5813b274-0cd0-4576-997f-400702de0b81",
|
|
"indicator--5813b274-4e08-4501-8a1f-4ae702de0b81",
|
|
"indicator--5813b275-9264-4178-88f4-4fa302de0b81",
|
|
"observed-data--5813b275-ca74-4b70-82dd-451e02de0b81",
|
|
"url--5813b275-ca74-4b70-82dd-451e02de0b81",
|
|
"indicator--5813b275-2e1c-4f37-9e62-4d3902de0b81",
|
|
"indicator--5813b275-7208-491a-809e-494402de0b81",
|
|
"observed-data--5813b275-1938-48cb-a476-46db02de0b81",
|
|
"url--5813b275-1938-48cb-a476-46db02de0b81",
|
|
"indicator--5813b276-8b84-46d6-8934-49e502de0b81",
|
|
"indicator--5813b276-6b8c-457b-87d2-4e0402de0b81",
|
|
"observed-data--5813b276-3524-4e49-bb06-457502de0b81",
|
|
"url--5813b276-3524-4e49-bb06-457502de0b81",
|
|
"indicator--5813b277-bd34-4bf4-866b-41b002de0b81",
|
|
"indicator--5813b277-50dc-4516-bec4-44c702de0b81",
|
|
"observed-data--5813b277-3814-42dc-9e0e-402e02de0b81",
|
|
"url--5813b277-3814-42dc-9e0e-402e02de0b81",
|
|
"indicator--5813b277-7670-420b-b91f-47f302de0b81",
|
|
"indicator--5813b278-42a8-4a31-b763-4c5d02de0b81",
|
|
"observed-data--5813b278-c248-450d-8554-43fe02de0b81",
|
|
"url--5813b278-c248-450d-8554-43fe02de0b81",
|
|
"indicator--5813b278-a79c-4330-a9b5-4a3602de0b81",
|
|
"indicator--5813b278-9d34-4a14-aaf9-4b9c02de0b81",
|
|
"observed-data--5813b279-36e0-469f-891d-486902de0b81",
|
|
"url--5813b279-36e0-469f-891d-486902de0b81",
|
|
"indicator--5813b279-6a10-4378-852e-490002de0b81",
|
|
"indicator--5813b279-9498-4404-b7f4-466b02de0b81",
|
|
"observed-data--5813b279-2b14-4ef6-b059-42d002de0b81",
|
|
"url--5813b279-2b14-4ef6-b059-42d002de0b81",
|
|
"indicator--5813b27a-d018-4a9f-964e-491702de0b81",
|
|
"indicator--5813b27a-1ae8-440f-8c3b-4b7602de0b81",
|
|
"observed-data--5813b27a-219c-47b8-8fdf-4d7e02de0b81",
|
|
"url--5813b27a-219c-47b8-8fdf-4d7e02de0b81",
|
|
"indicator--5813b27a-a918-40d3-9cb6-43d702de0b81",
|
|
"indicator--5813b27b-8960-4321-aeb1-47ab02de0b81",
|
|
"observed-data--5813b27b-f890-4de5-b3af-465302de0b81",
|
|
"url--5813b27b-f890-4de5-b3af-465302de0b81",
|
|
"indicator--5813b27b-a8ac-441d-954f-4bb502de0b81",
|
|
"indicator--5813b27b-e4c8-4ec6-adb4-42db02de0b81",
|
|
"observed-data--5813b27b-cc54-43f0-8ac0-44cc02de0b81",
|
|
"url--5813b27b-cc54-43f0-8ac0-44cc02de0b81",
|
|
"indicator--5813b27c-0e74-4150-826d-433002de0b81",
|
|
"indicator--5813b27c-aa98-40eb-a7e4-474102de0b81",
|
|
"observed-data--5813b27c-9958-4c5c-8561-443002de0b81",
|
|
"url--5813b27c-9958-4c5c-8561-443002de0b81",
|
|
"indicator--5813b27c-b9e4-43d0-9779-4d4502de0b81",
|
|
"indicator--5813b27d-9620-4233-b4bb-497702de0b81",
|
|
"observed-data--5813b27d-e594-41bf-a44c-408e02de0b81",
|
|
"url--5813b27d-e594-41bf-a44c-408e02de0b81",
|
|
"indicator--5813b27d-3858-4507-8544-452802de0b81",
|
|
"indicator--5813b27d-e534-456b-bb61-428e02de0b81",
|
|
"observed-data--5813b27d-33d8-4b67-8d05-42f602de0b81",
|
|
"url--5813b27d-33d8-4b67-8d05-42f602de0b81",
|
|
"indicator--5813b27e-cad4-4e48-9ef0-473e02de0b81",
|
|
"indicator--5813b27e-a5cc-41a6-991e-4dce02de0b81",
|
|
"observed-data--5813b27e-55a4-4d8b-96a5-4b1002de0b81",
|
|
"url--5813b27e-55a4-4d8b-96a5-4b1002de0b81",
|
|
"indicator--5813b27e-cfe8-4c26-8bc1-4d6c02de0b81",
|
|
"indicator--5813b27f-83a8-4b88-b0d8-45a202de0b81",
|
|
"observed-data--5813b27f-ff3c-4913-a367-488502de0b81",
|
|
"url--5813b27f-ff3c-4913-a367-488502de0b81",
|
|
"indicator--5813b27f-f38c-42a9-ae56-430b02de0b81",
|
|
"indicator--5813b27f-8fac-42df-8339-454f02de0b81",
|
|
"observed-data--5813b280-d868-4d3c-aa5b-444e02de0b81",
|
|
"url--5813b280-d868-4d3c-aa5b-444e02de0b81",
|
|
"indicator--5813b280-85ac-4d73-998f-4afc02de0b81",
|
|
"indicator--5813b280-4d5c-4bd8-bc19-4aa302de0b81",
|
|
"observed-data--5813b280-cf60-4878-b8a7-430702de0b81",
|
|
"url--5813b280-cf60-4878-b8a7-430702de0b81",
|
|
"indicator--5813b281-a8c8-463a-8390-401302de0b81",
|
|
"indicator--5813b281-2814-45df-a8c9-4fa302de0b81",
|
|
"observed-data--5813b281-6e58-4c6c-af91-4b0902de0b81",
|
|
"url--5813b281-6e58-4c6c-af91-4b0902de0b81",
|
|
"indicator--5813b281-2e8c-4efd-b4ab-43e202de0b81",
|
|
"indicator--5813b282-f5cc-4869-b6f6-4ce302de0b81",
|
|
"observed-data--5813b282-c238-4ffc-af1f-42e002de0b81",
|
|
"url--5813b282-c238-4ffc-af1f-42e002de0b81",
|
|
"indicator--5813b282-38bc-4b67-96aa-496e02de0b81",
|
|
"indicator--5813b282-0bfc-452a-aefe-44c702de0b81",
|
|
"observed-data--5813b283-c0a8-42f3-82a3-456b02de0b81",
|
|
"url--5813b283-c0a8-42f3-82a3-456b02de0b81",
|
|
"indicator--5813b283-9140-403c-942d-4cab02de0b81",
|
|
"indicator--5813b283-27f4-4e53-8193-4f0802de0b81",
|
|
"observed-data--5813b283-7b0c-4e30-be92-4df402de0b81",
|
|
"url--5813b283-7b0c-4e30-be92-4df402de0b81",
|
|
"indicator--5813b284-8930-4b47-9b22-430a02de0b81",
|
|
"indicator--5813b284-dfbc-4431-86a7-42d402de0b81",
|
|
"observed-data--5813b284-2a0c-468c-9f64-490602de0b81",
|
|
"url--5813b284-2a0c-468c-9f64-490602de0b81",
|
|
"indicator--5813b284-16c8-47a3-9923-42bd02de0b81",
|
|
"indicator--5813b285-d8a0-4c53-87e0-41d802de0b81",
|
|
"observed-data--5813b285-6750-4009-b8c5-40f702de0b81",
|
|
"url--5813b285-6750-4009-b8c5-40f702de0b81",
|
|
"indicator--5813b285-bc4c-4e17-ab2c-478402de0b81",
|
|
"indicator--5813b285-3524-4a91-8388-4a6202de0b81",
|
|
"observed-data--5813b286-1a38-4b0e-a3d3-491302de0b81",
|
|
"url--5813b286-1a38-4b0e-a3d3-491302de0b81",
|
|
"indicator--5813b286-0cac-4c7a-ada7-4f7902de0b81",
|
|
"indicator--5813b286-b57c-490b-9502-474d02de0b81",
|
|
"observed-data--5813b287-46ac-478e-900f-41c702de0b81",
|
|
"url--5813b287-46ac-478e-900f-41c702de0b81",
|
|
"indicator--5813b287-13a8-4556-9a75-4ea602de0b81",
|
|
"indicator--5813b287-23dc-47ee-bdac-482d02de0b81",
|
|
"observed-data--5813b287-b5a0-40a8-92b3-445602de0b81",
|
|
"url--5813b287-b5a0-40a8-92b3-445602de0b81",
|
|
"indicator--5813b288-2c84-4d5e-b12a-443302de0b81",
|
|
"indicator--5813b288-67ec-4719-a045-492602de0b81",
|
|
"observed-data--5813b288-f30c-4a12-bd5b-4e6e02de0b81",
|
|
"url--5813b288-f30c-4a12-bd5b-4e6e02de0b81",
|
|
"indicator--5813b288-14ec-43eb-9ad4-471e02de0b81",
|
|
"indicator--5813b289-064c-4c4c-89cd-4dba02de0b81",
|
|
"observed-data--5813b289-98e0-4c84-b5f2-469702de0b81",
|
|
"url--5813b289-98e0-4c84-b5f2-469702de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5813b06b-0e88-43fb-85fe-4e6d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:09:15.000Z",
|
|
"modified": "2016-10-28T20:09:15.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, which used the ELIRKS backdoor when it was first discovered in 2012. It is known for using blogs and microblogging services to hide the location of its actual command-and-control (C&C) servers. This allows an attacker to change the C&C server used quickly by changing the information in these posts.\r\n\r\nLike most campaigns, BLACKGEAR has evolved over time. Our research indicates that it has started targeting Japanese users. Two things led us to this conclusion: first, the fake documents that are used as part of its infection routines are now in Japanese. Secondly, it is now using blogging sites and microblogging services based in Japan for its C&C activity."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b077-5d40-47b2-9aed-43fd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:09:27.000Z",
|
|
"modified": "2016-10-28T20:09:27.000Z",
|
|
"first_observed": "2016-10-28T20:09:27Z",
|
|
"last_observed": "2016-10-28T20:09:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b077-5d40-47b2-9aed-43fd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b077-5d40-47b2-9aed-43fd02de0b81",
|
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-espionage-campaign-evolves-adds-japan-target-list/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0bb-59f8-41f4-8cfe-4c6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:35.000Z",
|
|
"modified": "2016-10-28T20:10:35.000Z",
|
|
"description": "TROJ_BLAGFLDR",
|
|
"pattern": "[file:hashes.SHA1 = '52d6b30bc578465d8079d9abd0d4c4826b51b25f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0bc-2b9c-4036-be9f-450902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:36.000Z",
|
|
"modified": "2016-10-28T20:10:36.000Z",
|
|
"description": "TROJ_BLAGFLDR",
|
|
"pattern": "[file:hashes.SHA1 = '800c7d54280f5f35e3b58a6d4dfd4845f6ed9e15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0bc-0f94-463a-bd9c-41c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:36.000Z",
|
|
"modified": "2016-10-28T20:10:36.000Z",
|
|
"description": "TROJ_BLAGFLDR",
|
|
"pattern": "[file:hashes.SHA1 = '8b6614562a79a13e60d100a88f1ba4eb601636db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0bd-d19c-4dd5-8b7b-4d2a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:37.000Z",
|
|
"modified": "2016-10-28T20:10:37.000Z",
|
|
"description": "TROJ_BLAGFLDR",
|
|
"pattern": "[file:hashes.SHA1 = '98efee8dde7d493c0d35d02a2170b6d1b52987d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0cc-ee64-486b-8844-491502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:51.000Z",
|
|
"modified": "2016-10-28T20:10:51.000Z",
|
|
"description": "TSPY_RAMNY",
|
|
"pattern": "[file:hashes.SHA1 = '02785ebcb683a380c80958f3fe2a52f805c5c12d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0cc-9850-4b0c-a966-468f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:52.000Z",
|
|
"modified": "2016-10-28T20:10:52.000Z",
|
|
"description": "TSPY_RAMNY",
|
|
"pattern": "[file:hashes.SHA1 = '74031e70ca3b4004c6b7a8197397882bc02c30cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0cc-0b78-4615-a7fe-4fc002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:10:52.000Z",
|
|
"modified": "2016-10-28T20:10:52.000Z",
|
|
"description": "TSPY_RAMNY",
|
|
"pattern": "[file:hashes.SHA1 = 'b4c63a0ff9b8eb8cc1a53a4dd036e93f9eeceeca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:10:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0db-a9cc-4ef1-a43c-4a1a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:07.000Z",
|
|
"modified": "2016-10-28T20:11:07.000Z",
|
|
"description": "TSPY_YMALRMINI",
|
|
"pattern": "[file:hashes.SHA1 = '048790098a7c6b8405761b75ef2a2fd8bd0560b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0db-e8b4-4a74-9697-4cb702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:07.000Z",
|
|
"modified": "2016-10-28T20:11:07.000Z",
|
|
"description": "TSPY_YMALRMINI",
|
|
"pattern": "[file:hashes.SHA1 = '96f3b52460205f6ecc6b6d1a73f8db13c6634afc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0ef-6230-4650-9f44-421902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:27.000Z",
|
|
"modified": "2016-10-28T20:11:27.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '17cacabcf78c4b164bb0e7d9200289be9236e7bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f0-4c5c-42e6-bda5-4f9002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:28.000Z",
|
|
"modified": "2016-10-28T20:11:28.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '4157ecd252dc09b533fcf6a778aca2c376601354']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f0-af94-4009-97a8-4fc102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:28.000Z",
|
|
"modified": "2016-10-28T20:11:28.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '4f54cfcf266b73ca3759b9cb0252c27094b5b330']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f1-b5a0-48d9-ac1a-434802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:29.000Z",
|
|
"modified": "2016-10-28T20:11:29.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '521a9d73191c7740f969ae3c53e6abf70ffbedf9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f1-e458-4250-b1c6-44d502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:29.000Z",
|
|
"modified": "2016-10-28T20:11:29.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '533565f7953fb1648d437d14d007003c6343b9ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f2-6098-455f-90e5-4ab702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:30.000Z",
|
|
"modified": "2016-10-28T20:11:30.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '80108d2aacb0a1f2a5350f71e7a04239fc5f96a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f2-6164-4fa7-af74-45a302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:30.000Z",
|
|
"modified": "2016-10-28T20:11:30.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '8cad1bcbdd558802b34119fb57160cc748170133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f3-86b0-4376-b22d-4bed02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:31.000Z",
|
|
"modified": "2016-10-28T20:11:31.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = '9a768fae41ca7395b4257e85acef915e124c2981']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f3-fc48-46be-beb2-443402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:31.000Z",
|
|
"modified": "2016-10-28T20:11:31.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = 'a70001c67e81d1dcf62f808760514b6df28a411a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f4-ccfc-4fdf-aa33-41f502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:32.000Z",
|
|
"modified": "2016-10-28T20:11:32.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = 'a9ea07caafeb63133e5131f7a56bc8da1bc3d72a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b0f4-2f30-484a-8b25-4d8702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:11:32.000Z",
|
|
"modified": "2016-10-28T20:11:32.000Z",
|
|
"description": "BKDR_ELIRKS",
|
|
"pattern": "[file:hashes.SHA1 = 'dd0ceafbe7f4bf2905e560c3348545e32bc0f684']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:11:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b139-8d34-4c7c-870a-4c8902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:41.000Z",
|
|
"modified": "2016-10-28T20:12:41.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '02fed8cae7f3986c1344dd75d869ba23cfc4073a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13a-8648-4286-8232-4e9e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:42.000Z",
|
|
"modified": "2016-10-28T20:12:42.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '09d73b522f36786bb6e645b96f244bb51c3cc7ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13a-df00-49a3-9180-4faf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:42.000Z",
|
|
"modified": "2016-10-28T20:12:42.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '0a59d52367435bc22a92c27d60023acec575a5fb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13b-1780-4cee-aed9-454902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:43.000Z",
|
|
"modified": "2016-10-28T20:12:43.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '0cc74332b1e213456693159d3ba12a3421036f68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13c-d42c-4d26-a729-463002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:44.000Z",
|
|
"modified": "2016-10-28T20:12:44.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '1120f049dcb4a62809687dc277b42589d8d1caa6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13c-ac3c-488c-94db-406202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:44.000Z",
|
|
"modified": "2016-10-28T20:12:44.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '12c8cc7e125572d614b708c056f7fd0ed49870c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13d-a4f0-4e9d-9e35-454802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:45.000Z",
|
|
"modified": "2016-10-28T20:12:45.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '29b08d270ba6efcf57ca2ad33d8e3edd93d6b32a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13e-28e8-4251-b93c-492002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:46.000Z",
|
|
"modified": "2016-10-28T20:12:46.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '2d3d7b9521aec637f2e99624e0489b9f140d463f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13e-8b80-4bfb-be21-43dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:46.000Z",
|
|
"modified": "2016-10-28T20:12:46.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '2de7d78615ec0fbf2652790d53b50ddb0472292c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13f-c040-4e01-a60f-4c0302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:47.000Z",
|
|
"modified": "2016-10-28T20:12:47.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '31de946255b240c0ae2f56786ac25183f3aaeea5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b13f-667c-4a78-b6c8-42c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:47.000Z",
|
|
"modified": "2016-10-28T20:12:47.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '3aa8509715c7f55bdee831d5f7db22a2c516db43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b140-2b28-4c77-aea6-42aa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:48.000Z",
|
|
"modified": "2016-10-28T20:12:48.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '3d175b1defe7076e0fe56076dd0d5f438de43324']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b141-51e8-4211-a39e-4c1602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:49.000Z",
|
|
"modified": "2016-10-28T20:12:49.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '4000244b2cba78a45034bb6ab2bac46d6a8a79ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b141-6ee4-4fc8-a6ee-4fed02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:49.000Z",
|
|
"modified": "2016-10-28T20:12:49.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '4882735e8a465fac938fd04546a51efefb9806da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b142-fd98-4913-9c0a-4a4602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:50.000Z",
|
|
"modified": "2016-10-28T20:12:50.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '48d373bdb31dcecd7f59bd5a964d062c8b6bfce8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b142-fe90-425e-9091-468202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:50.000Z",
|
|
"modified": "2016-10-28T20:12:50.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '49f6eb7f8e4a27f574c9a3e8c0da0b7895df7e41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b143-7bc8-4a6f-86ed-454302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:51.000Z",
|
|
"modified": "2016-10-28T20:12:51.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '4c7df09012fc88d336467691acf0afce64f40341']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b144-17d4-4bb9-babf-464902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:52.000Z",
|
|
"modified": "2016-10-28T20:12:52.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '551f9a60203bec904487113e8d42dea463ac6ca9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b144-4950-4edb-a9fb-43e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:52.000Z",
|
|
"modified": "2016-10-28T20:12:52.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '5a4b15fa5a615a93191ede4c75dd3e65e87586dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b145-8958-494d-b6ef-475402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:53.000Z",
|
|
"modified": "2016-10-28T20:12:53.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '5aa5117db6f420c81d2e1a7f036963a3c6ef02e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b145-dfc0-4fcc-af12-407902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:53.000Z",
|
|
"modified": "2016-10-28T20:12:53.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '5dc007d056513cba030ec16e15bdbb9ea5fe0e5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b146-431c-40ab-a3f0-4c3602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:54.000Z",
|
|
"modified": "2016-10-28T20:12:54.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '628309a60ad1fbe240486519de1424f7ddc2df4d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b146-6f90-4d33-9ab1-479302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:54.000Z",
|
|
"modified": "2016-10-28T20:12:54.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '636e7a9effb1a244697c880832e486de56260527']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b147-cff0-4f3b-ac61-4f3502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:55.000Z",
|
|
"modified": "2016-10-28T20:12:55.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '6bb5f51d03edd1acd7d38cca8095a237543c6a0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b147-8b4c-4737-9d1d-454302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:55.000Z",
|
|
"modified": "2016-10-28T20:12:55.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '6c4786b792f13643d408199e1b5d43f6473f5eea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b148-c48c-4c9c-ae81-411102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:56.000Z",
|
|
"modified": "2016-10-28T20:12:56.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '6dd997409afec6fafbe54bd9d70d45fffff6a807']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b148-8864-457d-bd0b-42c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:56.000Z",
|
|
"modified": "2016-10-28T20:12:56.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '7142ca7079da17fa9871cbc86f7633b3253aeaed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b149-0304-4531-aa5b-4fb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:57.000Z",
|
|
"modified": "2016-10-28T20:12:57.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '7254b719fd3cf87c8ac8ed9327c8e1bf99abf7af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b149-06c4-43ad-8d3d-40bc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:57.000Z",
|
|
"modified": "2016-10-28T20:12:57.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '7329a789363f890c401c286dbaf3d2bf79ee14f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14a-b164-4818-b093-4e5e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:58.000Z",
|
|
"modified": "2016-10-28T20:12:58.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '7b2c4d14710cf2fd53486399ecc5af85cd75eca6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14a-f0c4-4ebb-b37a-480a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:58.000Z",
|
|
"modified": "2016-10-28T20:12:58.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '88e22933b76273793e4278c433562fb0b4fe125a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14a-4828-4eb4-b4c7-49de02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:58.000Z",
|
|
"modified": "2016-10-28T20:12:58.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '8917c582ab5c2e831de6eba33b4f19d6e3a2cb70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14b-48cc-4bfd-9415-4dd302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:59.000Z",
|
|
"modified": "2016-10-28T20:12:59.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '8c325e92bf21d0c3737dbbc596854bc12184eeaf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14b-5b60-4df6-ba13-4bf902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:12:59.000Z",
|
|
"modified": "2016-10-28T20:12:59.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '8f65cbde2f3b664bcede3822a19765bdb7f58099']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:12:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14c-e3bc-4917-93f4-40d402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:00.000Z",
|
|
"modified": "2016-10-28T20:13:00.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '9047b6b2e8fbaa8a06b2faaa30e038058444106a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14c-1a2c-4917-852b-48c502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:00.000Z",
|
|
"modified": "2016-10-28T20:13:00.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '93c3f23905599df78cd5416dd9f7c171b3f1e29e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14d-d9f0-4e05-916f-422602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:01.000Z",
|
|
"modified": "2016-10-28T20:13:01.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '94750bdae0fa190116a68e96d45f3d46c24b6cf1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14d-69b0-4a19-9970-4ae202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:01.000Z",
|
|
"modified": "2016-10-28T20:13:01.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '9954a1c8e7b0e2f17841608f6b8c9d042b7a0780']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14e-a7d4-43c1-9b52-43d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:02.000Z",
|
|
"modified": "2016-10-28T20:13:02.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '9b96646d152583ff58c2c29191cb1672847d56b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14e-b1ac-4267-b2f7-4dac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:02.000Z",
|
|
"modified": "2016-10-28T20:13:02.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = '9f5a3b6db752d617f4d278d6531e2bbdb7faa977']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14f-190c-4ac3-91ab-4f2102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:03.000Z",
|
|
"modified": "2016-10-28T20:13:03.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'a30cc98ceb5d3379e80443f68a186326926f73ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14f-3428-43f2-a6b8-4f9702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:03.000Z",
|
|
"modified": "2016-10-28T20:13:03.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'a893896af5468ac6e04cdd13edff8cae04800848']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b14f-29f0-49d1-8589-47dd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:03.000Z",
|
|
"modified": "2016-10-28T20:13:03.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'a8f461749c7fe2a21116b8390cf84a8300009321']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b150-0640-47c7-87f9-43a902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:04.000Z",
|
|
"modified": "2016-10-28T20:13:04.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'a9108bf3ce39cea40e46ac575247a9a7c077b2a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b150-7174-49aa-9137-406702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:04.000Z",
|
|
"modified": "2016-10-28T20:13:04.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'a9fd9ade807af4779f3eea39fed2c583a50c8497']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b151-3c9c-46bf-b0f0-483e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:05.000Z",
|
|
"modified": "2016-10-28T20:13:05.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'ac014e4c2d68f6c982ac58738857b698b9e46af5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b151-3950-438e-9856-49b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:05.000Z",
|
|
"modified": "2016-10-28T20:13:05.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'acaec2b0f86ec4262be5bb8bcebcc12093e071ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b151-588c-470d-9d7a-45c302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:05.000Z",
|
|
"modified": "2016-10-28T20:13:05.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'ad61c51b03022ef6bcb5e9738fe2f621e970ecb3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b152-72dc-492b-9d0e-4db102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:06.000Z",
|
|
"modified": "2016-10-28T20:13:06.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'b28f6ba3d6571c5d85cb5276cbcdce9adf49d5a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b152-f678-4bed-86d3-452002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:06.000Z",
|
|
"modified": "2016-10-28T20:13:06.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'bc61f1b3c8eb3bda2071f6caf71ff23705128ca5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b152-da10-4853-8c68-4ebf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:06.000Z",
|
|
"modified": "2016-10-28T20:13:06.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'c30b305a7bea9a2f61aca2dbcf596c2b0c0e4fa0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b153-86b8-4e7b-95a9-4ec802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:07.000Z",
|
|
"modified": "2016-10-28T20:13:07.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'c4c747f26f95fdbfc5bff04688dc76ae0bb48fff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b153-aa98-42ca-940a-42c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:07.000Z",
|
|
"modified": "2016-10-28T20:13:07.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'c58d6fc761dec675ab45ad5c3682ffc9936cf357']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b153-6080-4505-8ff6-4b1b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:07.000Z",
|
|
"modified": "2016-10-28T20:13:07.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'c85f528900aa9d836abd88eb56902efd711491da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b154-c25c-4924-aeb7-4b7702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:08.000Z",
|
|
"modified": "2016-10-28T20:13:08.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'ca163d6ae85edede87b271267918a0ffe98040c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b155-0d14-4f1c-893e-420302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:09.000Z",
|
|
"modified": "2016-10-28T20:13:09.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'cf629249fb4af86746059e638ccef5b8a43c6834']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b156-58c4-4a80-abad-466002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:10.000Z",
|
|
"modified": "2016-10-28T20:13:10.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'cfd9a67b4b0eb3d756bb7e449b46687e6aef006b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b156-d040-4827-9f7a-4b1102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:10.000Z",
|
|
"modified": "2016-10-28T20:13:10.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'd107268bd767a2dfe1c8733b7da96c1a64f5d112']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b157-1588-4336-9852-4b5e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:11.000Z",
|
|
"modified": "2016-10-28T20:13:11.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'd7cd079f8485ea55443ed497f055dbed5ae4a668']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b157-6ac8-446c-9122-43d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:11.000Z",
|
|
"modified": "2016-10-28T20:13:11.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'd95c97f1525e9888571f498f2be584dda243da2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b157-859c-4f7d-9664-4dad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:11.000Z",
|
|
"modified": "2016-10-28T20:13:11.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'e01f9ba6355bcdc7ccf89261658bff9f965b8c21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b158-92cc-42b8-a923-43f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:12.000Z",
|
|
"modified": "2016-10-28T20:13:12.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'e05efde2b442dc4119179e3c39c74a973499e271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b158-b198-44be-b7fb-49ef02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:12.000Z",
|
|
"modified": "2016-10-28T20:13:12.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'e1acfed710f186d86a2bc8179ff38fdd21f9a1b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b158-f5b4-44e7-b30a-42d902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:12.000Z",
|
|
"modified": "2016-10-28T20:13:12.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'e1fb2e1866f332a5656bf55fde13ff57d5f0bbf6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b159-e400-43f3-93a6-400902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:13.000Z",
|
|
"modified": "2016-10-28T20:13:13.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'e77303d80968395eec008515ea9eb3c620b14255']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b159-ad10-4f8f-a04c-4a3202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:13.000Z",
|
|
"modified": "2016-10-28T20:13:13.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'eb9e553524d414d862857297baf44da3b4072650']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b15a-da18-45e5-b601-4bac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:14.000Z",
|
|
"modified": "2016-10-28T20:13:14.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'eca06f3c535ba3b3463917974a79efc821fddb6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b15a-c2bc-42ea-9a9e-4b4e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:14.000Z",
|
|
"modified": "2016-10-28T20:13:14.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'eeb065a1963a8aa0496e61305c076c5946d77e12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b15a-cb80-47fb-ba14-4d0102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:14.000Z",
|
|
"modified": "2016-10-28T20:13:14.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'efa611262e6d4804ce9026d50bfa64f20d9271ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b15b-76a4-403c-b9f1-4f5b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:15.000Z",
|
|
"modified": "2016-10-28T20:13:15.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'fb59481d153388d2ad3bb6321d0b2875cb07f4d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b15b-5564-4969-a8e3-474202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:13:15.000Z",
|
|
"modified": "2016-10-28T20:13:15.000Z",
|
|
"description": "BKDR_YMALR",
|
|
"pattern": "[file:hashes.SHA1 = 'fbcbbc187e99317c5a36a3667592590a7f5a17d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:13:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24c-cc58-4975-b86a-4f7902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:16.000Z",
|
|
"modified": "2016-10-28T20:17:16.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: fbcbbc187e99317c5a36a3667592590a7f5a17d1",
|
|
"pattern": "[file:hashes.SHA256 = '636c3af6ca45f5ebc413fdde9e706603151e4ce081bc73addf666ba6c9d198ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24c-db44-4eb7-995c-4af102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:16.000Z",
|
|
"modified": "2016-10-28T20:17:16.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: fbcbbc187e99317c5a36a3667592590a7f5a17d1",
|
|
"pattern": "[file:hashes.MD5 = 'e20088a36fd4864c233f0e9a2b01c538']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b24d-a1dc-491b-968b-497e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:17.000Z",
|
|
"modified": "2016-10-28T20:17:17.000Z",
|
|
"first_observed": "2016-10-28T20:17:17Z",
|
|
"last_observed": "2016-10-28T20:17:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b24d-a1dc-491b-968b-497e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b24d-a1dc-491b-968b-497e02de0b81",
|
|
"value": "https://www.virustotal.com/file/636c3af6ca45f5ebc413fdde9e706603151e4ce081bc73addf666ba6c9d198ba/analysis/1477576245/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24d-2fd4-489e-82ea-461002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:17.000Z",
|
|
"modified": "2016-10-28T20:17:17.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: fb59481d153388d2ad3bb6321d0b2875cb07f4d3",
|
|
"pattern": "[file:hashes.SHA256 = '84fcca9d2f61c4a8b94d4a6ef8a12cf36422ddf409ce860047f1d6f8b193f71c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24d-69d0-4a1f-bf37-4b2c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:17.000Z",
|
|
"modified": "2016-10-28T20:17:17.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: fb59481d153388d2ad3bb6321d0b2875cb07f4d3",
|
|
"pattern": "[file:hashes.MD5 = 'dc7bfbfbf26edbbe433d2d42f3f4fc7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b24d-0194-4642-9476-4bc602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:17.000Z",
|
|
"modified": "2016-10-28T20:17:17.000Z",
|
|
"first_observed": "2016-10-28T20:17:17Z",
|
|
"last_observed": "2016-10-28T20:17:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b24d-0194-4642-9476-4bc602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b24d-0194-4642-9476-4bc602de0b81",
|
|
"value": "https://www.virustotal.com/file/84fcca9d2f61c4a8b94d4a6ef8a12cf36422ddf409ce860047f1d6f8b193f71c/analysis/1477576245/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24e-a190-447e-b87b-4e5002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:18.000Z",
|
|
"modified": "2016-10-28T20:17:18.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: efa611262e6d4804ce9026d50bfa64f20d9271ca",
|
|
"pattern": "[file:hashes.SHA256 = 'f6cb59b697cd27359f12228cf11ae5aa21b17e1845ae8007c668319672cdfb33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24e-3e14-4763-8fdd-49aa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:18.000Z",
|
|
"modified": "2016-10-28T20:17:18.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: efa611262e6d4804ce9026d50bfa64f20d9271ca",
|
|
"pattern": "[file:hashes.MD5 = '12d523a6687de4e4e96a887dafce0298']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b24e-0050-4d4b-9b62-436902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:18.000Z",
|
|
"modified": "2016-10-28T20:17:18.000Z",
|
|
"first_observed": "2016-10-28T20:17:18Z",
|
|
"last_observed": "2016-10-28T20:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b24e-0050-4d4b-9b62-436902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b24e-0050-4d4b-9b62-436902de0b81",
|
|
"value": "https://www.virustotal.com/file/f6cb59b697cd27359f12228cf11ae5aa21b17e1845ae8007c668319672cdfb33/analysis/1477576245/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24e-c7e4-433d-8284-494d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:18.000Z",
|
|
"modified": "2016-10-28T20:17:18.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: eeb065a1963a8aa0496e61305c076c5946d77e12",
|
|
"pattern": "[file:hashes.SHA256 = '0f1f6838c591a0456881fbcd65d511932d2fa6c16fcb27eb4a793240ef0c25de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24f-3080-4145-a419-499f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:19.000Z",
|
|
"modified": "2016-10-28T20:17:19.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: eeb065a1963a8aa0496e61305c076c5946d77e12",
|
|
"pattern": "[file:hashes.MD5 = 'f211db4226458730e94818f95230d235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b24f-6160-41db-9903-47d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:19.000Z",
|
|
"modified": "2016-10-28T20:17:19.000Z",
|
|
"first_observed": "2016-10-28T20:17:19Z",
|
|
"last_observed": "2016-10-28T20:17:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b24f-6160-41db-9903-47d802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b24f-6160-41db-9903-47d802de0b81",
|
|
"value": "https://www.virustotal.com/file/0f1f6838c591a0456881fbcd65d511932d2fa6c16fcb27eb4a793240ef0c25de/analysis/1461148489/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24f-b6d0-4087-9abb-460e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:19.000Z",
|
|
"modified": "2016-10-28T20:17:19.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: eca06f3c535ba3b3463917974a79efc821fddb6c",
|
|
"pattern": "[file:hashes.SHA256 = '9d212233e669d61fb1c432c9889f4c723819ece549954ff6f741921534ed6336']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b24f-65b0-45a1-9d43-47b802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:19.000Z",
|
|
"modified": "2016-10-28T20:17:19.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: eca06f3c535ba3b3463917974a79efc821fddb6c",
|
|
"pattern": "[file:hashes.MD5 = '2e017008baca6453e502e451e0391bf1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b24f-0890-43c2-b97a-437702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:19.000Z",
|
|
"modified": "2016-10-28T20:17:19.000Z",
|
|
"first_observed": "2016-10-28T20:17:19Z",
|
|
"last_observed": "2016-10-28T20:17:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b24f-0890-43c2-b97a-437702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b24f-0890-43c2-b97a-437702de0b81",
|
|
"value": "https://www.virustotal.com/file/9d212233e669d61fb1c432c9889f4c723819ece549954ff6f741921534ed6336/analysis/1441968421/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b250-f804-4b70-a0a0-4ddc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:20.000Z",
|
|
"modified": "2016-10-28T20:17:20.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: eb9e553524d414d862857297baf44da3b4072650",
|
|
"pattern": "[file:hashes.SHA256 = '027ff8faf7952d791e39c9dda392dfce1094a4ceece46dbd2f53cf2ad5f8bc21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b250-4094-4b47-8537-4adb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:20.000Z",
|
|
"modified": "2016-10-28T20:17:20.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: eb9e553524d414d862857297baf44da3b4072650",
|
|
"pattern": "[file:hashes.MD5 = '1707f59627e12c0cb164c5aa52660582']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b250-ba5c-4f88-b027-432f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:20.000Z",
|
|
"modified": "2016-10-28T20:17:20.000Z",
|
|
"first_observed": "2016-10-28T20:17:20Z",
|
|
"last_observed": "2016-10-28T20:17:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b250-ba5c-4f88-b027-432f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b250-ba5c-4f88-b027-432f02de0b81",
|
|
"value": "https://www.virustotal.com/file/027ff8faf7952d791e39c9dda392dfce1094a4ceece46dbd2f53cf2ad5f8bc21/analysis/1365782527/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b250-5c3c-4ee5-af80-4e9602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:20.000Z",
|
|
"modified": "2016-10-28T20:17:20.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e77303d80968395eec008515ea9eb3c620b14255",
|
|
"pattern": "[file:hashes.SHA256 = '8bc8dd186369542d4e97c9967cea667de226b4738c3d6a2249e19a6fbff2109f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b251-ff8c-4a18-9a2b-43f502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:21.000Z",
|
|
"modified": "2016-10-28T20:17:21.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e77303d80968395eec008515ea9eb3c620b14255",
|
|
"pattern": "[file:hashes.MD5 = '8de589a60319a0560b5592ac0ad5ffae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b251-6794-4e3a-a548-491d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:21.000Z",
|
|
"modified": "2016-10-28T20:17:21.000Z",
|
|
"first_observed": "2016-10-28T20:17:21Z",
|
|
"last_observed": "2016-10-28T20:17:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b251-6794-4e3a-a548-491d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b251-6794-4e3a-a548-491d02de0b81",
|
|
"value": "https://www.virustotal.com/file/8bc8dd186369542d4e97c9967cea667de226b4738c3d6a2249e19a6fbff2109f/analysis/1477576244/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b251-6744-466c-bd3a-43a602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:21.000Z",
|
|
"modified": "2016-10-28T20:17:21.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e1fb2e1866f332a5656bf55fde13ff57d5f0bbf6",
|
|
"pattern": "[file:hashes.SHA256 = '45496be07ab8a3fad86980219073a28576106c8bca5c8fd70c882eef0e9df428']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b251-29ac-4d9e-8d56-42b202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:21.000Z",
|
|
"modified": "2016-10-28T20:17:21.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e1fb2e1866f332a5656bf55fde13ff57d5f0bbf6",
|
|
"pattern": "[file:hashes.MD5 = 'd729680189caccd29f1089084769ffe6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b252-48b8-4933-98bd-47f702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:22.000Z",
|
|
"modified": "2016-10-28T20:17:22.000Z",
|
|
"first_observed": "2016-10-28T20:17:22Z",
|
|
"last_observed": "2016-10-28T20:17:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b252-48b8-4933-98bd-47f702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b252-48b8-4933-98bd-47f702de0b81",
|
|
"value": "https://www.virustotal.com/file/45496be07ab8a3fad86980219073a28576106c8bca5c8fd70c882eef0e9df428/analysis/1461148251/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b252-5304-465d-b5f2-4a5702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:22.000Z",
|
|
"modified": "2016-10-28T20:17:22.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e1acfed710f186d86a2bc8179ff38fdd21f9a1b6",
|
|
"pattern": "[file:hashes.SHA256 = '8616976726d25f25646964edd23e9355efc746a11c5a11ef7d14ab6115b72d75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b252-3ac0-4c72-a279-44ff02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:22.000Z",
|
|
"modified": "2016-10-28T20:17:22.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e1acfed710f186d86a2bc8179ff38fdd21f9a1b6",
|
|
"pattern": "[file:hashes.MD5 = 'a55db050c2e8604751d4fa387734c538']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b252-7cc0-4095-bb4b-432d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:22.000Z",
|
|
"modified": "2016-10-28T20:17:22.000Z",
|
|
"first_observed": "2016-10-28T20:17:22Z",
|
|
"last_observed": "2016-10-28T20:17:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b252-7cc0-4095-bb4b-432d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b252-7cc0-4095-bb4b-432d02de0b81",
|
|
"value": "https://www.virustotal.com/file/8616976726d25f25646964edd23e9355efc746a11c5a11ef7d14ab6115b72d75/analysis/1420764123/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b253-e6cc-4f09-8ed2-4f9202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:23.000Z",
|
|
"modified": "2016-10-28T20:17:23.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e05efde2b442dc4119179e3c39c74a973499e271",
|
|
"pattern": "[file:hashes.SHA256 = '40cc76ef34c03a04ad393b68c2110b0e58ec0a7b9da16fd5005993bd8700b951']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b253-a07c-4442-bd76-4a2402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:23.000Z",
|
|
"modified": "2016-10-28T20:17:23.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e05efde2b442dc4119179e3c39c74a973499e271",
|
|
"pattern": "[file:hashes.MD5 = '2c6633d4742c48fcfb73f570389f0d47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b253-beb0-4e78-818b-407402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:23.000Z",
|
|
"modified": "2016-10-28T20:17:23.000Z",
|
|
"first_observed": "2016-10-28T20:17:23Z",
|
|
"last_observed": "2016-10-28T20:17:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b253-beb0-4e78-818b-407402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b253-beb0-4e78-818b-407402de0b81",
|
|
"value": "https://www.virustotal.com/file/40cc76ef34c03a04ad393b68c2110b0e58ec0a7b9da16fd5005993bd8700b951/analysis/1477576243/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b253-d5ac-4792-922d-45d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:23.000Z",
|
|
"modified": "2016-10-28T20:17:23.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e01f9ba6355bcdc7ccf89261658bff9f965b8c21",
|
|
"pattern": "[file:hashes.SHA256 = '53a3c1aa683d296c88bd6565a8b417f09e392ceae4c285464859df1953e75382']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b254-390c-4fe9-9352-433502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:24.000Z",
|
|
"modified": "2016-10-28T20:17:24.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: e01f9ba6355bcdc7ccf89261658bff9f965b8c21",
|
|
"pattern": "[file:hashes.MD5 = '4918f936535085ffb223d68a58d50789']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b254-ec8c-4107-906e-472d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:24.000Z",
|
|
"modified": "2016-10-28T20:17:24.000Z",
|
|
"first_observed": "2016-10-28T20:17:24Z",
|
|
"last_observed": "2016-10-28T20:17:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b254-ec8c-4107-906e-472d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b254-ec8c-4107-906e-472d02de0b81",
|
|
"value": "https://www.virustotal.com/file/53a3c1aa683d296c88bd6565a8b417f09e392ceae4c285464859df1953e75382/analysis/1477576243/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b254-dce4-44a8-8de5-44ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:24.000Z",
|
|
"modified": "2016-10-28T20:17:24.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: d95c97f1525e9888571f498f2be584dda243da2a",
|
|
"pattern": "[file:hashes.SHA256 = '633e849407f22fae3e5c6d2bf1921f1b11074229c797ea1e57a85cbc05880c84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b254-5d3c-46c4-a908-497302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:24.000Z",
|
|
"modified": "2016-10-28T20:17:24.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: d95c97f1525e9888571f498f2be584dda243da2a",
|
|
"pattern": "[file:hashes.MD5 = 'b628ca3b7ca80e4c91b6f8a77dd76972']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b254-356c-42cc-b7df-480a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:24.000Z",
|
|
"modified": "2016-10-28T20:17:24.000Z",
|
|
"first_observed": "2016-10-28T20:17:24Z",
|
|
"last_observed": "2016-10-28T20:17:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b254-356c-42cc-b7df-480a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b254-356c-42cc-b7df-480a02de0b81",
|
|
"value": "https://www.virustotal.com/file/633e849407f22fae3e5c6d2bf1921f1b11074229c797ea1e57a85cbc05880c84/analysis/1461147601/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b255-1858-4747-b45e-449602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:25.000Z",
|
|
"modified": "2016-10-28T20:17:25.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: d7cd079f8485ea55443ed497f055dbed5ae4a668",
|
|
"pattern": "[file:hashes.SHA256 = '85a227dd905a3fb458e35c76adfede77a03e65c43b4dff8162f5e438f4e55d65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b255-0164-4b86-86e7-42e602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:25.000Z",
|
|
"modified": "2016-10-28T20:17:25.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: d7cd079f8485ea55443ed497f055dbed5ae4a668",
|
|
"pattern": "[file:hashes.MD5 = 'c8f14b43bbdb87f281a9f8c712202d82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b255-e51c-4817-9bea-430802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:25.000Z",
|
|
"modified": "2016-10-28T20:17:25.000Z",
|
|
"first_observed": "2016-10-28T20:17:25Z",
|
|
"last_observed": "2016-10-28T20:17:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b255-e51c-4817-9bea-430802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b255-e51c-4817-9bea-430802de0b81",
|
|
"value": "https://www.virustotal.com/file/85a227dd905a3fb458e35c76adfede77a03e65c43b4dff8162f5e438f4e55d65/analysis/1477576244/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b255-d130-4dc7-9419-4c5d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:25.000Z",
|
|
"modified": "2016-10-28T20:17:25.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: d107268bd767a2dfe1c8733b7da96c1a64f5d112",
|
|
"pattern": "[file:hashes.SHA256 = 'd7cd8432b89148bc21e3a9e76970fb8d33b4103af9c94599ca8401c5e6d71a97']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b256-028c-44e0-b205-461402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:26.000Z",
|
|
"modified": "2016-10-28T20:17:26.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: d107268bd767a2dfe1c8733b7da96c1a64f5d112",
|
|
"pattern": "[file:hashes.MD5 = 'f2395e0a7ee0f64b5d58cebc37543cfb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b256-d70c-4161-87a2-49a602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:26.000Z",
|
|
"modified": "2016-10-28T20:17:26.000Z",
|
|
"first_observed": "2016-10-28T20:17:26Z",
|
|
"last_observed": "2016-10-28T20:17:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b256-d70c-4161-87a2-49a602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b256-d70c-4161-87a2-49a602de0b81",
|
|
"value": "https://www.virustotal.com/file/d7cd8432b89148bc21e3a9e76970fb8d33b4103af9c94599ca8401c5e6d71a97/analysis/1412319190/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b256-744c-4dcc-bdaf-443202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:26.000Z",
|
|
"modified": "2016-10-28T20:17:26.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: cf629249fb4af86746059e638ccef5b8a43c6834",
|
|
"pattern": "[file:hashes.SHA256 = '138993de871eefc72967b61b7c030649e1881be8adacbee933636fb4fc2ae444']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b256-0610-49a0-a7ab-4ace02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:26.000Z",
|
|
"modified": "2016-10-28T20:17:26.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: cf629249fb4af86746059e638ccef5b8a43c6834",
|
|
"pattern": "[file:hashes.MD5 = '68406cf69b880fec6780a8d148bf3ff4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b256-e44c-47b8-9bae-457302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:26.000Z",
|
|
"modified": "2016-10-28T20:17:26.000Z",
|
|
"first_observed": "2016-10-28T20:17:26Z",
|
|
"last_observed": "2016-10-28T20:17:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b256-e44c-47b8-9bae-457302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b256-e44c-47b8-9bae-457302de0b81",
|
|
"value": "https://www.virustotal.com/file/138993de871eefc72967b61b7c030649e1881be8adacbee933636fb4fc2ae444/analysis/1461146465/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b257-b3f0-4f5b-89d7-478002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:27.000Z",
|
|
"modified": "2016-10-28T20:17:27.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: ca163d6ae85edede87b271267918a0ffe98040c7",
|
|
"pattern": "[file:hashes.SHA256 = '8c0a2226d378baa1a682b782163143ce612b790d7cbd46d08a83ebb3bf866f4f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b257-9938-4038-96ea-4e5302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:27.000Z",
|
|
"modified": "2016-10-28T20:17:27.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: ca163d6ae85edede87b271267918a0ffe98040c7",
|
|
"pattern": "[file:hashes.MD5 = '15283cc9e8fe86823ac0d52b6aaf27c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b257-4628-4e8c-b5f1-41d602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:27.000Z",
|
|
"modified": "2016-10-28T20:17:27.000Z",
|
|
"first_observed": "2016-10-28T20:17:27Z",
|
|
"last_observed": "2016-10-28T20:17:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b257-4628-4e8c-b5f1-41d602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b257-4628-4e8c-b5f1-41d602de0b81",
|
|
"value": "https://www.virustotal.com/file/8c0a2226d378baa1a682b782163143ce612b790d7cbd46d08a83ebb3bf866f4f/analysis/1461145666/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b257-8c10-408f-86fe-484102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:27.000Z",
|
|
"modified": "2016-10-28T20:17:27.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c85f528900aa9d836abd88eb56902efd711491da",
|
|
"pattern": "[file:hashes.SHA256 = '84117f538361883e7ba3dd6d7825059f1b9378c71726fb70189cbd3d66812997']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b258-5808-481b-bd7b-499302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:28.000Z",
|
|
"modified": "2016-10-28T20:17:28.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c85f528900aa9d836abd88eb56902efd711491da",
|
|
"pattern": "[file:hashes.MD5 = 'd320fbe8b672489b0da8d1a591d76176']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b258-7104-4f65-99c5-4fde02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:28.000Z",
|
|
"modified": "2016-10-28T20:17:28.000Z",
|
|
"first_observed": "2016-10-28T20:17:28Z",
|
|
"last_observed": "2016-10-28T20:17:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b258-7104-4f65-99c5-4fde02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b258-7104-4f65-99c5-4fde02de0b81",
|
|
"value": "https://www.virustotal.com/file/84117f538361883e7ba3dd6d7825059f1b9378c71726fb70189cbd3d66812997/analysis/1471464018/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b258-e398-4440-b793-41ca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:28.000Z",
|
|
"modified": "2016-10-28T20:17:28.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c58d6fc761dec675ab45ad5c3682ffc9936cf357",
|
|
"pattern": "[file:hashes.SHA256 = 'eaeb778224f16311af071d3f82a4f04eacb6b73b97b001fcd40051a8963050fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b258-90f4-4c40-b088-433d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:28.000Z",
|
|
"modified": "2016-10-28T20:17:28.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c58d6fc761dec675ab45ad5c3682ffc9936cf357",
|
|
"pattern": "[file:hashes.MD5 = 'f95bfb2dd482ba80a321f88bcab0bd04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b259-05ac-4f0b-a959-440702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:29.000Z",
|
|
"modified": "2016-10-28T20:17:29.000Z",
|
|
"first_observed": "2016-10-28T20:17:29Z",
|
|
"last_observed": "2016-10-28T20:17:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b259-05ac-4f0b-a959-440702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b259-05ac-4f0b-a959-440702de0b81",
|
|
"value": "https://www.virustotal.com/file/eaeb778224f16311af071d3f82a4f04eacb6b73b97b001fcd40051a8963050fc/analysis/1441968408/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b259-6420-4df6-86b7-48c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:29.000Z",
|
|
"modified": "2016-10-28T20:17:29.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c4c747f26f95fdbfc5bff04688dc76ae0bb48fff",
|
|
"pattern": "[file:hashes.SHA256 = 'c1c64b167303518f5cf762ae76b6a4026248767e394e0cbc9bc961cd37833937']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b259-2d70-4643-b286-40d602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:29.000Z",
|
|
"modified": "2016-10-28T20:17:29.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c4c747f26f95fdbfc5bff04688dc76ae0bb48fff",
|
|
"pattern": "[file:hashes.MD5 = '973238f045566aca65adcc2296b08a83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b259-81c8-42a3-b133-46e702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:29.000Z",
|
|
"modified": "2016-10-28T20:17:29.000Z",
|
|
"first_observed": "2016-10-28T20:17:29Z",
|
|
"last_observed": "2016-10-28T20:17:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b259-81c8-42a3-b133-46e702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b259-81c8-42a3-b133-46e702de0b81",
|
|
"value": "https://www.virustotal.com/file/c1c64b167303518f5cf762ae76b6a4026248767e394e0cbc9bc961cd37833937/analysis/1431598463/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25a-89c0-483b-bbfa-445702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:30.000Z",
|
|
"modified": "2016-10-28T20:17:30.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c30b305a7bea9a2f61aca2dbcf596c2b0c0e4fa0",
|
|
"pattern": "[file:hashes.SHA256 = '262d7106f1a227f278bcb344bc20186ff4231e1513aa61bd25c1da833cc142c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25a-9774-4a7a-a224-4f2f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:30.000Z",
|
|
"modified": "2016-10-28T20:17:30.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: c30b305a7bea9a2f61aca2dbcf596c2b0c0e4fa0",
|
|
"pattern": "[file:hashes.MD5 = 'f6ecf8a062a97d2614c5bc5661ca4738']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25a-22cc-46d5-9e21-4fe402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:30.000Z",
|
|
"modified": "2016-10-28T20:17:30.000Z",
|
|
"first_observed": "2016-10-28T20:17:30Z",
|
|
"last_observed": "2016-10-28T20:17:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25a-22cc-46d5-9e21-4fe402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25a-22cc-46d5-9e21-4fe402de0b81",
|
|
"value": "https://www.virustotal.com/file/262d7106f1a227f278bcb344bc20186ff4231e1513aa61bd25c1da833cc142c5/analysis/1461148514/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25a-8bc8-4b4c-afd1-487902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:30.000Z",
|
|
"modified": "2016-10-28T20:17:30.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: bc61f1b3c8eb3bda2071f6caf71ff23705128ca5",
|
|
"pattern": "[file:hashes.SHA256 = '7bf2ce5acd108ac5f326ba303dac3096ced8afd3e7c88dc14e58765161fd2c00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25b-faa8-496c-b34b-48ce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:31.000Z",
|
|
"modified": "2016-10-28T20:17:31.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: bc61f1b3c8eb3bda2071f6caf71ff23705128ca5",
|
|
"pattern": "[file:hashes.MD5 = '5de0e433a838ce0f9a0581bbd72cf671']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25b-1b0c-49da-8abd-44e102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:31.000Z",
|
|
"modified": "2016-10-28T20:17:31.000Z",
|
|
"first_observed": "2016-10-28T20:17:31Z",
|
|
"last_observed": "2016-10-28T20:17:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25b-1b0c-49da-8abd-44e102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25b-1b0c-49da-8abd-44e102de0b81",
|
|
"value": "https://www.virustotal.com/file/7bf2ce5acd108ac5f326ba303dac3096ced8afd3e7c88dc14e58765161fd2c00/analysis/1477576242/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25b-6a28-47b5-8908-4d6002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:31.000Z",
|
|
"modified": "2016-10-28T20:17:31.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: b28f6ba3d6571c5d85cb5276cbcdce9adf49d5a9",
|
|
"pattern": "[file:hashes.SHA256 = '688e33d45ae76dbbbd0f7462f4736453c36abfbf3d6fd1cca02a8e7ef0ea610a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25b-a4bc-4f64-91e7-418202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:31.000Z",
|
|
"modified": "2016-10-28T20:17:31.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: b28f6ba3d6571c5d85cb5276cbcdce9adf49d5a9",
|
|
"pattern": "[file:hashes.MD5 = '6f8278f14cc704f6bf9032f5b838e32c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25b-09b4-441e-b936-4f4802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:31.000Z",
|
|
"modified": "2016-10-28T20:17:31.000Z",
|
|
"first_observed": "2016-10-28T20:17:31Z",
|
|
"last_observed": "2016-10-28T20:17:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25b-09b4-441e-b936-4f4802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25b-09b4-441e-b936-4f4802de0b81",
|
|
"value": "https://www.virustotal.com/file/688e33d45ae76dbbbd0f7462f4736453c36abfbf3d6fd1cca02a8e7ef0ea610a/analysis/1446630787/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25c-ff0c-4652-912e-408202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:32.000Z",
|
|
"modified": "2016-10-28T20:17:32.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: ad61c51b03022ef6bcb5e9738fe2f621e970ecb3",
|
|
"pattern": "[file:hashes.SHA256 = '93c5bd2914a1ebd9584dbe1e0d8de1060e0bea2fa51789ede5f11da25ae5c65b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25c-8c1c-4939-ba62-439a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:32.000Z",
|
|
"modified": "2016-10-28T20:17:32.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: ad61c51b03022ef6bcb5e9738fe2f621e970ecb3",
|
|
"pattern": "[file:hashes.MD5 = '7d7edf4d49fdceb725a25aeb660edc08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25c-a950-4bbb-a10a-491102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:32.000Z",
|
|
"modified": "2016-10-28T20:17:32.000Z",
|
|
"first_observed": "2016-10-28T20:17:32Z",
|
|
"last_observed": "2016-10-28T20:17:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25c-a950-4bbb-a10a-491102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25c-a950-4bbb-a10a-491102de0b81",
|
|
"value": "https://www.virustotal.com/file/93c5bd2914a1ebd9584dbe1e0d8de1060e0bea2fa51789ede5f11da25ae5c65b/analysis/1474440474/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25d-a1a4-4c2a-8ae5-451c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:33.000Z",
|
|
"modified": "2016-10-28T20:17:33.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: acaec2b0f86ec4262be5bb8bcebcc12093e071ba",
|
|
"pattern": "[file:hashes.SHA256 = 'e44bd67d0828c375760ebe16a62e73b5eff1540ff587a6c358a63d7d5ab5f5cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25d-29b8-488e-b9f7-4a8c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:33.000Z",
|
|
"modified": "2016-10-28T20:17:33.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: acaec2b0f86ec4262be5bb8bcebcc12093e071ba",
|
|
"pattern": "[file:hashes.MD5 = 'c995139dbba72b5e5b72388703b7fff1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25d-d808-4b73-b2fb-4aee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:33.000Z",
|
|
"modified": "2016-10-28T20:17:33.000Z",
|
|
"first_observed": "2016-10-28T20:17:33Z",
|
|
"last_observed": "2016-10-28T20:17:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25d-d808-4b73-b2fb-4aee02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25d-d808-4b73-b2fb-4aee02de0b81",
|
|
"value": "https://www.virustotal.com/file/e44bd67d0828c375760ebe16a62e73b5eff1540ff587a6c358a63d7d5ab5f5cf/analysis/1477576241/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25d-d50c-48af-a8de-43ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:33.000Z",
|
|
"modified": "2016-10-28T20:17:33.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: ac014e4c2d68f6c982ac58738857b698b9e46af5",
|
|
"pattern": "[file:hashes.SHA256 = 'd710454f73fa3a18f362131a529c6e1c08cb5c83baf908faf1e5ab6d3d1ee5a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25e-e7f0-4842-89d8-4b6902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:34.000Z",
|
|
"modified": "2016-10-28T20:17:34.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: ac014e4c2d68f6c982ac58738857b698b9e46af5",
|
|
"pattern": "[file:hashes.MD5 = '026f3bda49dad69e5812778228711399']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25e-1480-4ac5-b5b8-485b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:34.000Z",
|
|
"modified": "2016-10-28T20:17:34.000Z",
|
|
"first_observed": "2016-10-28T20:17:34Z",
|
|
"last_observed": "2016-10-28T20:17:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25e-1480-4ac5-b5b8-485b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25e-1480-4ac5-b5b8-485b02de0b81",
|
|
"value": "https://www.virustotal.com/file/d710454f73fa3a18f362131a529c6e1c08cb5c83baf908faf1e5ab6d3d1ee5a4/analysis/1462883985/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25e-c22c-45f6-a895-4efb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:34.000Z",
|
|
"modified": "2016-10-28T20:17:34.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a9fd9ade807af4779f3eea39fed2c583a50c8497",
|
|
"pattern": "[file:hashes.SHA256 = '8cbe7a11ae59e607fdba324316925ff1bf16d10b4d8af271901e63873bc2bfb6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25e-c594-4c6f-a636-457102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:34.000Z",
|
|
"modified": "2016-10-28T20:17:34.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a9fd9ade807af4779f3eea39fed2c583a50c8497",
|
|
"pattern": "[file:hashes.MD5 = 'ed3df43aa13902606ee89b1df779c7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25f-4d80-4ff0-958d-4fb602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:35.000Z",
|
|
"modified": "2016-10-28T20:17:35.000Z",
|
|
"first_observed": "2016-10-28T20:17:35Z",
|
|
"last_observed": "2016-10-28T20:17:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25f-4d80-4ff0-958d-4fb602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25f-4d80-4ff0-958d-4fb602de0b81",
|
|
"value": "https://www.virustotal.com/file/8cbe7a11ae59e607fdba324316925ff1bf16d10b4d8af271901e63873bc2bfb6/analysis/1393955521/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25f-5620-45ca-82f5-426002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:35.000Z",
|
|
"modified": "2016-10-28T20:17:35.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a9108bf3ce39cea40e46ac575247a9a7c077b2a8",
|
|
"pattern": "[file:hashes.SHA256 = '0e317e0fee4eb6c6e81b2a41029a9573d34cebeabab6d661709115c64526bf95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b25f-9834-4ba5-b9a1-4dc402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:35.000Z",
|
|
"modified": "2016-10-28T20:17:35.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a9108bf3ce39cea40e46ac575247a9a7c077b2a8",
|
|
"pattern": "[file:hashes.MD5 = '195e7bbbb17e3c250292a016f3ade0a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b25f-50b8-45e9-a111-4bbc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:35.000Z",
|
|
"modified": "2016-10-28T20:17:35.000Z",
|
|
"first_observed": "2016-10-28T20:17:35Z",
|
|
"last_observed": "2016-10-28T20:17:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b25f-50b8-45e9-a111-4bbc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b25f-50b8-45e9-a111-4bbc02de0b81",
|
|
"value": "https://www.virustotal.com/file/0e317e0fee4eb6c6e81b2a41029a9573d34cebeabab6d661709115c64526bf95/analysis/1476920150/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b260-82e8-4812-b7db-471902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:36.000Z",
|
|
"modified": "2016-10-28T20:17:36.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a8f461749c7fe2a21116b8390cf84a8300009321",
|
|
"pattern": "[file:hashes.SHA256 = 'b03ae41d7082405a9f4d74792c7438b0a450dee7fa67f63fcc11c050bc527c68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b260-4b5c-46cd-ab81-445a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:36.000Z",
|
|
"modified": "2016-10-28T20:17:36.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a8f461749c7fe2a21116b8390cf84a8300009321",
|
|
"pattern": "[file:hashes.MD5 = '392e23ff2c2bc716616fd1ea62c023dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b260-6324-49b1-9875-4b3e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:36.000Z",
|
|
"modified": "2016-10-28T20:17:36.000Z",
|
|
"first_observed": "2016-10-28T20:17:36Z",
|
|
"last_observed": "2016-10-28T20:17:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b260-6324-49b1-9875-4b3e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b260-6324-49b1-9875-4b3e02de0b81",
|
|
"value": "https://www.virustotal.com/file/b03ae41d7082405a9f4d74792c7438b0a450dee7fa67f63fcc11c050bc527c68/analysis/1432087651/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b260-8538-4d9b-a6ee-42a302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:36.000Z",
|
|
"modified": "2016-10-28T20:17:36.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a893896af5468ac6e04cdd13edff8cae04800848",
|
|
"pattern": "[file:hashes.SHA256 = '8597beac6316597dbefb5d5193bdf72fabeebeca9466c1aef6289550c765614b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b260-e1a0-4179-8536-47aa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:36.000Z",
|
|
"modified": "2016-10-28T20:17:36.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a893896af5468ac6e04cdd13edff8cae04800848",
|
|
"pattern": "[file:hashes.MD5 = 'a74c9190631759be4373b91f4d089022']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b261-fdd8-4993-bc91-4a0f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:37.000Z",
|
|
"modified": "2016-10-28T20:17:37.000Z",
|
|
"first_observed": "2016-10-28T20:17:37Z",
|
|
"last_observed": "2016-10-28T20:17:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b261-fdd8-4993-bc91-4a0f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b261-fdd8-4993-bc91-4a0f02de0b81",
|
|
"value": "https://www.virustotal.com/file/8597beac6316597dbefb5d5193bdf72fabeebeca9466c1aef6289550c765614b/analysis/1426046797/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b261-9f94-4de9-924e-44c402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:37.000Z",
|
|
"modified": "2016-10-28T20:17:37.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a30cc98ceb5d3379e80443f68a186326926f73ce",
|
|
"pattern": "[file:hashes.SHA256 = 'd5db887a8875346a118288062d36ad44eadb2e5d345e2cbf5233f8f36ecf3809']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b261-01c0-42af-bec9-441b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:37.000Z",
|
|
"modified": "2016-10-28T20:17:37.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: a30cc98ceb5d3379e80443f68a186326926f73ce",
|
|
"pattern": "[file:hashes.MD5 = '16d099e11bd4bec2e069d4714ce0c7fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b261-b0f8-4c34-b672-49e302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:37.000Z",
|
|
"modified": "2016-10-28T20:17:37.000Z",
|
|
"first_observed": "2016-10-28T20:17:37Z",
|
|
"last_observed": "2016-10-28T20:17:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b261-b0f8-4c34-b672-49e302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b261-b0f8-4c34-b672-49e302de0b81",
|
|
"value": "https://www.virustotal.com/file/d5db887a8875346a118288062d36ad44eadb2e5d345e2cbf5233f8f36ecf3809/analysis/1438870253/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b262-c1dc-43b2-bde3-4d4c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:38.000Z",
|
|
"modified": "2016-10-28T20:17:38.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9f5a3b6db752d617f4d278d6531e2bbdb7faa977",
|
|
"pattern": "[file:hashes.SHA256 = '7902d0cbf32897815c10a68c97f27d23cde38111f1e0167d942d5c6d15423719']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b262-9bd0-4fcb-b510-415a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:38.000Z",
|
|
"modified": "2016-10-28T20:17:38.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9f5a3b6db752d617f4d278d6531e2bbdb7faa977",
|
|
"pattern": "[file:hashes.MD5 = '4d0eb0db1eadc21f18c0a12a4b055c06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b262-22fc-4c75-a6c8-427902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:38.000Z",
|
|
"modified": "2016-10-28T20:17:38.000Z",
|
|
"first_observed": "2016-10-28T20:17:38Z",
|
|
"last_observed": "2016-10-28T20:17:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b262-22fc-4c75-a6c8-427902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b262-22fc-4c75-a6c8-427902de0b81",
|
|
"value": "https://www.virustotal.com/file/7902d0cbf32897815c10a68c97f27d23cde38111f1e0167d942d5c6d15423719/analysis/1477576241/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b262-1ddc-46da-9f5a-41e102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:38.000Z",
|
|
"modified": "2016-10-28T20:17:38.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9b96646d152583ff58c2c29191cb1672847d56b6",
|
|
"pattern": "[file:hashes.SHA256 = '24ae29defeb167cba2dc8b647514e9c44c027c6f2ad6c789ec836358c1007f74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b263-b518-431b-a8d7-49f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:39.000Z",
|
|
"modified": "2016-10-28T20:17:39.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9b96646d152583ff58c2c29191cb1672847d56b6",
|
|
"pattern": "[file:hashes.MD5 = 'ca22ee9fa1317e34ce77bf8d08656c01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b263-c7e0-4b2f-bbae-433a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:39.000Z",
|
|
"modified": "2016-10-28T20:17:39.000Z",
|
|
"first_observed": "2016-10-28T20:17:39Z",
|
|
"last_observed": "2016-10-28T20:17:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b263-c7e0-4b2f-bbae-433a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b263-c7e0-4b2f-bbae-433a02de0b81",
|
|
"value": "https://www.virustotal.com/file/24ae29defeb167cba2dc8b647514e9c44c027c6f2ad6c789ec836358c1007f74/analysis/1438368642/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b263-6728-46a2-b442-4f3002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:39.000Z",
|
|
"modified": "2016-10-28T20:17:39.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9954a1c8e7b0e2f17841608f6b8c9d042b7a0780",
|
|
"pattern": "[file:hashes.SHA256 = '5b01d16a4d39cc30a6dd501d214c8ee4916e46ab338c3437f4cf1ae6f71d1ae6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b263-9d70-4908-ad9f-468102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:39.000Z",
|
|
"modified": "2016-10-28T20:17:39.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9954a1c8e7b0e2f17841608f6b8c9d042b7a0780",
|
|
"pattern": "[file:hashes.MD5 = '2f48c03e0d7a70258b956bac3ec29263']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b263-3730-4062-84c3-40f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:39.000Z",
|
|
"modified": "2016-10-28T20:17:39.000Z",
|
|
"first_observed": "2016-10-28T20:17:39Z",
|
|
"last_observed": "2016-10-28T20:17:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b263-3730-4062-84c3-40f902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b263-3730-4062-84c3-40f902de0b81",
|
|
"value": "https://www.virustotal.com/file/5b01d16a4d39cc30a6dd501d214c8ee4916e46ab338c3437f4cf1ae6f71d1ae6/analysis/1461145940/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b264-e230-4f6e-a844-4cb802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:40.000Z",
|
|
"modified": "2016-10-28T20:17:40.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 94750bdae0fa190116a68e96d45f3d46c24b6cf1",
|
|
"pattern": "[file:hashes.SHA256 = '5d4b91593d1cc110c966a3b3bcca6c02492e6df5dff83cd0653f9ffca9d5256e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b264-2d9c-40d0-99d4-436b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:40.000Z",
|
|
"modified": "2016-10-28T20:17:40.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 94750bdae0fa190116a68e96d45f3d46c24b6cf1",
|
|
"pattern": "[file:hashes.MD5 = '11681410183d229607cd72a0f27e3b7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b264-8774-4788-9b69-4fae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:40.000Z",
|
|
"modified": "2016-10-28T20:17:40.000Z",
|
|
"first_observed": "2016-10-28T20:17:40Z",
|
|
"last_observed": "2016-10-28T20:17:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b264-8774-4788-9b69-4fae02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b264-8774-4788-9b69-4fae02de0b81",
|
|
"value": "https://www.virustotal.com/file/5d4b91593d1cc110c966a3b3bcca6c02492e6df5dff83cd0653f9ffca9d5256e/analysis/1437395329/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b264-72a4-4499-bff8-4ab102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:40.000Z",
|
|
"modified": "2016-10-28T20:17:40.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 93c3f23905599df78cd5416dd9f7c171b3f1e29e",
|
|
"pattern": "[file:hashes.SHA256 = 'd1617e66d84da7371884ad31a21f099754784ca585622d3197778d9886d56232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b265-c2a4-4662-bba4-45fc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:40.000Z",
|
|
"modified": "2016-10-28T20:17:40.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 93c3f23905599df78cd5416dd9f7c171b3f1e29e",
|
|
"pattern": "[file:hashes.MD5 = '91c8cf35e1a7b071298308c66a573c47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b265-6b24-4193-a796-4b0102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:41.000Z",
|
|
"modified": "2016-10-28T20:17:41.000Z",
|
|
"first_observed": "2016-10-28T20:17:41Z",
|
|
"last_observed": "2016-10-28T20:17:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b265-6b24-4193-a796-4b0102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b265-6b24-4193-a796-4b0102de0b81",
|
|
"value": "https://www.virustotal.com/file/d1617e66d84da7371884ad31a21f099754784ca585622d3197778d9886d56232/analysis/1421829967/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b265-0fc8-424d-82f4-4d0602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:41.000Z",
|
|
"modified": "2016-10-28T20:17:41.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9047b6b2e8fbaa8a06b2faaa30e038058444106a",
|
|
"pattern": "[file:hashes.SHA256 = '3acc6fec0e7275b3774af1274872d42c0afc330cf48d543ff8fdf4bb4b37ed73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b265-7f6c-4a58-9946-49c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:41.000Z",
|
|
"modified": "2016-10-28T20:17:41.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 9047b6b2e8fbaa8a06b2faaa30e038058444106a",
|
|
"pattern": "[file:hashes.MD5 = 'ae9f27da8029f25eff18b2f092ffba20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b265-de0c-4678-b758-40e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:41.000Z",
|
|
"modified": "2016-10-28T20:17:41.000Z",
|
|
"first_observed": "2016-10-28T20:17:41Z",
|
|
"last_observed": "2016-10-28T20:17:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b265-de0c-4678-b758-40e802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b265-de0c-4678-b758-40e802de0b81",
|
|
"value": "https://www.virustotal.com/file/3acc6fec0e7275b3774af1274872d42c0afc330cf48d543ff8fdf4bb4b37ed73/analysis/1467099375/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b266-a8d8-4b03-bd75-4dd902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:42.000Z",
|
|
"modified": "2016-10-28T20:17:42.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 8f65cbde2f3b664bcede3822a19765bdb7f58099",
|
|
"pattern": "[file:hashes.SHA256 = 'e929a008dd9c58e2814ecfb84be2cd8df8a809aa2ec64a4a82553047e0507ee5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b266-eb44-433c-9d63-4c7002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:42.000Z",
|
|
"modified": "2016-10-28T20:17:42.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 8f65cbde2f3b664bcede3822a19765bdb7f58099",
|
|
"pattern": "[file:hashes.MD5 = 'b86f283e6c7d84b76988c356cba51185']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b266-77d8-4a6e-ad54-426702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:42.000Z",
|
|
"modified": "2016-10-28T20:17:42.000Z",
|
|
"first_observed": "2016-10-28T20:17:42Z",
|
|
"last_observed": "2016-10-28T20:17:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b266-77d8-4a6e-ad54-426702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b266-77d8-4a6e-ad54-426702de0b81",
|
|
"value": "https://www.virustotal.com/file/e929a008dd9c58e2814ecfb84be2cd8df8a809aa2ec64a4a82553047e0507ee5/analysis/1477576240/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b266-5780-4c21-958a-4eda02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:42.000Z",
|
|
"modified": "2016-10-28T20:17:42.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 8c325e92bf21d0c3737dbbc596854bc12184eeaf",
|
|
"pattern": "[file:hashes.SHA256 = 'b6856d07881e24eef676e8766eba258d6ed47359b34134e98be58190927ba22c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b267-2d98-4c8d-b4bf-4f7002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:43.000Z",
|
|
"modified": "2016-10-28T20:17:43.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 8c325e92bf21d0c3737dbbc596854bc12184eeaf",
|
|
"pattern": "[file:hashes.MD5 = 'f71528abb329d64bf1b0db012765065e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b267-640c-47b7-be5a-485b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:43.000Z",
|
|
"modified": "2016-10-28T20:17:43.000Z",
|
|
"first_observed": "2016-10-28T20:17:43Z",
|
|
"last_observed": "2016-10-28T20:17:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b267-640c-47b7-be5a-485b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b267-640c-47b7-be5a-485b02de0b81",
|
|
"value": "https://www.virustotal.com/file/b6856d07881e24eef676e8766eba258d6ed47359b34134e98be58190927ba22c/analysis/1477576239/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b267-038c-4e18-9eb1-448402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:43.000Z",
|
|
"modified": "2016-10-28T20:17:43.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 8917c582ab5c2e831de6eba33b4f19d6e3a2cb70",
|
|
"pattern": "[file:hashes.SHA256 = '8587e3a0312a6c4374989cbcca48dc54ddcd3fbd54b48833afda991a6a2dfdea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b267-6ea0-496a-853a-4b7f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:43.000Z",
|
|
"modified": "2016-10-28T20:17:43.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 8917c582ab5c2e831de6eba33b4f19d6e3a2cb70",
|
|
"pattern": "[file:hashes.MD5 = 'e7b53922a81f9a4b76364c093f4bafe2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b268-77ac-4d8c-986f-4d0c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:44.000Z",
|
|
"modified": "2016-10-28T20:17:44.000Z",
|
|
"first_observed": "2016-10-28T20:17:44Z",
|
|
"last_observed": "2016-10-28T20:17:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b268-77ac-4d8c-986f-4d0c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b268-77ac-4d8c-986f-4d0c02de0b81",
|
|
"value": "https://www.virustotal.com/file/8587e3a0312a6c4374989cbcca48dc54ddcd3fbd54b48833afda991a6a2dfdea/analysis/1476920390/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b268-3410-4dcc-ab29-4dfc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:44.000Z",
|
|
"modified": "2016-10-28T20:17:44.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 88e22933b76273793e4278c433562fb0b4fe125a",
|
|
"pattern": "[file:hashes.SHA256 = '9384bded640a8dda65558f92e8ef34f73ec13540160bf149aa3986e01dc688bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b268-dcd0-4229-a297-4f2102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:44.000Z",
|
|
"modified": "2016-10-28T20:17:44.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 88e22933b76273793e4278c433562fb0b4fe125a",
|
|
"pattern": "[file:hashes.MD5 = '749d1c08cd4d5af8a05957de2981949d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b268-58d4-48c0-ba9a-47b202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:44.000Z",
|
|
"modified": "2016-10-28T20:17:44.000Z",
|
|
"first_observed": "2016-10-28T20:17:44Z",
|
|
"last_observed": "2016-10-28T20:17:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b268-58d4-48c0-ba9a-47b202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b268-58d4-48c0-ba9a-47b202de0b81",
|
|
"value": "https://www.virustotal.com/file/9384bded640a8dda65558f92e8ef34f73ec13540160bf149aa3986e01dc688bb/analysis/1477576239/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b269-a8ec-4383-8a42-41ee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:45.000Z",
|
|
"modified": "2016-10-28T20:17:45.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 7329a789363f890c401c286dbaf3d2bf79ee14f7",
|
|
"pattern": "[file:hashes.SHA256 = '384f26b824522036b9a9dfa3102413ffcfae8c589326d12ddd99a06747c428ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b269-5264-4335-b7f9-497402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:45.000Z",
|
|
"modified": "2016-10-28T20:17:45.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 7329a789363f890c401c286dbaf3d2bf79ee14f7",
|
|
"pattern": "[file:hashes.MD5 = 'c23ee6dfb71f66333a3e7482261b9157']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b269-1f78-442f-8fce-410202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:45.000Z",
|
|
"modified": "2016-10-28T20:17:45.000Z",
|
|
"first_observed": "2016-10-28T20:17:45Z",
|
|
"last_observed": "2016-10-28T20:17:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b269-1f78-442f-8fce-410202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b269-1f78-442f-8fce-410202de0b81",
|
|
"value": "https://www.virustotal.com/file/384f26b824522036b9a9dfa3102413ffcfae8c589326d12ddd99a06747c428ea/analysis/1477576239/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b269-a428-411b-993f-48ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:45.000Z",
|
|
"modified": "2016-10-28T20:17:45.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 7254b719fd3cf87c8ac8ed9327c8e1bf99abf7af",
|
|
"pattern": "[file:hashes.SHA256 = 'fdcaac1a818a088e41bcf764493e203089e21bd35521da1c3c999e90eccb99a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26a-76b0-4a69-9490-4ce302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:46.000Z",
|
|
"modified": "2016-10-28T20:17:46.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 7254b719fd3cf87c8ac8ed9327c8e1bf99abf7af",
|
|
"pattern": "[file:hashes.MD5 = '3379cd5e12e472aa7382c6d167427bba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26a-b430-4023-b951-4bfd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:46.000Z",
|
|
"modified": "2016-10-28T20:17:46.000Z",
|
|
"first_observed": "2016-10-28T20:17:46Z",
|
|
"last_observed": "2016-10-28T20:17:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26a-b430-4023-b951-4bfd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26a-b430-4023-b951-4bfd02de0b81",
|
|
"value": "https://www.virustotal.com/file/fdcaac1a818a088e41bcf764493e203089e21bd35521da1c3c999e90eccb99a8/analysis/1465001038/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26a-550c-4c7c-ba49-4fc302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:46.000Z",
|
|
"modified": "2016-10-28T20:17:46.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 7142ca7079da17fa9871cbc86f7633b3253aeaed",
|
|
"pattern": "[file:hashes.SHA256 = '1434fa8719602b252bb12e1e0023e86becada3b86ed07e1f7836fdf057dcebf5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26a-4474-4f11-92bf-4b1e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:46.000Z",
|
|
"modified": "2016-10-28T20:17:46.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 7142ca7079da17fa9871cbc86f7633b3253aeaed",
|
|
"pattern": "[file:hashes.MD5 = 'c7371544bc415d0e8c0bfc020d4f25db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26b-2224-4408-89f9-459702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:47.000Z",
|
|
"modified": "2016-10-28T20:17:47.000Z",
|
|
"first_observed": "2016-10-28T20:17:47Z",
|
|
"last_observed": "2016-10-28T20:17:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26b-2224-4408-89f9-459702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26b-2224-4408-89f9-459702de0b81",
|
|
"value": "https://www.virustotal.com/file/1434fa8719602b252bb12e1e0023e86becada3b86ed07e1f7836fdf057dcebf5/analysis/1477576239/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26b-e688-4855-96f7-461502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:47.000Z",
|
|
"modified": "2016-10-28T20:17:47.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 6dd997409afec6fafbe54bd9d70d45fffff6a807",
|
|
"pattern": "[file:hashes.SHA256 = 'c4407ce7718eecaa0d09df1352e3bbe13fa9600628bd0a42dbee26d7ff4534a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26b-a4fc-428c-b7a8-499202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:47.000Z",
|
|
"modified": "2016-10-28T20:17:47.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 6dd997409afec6fafbe54bd9d70d45fffff6a807",
|
|
"pattern": "[file:hashes.MD5 = '3514173cfd03cdffd81d343858f10052']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26b-80d8-4265-a8d5-42ae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:47.000Z",
|
|
"modified": "2016-10-28T20:17:47.000Z",
|
|
"first_observed": "2016-10-28T20:17:47Z",
|
|
"last_observed": "2016-10-28T20:17:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26b-80d8-4265-a8d5-42ae02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26b-80d8-4265-a8d5-42ae02de0b81",
|
|
"value": "https://www.virustotal.com/file/c4407ce7718eecaa0d09df1352e3bbe13fa9600628bd0a42dbee26d7ff4534a0/analysis/1440051732/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26b-46e8-4732-8e36-4c6d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:47.000Z",
|
|
"modified": "2016-10-28T20:17:47.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 6c4786b792f13643d408199e1b5d43f6473f5eea",
|
|
"pattern": "[file:hashes.SHA256 = '38ae57f7e565dc51544c7b7c9b890eddeb3da7632a623e16cba5bdfd6141e241']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26c-d3d8-4dad-ac12-445502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:48.000Z",
|
|
"modified": "2016-10-28T20:17:48.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 6c4786b792f13643d408199e1b5d43f6473f5eea",
|
|
"pattern": "[file:hashes.MD5 = '68d3bf4e11a65a6ba8170c3b77cc49cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26c-97d8-4f00-9992-4a1002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:48.000Z",
|
|
"modified": "2016-10-28T20:17:48.000Z",
|
|
"first_observed": "2016-10-28T20:17:48Z",
|
|
"last_observed": "2016-10-28T20:17:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26c-97d8-4f00-9992-4a1002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26c-97d8-4f00-9992-4a1002de0b81",
|
|
"value": "https://www.virustotal.com/file/38ae57f7e565dc51544c7b7c9b890eddeb3da7632a623e16cba5bdfd6141e241/analysis/1477576238/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26c-3f44-432e-89c0-494602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:48.000Z",
|
|
"modified": "2016-10-28T20:17:48.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 6bb5f51d03edd1acd7d38cca8095a237543c6a0d",
|
|
"pattern": "[file:hashes.SHA256 = '569ee23acc18b5ff0f18f02d5010d0e9e9870a9b5845c3618e6f31ee4552c475']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26c-88f8-4b52-90a5-4e2b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:48.000Z",
|
|
"modified": "2016-10-28T20:17:48.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 6bb5f51d03edd1acd7d38cca8095a237543c6a0d",
|
|
"pattern": "[file:hashes.MD5 = 'c38da1fe55506b826d7f2efbb0aba4b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26d-fadc-4134-8063-448e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:49.000Z",
|
|
"modified": "2016-10-28T20:17:49.000Z",
|
|
"first_observed": "2016-10-28T20:17:49Z",
|
|
"last_observed": "2016-10-28T20:17:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26d-fadc-4134-8063-448e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26d-fadc-4134-8063-448e02de0b81",
|
|
"value": "https://www.virustotal.com/file/569ee23acc18b5ff0f18f02d5010d0e9e9870a9b5845c3618e6f31ee4552c475/analysis/1461147946/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26d-3eb8-434b-bca7-426902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:49.000Z",
|
|
"modified": "2016-10-28T20:17:49.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 636e7a9effb1a244697c880832e486de56260527",
|
|
"pattern": "[file:hashes.SHA256 = 'c949f811b2d67ab76564223b0c4ae40179b14f892c4f6f6ab5de363dbf4df17f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26d-51b0-4f64-9767-4a3102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:49.000Z",
|
|
"modified": "2016-10-28T20:17:49.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 636e7a9effb1a244697c880832e486de56260527",
|
|
"pattern": "[file:hashes.MD5 = '0289188ec78a296c5970a328beab1050']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26e-e5c8-4ded-8bf4-4a6502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:50.000Z",
|
|
"modified": "2016-10-28T20:17:50.000Z",
|
|
"first_observed": "2016-10-28T20:17:50Z",
|
|
"last_observed": "2016-10-28T20:17:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26e-e5c8-4ded-8bf4-4a6502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26e-e5c8-4ded-8bf4-4a6502de0b81",
|
|
"value": "https://www.virustotal.com/file/c949f811b2d67ab76564223b0c4ae40179b14f892c4f6f6ab5de363dbf4df17f/analysis/1477576238/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26e-0814-4301-8ad9-4cbf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:50.000Z",
|
|
"modified": "2016-10-28T20:17:50.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 628309a60ad1fbe240486519de1424f7ddc2df4d",
|
|
"pattern": "[file:hashes.SHA256 = '58f2790133e5987f6f3eb960c5ad547e149a037b1f5a56526026d8a22f7fa51e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26e-197c-4a53-8cc7-41b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:50.000Z",
|
|
"modified": "2016-10-28T20:17:50.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 628309a60ad1fbe240486519de1424f7ddc2df4d",
|
|
"pattern": "[file:hashes.MD5 = '077cae4686541ceb9d8dd703cefe4454']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26e-43a8-4219-b093-42ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:50.000Z",
|
|
"modified": "2016-10-28T20:17:50.000Z",
|
|
"first_observed": "2016-10-28T20:17:50Z",
|
|
"last_observed": "2016-10-28T20:17:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26e-43a8-4219-b093-42ec02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26e-43a8-4219-b093-42ec02de0b81",
|
|
"value": "https://www.virustotal.com/file/58f2790133e5987f6f3eb960c5ad547e149a037b1f5a56526026d8a22f7fa51e/analysis/1477576238/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26f-5c14-4977-a69c-4a3402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:51.000Z",
|
|
"modified": "2016-10-28T20:17:51.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 5dc007d056513cba030ec16e15bdbb9ea5fe0e5a",
|
|
"pattern": "[file:hashes.SHA256 = 'e50692aa80020ade381d6fa8751e0f1eabab78e8860c47d95c6bc1e224b02f6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26f-215c-4b01-8c84-48be02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:51.000Z",
|
|
"modified": "2016-10-28T20:17:51.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 5dc007d056513cba030ec16e15bdbb9ea5fe0e5a",
|
|
"pattern": "[file:hashes.MD5 = 'e06121df7c8ea12329e830ea59399962']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b26f-e07c-4f44-ac11-49f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:51.000Z",
|
|
"modified": "2016-10-28T20:17:51.000Z",
|
|
"first_observed": "2016-10-28T20:17:51Z",
|
|
"last_observed": "2016-10-28T20:17:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b26f-e07c-4f44-ac11-49f302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b26f-e07c-4f44-ac11-49f302de0b81",
|
|
"value": "https://www.virustotal.com/file/e50692aa80020ade381d6fa8751e0f1eabab78e8860c47d95c6bc1e224b02f6c/analysis/1427437630/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26f-c044-4521-bf7e-47ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:51.000Z",
|
|
"modified": "2016-10-28T20:17:51.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 5aa5117db6f420c81d2e1a7f036963a3c6ef02e9",
|
|
"pattern": "[file:hashes.SHA256 = 'ab1f5290d36fcedb249bb3ed1251663130607fc578a1bf910d9a60eb8ba7de1a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b26f-2dd4-4bb7-913a-46a502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:51.000Z",
|
|
"modified": "2016-10-28T20:17:51.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 5aa5117db6f420c81d2e1a7f036963a3c6ef02e9",
|
|
"pattern": "[file:hashes.MD5 = '57e69c0352fa76fe933b42144e79cc88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b270-c8d4-48b8-ba0b-412f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:52.000Z",
|
|
"modified": "2016-10-28T20:17:52.000Z",
|
|
"first_observed": "2016-10-28T20:17:52Z",
|
|
"last_observed": "2016-10-28T20:17:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b270-c8d4-48b8-ba0b-412f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b270-c8d4-48b8-ba0b-412f02de0b81",
|
|
"value": "https://www.virustotal.com/file/ab1f5290d36fcedb249bb3ed1251663130607fc578a1bf910d9a60eb8ba7de1a/analysis/1477576237/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b270-d32c-4880-ba68-4b1c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:52.000Z",
|
|
"modified": "2016-10-28T20:17:52.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 5a4b15fa5a615a93191ede4c75dd3e65e87586dc",
|
|
"pattern": "[file:hashes.SHA256 = '1194650bdfeb03940e07718726cfeb49645b089899e216a79cbafe7fae01678a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b270-fcfc-48d3-afad-459c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:52.000Z",
|
|
"modified": "2016-10-28T20:17:52.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 5a4b15fa5a615a93191ede4c75dd3e65e87586dc",
|
|
"pattern": "[file:hashes.MD5 = '4a5ffabd3daaa567427900db10c68aa3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b270-588c-4595-9db8-4f9a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:52.000Z",
|
|
"modified": "2016-10-28T20:17:52.000Z",
|
|
"first_observed": "2016-10-28T20:17:52Z",
|
|
"last_observed": "2016-10-28T20:17:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b270-588c-4595-9db8-4f9a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b270-588c-4595-9db8-4f9a02de0b81",
|
|
"value": "https://www.virustotal.com/file/1194650bdfeb03940e07718726cfeb49645b089899e216a79cbafe7fae01678a/analysis/1432820176/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b271-2b38-4014-802c-492f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:53.000Z",
|
|
"modified": "2016-10-28T20:17:53.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 551f9a60203bec904487113e8d42dea463ac6ca9",
|
|
"pattern": "[file:hashes.SHA256 = '2dd6ff42d53b01c6f1c4ee3336c3ada53739de587adc78fb011237f926326f61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b271-10bc-4541-9a8f-4d0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:53.000Z",
|
|
"modified": "2016-10-28T20:17:53.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 551f9a60203bec904487113e8d42dea463ac6ca9",
|
|
"pattern": "[file:hashes.MD5 = '8f8adaccd8a6c2d53febb575c7ce9d29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b271-4e54-4f5c-9c75-42cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:53.000Z",
|
|
"modified": "2016-10-28T20:17:53.000Z",
|
|
"first_observed": "2016-10-28T20:17:53Z",
|
|
"last_observed": "2016-10-28T20:17:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b271-4e54-4f5c-9c75-42cc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b271-4e54-4f5c-9c75-42cc02de0b81",
|
|
"value": "https://www.virustotal.com/file/2dd6ff42d53b01c6f1c4ee3336c3ada53739de587adc78fb011237f926326f61/analysis/1422599541/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b271-6f54-4df8-bff0-4a1e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:53.000Z",
|
|
"modified": "2016-10-28T20:17:53.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 4c7df09012fc88d336467691acf0afce64f40341",
|
|
"pattern": "[file:hashes.SHA256 = 'a29a1dfa7142efdcfbc39e35f15d1718502050d81302afd1ba464d705a9afab3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b272-2744-439c-9b31-429e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:54.000Z",
|
|
"modified": "2016-10-28T20:17:54.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 4c7df09012fc88d336467691acf0afce64f40341",
|
|
"pattern": "[file:hashes.MD5 = '96ed4b41b1732045379b45147734bf5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b272-1ec4-4032-a7c1-4e5402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:54.000Z",
|
|
"modified": "2016-10-28T20:17:54.000Z",
|
|
"first_observed": "2016-10-28T20:17:54Z",
|
|
"last_observed": "2016-10-28T20:17:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b272-1ec4-4032-a7c1-4e5402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b272-1ec4-4032-a7c1-4e5402de0b81",
|
|
"value": "https://www.virustotal.com/file/a29a1dfa7142efdcfbc39e35f15d1718502050d81302afd1ba464d705a9afab3/analysis/1477576237/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b272-1d8c-4ff7-ae12-4d7402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:54.000Z",
|
|
"modified": "2016-10-28T20:17:54.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 49f6eb7f8e4a27f574c9a3e8c0da0b7895df7e41",
|
|
"pattern": "[file:hashes.SHA256 = '87f1ca62e1af433342fca7665cda0e608aadf8852e7384654e8074380f34fd0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b272-6e78-4901-aa48-411402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:54.000Z",
|
|
"modified": "2016-10-28T20:17:54.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 49f6eb7f8e4a27f574c9a3e8c0da0b7895df7e41",
|
|
"pattern": "[file:hashes.MD5 = '95d4695e79974ddec1af55b6d35b1a96']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b273-092c-4662-802f-455902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:55.000Z",
|
|
"modified": "2016-10-28T20:17:55.000Z",
|
|
"first_observed": "2016-10-28T20:17:55Z",
|
|
"last_observed": "2016-10-28T20:17:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b273-092c-4662-802f-455902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b273-092c-4662-802f-455902de0b81",
|
|
"value": "https://www.virustotal.com/file/87f1ca62e1af433342fca7665cda0e608aadf8852e7384654e8074380f34fd0d/analysis/1461146883/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b273-0e0c-45b4-8eef-4adf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:55.000Z",
|
|
"modified": "2016-10-28T20:17:55.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 4882735e8a465fac938fd04546a51efefb9806da",
|
|
"pattern": "[file:hashes.SHA256 = '9f979a94f47f70c833ac9c3195fc245d58b7830f7b6857e875e07e67c3aa835e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b273-dd44-464c-b045-499502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:55.000Z",
|
|
"modified": "2016-10-28T20:17:55.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 4882735e8a465fac938fd04546a51efefb9806da",
|
|
"pattern": "[file:hashes.MD5 = '2ce1a7381425a71768d857a1e9c23e76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b273-9cec-4d0c-8fd0-422f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:55.000Z",
|
|
"modified": "2016-10-28T20:17:55.000Z",
|
|
"first_observed": "2016-10-28T20:17:55Z",
|
|
"last_observed": "2016-10-28T20:17:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b273-9cec-4d0c-8fd0-422f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b273-9cec-4d0c-8fd0-422f02de0b81",
|
|
"value": "https://www.virustotal.com/file/9f979a94f47f70c833ac9c3195fc245d58b7830f7b6857e875e07e67c3aa835e/analysis/1477576236/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b274-afd4-425a-a7a9-434a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:56.000Z",
|
|
"modified": "2016-10-28T20:17:56.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 4000244b2cba78a45034bb6ab2bac46d6a8a79ea",
|
|
"pattern": "[file:hashes.SHA256 = 'a20b019095b3135f40c075b0bdb1e1ef1c6e7fbb0ce3e643a2222c70e4a1254d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b274-0ef0-4aba-8351-46be02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:56.000Z",
|
|
"modified": "2016-10-28T20:17:56.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 4000244b2cba78a45034bb6ab2bac46d6a8a79ea",
|
|
"pattern": "[file:hashes.MD5 = 'fa814ad108e2032874ef065d9003b620']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b274-0cd0-4576-997f-400702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:56.000Z",
|
|
"modified": "2016-10-28T20:17:56.000Z",
|
|
"first_observed": "2016-10-28T20:17:56Z",
|
|
"last_observed": "2016-10-28T20:17:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b274-0cd0-4576-997f-400702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b274-0cd0-4576-997f-400702de0b81",
|
|
"value": "https://www.virustotal.com/file/a20b019095b3135f40c075b0bdb1e1ef1c6e7fbb0ce3e643a2222c70e4a1254d/analysis/1477576236/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b274-4e08-4501-8a1f-4ae702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:56.000Z",
|
|
"modified": "2016-10-28T20:17:56.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 3d175b1defe7076e0fe56076dd0d5f438de43324",
|
|
"pattern": "[file:hashes.SHA256 = 'e01441c1eb568ca57cb59c1e814b22d5611a53f714bc85eb2be00b08d9b6f13f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b275-9264-4178-88f4-4fa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:57.000Z",
|
|
"modified": "2016-10-28T20:17:57.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 3d175b1defe7076e0fe56076dd0d5f438de43324",
|
|
"pattern": "[file:hashes.MD5 = 'cb57d00ede92d8b9fe40d4fafdf458e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b275-ca74-4b70-82dd-451e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:57.000Z",
|
|
"modified": "2016-10-28T20:17:57.000Z",
|
|
"first_observed": "2016-10-28T20:17:57Z",
|
|
"last_observed": "2016-10-28T20:17:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b275-ca74-4b70-82dd-451e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b275-ca74-4b70-82dd-451e02de0b81",
|
|
"value": "https://www.virustotal.com/file/e01441c1eb568ca57cb59c1e814b22d5611a53f714bc85eb2be00b08d9b6f13f/analysis/1423134586/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b275-2e1c-4f37-9e62-4d3902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:57.000Z",
|
|
"modified": "2016-10-28T20:17:57.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 3aa8509715c7f55bdee831d5f7db22a2c516db43",
|
|
"pattern": "[file:hashes.SHA256 = '1fb47c308bfed89069a4dca561cf818910c25bf2e6bf2679992f01e2da393506']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b275-7208-491a-809e-494402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:57.000Z",
|
|
"modified": "2016-10-28T20:17:57.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 3aa8509715c7f55bdee831d5f7db22a2c516db43",
|
|
"pattern": "[file:hashes.MD5 = '954a521a7af94aeb6c4ed729353f5483']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b275-1938-48cb-a476-46db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:57.000Z",
|
|
"modified": "2016-10-28T20:17:57.000Z",
|
|
"first_observed": "2016-10-28T20:17:57Z",
|
|
"last_observed": "2016-10-28T20:17:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b275-1938-48cb-a476-46db02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b275-1938-48cb-a476-46db02de0b81",
|
|
"value": "https://www.virustotal.com/file/1fb47c308bfed89069a4dca561cf818910c25bf2e6bf2679992f01e2da393506/analysis/1477576235/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b276-8b84-46d6-8934-49e502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:58.000Z",
|
|
"modified": "2016-10-28T20:17:58.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 31de946255b240c0ae2f56786ac25183f3aaeea5",
|
|
"pattern": "[file:hashes.SHA256 = '5e4377e4d0998c09db357d8cd393c949af66a3cd7592a427752dc876430dbef2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b276-6b8c-457b-87d2-4e0402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:58.000Z",
|
|
"modified": "2016-10-28T20:17:58.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 31de946255b240c0ae2f56786ac25183f3aaeea5",
|
|
"pattern": "[file:hashes.MD5 = 'aaf2776f46cb5458af401cc5b24bf84a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b276-3524-4e49-bb06-457502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:58.000Z",
|
|
"modified": "2016-10-28T20:17:58.000Z",
|
|
"first_observed": "2016-10-28T20:17:58Z",
|
|
"last_observed": "2016-10-28T20:17:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b276-3524-4e49-bb06-457502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b276-3524-4e49-bb06-457502de0b81",
|
|
"value": "https://www.virustotal.com/file/5e4377e4d0998c09db357d8cd393c949af66a3cd7592a427752dc876430dbef2/analysis/1350061243/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b277-bd34-4bf4-866b-41b002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:59.000Z",
|
|
"modified": "2016-10-28T20:17:59.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 2de7d78615ec0fbf2652790d53b50ddb0472292c",
|
|
"pattern": "[file:hashes.SHA256 = '0cffc3fb0b4ebf2a4b8cad4fb2a477737e4f8ca0b45494e541b2f92ee9719fa8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b277-50dc-4516-bec4-44c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:59.000Z",
|
|
"modified": "2016-10-28T20:17:59.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 2de7d78615ec0fbf2652790d53b50ddb0472292c",
|
|
"pattern": "[file:hashes.MD5 = '9f0b25c8dd27e20a6ae21e87ba24b398']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b277-3814-42dc-9e0e-402e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:59.000Z",
|
|
"modified": "2016-10-28T20:17:59.000Z",
|
|
"first_observed": "2016-10-28T20:17:59Z",
|
|
"last_observed": "2016-10-28T20:17:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b277-3814-42dc-9e0e-402e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b277-3814-42dc-9e0e-402e02de0b81",
|
|
"value": "https://www.virustotal.com/file/0cffc3fb0b4ebf2a4b8cad4fb2a477737e4f8ca0b45494e541b2f92ee9719fa8/analysis/1477576235/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b277-7670-420b-b91f-47f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:17:59.000Z",
|
|
"modified": "2016-10-28T20:17:59.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 2d3d7b9521aec637f2e99624e0489b9f140d463f",
|
|
"pattern": "[file:hashes.SHA256 = 'bf49ec24eb1bd4e09f4e60a3b72bda0907c2400e3221e3fee28eeff76136b8df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b278-42a8-4a31-b763-4c5d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:00.000Z",
|
|
"modified": "2016-10-28T20:18:00.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 2d3d7b9521aec637f2e99624e0489b9f140d463f",
|
|
"pattern": "[file:hashes.MD5 = '3ee8389fbf6f5e6746070322409556e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b278-c248-450d-8554-43fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:00.000Z",
|
|
"modified": "2016-10-28T20:18:00.000Z",
|
|
"first_observed": "2016-10-28T20:18:00Z",
|
|
"last_observed": "2016-10-28T20:18:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b278-c248-450d-8554-43fe02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b278-c248-450d-8554-43fe02de0b81",
|
|
"value": "https://www.virustotal.com/file/bf49ec24eb1bd4e09f4e60a3b72bda0907c2400e3221e3fee28eeff76136b8df/analysis/1461146077/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b278-a79c-4330-a9b5-4a3602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:00.000Z",
|
|
"modified": "2016-10-28T20:18:00.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 29b08d270ba6efcf57ca2ad33d8e3edd93d6b32a",
|
|
"pattern": "[file:hashes.SHA256 = 'cd4789bf41c8498ff83b13a53d83cb503e27b3283b2c2585d793a5ea6771d8aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b278-9d34-4a14-aaf9-4b9c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:00.000Z",
|
|
"modified": "2016-10-28T20:18:00.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 29b08d270ba6efcf57ca2ad33d8e3edd93d6b32a",
|
|
"pattern": "[file:hashes.MD5 = '861937c4b3d7885d22cb8a1ccd821cf4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b279-36e0-469f-891d-486902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:01.000Z",
|
|
"modified": "2016-10-28T20:18:01.000Z",
|
|
"first_observed": "2016-10-28T20:18:01Z",
|
|
"last_observed": "2016-10-28T20:18:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b279-36e0-469f-891d-486902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b279-36e0-469f-891d-486902de0b81",
|
|
"value": "https://www.virustotal.com/file/cd4789bf41c8498ff83b13a53d83cb503e27b3283b2c2585d793a5ea6771d8aa/analysis/1477576235/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b279-6a10-4378-852e-490002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:01.000Z",
|
|
"modified": "2016-10-28T20:18:01.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 12c8cc7e125572d614b708c056f7fd0ed49870c5",
|
|
"pattern": "[file:hashes.SHA256 = '0cae035a40fcfc760a2f47b98ab27feaba9cee95d59467ab09b32063ac17df5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b279-9498-4404-b7f4-466b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:01.000Z",
|
|
"modified": "2016-10-28T20:18:01.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 12c8cc7e125572d614b708c056f7fd0ed49870c5",
|
|
"pattern": "[file:hashes.MD5 = '31eb41ce19c13d1adae9ae65b419214a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b279-2b14-4ef6-b059-42d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:01.000Z",
|
|
"modified": "2016-10-28T20:18:01.000Z",
|
|
"first_observed": "2016-10-28T20:18:01Z",
|
|
"last_observed": "2016-10-28T20:18:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b279-2b14-4ef6-b059-42d002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b279-2b14-4ef6-b059-42d002de0b81",
|
|
"value": "https://www.virustotal.com/file/0cae035a40fcfc760a2f47b98ab27feaba9cee95d59467ab09b32063ac17df5b/analysis/1422517051/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27a-d018-4a9f-964e-491702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:02.000Z",
|
|
"modified": "2016-10-28T20:18:02.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 1120f049dcb4a62809687dc277b42589d8d1caa6",
|
|
"pattern": "[file:hashes.SHA256 = 'e4ab42e5900ed193f305d6e3a28ac8743b64d1ac5dc2e0e1ef1a927322933c81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27a-1ae8-440f-8c3b-4b7602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:02.000Z",
|
|
"modified": "2016-10-28T20:18:02.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 1120f049dcb4a62809687dc277b42589d8d1caa6",
|
|
"pattern": "[file:hashes.MD5 = '45e93d8654326a7f2a86665f0a0bf64c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27a-219c-47b8-8fdf-4d7e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:02.000Z",
|
|
"modified": "2016-10-28T20:18:02.000Z",
|
|
"first_observed": "2016-10-28T20:18:02Z",
|
|
"last_observed": "2016-10-28T20:18:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27a-219c-47b8-8fdf-4d7e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27a-219c-47b8-8fdf-4d7e02de0b81",
|
|
"value": "https://www.virustotal.com/file/e4ab42e5900ed193f305d6e3a28ac8743b64d1ac5dc2e0e1ef1a927322933c81/analysis/1477576235/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27a-a918-40d3-9cb6-43d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:02.000Z",
|
|
"modified": "2016-10-28T20:18:02.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 0cc74332b1e213456693159d3ba12a3421036f68",
|
|
"pattern": "[file:hashes.SHA256 = 'bff33857480038d9ee24cc848140636616a04c90bb863673bb4720ff5a61b5c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27b-8960-4321-aeb1-47ab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:03.000Z",
|
|
"modified": "2016-10-28T20:18:03.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 0cc74332b1e213456693159d3ba12a3421036f68",
|
|
"pattern": "[file:hashes.MD5 = '521adb27f22264055e6ed7664f75189e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27b-f890-4de5-b3af-465302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:03.000Z",
|
|
"modified": "2016-10-28T20:18:03.000Z",
|
|
"first_observed": "2016-10-28T20:18:03Z",
|
|
"last_observed": "2016-10-28T20:18:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27b-f890-4de5-b3af-465302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27b-f890-4de5-b3af-465302de0b81",
|
|
"value": "https://www.virustotal.com/file/bff33857480038d9ee24cc848140636616a04c90bb863673bb4720ff5a61b5c3/analysis/1470828671/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27b-a8ac-441d-954f-4bb502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:03.000Z",
|
|
"modified": "2016-10-28T20:18:03.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 09d73b522f36786bb6e645b96f244bb51c3cc7ea",
|
|
"pattern": "[file:hashes.SHA256 = 'a6f74c22bd7a808a79fbf2e7e71a02aa9755b0bfad2c2888b51e4161dbf8c069']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27b-e4c8-4ec6-adb4-42db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:03.000Z",
|
|
"modified": "2016-10-28T20:18:03.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 09d73b522f36786bb6e645b96f244bb51c3cc7ea",
|
|
"pattern": "[file:hashes.MD5 = '48f6a7d0e928ddcc21206306d70f02ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27b-cc54-43f0-8ac0-44cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:03.000Z",
|
|
"modified": "2016-10-28T20:18:03.000Z",
|
|
"first_observed": "2016-10-28T20:18:03Z",
|
|
"last_observed": "2016-10-28T20:18:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27b-cc54-43f0-8ac0-44cc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27b-cc54-43f0-8ac0-44cc02de0b81",
|
|
"value": "https://www.virustotal.com/file/a6f74c22bd7a808a79fbf2e7e71a02aa9755b0bfad2c2888b51e4161dbf8c069/analysis/1461146174/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27c-0e74-4150-826d-433002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:04.000Z",
|
|
"modified": "2016-10-28T20:18:04.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 02fed8cae7f3986c1344dd75d869ba23cfc4073a",
|
|
"pattern": "[file:hashes.SHA256 = '27a836f9db61b63a7d90b9c13ec5e7dfdada65eae2860e748ba5dd4ca6918b9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27c-aa98-40eb-a7e4-474102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:04.000Z",
|
|
"modified": "2016-10-28T20:18:04.000Z",
|
|
"description": "BKDR_YMALR - Xchecked via VT: 02fed8cae7f3986c1344dd75d869ba23cfc4073a",
|
|
"pattern": "[file:hashes.MD5 = '921eeb207e604d2a829b810bacd21de7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27c-9958-4c5c-8561-443002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:04.000Z",
|
|
"modified": "2016-10-28T20:18:04.000Z",
|
|
"first_observed": "2016-10-28T20:18:04Z",
|
|
"last_observed": "2016-10-28T20:18:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27c-9958-4c5c-8561-443002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27c-9958-4c5c-8561-443002de0b81",
|
|
"value": "https://www.virustotal.com/file/27a836f9db61b63a7d90b9c13ec5e7dfdada65eae2860e748ba5dd4ca6918b9b/analysis/1461146842/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27c-b9e4-43d0-9779-4d4502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:04.000Z",
|
|
"modified": "2016-10-28T20:18:04.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: a9ea07caafeb63133e5131f7a56bc8da1bc3d72a",
|
|
"pattern": "[file:hashes.SHA256 = '66c9e75398c202c5c2b917fd0fe9a3089c6a1fa5e74a64c6a2c2b5d6acaf2f14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27d-9620-4233-b4bb-497702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:05.000Z",
|
|
"modified": "2016-10-28T20:18:05.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: a9ea07caafeb63133e5131f7a56bc8da1bc3d72a",
|
|
"pattern": "[file:hashes.MD5 = '25310eda1ad5a746ebcb3c479b926461']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27d-e594-41bf-a44c-408e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:05.000Z",
|
|
"modified": "2016-10-28T20:18:05.000Z",
|
|
"first_observed": "2016-10-28T20:18:05Z",
|
|
"last_observed": "2016-10-28T20:18:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27d-e594-41bf-a44c-408e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27d-e594-41bf-a44c-408e02de0b81",
|
|
"value": "https://www.virustotal.com/file/66c9e75398c202c5c2b917fd0fe9a3089c6a1fa5e74a64c6a2c2b5d6acaf2f14/analysis/1457577789/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27d-3858-4507-8544-452802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:05.000Z",
|
|
"modified": "2016-10-28T20:18:05.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: a70001c67e81d1dcf62f808760514b6df28a411a",
|
|
"pattern": "[file:hashes.SHA256 = 'd1373c0be7cdb76b2735d0df87d81db09eb3583f145cdcfe4ac6d1d217de9781']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27d-e534-456b-bb61-428e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:05.000Z",
|
|
"modified": "2016-10-28T20:18:05.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: a70001c67e81d1dcf62f808760514b6df28a411a",
|
|
"pattern": "[file:hashes.MD5 = '4cfbea1564188cc46b6c2f51671bb50c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27d-33d8-4b67-8d05-42f602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:05.000Z",
|
|
"modified": "2016-10-28T20:18:05.000Z",
|
|
"first_observed": "2016-10-28T20:18:05Z",
|
|
"last_observed": "2016-10-28T20:18:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27d-33d8-4b67-8d05-42f602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27d-33d8-4b67-8d05-42f602de0b81",
|
|
"value": "https://www.virustotal.com/file/d1373c0be7cdb76b2735d0df87d81db09eb3583f145cdcfe4ac6d1d217de9781/analysis/1438368004/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27e-cad4-4e48-9ef0-473e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:06.000Z",
|
|
"modified": "2016-10-28T20:18:06.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 9a768fae41ca7395b4257e85acef915e124c2981",
|
|
"pattern": "[file:hashes.SHA256 = 'c3c5b0e6c375e19ccd4b8607477904c77999ff2bc0ded41cb29460ef8838181b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27e-a5cc-41a6-991e-4dce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:06.000Z",
|
|
"modified": "2016-10-28T20:18:06.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 9a768fae41ca7395b4257e85acef915e124c2981",
|
|
"pattern": "[file:hashes.MD5 = '2e4cbd7bdb139f49809e48e04ce11792']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27e-55a4-4d8b-96a5-4b1002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:06.000Z",
|
|
"modified": "2016-10-28T20:18:06.000Z",
|
|
"first_observed": "2016-10-28T20:18:06Z",
|
|
"last_observed": "2016-10-28T20:18:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27e-55a4-4d8b-96a5-4b1002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27e-55a4-4d8b-96a5-4b1002de0b81",
|
|
"value": "https://www.virustotal.com/file/c3c5b0e6c375e19ccd4b8607477904c77999ff2bc0ded41cb29460ef8838181b/analysis/1477576233/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27e-cfe8-4c26-8bc1-4d6c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:06.000Z",
|
|
"modified": "2016-10-28T20:18:06.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 8cad1bcbdd558802b34119fb57160cc748170133",
|
|
"pattern": "[file:hashes.SHA256 = '8be58e9b58727e9195c037810a5e57ec6a9107547e2d4e4b75e299c5f4ad9be0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27f-83a8-4b88-b0d8-45a202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:07.000Z",
|
|
"modified": "2016-10-28T20:18:07.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 8cad1bcbdd558802b34119fb57160cc748170133",
|
|
"pattern": "[file:hashes.MD5 = '48c118b49aaf7c5b1bda4f57c1865486']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b27f-ff3c-4913-a367-488502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:07.000Z",
|
|
"modified": "2016-10-28T20:18:07.000Z",
|
|
"first_observed": "2016-10-28T20:18:07Z",
|
|
"last_observed": "2016-10-28T20:18:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b27f-ff3c-4913-a367-488502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b27f-ff3c-4913-a367-488502de0b81",
|
|
"value": "https://www.virustotal.com/file/8be58e9b58727e9195c037810a5e57ec6a9107547e2d4e4b75e299c5f4ad9be0/analysis/1477576233/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27f-f38c-42a9-ae56-430b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:07.000Z",
|
|
"modified": "2016-10-28T20:18:07.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 80108d2aacb0a1f2a5350f71e7a04239fc5f96a9",
|
|
"pattern": "[file:hashes.SHA256 = '4591134a77b3532c85576e7b1942476eb73775d118e49ad215dbbe1c42761760']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b27f-8fac-42df-8339-454f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:07.000Z",
|
|
"modified": "2016-10-28T20:18:07.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 80108d2aacb0a1f2a5350f71e7a04239fc5f96a9",
|
|
"pattern": "[file:hashes.MD5 = 'b373b4577a686acac13d80df48b2daaf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b280-d868-4d3c-aa5b-444e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:08.000Z",
|
|
"modified": "2016-10-28T20:18:08.000Z",
|
|
"first_observed": "2016-10-28T20:18:08Z",
|
|
"last_observed": "2016-10-28T20:18:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b280-d868-4d3c-aa5b-444e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b280-d868-4d3c-aa5b-444e02de0b81",
|
|
"value": "https://www.virustotal.com/file/4591134a77b3532c85576e7b1942476eb73775d118e49ad215dbbe1c42761760/analysis/1445897019/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b280-85ac-4d73-998f-4afc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:08.000Z",
|
|
"modified": "2016-10-28T20:18:08.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 533565f7953fb1648d437d14d007003c6343b9ae",
|
|
"pattern": "[file:hashes.SHA256 = 'afe57a51c5b0e37df32282c41da1fdfa416bbd9f32fa94b8229d6f2cc2216486']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b280-4d5c-4bd8-bc19-4aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:08.000Z",
|
|
"modified": "2016-10-28T20:18:08.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 533565f7953fb1648d437d14d007003c6343b9ae",
|
|
"pattern": "[file:hashes.MD5 = '9c3ee34e4bde4a94471e2e29287a2470']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b280-cf60-4878-b8a7-430702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:08.000Z",
|
|
"modified": "2016-10-28T20:18:08.000Z",
|
|
"first_observed": "2016-10-28T20:18:08Z",
|
|
"last_observed": "2016-10-28T20:18:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b280-cf60-4878-b8a7-430702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b280-cf60-4878-b8a7-430702de0b81",
|
|
"value": "https://www.virustotal.com/file/afe57a51c5b0e37df32282c41da1fdfa416bbd9f32fa94b8229d6f2cc2216486/analysis/1474011141/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b281-a8c8-463a-8390-401302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:09.000Z",
|
|
"modified": "2016-10-28T20:18:09.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 4f54cfcf266b73ca3759b9cb0252c27094b5b330",
|
|
"pattern": "[file:hashes.SHA256 = 'cc8844b46972af665739e8fe689412621737bc87ca9f700e873622006d8fc62a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b281-2814-45df-a8c9-4fa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:09.000Z",
|
|
"modified": "2016-10-28T20:18:09.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 4f54cfcf266b73ca3759b9cb0252c27094b5b330",
|
|
"pattern": "[file:hashes.MD5 = 'b377549db3f5cf4a6d0aecdfef23362e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b281-6e58-4c6c-af91-4b0902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:09.000Z",
|
|
"modified": "2016-10-28T20:18:09.000Z",
|
|
"first_observed": "2016-10-28T20:18:09Z",
|
|
"last_observed": "2016-10-28T20:18:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b281-6e58-4c6c-af91-4b0902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b281-6e58-4c6c-af91-4b0902de0b81",
|
|
"value": "https://www.virustotal.com/file/cc8844b46972af665739e8fe689412621737bc87ca9f700e873622006d8fc62a/analysis/1477576233/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b281-2e8c-4efd-b4ab-43e202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:09.000Z",
|
|
"modified": "2016-10-28T20:18:09.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 4157ecd252dc09b533fcf6a778aca2c376601354",
|
|
"pattern": "[file:hashes.SHA256 = 'e8186a03a53cba3cfe6b0ea3bcbc7893eb1da84e612060ecfffb8110fa0199a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b282-f5cc-4869-b6f6-4ce302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:10.000Z",
|
|
"modified": "2016-10-28T20:18:10.000Z",
|
|
"description": "BKDR_ELIRKS - Xchecked via VT: 4157ecd252dc09b533fcf6a778aca2c376601354",
|
|
"pattern": "[file:hashes.MD5 = '28f2ce6fb0156209ab07a6177c9ab72e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b282-c238-4ffc-af1f-42e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:10.000Z",
|
|
"modified": "2016-10-28T20:18:10.000Z",
|
|
"first_observed": "2016-10-28T20:18:10Z",
|
|
"last_observed": "2016-10-28T20:18:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b282-c238-4ffc-af1f-42e002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b282-c238-4ffc-af1f-42e002de0b81",
|
|
"value": "https://www.virustotal.com/file/e8186a03a53cba3cfe6b0ea3bcbc7893eb1da84e612060ecfffb8110fa0199a2/analysis/1439262350/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b282-38bc-4b67-96aa-496e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:10.000Z",
|
|
"modified": "2016-10-28T20:18:10.000Z",
|
|
"description": "TSPY_YMALRMINI - Xchecked via VT: 96f3b52460205f6ecc6b6d1a73f8db13c6634afc",
|
|
"pattern": "[file:hashes.SHA256 = '2d9c0f32401404ab515690e052d378b0acdd22e30ce8a6a2ce6e5088b2c62795']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b282-0bfc-452a-aefe-44c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:10.000Z",
|
|
"modified": "2016-10-28T20:18:10.000Z",
|
|
"description": "TSPY_YMALRMINI - Xchecked via VT: 96f3b52460205f6ecc6b6d1a73f8db13c6634afc",
|
|
"pattern": "[file:hashes.MD5 = 'ae61099bf87d31b02da1310320d8c31d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b283-c0a8-42f3-82a3-456b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:11.000Z",
|
|
"modified": "2016-10-28T20:18:11.000Z",
|
|
"first_observed": "2016-10-28T20:18:11Z",
|
|
"last_observed": "2016-10-28T20:18:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b283-c0a8-42f3-82a3-456b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b283-c0a8-42f3-82a3-456b02de0b81",
|
|
"value": "https://www.virustotal.com/file/2d9c0f32401404ab515690e052d378b0acdd22e30ce8a6a2ce6e5088b2c62795/analysis/1471576869/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b283-9140-403c-942d-4cab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:11.000Z",
|
|
"modified": "2016-10-28T20:18:11.000Z",
|
|
"description": "TSPY_YMALRMINI - Xchecked via VT: 048790098a7c6b8405761b75ef2a2fd8bd0560b6",
|
|
"pattern": "[file:hashes.SHA256 = 'a74604f65d92579295b4fa16f6cca91fc2a66387eb1c1744b22081fb05aefa16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b283-27f4-4e53-8193-4f0802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:11.000Z",
|
|
"modified": "2016-10-28T20:18:11.000Z",
|
|
"description": "TSPY_YMALRMINI - Xchecked via VT: 048790098a7c6b8405761b75ef2a2fd8bd0560b6",
|
|
"pattern": "[file:hashes.MD5 = '3fe60fe9aebdbe8407900682f26c1517']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b283-7b0c-4e30-be92-4df402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:11.000Z",
|
|
"modified": "2016-10-28T20:18:11.000Z",
|
|
"first_observed": "2016-10-28T20:18:11Z",
|
|
"last_observed": "2016-10-28T20:18:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b283-7b0c-4e30-be92-4df402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b283-7b0c-4e30-be92-4df402de0b81",
|
|
"value": "https://www.virustotal.com/file/a74604f65d92579295b4fa16f6cca91fc2a66387eb1c1744b22081fb05aefa16/analysis/1476749096/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b284-8930-4b47-9b22-430a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:12.000Z",
|
|
"modified": "2016-10-28T20:18:12.000Z",
|
|
"description": "TSPY_RAMNY - Xchecked via VT: b4c63a0ff9b8eb8cc1a53a4dd036e93f9eeceeca",
|
|
"pattern": "[file:hashes.SHA256 = 'c267e01e047a0ddfa96fb5c65483532c44647dc7153c149aeeb9833b9952f7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b284-dfbc-4431-86a7-42d402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:12.000Z",
|
|
"modified": "2016-10-28T20:18:12.000Z",
|
|
"description": "TSPY_RAMNY - Xchecked via VT: b4c63a0ff9b8eb8cc1a53a4dd036e93f9eeceeca",
|
|
"pattern": "[file:hashes.MD5 = 'f1ec0550305e4fdc16dc770d17f9e1c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b284-2a0c-468c-9f64-490602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:12.000Z",
|
|
"modified": "2016-10-28T20:18:12.000Z",
|
|
"first_observed": "2016-10-28T20:18:12Z",
|
|
"last_observed": "2016-10-28T20:18:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b284-2a0c-468c-9f64-490602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b284-2a0c-468c-9f64-490602de0b81",
|
|
"value": "https://www.virustotal.com/file/c267e01e047a0ddfa96fb5c65483532c44647dc7153c149aeeb9833b9952f7b5/analysis/1477576232/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b284-16c8-47a3-9923-42bd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:12.000Z",
|
|
"modified": "2016-10-28T20:18:12.000Z",
|
|
"description": "TSPY_RAMNY - Xchecked via VT: 74031e70ca3b4004c6b7a8197397882bc02c30cb",
|
|
"pattern": "[file:hashes.SHA256 = 'a205027c7f1241dce0807de7733a23ffc398c64bd2130f2fd17316c2860b5dc1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b285-d8a0-4c53-87e0-41d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:13.000Z",
|
|
"modified": "2016-10-28T20:18:13.000Z",
|
|
"description": "TSPY_RAMNY - Xchecked via VT: 74031e70ca3b4004c6b7a8197397882bc02c30cb",
|
|
"pattern": "[file:hashes.MD5 = 'af06e62336006e31e03e977bf68ab31c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b285-6750-4009-b8c5-40f702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:13.000Z",
|
|
"modified": "2016-10-28T20:18:13.000Z",
|
|
"first_observed": "2016-10-28T20:18:13Z",
|
|
"last_observed": "2016-10-28T20:18:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b285-6750-4009-b8c5-40f702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b285-6750-4009-b8c5-40f702de0b81",
|
|
"value": "https://www.virustotal.com/file/a205027c7f1241dce0807de7733a23ffc398c64bd2130f2fd17316c2860b5dc1/analysis/1477558351/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b285-bc4c-4e17-ab2c-478402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:13.000Z",
|
|
"modified": "2016-10-28T20:18:13.000Z",
|
|
"description": "TSPY_RAMNY - Xchecked via VT: 02785ebcb683a380c80958f3fe2a52f805c5c12d",
|
|
"pattern": "[file:hashes.SHA256 = '843b14a44374987ebdd735d23ac89f8aef8c6972510d53d283eb79004c5e3ec7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b285-3524-4a91-8388-4a6202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:13.000Z",
|
|
"modified": "2016-10-28T20:18:13.000Z",
|
|
"description": "TSPY_RAMNY - Xchecked via VT: 02785ebcb683a380c80958f3fe2a52f805c5c12d",
|
|
"pattern": "[file:hashes.MD5 = 'f538221fe1f57430870db351ddd746a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b286-1a38-4b0e-a3d3-491302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:14.000Z",
|
|
"modified": "2016-10-28T20:18:14.000Z",
|
|
"first_observed": "2016-10-28T20:18:14Z",
|
|
"last_observed": "2016-10-28T20:18:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b286-1a38-4b0e-a3d3-491302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b286-1a38-4b0e-a3d3-491302de0b81",
|
|
"value": "https://www.virustotal.com/file/843b14a44374987ebdd735d23ac89f8aef8c6972510d53d283eb79004c5e3ec7/analysis/1477576231/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b286-0cac-4c7a-ada7-4f7902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:14.000Z",
|
|
"modified": "2016-10-28T20:18:14.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 98efee8dde7d493c0d35d02a2170b6d1b52987d3",
|
|
"pattern": "[file:hashes.SHA256 = '69849339d126ebddfa5a1bc2751071a574d3e5d0cbd06b0cd6f921edccdf74b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b286-b57c-490b-9502-474d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:14.000Z",
|
|
"modified": "2016-10-28T20:18:14.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 98efee8dde7d493c0d35d02a2170b6d1b52987d3",
|
|
"pattern": "[file:hashes.MD5 = 'b8cc4103467bb77fd2e69786aa547b12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b287-46ac-478e-900f-41c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:14.000Z",
|
|
"modified": "2016-10-28T20:18:14.000Z",
|
|
"first_observed": "2016-10-28T20:18:14Z",
|
|
"last_observed": "2016-10-28T20:18:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b287-46ac-478e-900f-41c702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b287-46ac-478e-900f-41c702de0b81",
|
|
"value": "https://www.virustotal.com/file/69849339d126ebddfa5a1bc2751071a574d3e5d0cbd06b0cd6f921edccdf74b8/analysis/1477576231/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b287-13a8-4556-9a75-4ea602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:15.000Z",
|
|
"modified": "2016-10-28T20:18:15.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 8b6614562a79a13e60d100a88f1ba4eb601636db",
|
|
"pattern": "[file:hashes.SHA256 = '71d5bc9404aa2aa40d79cb16837246a31fa3f12b195330a091e3867aa85f1bc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b287-23dc-47ee-bdac-482d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:15.000Z",
|
|
"modified": "2016-10-28T20:18:15.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 8b6614562a79a13e60d100a88f1ba4eb601636db",
|
|
"pattern": "[file:hashes.MD5 = '858ae9be82b7b28c078ba2af3b3bb27f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b287-b5a0-40a8-92b3-445602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:15.000Z",
|
|
"modified": "2016-10-28T20:18:15.000Z",
|
|
"first_observed": "2016-10-28T20:18:15Z",
|
|
"last_observed": "2016-10-28T20:18:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b287-b5a0-40a8-92b3-445602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b287-b5a0-40a8-92b3-445602de0b81",
|
|
"value": "https://www.virustotal.com/file/71d5bc9404aa2aa40d79cb16837246a31fa3f12b195330a091e3867aa85f1bc6/analysis/1477576231/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b288-2c84-4d5e-b12a-443302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:16.000Z",
|
|
"modified": "2016-10-28T20:18:16.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 800c7d54280f5f35e3b58a6d4dfd4845f6ed9e15",
|
|
"pattern": "[file:hashes.SHA256 = '91569b8a68d004a7d8ef031846dca3e9facb4401d3fac23d4009fcb2e4c4f2c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b288-67ec-4719-a045-492602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:16.000Z",
|
|
"modified": "2016-10-28T20:18:16.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 800c7d54280f5f35e3b58a6d4dfd4845f6ed9e15",
|
|
"pattern": "[file:hashes.MD5 = '34ad85930b945bde49b15967d8cd13a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b288-f30c-4a12-bd5b-4e6e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:16.000Z",
|
|
"modified": "2016-10-28T20:18:16.000Z",
|
|
"first_observed": "2016-10-28T20:18:16Z",
|
|
"last_observed": "2016-10-28T20:18:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b288-f30c-4a12-bd5b-4e6e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b288-f30c-4a12-bd5b-4e6e02de0b81",
|
|
"value": "https://www.virustotal.com/file/91569b8a68d004a7d8ef031846dca3e9facb4401d3fac23d4009fcb2e4c4f2c4/analysis/1464538294/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b288-14ec-43eb-9ad4-471e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:16.000Z",
|
|
"modified": "2016-10-28T20:18:16.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 52d6b30bc578465d8079d9abd0d4c4826b51b25f",
|
|
"pattern": "[file:hashes.SHA256 = 'e6e009755ab37fa41e92059f29c25518f47ab09dbc881c30c96415ee1048241b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5813b289-064c-4c4c-89cd-4dba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:17.000Z",
|
|
"modified": "2016-10-28T20:18:17.000Z",
|
|
"description": "TROJ_BLAGFLDR - Xchecked via VT: 52d6b30bc578465d8079d9abd0d4c4826b51b25f",
|
|
"pattern": "[file:hashes.MD5 = '3acf5a4a9c11d164d80729fbc35a9d03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-10-28T20:18:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5813b289-98e0-4c84-b5f2-469702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-10-28T20:18:17.000Z",
|
|
"modified": "2016-10-28T20:18:17.000Z",
|
|
"first_observed": "2016-10-28T20:18:17Z",
|
|
"last_observed": "2016-10-28T20:18:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5813b289-98e0-4c84-b5f2-469702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5813b289-98e0-4c84-b5f2-469702de0b81",
|
|
"value": "https://www.virustotal.com/file/e6e009755ab37fa41e92059f29c25518f47ab09dbc881c30c96415ee1048241b/analysis/1477576231/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |