adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59a7f10d-f0ec-431b-b99d-4fe4950d210f.json

2393 lines
No EOL
100 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--59a7f10d-f0ec-431b-b99d-4fe4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59a7f10d-f0ec-431b-b99d-4fe4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"name": "OSINT - Gazing at Gazer",
"published": "2017-09-01T19:55:48Z",
"object_refs": [
"indicator--59a7f135-b3a4-43c4-ba9c-4ddc950d210f",
"indicator--59a7f135-fbf0-4c99-a6d3-4b5b950d210f",
"indicator--59a7f135-7988-47f3-af38-417c950d210f",
"indicator--59a7f135-0e2c-40a2-9421-4e22950d210f",
"indicator--59a7f135-a8ec-4c13-be4a-44d0950d210f",
"indicator--59a7f135-a97c-4afc-91bb-4603950d210f",
"indicator--59a7f135-0fe4-4cf2-a333-4796950d210f",
"x-misp-attribute--59a7f1fa-c298-4a57-966a-4e26950d210f",
"observed-data--59a7f2c4-9810-404a-8501-4950950d210f",
"url--59a7f2c4-9810-404a-8501-4950950d210f",
"observed-data--59a7f306-a5b8-475e-ac10-4819950d210f",
"windows-registry-key--59a7f306-a5b8-475e-ac10-4819950d210f",
"observed-data--59a7f306-f5f8-4562-a15e-45ec950d210f",
"windows-registry-key--59a7f306-f5f8-4562-a15e-45ec950d210f",
"indicator--59a7f380-5838-401c-a1fc-4509950d210f",
"indicator--59a7f380-bd88-4024-8df0-44f5950d210f",
"indicator--59a7f380-1e14-4d8b-a77a-4461950d210f",
"indicator--59a7f380-03f0-4322-b6fa-49a9950d210f",
"indicator--59a7f380-ed60-4e38-91ad-40ce950d210f",
"indicator--59a7f380-4688-4ff0-b545-4ecd950d210f",
"indicator--59a7f380-f770-46a1-a5a4-4292950d210f",
"indicator--59a7f380-0d70-443b-87c7-43f6950d210f",
"indicator--59a7f380-a34c-4264-9dc0-480d950d210f",
"indicator--59a7f380-4cd0-4b6d-a0c9-438c950d210f",
"indicator--59a7f380-8700-4482-b4b0-4563950d210f",
"indicator--59a7f380-29e0-4c5a-8cc4-4921950d210f",
"indicator--59a7f380-2548-473c-a616-4597950d210f",
"indicator--59a7f380-60c0-4c83-8970-4ca1950d210f",
"indicator--59a7f380-8f54-4407-8ebc-47bc950d210f",
"indicator--59a7f380-f070-46d1-99cc-4fe3950d210f",
"indicator--59a7f380-0324-4c56-9f10-49fb950d210f",
"indicator--59a7f380-a78c-469c-8c18-48a4950d210f",
"indicator--59a7f380-9994-494f-af6e-479d950d210f",
"indicator--59a7f380-247c-406d-8064-422d950d210f",
"indicator--59a7f380-a644-42ae-bccb-49c1950d210f",
"indicator--59a7f380-4d28-428d-a4b8-44bd950d210f",
"indicator--59a7f380-dc5c-467c-ab0a-4db0950d210f",
"indicator--59a7f64b-6ff8-49ef-90bb-46f7950d210f",
"indicator--59a7f64b-94b4-43a7-9787-4270950d210f",
"indicator--59a7f64b-71b0-455d-b325-409e950d210f",
"indicator--59a7f64b-4b78-47af-a932-4e07950d210f",
"indicator--59a7f64b-27d8-4641-9e14-41d3950d210f",
"indicator--59a7f64b-653c-4486-8351-411e950d210f",
"indicator--59a7f64b-b4fc-48b1-8957-4dc8950d210f",
"indicator--59a7f64b-9c70-439b-bd16-4851950d210f",
"indicator--59a7f64b-ce1c-4884-b7d7-48b6950d210f",
"indicator--59a7f64b-51ec-40e6-a397-428e950d210f",
"indicator--59a7f64b-97e8-4083-8edc-4ce0950d210f",
"indicator--59a7f64b-eaec-442c-a5ed-4856950d210f",
"indicator--59a7f64b-12e4-4e6b-8316-4fe5950d210f",
"indicator--59a7f64b-3648-450c-bccd-47fa950d210f",
"indicator--59a7f64b-49e0-460b-8368-40b1950d210f",
"indicator--59a7f64b-d564-4190-aed1-4415950d210f",
"indicator--59a7f64b-2588-4bbb-b048-4232950d210f",
"indicator--59a7f64b-73b8-4a85-a811-4fee950d210f",
"indicator--59a7f64b-5550-4519-b790-43e9950d210f",
"indicator--59a7f64b-eee4-4d0b-8c9d-4bc5950d210f",
"indicator--59a7f64b-98bc-4f42-bc01-439c950d210f",
"indicator--59a7f64b-1824-4364-bec3-4795950d210f",
"indicator--59a7f64b-c3b0-424b-bb55-418d950d210f",
"indicator--59a7f64b-73fc-45bc-b350-411e950d210f",
"indicator--59a7f64b-3530-4960-b9ea-42d2950d210f",
"indicator--59a7f64b-1994-4758-8d47-4c02950d210f",
"indicator--59a7f64b-9ac0-4e36-b595-4384950d210f",
"indicator--59a7f64b-fd10-4c92-b900-407c950d210f",
"indicator--59a7f64b-3b30-4742-813e-4784950d210f",
"indicator--59a7f64b-3ca0-4133-858f-4941950d210f",
"indicator--59a7f64b-9144-4d5d-a4f1-4299950d210f",
"indicator--59a7f64b-dfa8-40d5-b9ff-461a950d210f",
"indicator--59a7f64b-0f30-4733-9240-4981950d210f",
"indicator--59a7f64b-3620-4bfc-bf16-40f1950d210f",
"indicator--59a7f64b-5dd8-432b-9b61-4d3f950d210f",
"indicator--59a7f64b-8e28-4524-b985-4ad0950d210f",
"indicator--59a7f64b-7160-496e-8475-4b17950d210f",
"indicator--59a7f64b-0998-4d01-a6b0-428c950d210f",
"indicator--59a7f64b-7228-4d01-923b-4864950d210f",
"indicator--59a7f64b-aca0-43d4-a7ae-4357950d210f",
"indicator--59a7f64b-aa8c-4ec7-9d98-41ae950d210f",
"indicator--59a7f64b-8fdc-4575-b62f-4c34950d210f",
"indicator--59a7f64b-f678-4aaa-bc65-4d6f950d210f",
"indicator--59a7f64b-26c8-475d-8df1-4b36950d210f",
"indicator--59a7f64b-5c2c-4d74-8c23-45ed950d210f",
"indicator--59a7f64b-7a84-446f-a7c4-43e6950d210f",
"indicator--59a7f6e6-5934-4fa2-94d1-4db5950d210f",
"indicator--59a9baf2-6c64-4121-a01c-49a502de0b81",
"indicator--59a9baf2-7580-46ee-93bf-491102de0b81",
"observed-data--59a9baf2-d000-4de0-87fb-4c7802de0b81",
"url--59a9baf2-d000-4de0-87fb-4c7802de0b81",
"indicator--59a9baf2-b870-4ac5-b7e7-497902de0b81",
"indicator--59a9baf2-8268-4aec-8206-43a402de0b81",
"observed-data--59a9baf2-7d34-45a7-b496-478402de0b81",
"url--59a9baf2-7d34-45a7-b496-478402de0b81",
"indicator--59a9baf2-bd24-454d-813b-47d702de0b81",
"indicator--59a9baf2-1358-450e-8816-480002de0b81",
"observed-data--59a9baf2-982c-46bd-aa57-438c02de0b81",
"url--59a9baf2-982c-46bd-aa57-438c02de0b81",
"indicator--59a9baf2-b0e8-4da9-9061-4e1a02de0b81",
"indicator--59a9baf2-813c-4fcd-8510-4af702de0b81",
"observed-data--59a9baf2-f00c-4a55-b56a-465002de0b81",
"url--59a9baf2-f00c-4a55-b56a-465002de0b81",
"indicator--59a9baf2-44b0-4e39-b77d-423802de0b81",
"indicator--59a9baf2-6ccc-4ade-a349-445702de0b81",
"observed-data--59a9baf2-98ac-43c0-a0a8-445f02de0b81",
"url--59a9baf2-98ac-43c0-a0a8-445f02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"technical-report\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-b3a4-43c4-ba9c-4ddc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\KB943729.log']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-fbf0-4c99-a6d3-4b5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\CVRG72B5.tmp.cvr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-7988-47f3-af38-417c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\CVRG1A6B.tmp.cvr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-0e2c-40a2-9421-4e22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\CVRG38D9.tmp.cvr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-a8ec-4c13-be4a-44d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\~DF1E06.tmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-a97c-4afc-91bb-4603950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\ntuser.dat.LOG3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f135-0fe4-4cf2-a333-4796950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\AppData\\\\Local\\\\Adobe\\\\AdobeUpdater.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59a7f1fa-c298-4a57-966a-4e26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Herein we release our analysis of a previously undocumented backdoor that has been targeted against embassies and consulates around the world leads us to attribute it, with high confidence, to the Turla group. Turla is a notorious group that has been targeting governments, government officials and diplomats for years. They are known to run watering hole and spearphishing campaigns to better pinpoint their targets. Although this backdoor has been actively deployed since at least 2016, it has not been documented anywhere. Based on strings found in the samples we analyzed, we have named this backdoor \u00e2\u20ac\u0153Gazer\u00e2\u20ac\u009d.\r\nRecently, the Turla APT group has seen extensive news coverage surrounding its campaigns, something we haven\u00e2\u20ac\u2122t seen for a long time. The Intercept reported that there exists a 2011 presentation by Canada\u00e2\u20ac\u2122s Communication Security Establishment (CSE) outlining the errors made by the Turla operators during their operations even though the tools they use are quite advanced. The codename for Turla APT group in this presentation is MAKERSMARK. Gazer is, similar to its siblings in the Turla family, using advanced methods to spy and persist on its targets. This whitepaper highlights the campaigns in which Gazer was used and also contains a technical analysis of its functionalities."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a7f2c4-9810-404a-8501-4950950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"first_observed": "2017-09-01T19:54:25Z",
"last_observed": "2017-09-01T19:54:25Z",
"number_observed": 1,
"object_refs": [
"url--59a7f2c4-9810-404a-8501-4950950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a7f2c4-9810-404a-8501-4950950d210f",
"value": "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a7f306-a5b8-475e-ac10-4819950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"first_observed": "2017-09-01T19:54:25Z",
"last_observed": "2017-09-01T19:54:25Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--59a7f306-a5b8-475e-ac10-4819950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--59a7f306-a5b8-475e-ac10-4819950d210f",
"key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ScreenSaver"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a7f306-f5f8-4562-a15e-45ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"first_observed": "2017-09-01T19:54:25Z",
"last_observed": "2017-09-01T19:54:25Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--59a7f306-f5f8-4562-a15e-45ec950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--59a7f306-f5f8-4562-a15e-45ec950d210f",
"key": "HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Explorer\\ScreenSaver"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-5838-401c-a1fc-4509950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'daybreakhealthcare.co.uk/wp-includes/themees.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-bd88-4024-8df0-44f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'simplecreative.design/wp-content/plugins/calculated-fields-form/single.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-1e14-4d8b-a77a-4461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = '169.255.137.203/rss_0.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-03f0-4322-b6fa-49a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'outletpiumini.springwaterfeatures.com/wp-includes/pomo/settings.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-ed60-4e38-91ad-40ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'zerogov.com/wp-content/plugins.deactivate/paypal-donations/src/PaypalDonations/SimpleSubsribe.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-4688-4ff0-b545-4ecd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'ales.ball-mill.es/ckfinder/core/connector/php/php4/CommandHandler/CommandHandler.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-f770-46a1-a5a4-4292950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'dyskurs.com.ua/wp-admin/includes/map-menu.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-0d70-443b-87c7-43f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'warrixmalaysia.com.my/wp-content/plugins/jetpack/modules/contact-form/grunion-table-form.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-a34c-4264-9dc0-480d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = '217.171.86.137/config.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-4cd0-4b6d-a0c9-438c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = '217.171.86.137/rss_0.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-8700-4482-b4b0-4563950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'shinestars-lifestyle.com/old_shinstar/includes/old/front_footer.old.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-29e0-4c5a-8cc4-4921950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'www.aviasiya.com/murad.by/life/wp-content/plugins/wp-accounting/inc/pages/page-search.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-2548-473c-a616-4597950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'baby.greenweb.co.il/wp-content/themes/san-kloud/admin.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-60c0-4c83-8970-4ca1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'soligro.com/wp-includes/pomo/db.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-8f54-4407-8ebc-47bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'giadinhvabe.net/wp-content/themes/viettemp/out/css/class.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-f070-46d1-99cc-4fe3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'tekfordummies.com/wp-content/plugins/social-auto-poster/includes/libraries/delicious/Delicious.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-0324-4c56-9f10-49fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'kennynguyen.esy.es/wp-content/plugins/wp-statistics/vendor/maxmind-db/reader/tests/MaxMind/Db/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-a78c-469c-8c18-48a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'test/Reader/BuildTest.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-9994-494f-af6e-479d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'sonneteck.com/wp-content/plugins/yith-woocommerce-wishlist/plugin-fw/licence/templates/panel/activation/activation.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-247c-406d-8064-422d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'chagiocaxuanson.esy.es/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ngglegacy/admin/templates/manage_gallery/gallery_preview_page_field.old.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-a644-42ae-bccb-49c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'hotnews.16mb.com/wp-content/themes/twentysixteen/template-parts/content-header.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-4d28-428d-a4b8-44bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'zszinhyosz.pe.hu/wp-content/themes/twentyfourteen/page-templates/full-hight.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f380-dc5c-467c-ab0a-4db0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"description": "C&C",
"pattern": "[url:value = 'weandcats.com/wp-content/plugins/broken-link-checker/modules/checkers/http-module.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-6ff8-49ef-90bb-46f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '27fa78de705ebaa4b11c4b5fe7277f91906b3f92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-94b4-43a7-9787-4270950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '35f205367e2e5f8a121925bbae6ff07626b526a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-71b0-455d-b325-409e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'b151cd7c4f9e53a8dcbdeb7ce61ccdd146eb68ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-4b78-47af-a932-4e07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'e40bb5beec5678537e8fe537f872b2ad6b77e08a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-27d8-4641-9e14-41d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '522e5f02c06ad215c9d0c23c5a6a523d34ae4e91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-653c-4486-8351-411e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'c380038a57ffb8c064851b898f630312fabcbba7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-b4fc-48b1-8957-4dc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '267f144d771b4e2832798485108decd505cb824a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-9c70-439b-bd16-4851950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '52f6d09cccdbc38d66c184521e7ccf6b28c4b4d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-ce1c-4884-b7d7-48b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '475c59744accb09724dae610763b7284646ab63f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-51ec-40e6-a397-428e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '22542a3245d52b7bcdb3eaef5b8b2693f451f497']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-97e8-4083-8edc-4ce0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '2b9faa8b0fcadac710c7b2b93d492ff1028b5291']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-eaec-442c-a5ed-4856950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'e05ab6978c17724b7c874f44f8a6cbfb1c56418d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-12e4-4e6b-8316-4fe5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '6dec3438d212b67356200bbac5ec7fa41c716d86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-3648-450c-bccd-47fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'b548863df838069455a76d2a63327434c02d0d9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-49e0-460b-8368-40b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'c3e6511377dfe85a34e19b33575870dda8884c3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-d564-4190-aed1-4415950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '9ff4f59ca26388c37d0b1f0e0b22322d926e294a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-2588-4bbb-b048-4232950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '029aa51549d0b9222db49a53d2604d79ad1c1e59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-73b8-4a85-a811-4fee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'cecc70f2b2d50269191336219a8f893d45f5e979']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-5550-4519-b790-43e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '7fac4fc130637afab31c56ce0a01e555d5dea40d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-eee4-4d0b-8c9d-4bc5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '5838a51426ca6095b1c92b87e1be22276c21a044']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-98bc-4f42-bc01-439c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '3944253f6b7019eed496fad756f4651be0e282b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-1824-4364-bec3-4795950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '228da957a9ed661e17e00efba8e923fd17fae054']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-c3b0-424b-bb55-418d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '295d142a7bdced124fdcc8edfe49b9f3acceab8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-73fc-45bc-b350-411e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '0f97f599fab7f8057424340c246d3a836c141782']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-3530-4960-b9ea-42d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'dbb185e493a0fdc959763533d86d73f986409f1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-1994-4758-8d47-4c02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '4701828dee543b994ed2578b9e0d3991f22bd827']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-9ac0-4e36-b595-4384950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '6fd611667ba19691958b5b72673b9b802edd7ff8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-fd10-4c92-b900-407c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'fcabeb735c51e2b8eb6fb07bda8b95401d069bd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-3b30-4742-813e-4784950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '75831df9cbcfd7bf812511148d2a0f117324a75f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-3ca0-4133-858f-4941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'bae3ae65c32838fb52a0f5ad2cde8659d2bff9f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-9144-4d5d-a4f1-4299950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '37ff6841419adc51eeb8756660b2fb46f3eb24ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-dfa8-40d5-b9ff-461a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '9e6de3577b463451b7afce24ab646ef62ad6c2bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-0f30-4733-9240-4981950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '795c6ee27b147ff0a05c0477f70477e315916e0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-3620-4bfc-bf16-40f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '8184ad9d6bbd03e99a397f8e925fa66cfbe5cf1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-5dd8-432b-9b61-4d3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '7ced96b08d7593e28fee616eccbc6338896517cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-8e28-4524-b985-4ad0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '63c534630c2ce0070ad203f9704f1526e83ae586']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-7160-496e-8475-4b17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '23f1e3be3175d49e7b262cd88cfd517694dcba18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-0998-4d01-a6b0-428c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '7a6f1486269abdc1d658db618dc3c6f2ac85a4a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-7228-4d01-923b-4864950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '11b35320fb1cf21d2e57770d8d8b237eb4330eaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-aca0-43d4-a7ae-4357950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'e8a2bad87027f2bf3ecae477f805de13fccc0181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-aa8c-4ec7-9d98-41ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '950f0b0c7701835c5fbdb6c5698a04b8afe068e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-8fdc-4575-b62f-4c34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'a5eec8c6aadf784994bf68d9d937bb7af3684d5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-f678-4aaa-bc65-4d6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '411ef895fe8dd4e040e8bf4048f4327f917e5724']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-26c8-475d-8df1-4b36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = 'c1288df9022bcd2c0a217b1536dfa83928768d06']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-5c2c-4d74-8c23-45ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '4b6ef62d5d59f2fe7f245dd3042dc7b83e3cc923']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f64b-7a84-446f-a7c4-43e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[file:hashes.SHA1 = '7f54f9f2a6909062988ae87c1337f3cf38d68d35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a7f6e6-5934-4fa2-94d1-4db5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:25.000Z",
"modified": "2017-09-01T19:54:25.000Z",
"pattern": "[import \u00e2\u20ac\u0153pe\u00e2\u20ac\u009d\r\nimport \u00e2\u20ac\u0153math\u00e2\u20ac\u009d\r\nimport \u00e2\u20ac\u0153hash\u00e2\u20ac\u009d\r\nrule Gazer_certificate_subject {\r\n condition:\r\n for any i in (0..pe.number_of_signatures - 1):\r\n (pe.signatures[i].subject contains \u00e2\u20ac\u0153Solid Loop\u00e2\u20ac\u009d or \r\npe.signatures[i].subject contains \u00e2\u20ac\u0153Ultimate Computer Support\u00e2\u20ac\u009d)\r\n}\r\nrule Gazer_certificate\r\n{\r\n strings:\r\n $certif1 = {52 76 a4 53 cd 70 9c 18 da 65 15 7e 5f 1f de 02}\r\n $certif2 = {12 90 f2 41 d9 b2 80 af 77 fc da 12 c6 b4 96 9c}\r\n condition:\r\n (uint16(0) == 0x5a4d) and 1 of them and filesize < 2MB\r\n}\r\nrule Gazer_logfile_name\r\n{\r\n strings:\r\n $s1 = \u00e2\u20ac\u0153CVRG72B5.tmp.cvr\u00e2\u20ac\u009d\r\n $s2 = \u00e2\u20ac\u0153CVRG1A6B.tmp.cvr\u00e2\u20ac\u009d\r\n $s3 = \u00e2\u20ac\u0153CVRG38D9.tmp.cvr\u00e2\u20ac\u009d\r\n condition:\r\n (uint16(0) == 0x5a4d) and 1 of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-6c64-4121-a01c-49a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: a5eec8c6aadf784994bf68d9d937bb7af3684d5c",
"pattern": "[file:hashes.SHA256 = '93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-7580-46ee-93bf-491102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: a5eec8c6aadf784994bf68d9d937bb7af3684d5c",
"pattern": "[file:hashes.MD5 = 'ccc172686bc7afc51349713178e2e45e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a9baf2-d000-4de0-87fb-4c7802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"first_observed": "2017-09-01T19:54:26Z",
"last_observed": "2017-09-01T19:54:26Z",
"number_observed": 1,
"object_refs": [
"url--59a9baf2-d000-4de0-87fb-4c7802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a9baf2-d000-4de0-87fb-4c7802de0b81",
"value": "https://www.virustotal.com/file/93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c/analysis/1504156268/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-b870-4ac5-b7e7-497902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: c380038a57ffb8c064851b898f630312fabcbba7",
"pattern": "[file:hashes.SHA256 = '4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-8268-4aec-8206-43a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: c380038a57ffb8c064851b898f630312fabcbba7",
"pattern": "[file:hashes.MD5 = 'fd7e0ecc41735d3ba0329e1e311689f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a9baf2-7d34-45a7-b496-478402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"first_observed": "2017-09-01T19:54:26Z",
"last_observed": "2017-09-01T19:54:26Z",
"number_observed": 1,
"object_refs": [
"url--59a9baf2-7d34-45a7-b496-478402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a9baf2-7d34-45a7-b496-478402de0b81",
"value": "https://www.virustotal.com/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf/analysis/1504278816/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-bd24-454d-813b-47d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: e40bb5beec5678537e8fe537f872b2ad6b77e08a",
"pattern": "[file:hashes.SHA256 = 'a65bc4adbd61c098acf40ef81dc8b6b10269af0d9ebbdc18b48439df76c18cb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-1358-450e-8816-480002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: e40bb5beec5678537e8fe537f872b2ad6b77e08a",
"pattern": "[file:hashes.MD5 = '0c6bb4ce1251c34365b8eb2a933dc431']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a9baf2-982c-46bd-aa57-438c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"first_observed": "2017-09-01T19:54:26Z",
"last_observed": "2017-09-01T19:54:26Z",
"number_observed": 1,
"object_refs": [
"url--59a9baf2-982c-46bd-aa57-438c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a9baf2-982c-46bd-aa57-438c02de0b81",
"value": "https://www.virustotal.com/file/a65bc4adbd61c098acf40ef81dc8b6b10269af0d9ebbdc18b48439df76c18cb3/analysis/1504263553/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-b0e8-4da9-9061-4e1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: b151cd7c4f9e53a8dcbdeb7ce61ccdd146eb68ab",
"pattern": "[file:hashes.SHA256 = 'd0b169d2e753191a5c366a863d216bc5a9eb5e173f0bd5a61f126c4fd16484ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-813c-4fcd-8510-4af702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: b151cd7c4f9e53a8dcbdeb7ce61ccdd146eb68ab",
"pattern": "[file:hashes.MD5 = '5a2acbc101a8323f876bdd26948ee8a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a9baf2-f00c-4a55-b56a-465002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"first_observed": "2017-09-01T19:54:26Z",
"last_observed": "2017-09-01T19:54:26Z",
"number_observed": 1,
"object_refs": [
"url--59a9baf2-f00c-4a55-b56a-465002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a9baf2-f00c-4a55-b56a-465002de0b81",
"value": "https://www.virustotal.com/file/d0b169d2e753191a5c366a863d216bc5a9eb5e173f0bd5a61f126c4fd16484ac/analysis/1504183815/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-44b0-4e39-b77d-423802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: 35f205367e2e5f8a121925bbae6ff07626b526a7",
"pattern": "[file:hashes.SHA256 = '473aa2c3ace12abe8a54a088a08e00b7bd71bd66cda16673c308b903c796bec0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a9baf2-6ccc-4ade-a349-445702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"description": "- Xchecked via VT: 35f205367e2e5f8a121925bbae6ff07626b526a7",
"pattern": "[file:hashes.MD5 = 'b099b82acb860d9a9a571515024b35f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a9baf2-98ac-43c0-a0a8-445f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T19:54:26.000Z",
"modified": "2017-09-01T19:54:26.000Z",
"first_observed": "2017-09-01T19:54:26Z",
"last_observed": "2017-09-01T19:54:26Z",
"number_observed": 1,
"object_refs": [
"url--59a9baf2-98ac-43c0-a0a8-445f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a9baf2-98ac-43c0-a0a8-445f02de0b81",
"value": "https://www.virustotal.com/file/473aa2c3ace12abe8a54a088a08e00b7bd71bd66cda16673c308b903c796bec0/analysis/1504278826/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink