misp-circl-feed/feeds/circl/misp/58720d9e-8b54-40a9-9d80-42e7950d210f.json

2836 lines
No EOL
121 KiB
JSON

{
"type": "bundle",
"id": "bundle--58720d9e-8b54-40a9-9d80-42e7950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:57:46.000Z",
"modified": "2017-01-08T10:57:46.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58720d9e-8b54-40a9-9d80-42e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:57:46.000Z",
"modified": "2017-01-08T10:57:46.000Z",
"name": "OSINT - MM Core In-Memory Backdoor Returns as \"BigBoss\" and \"SillyGoose\"",
"published": "2017-01-08T11:18:15Z",
"object_refs": [
"observed-data--58720dac-52b8-4003-a6c3-4836950d210f",
"url--58720dac-52b8-4003-a6c3-4836950d210f",
"x-misp-attribute--58720ddb-b720-488b-a2bf-43c2950d210f",
"indicator--587217ec-4e98-42bf-b74a-424b950d210f",
"indicator--587217ec-c724-4dcf-932a-4f85950d210f",
"indicator--587217ed-cfd4-4326-997a-417a950d210f",
"indicator--587217ee-116c-47fa-9494-43ad950d210f",
"indicator--587217ee-18bc-4247-9bca-43da950d210f",
"indicator--5872180a-6d30-4ddc-b39f-4ee3950d210f",
"indicator--5872180a-39ac-43e5-9fcc-4ca4950d210f",
"indicator--5872180b-eb54-473f-b2a7-4e36950d210f",
"indicator--58721835-9658-4fa8-a5f7-4337950d210f",
"indicator--58721836-b8e8-4eaf-8b19-4c34950d210f",
"indicator--58721836-1084-43fc-8c42-45b9950d210f",
"indicator--58721837-2fbc-460a-9f83-4899950d210f",
"indicator--58721838-2b78-40e9-b9c9-4b77950d210f",
"indicator--58721838-f638-4bba-9e22-497b950d210f",
"indicator--58721839-a2b4-4163-a22b-45a1950d210f",
"indicator--5872183a-f23c-4ff6-9b56-46f8950d210f",
"indicator--5872183a-3db8-4a61-a3a2-4175950d210f",
"indicator--5872183b-f2a4-4a22-8227-4e18950d210f",
"indicator--58721854-dbb0-4266-8413-407b950d210f",
"indicator--5872186a-99b0-411a-b17c-44c8950d210f",
"indicator--5872186b-b6b8-4a62-b94b-4268950d210f",
"indicator--5872190c-2478-489c-bd2a-443a950d210f",
"indicator--5872190d-7000-425a-a1b5-4f13950d210f",
"indicator--5872190d-e9c8-44e3-8919-407d950d210f",
"indicator--5872190e-9338-4dba-8635-4fa9950d210f",
"indicator--5872190f-fb0c-430d-bf45-4450950d210f",
"indicator--5872190f-935c-4383-a9a9-479d950d210f",
"indicator--58721910-04ec-4145-8714-4d34950d210f",
"indicator--58721911-bfa4-42ff-9b08-4f4c950d210f",
"indicator--58721911-9064-4f63-899c-4398950d210f",
"indicator--58721912-becc-4f40-8b4f-4d88950d210f",
"indicator--58721913-5370-4f55-b6ca-48c1950d210f",
"indicator--58721914-6ba8-4b62-b14f-4ea1950d210f",
"indicator--58721914-0e18-483c-b7e4-43fa950d210f",
"indicator--58721915-cddc-495b-859f-45fe950d210f",
"indicator--58721916-8cfc-4327-8fee-4e0d950d210f",
"indicator--58721916-6d98-4bbf-992e-4280950d210f",
"indicator--58721917-2178-42c3-b843-4066950d210f",
"indicator--58721939-3100-4117-8ed9-4e58950d210f",
"indicator--58721939-0f00-4a6d-966b-4703950d210f",
"indicator--5872193a-b494-417b-9429-462d950d210f",
"indicator--5872193b-d864-4ff3-a9e6-457e950d210f",
"indicator--5872195a-2fc8-46ba-af9b-4376950d210f",
"indicator--58721a10-f288-42b4-9702-4e1402de0b81",
"indicator--58721a11-170c-44ad-97eb-4f2c02de0b81",
"observed-data--58721a12-9fc8-496e-9634-49f702de0b81",
"url--58721a12-9fc8-496e-9634-49f702de0b81",
"indicator--58721a13-eba0-47a2-b999-4a2b02de0b81",
"indicator--58721a13-f348-436e-a7cc-445202de0b81",
"observed-data--58721a14-4514-462c-a44e-4d1c02de0b81",
"url--58721a14-4514-462c-a44e-4d1c02de0b81",
"indicator--58721a15-2874-4692-b24a-47b602de0b81",
"indicator--58721a16-79ec-4e62-9d31-475c02de0b81",
"observed-data--58721a16-b100-4e55-a771-4bc202de0b81",
"url--58721a16-b100-4e55-a771-4bc202de0b81",
"indicator--58721a17-7564-4a40-9826-4caa02de0b81",
"indicator--58721a18-0f84-4bc6-aa83-450d02de0b81",
"observed-data--58721a18-59e0-4238-8532-45bc02de0b81",
"url--58721a18-59e0-4238-8532-45bc02de0b81",
"indicator--58721a19-2abc-478e-b5fb-416102de0b81",
"indicator--58721a1a-cb00-48df-bedc-41ef02de0b81",
"observed-data--58721a1b-d7a8-430f-ab7d-4a7702de0b81",
"url--58721a1b-d7a8-430f-ab7d-4a7702de0b81",
"indicator--58721a1b-2f2c-41ea-8f54-456402de0b81",
"indicator--58721a1c-7550-4fb8-8efb-45cc02de0b81",
"observed-data--58721a1d-6e5c-41fb-bd35-491902de0b81",
"url--58721a1d-6e5c-41fb-bd35-491902de0b81",
"indicator--58721a1e-a7d8-4a04-ba60-4dbe02de0b81",
"indicator--58721a1e-efec-4012-b0be-4cb202de0b81",
"observed-data--58721a1f-2ad4-4c50-9306-44c902de0b81",
"url--58721a1f-2ad4-4c50-9306-44c902de0b81",
"indicator--58721a20-074c-47e6-a681-48cc02de0b81",
"indicator--58721a21-28dc-40dd-83a8-431702de0b81",
"observed-data--58721a21-1a9c-414f-94c7-43c702de0b81",
"url--58721a21-1a9c-414f-94c7-43c702de0b81",
"indicator--58721a22-d584-49ff-856c-40ab02de0b81",
"indicator--58721a23-37fc-403c-a41a-48a902de0b81",
"observed-data--58721a23-05e8-49af-9028-4e9002de0b81",
"url--58721a23-05e8-49af-9028-4e9002de0b81",
"indicator--58721a24-bf78-4e4f-a1c9-455502de0b81",
"indicator--58721a25-7e24-48af-8641-48b902de0b81",
"observed-data--58721a26-1990-4c1e-b4fe-4ac802de0b81",
"url--58721a26-1990-4c1e-b4fe-4ac802de0b81",
"indicator--58721a26-2a54-4c67-8966-401402de0b81",
"indicator--58721a27-df90-4e23-a7d8-45b602de0b81",
"observed-data--58721a28-5f34-4997-993f-45b402de0b81",
"url--58721a28-5f34-4997-993f-45b402de0b81",
"indicator--58721a29-513c-42cd-a8a9-414d02de0b81",
"indicator--58721a29-5e84-4009-935f-4b3b02de0b81",
"observed-data--58721a2a-950c-48b1-9e9c-47ad02de0b81",
"url--58721a2a-950c-48b1-9e9c-47ad02de0b81",
"indicator--58721a2b-e744-411e-b4bb-4f6202de0b81",
"indicator--58721a2c-07b8-4db7-9de3-433602de0b81",
"observed-data--58721a2c-2080-4fc2-af18-460202de0b81",
"url--58721a2c-2080-4fc2-af18-460202de0b81",
"indicator--58721a2d-c900-4abc-aeb2-4c6202de0b81",
"indicator--58721a2e-0338-4f99-8c58-471302de0b81",
"observed-data--58721a2f-bf20-41b2-bb9a-4a3002de0b81",
"url--58721a2f-bf20-41b2-bb9a-4a3002de0b81",
"indicator--58721a2f-19b0-4b16-81dd-49a202de0b81",
"indicator--58721a30-4acc-414f-b8e8-45a702de0b81",
"observed-data--58721a31-2a00-4bef-b78c-41eb02de0b81",
"url--58721a31-2a00-4bef-b78c-41eb02de0b81",
"indicator--58721a31-1f84-45b4-aaf4-4ace02de0b81",
"indicator--58721a32-8fe8-45ad-8243-4fc502de0b81",
"observed-data--58721a33-5160-4698-87dc-40ed02de0b81",
"url--58721a33-5160-4698-87dc-40ed02de0b81",
"indicator--58721a34-4718-401d-8c17-4eb802de0b81",
"indicator--58721a34-8cac-494e-95cd-4e4802de0b81",
"observed-data--58721a35-67f0-44c8-9dab-421c02de0b81",
"url--58721a35-67f0-44c8-9dab-421c02de0b81",
"indicator--58721a36-c628-4aa7-93d2-499f02de0b81",
"indicator--58721a37-2c60-432a-9471-4e3402de0b81",
"observed-data--58721a37-4c14-4040-b978-4e5c02de0b81",
"url--58721a37-4c14-4040-b978-4e5c02de0b81",
"indicator--58721a38-e2f4-400c-b548-478102de0b81",
"indicator--58721a39-d50c-4ba2-b029-4c4102de0b81",
"observed-data--58721a39-fc50-49eb-aa98-44be02de0b81",
"url--58721a39-fc50-49eb-aa98-44be02de0b81",
"indicator--58721a3a-475c-44a4-8137-43f002de0b81",
"indicator--58721a3b-8860-4374-bcd3-4e4802de0b81",
"observed-data--58721a3c-1a08-4680-9c4f-4e5102de0b81",
"url--58721a3c-1a08-4680-9c4f-4e5102de0b81",
"indicator--58721a3c-aa5c-46e5-9141-416202de0b81",
"indicator--58721a3d-58ec-49c2-bb1b-424602de0b81",
"observed-data--58721a3e-3fbc-42a7-85d3-47ca02de0b81",
"url--58721a3e-3fbc-42a7-85d3-47ca02de0b81",
"indicator--58721a3f-1e9c-45e9-9f31-4a1d02de0b81",
"indicator--58721a3f-eba8-4c01-9964-429002de0b81",
"observed-data--58721a40-54a0-4945-b198-4a6b02de0b81",
"url--58721a40-54a0-4945-b198-4a6b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"MM Core\"",
"ecsirt:malicious-code=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58720dac-52b8-4003-a6c3-4836950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:00:12.000Z",
"modified": "2017-01-08T10:00:12.000Z",
"first_observed": "2017-01-08T10:00:12Z",
"last_observed": "2017-01-08T10:00:12Z",
"number_observed": 1,
"object_refs": [
"url--58720dac-52b8-4003-a6c3-4836950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58720dac-52b8-4003-a6c3-4836950d210f",
"value": "https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58720ddb-b720-488b-a2bf-43c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:00:59.000Z",
"modified": "2017-01-08T10:00:59.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In October 2016 Forcepoint Security Labs\u00e2\u201e\u00a2 discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number \u00e2\u20ac\u01532.0-LNK\u00e2\u20ac\u009d where it used the tag \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d in its command-and-control (C2) network request. A second version \u00e2\u20ac\u01532.1-LNK\u00e2\u20ac\u009d with the network tag \u00e2\u20ac\u0153StrangeLove\u00e2\u20ac\u009d was discovered shortly after.\r\n\r\nIn this blog we will detail our discovery of the next two versions of MM Core, namely \u00e2\u20ac\u0153BigBoss\u00e2\u20ac\u009d (2.2-LNK) and \u00e2\u20ac\u0153SillyGoose\u00e2\u20ac\u009d (2.3-LNK). Attacks using \"BigBoss\" appear likely to have occurred since mid-2015, whereas \"SillyGoose\" appears to have been distributed since September 2016. Both versions still appear to be active."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587217ec-4e98-42bf-b74a-424b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:43:56.000Z",
"modified": "2017-01-08T10:43:56.000Z",
"description": "Gratem Second Stage Payload Locations",
"pattern": "[url:value = 'http://adnetwork33.redirectme.net/wp-content/themes/booswrap/layers.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:43:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587217ec-c724-4dcf-932a-4f85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:43:56.000Z",
"modified": "2017-01-08T10:43:56.000Z",
"description": "Gratem Second Stage Payload Locations",
"pattern": "[url:value = 'http://network-resources.net/wp-content/themes/booswrap/layers.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:43:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587217ed-cfd4-4326-997a-417a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:43:57.000Z",
"modified": "2017-01-08T10:43:57.000Z",
"description": "Gratem Second Stage Payload Locations",
"pattern": "[url:value = 'http://adworks.webhop.me/wp-content/themes/bmw/s6.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:43:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587217ee-116c-47fa-9494-43ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:43:58.000Z",
"modified": "2017-01-08T10:43:58.000Z",
"description": "Gratem Second Stage Payload Locations",
"pattern": "[url:value = 'http://adrev22.ddns.net/network/superads/logo.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587217ee-18bc-4247-9bca-43da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:43:58.000Z",
"modified": "2017-01-08T10:43:58.000Z",
"description": "Gratem Second Stage Payload Locations",
"pattern": "[url:value = 'http://davidjone.net/network/superads/logo.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872180a-6d30-4ddc-b39f-4ee3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:44:26.000Z",
"modified": "2017-01-08T10:44:26.000Z",
"description": "MM Core C2s",
"pattern": "[url:value = 'http://presspublishing24.net/plugins/cc/mik.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:44:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872180a-39ac-43e5-9fcc-4ca4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:44:26.000Z",
"modified": "2017-01-08T10:44:26.000Z",
"description": "MM Core C2s",
"pattern": "[url:value = 'http://presspublishing24.net/plugins/slm/log.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:44:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872180b-eb54-473f-b2a7-4e36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:44:27.000Z",
"modified": "2017-01-08T10:44:27.000Z",
"description": "MM Core C2s",
"pattern": "[url:value = 'http://presspublishing24.net/plugins/xim/trail.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721835-9658-4fa8-a5f7-4337950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:09.000Z",
"modified": "2017-01-08T10:45:09.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://mockingbird.no-ip.org/plugins/xim/top.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721836-b8e8-4eaf-8b19-4c34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:10.000Z",
"modified": "2017-01-08T10:45:10.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://presspublishing24.net/plugins/xim/top.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721836-1084-43fc-8c42-45b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:10.000Z",
"modified": "2017-01-08T10:45:10.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://ichoose.zapto.org/plugins/cc/me.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721837-2fbc-460a-9f83-4899950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:11.000Z",
"modified": "2017-01-08T10:45:11.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://presspublishing24.net/plugins/cc/me.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721838-2b78-40e9-b9c9-4b77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:12.000Z",
"modified": "2017-01-08T10:45:12.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://waterlily.ddns.net/plugins/slm/pogo.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721838-f638-4bba-9e22-497b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:12.000Z",
"modified": "2017-01-08T10:45:12.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://presspublishing24.net/plugins/slm/pogo.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721839-a2b4-4163-a22b-45a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:13.000Z",
"modified": "2017-01-08T10:45:13.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://nayanew1.no-ip.org/plugins/xim/top.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872183a-f23c-4ff6-9b56-46f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:14.000Z",
"modified": "2017-01-08T10:45:14.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://davidjone.net/plugins/xim/top.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872183a-3db8-4a61-a3a2-4175950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:14.000Z",
"modified": "2017-01-08T10:45:14.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://hawahawa123.no-ip.org/plugins/xim/logo.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872183b-f2a4-4a22-8227-4e18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:15.000Z",
"modified": "2017-01-08T10:45:15.000Z",
"description": "MM Core Payload Locations",
"pattern": "[url:value = 'http://davidjone.net/plugins/xim/logo.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721854-dbb0-4266-8413-407b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:45:40.000Z",
"modified": "2017-01-08T10:45:40.000Z",
"description": "Dropper/Downloader Payload Locations",
"pattern": "[url:value = 'http://davidjone.net/huan/normaldot.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:45:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872186a-99b0-411a-b17c-44c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:46:02.000Z",
"modified": "2017-01-08T10:46:02.000Z",
"description": "Related Gratem Samples",
"pattern": "[file:hashes.SHA1 = '673f315388d9c3e47adc280da1ff8b85a0893525']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:46:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872186b-b6b8-4a62-b94b-4268950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:46:03.000Z",
"modified": "2017-01-08T10:46:03.000Z",
"description": "Related Gratem Samples",
"pattern": "[file:hashes.SHA1 = 'f7372222ec3e56d384e7ca2650eb39c0f420bc88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:46:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872190c-2478-489c-bd2a-443a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:44.000Z",
"modified": "2017-01-08T10:48:44.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872190d-7000-425a-a1b5-4f13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:45.000Z",
"modified": "2017-01-08T10:48:45.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'ef59b4ffc8a92a5a49308ba98cb38949f74774f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872190d-e9c8-44e3-8919-407d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:45.000Z",
"modified": "2017-01-08T10:48:45.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '1cf86d87140f13bf88ede74654e01853bae2413c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872190e-9338-4dba-8635-4fa9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:46.000Z",
"modified": "2017-01-08T10:48:46.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872190f-fb0c-430d-bf45-4450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:47.000Z",
"modified": "2017-01-08T10:48:47.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872190f-935c-4383-a9a9-479d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:47.000Z",
"modified": "2017-01-08T10:48:47.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '83e7b2d6ea775c8eb1f6cfefb32df754609a8129']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721910-04ec-4145-8714-4d34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:48.000Z",
"modified": "2017-01-08T10:48:48.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'b931d3988eb37491506504990cae3081208e1a66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721911-bfa4-42ff-9b08-4f4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:49.000Z",
"modified": "2017-01-08T10:48:49.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '7031f4be6ced5241ae0dd4315d66a261f654dbd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721911-9064-4f63-899c-4398950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:49.000Z",
"modified": "2017-01-08T10:48:49.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'ab53485990ac503fb9c440ab469771fac661f3cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721912-becc-4f40-8b4f-4d88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:50.000Z",
"modified": "2017-01-08T10:48:50.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'b8e6f570e02d105df2d78698de12ae80d66c54a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721913-5370-4f55-b6ca-48c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:51.000Z",
"modified": "2017-01-08T10:48:51.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '188776d098f61fa2c3b482b2ace202caee18b411']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721914-6ba8-4b62-b14f-4ea1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:52.000Z",
"modified": "2017-01-08T10:48:52.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'e0ed40ec0196543814b00fd0aac7218f23de5ec5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721914-0e18-483c-b7e4-43fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:52.000Z",
"modified": "2017-01-08T10:48:52.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '5498bb49083289dfc2557a7c205aed7f8b97b2a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721915-cddc-495b-859f-45fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:53.000Z",
"modified": "2017-01-08T10:48:53.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'ce18064f675348dd327569bd50528286929bc37a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721916-8cfc-4327-8fee-4e0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:54.000Z",
"modified": "2017-01-08T10:48:54.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721916-6d98-4bbf-992e-4280950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:54.000Z",
"modified": "2017-01-08T10:48:54.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = '21c1904477ceb8d4d26ac9306e844b4ba0af1b43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721917-2178-42c3-b843-4066950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:48:55.000Z",
"modified": "2017-01-08T10:48:55.000Z",
"description": "Dropper/Downloader Samples",
"pattern": "[file:hashes.SHA1 = 'f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:48:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721939-3100-4117-8ed9-4e58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:49:29.000Z",
"modified": "2017-01-08T10:49:29.000Z",
"description": "MM Core Unpacked DLL Samples",
"pattern": "[file:hashes.SHA1 = '13b25ba2b139b9f45e21697ae00cf1b452eeeff5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:49:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721939-0f00-4a6d-966b-4703950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:49:29.000Z",
"modified": "2017-01-08T10:49:29.000Z",
"description": "MM Core Unpacked DLL Samples",
"pattern": "[file:hashes.SHA1 = 'c58aac5567df7676c2b08e1235cd70daec3023e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:49:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872193a-b494-417b-9429-462d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:49:30.000Z",
"modified": "2017-01-08T10:49:30.000Z",
"description": "MM Core Unpacked DLL Samples",
"pattern": "[file:hashes.SHA1 = '4372bb675827922280e8de87a78bf61a6a3e7e4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:49:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872193b-d864-4ff3-a9e6-457e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:49:31.000Z",
"modified": "2017-01-08T10:49:31.000Z",
"description": "MM Core Unpacked DLL Samples",
"pattern": "[file:hashes.SHA1 = '08bfdefef8a1fb1ea6f292b1ed7d709fbbc2c602']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5872195a-2fc8-46ba-af9b-4376950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:50:02.000Z",
"modified": "2017-01-08T10:50:02.000Z",
"description": "US pak track ii naval dialogues.doc",
"pattern": "[file:hashes.SHA1 = 'd336b8424a65f5c0b83328aa89089c2e4ddbcf72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a10-f288-42b4-9702-4e1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:04.000Z",
"modified": "2017-01-08T10:53:04.000Z",
"description": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72",
"pattern": "[file:hashes.SHA256 = '72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a11-170c-44ad-97eb-4f2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:05.000Z",
"modified": "2017-01-08T10:53:05.000Z",
"description": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72",
"pattern": "[file:hashes.MD5 = 'c4cee8d6f30127938681c93dd19f2af4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a12-9fc8-496e-9634-49f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:06.000Z",
"modified": "2017-01-08T10:53:06.000Z",
"first_observed": "2017-01-08T10:53:06Z",
"last_observed": "2017-01-08T10:53:06Z",
"number_observed": 1,
"object_refs": [
"url--58721a12-9fc8-496e-9634-49f702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a12-9fc8-496e-9634-49f702de0b81",
"value": "https://www.virustotal.com/file/72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631/analysis/1483862088/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a13-eba0-47a2-b999-4a2b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:07.000Z",
"modified": "2017-01-08T10:53:07.000Z",
"description": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d",
"pattern": "[file:hashes.SHA256 = '0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a13-f348-436e-a7cc-445202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:07.000Z",
"modified": "2017-01-08T10:53:07.000Z",
"description": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d",
"pattern": "[file:hashes.MD5 = '060d13afdb2212a717666b251feda1d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a14-4514-462c-a44e-4d1c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:08.000Z",
"modified": "2017-01-08T10:53:08.000Z",
"first_observed": "2017-01-08T10:53:08Z",
"last_observed": "2017-01-08T10:53:08Z",
"number_observed": 1,
"object_refs": [
"url--58721a14-4514-462c-a44e-4d1c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a14-4514-462c-a44e-4d1c02de0b81",
"value": "https://www.virustotal.com/file/0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6/analysis/1483698678/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a15-2874-4692-b24a-47b602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:09.000Z",
"modified": "2017-01-08T10:53:09.000Z",
"description": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8",
"pattern": "[file:hashes.SHA256 = '1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a16-79ec-4e62-9d31-475c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:10.000Z",
"modified": "2017-01-08T10:53:10.000Z",
"description": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8",
"pattern": "[file:hashes.MD5 = 'bddb10729acb2dfe28a7017b261d63db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a16-b100-4e55-a771-4bc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:10.000Z",
"modified": "2017-01-08T10:53:10.000Z",
"first_observed": "2017-01-08T10:53:10Z",
"last_observed": "2017-01-08T10:53:10Z",
"number_observed": 1,
"object_refs": [
"url--58721a16-b100-4e55-a771-4bc202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a16-b100-4e55-a771-4bc202de0b81",
"value": "https://www.virustotal.com/file/1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233/analysis/1483633479/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a17-7564-4a40-9826-4caa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:11.000Z",
"modified": "2017-01-08T10:53:11.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6",
"pattern": "[file:hashes.SHA256 = 'f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a18-0f84-4bc6-aa83-450d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:12.000Z",
"modified": "2017-01-08T10:53:12.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6",
"pattern": "[file:hashes.MD5 = 'a9c07b9fb099f44e7b8f53a74d7f71d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a18-59e0-4238-8532-45bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:12.000Z",
"modified": "2017-01-08T10:53:12.000Z",
"first_observed": "2017-01-08T10:53:12Z",
"last_observed": "2017-01-08T10:53:12Z",
"number_observed": 1,
"object_refs": [
"url--58721a18-59e0-4238-8532-45bc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a18-59e0-4238-8532-45bc02de0b81",
"value": "https://www.virustotal.com/file/f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5/analysis/1483633483/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a19-2abc-478e-b5fb-416102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:13.000Z",
"modified": "2017-01-08T10:53:13.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43",
"pattern": "[file:hashes.SHA256 = 'a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a1a-cb00-48df-bedc-41ef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:14.000Z",
"modified": "2017-01-08T10:53:14.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43",
"pattern": "[file:hashes.MD5 = '0932b703849364ca1537305761bc3429']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a1b-d7a8-430f-ab7d-4a7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:15.000Z",
"modified": "2017-01-08T10:53:15.000Z",
"first_observed": "2017-01-08T10:53:15Z",
"last_observed": "2017-01-08T10:53:15Z",
"number_observed": 1,
"object_refs": [
"url--58721a1b-d7a8-430f-ab7d-4a7702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a1b-d7a8-430f-ab7d-4a7702de0b81",
"value": "https://www.virustotal.com/file/a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9/analysis/1460698281/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a1b-2f2c-41ea-8f54-456402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:15.000Z",
"modified": "2017-01-08T10:53:15.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3",
"pattern": "[file:hashes.SHA256 = '033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a1c-7550-4fb8-8efb-45cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:16.000Z",
"modified": "2017-01-08T10:53:16.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3",
"pattern": "[file:hashes.MD5 = '9e73734ac2ab5293c0f326245658b50e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a1d-6e5c-41fb-bd35-491902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:17.000Z",
"modified": "2017-01-08T10:53:17.000Z",
"first_observed": "2017-01-08T10:53:17Z",
"last_observed": "2017-01-08T10:53:17Z",
"number_observed": 1,
"object_refs": [
"url--58721a1d-6e5c-41fb-bd35-491902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a1d-6e5c-41fb-bd35-491902de0b81",
"value": "https://www.virustotal.com/file/033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb/analysis/1483633482/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a1e-a7d8-4a04-ba60-4dbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:18.000Z",
"modified": "2017-01-08T10:53:18.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a",
"pattern": "[file:hashes.SHA256 = 'ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a1e-efec-4012-b0be-4cb202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:18.000Z",
"modified": "2017-01-08T10:53:18.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a",
"pattern": "[file:hashes.MD5 = 'c27da5a756569012449c479609c3b959']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a1f-2ad4-4c50-9306-44c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:19.000Z",
"modified": "2017-01-08T10:53:19.000Z",
"first_observed": "2017-01-08T10:53:19Z",
"last_observed": "2017-01-08T10:53:19Z",
"number_observed": 1,
"object_refs": [
"url--58721a1f-2ad4-4c50-9306-44c902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a1f-2ad4-4c50-9306-44c902de0b81",
"value": "https://www.virustotal.com/file/ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795/analysis/1483633482/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a20-074c-47e6-a681-48cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:20.000Z",
"modified": "2017-01-08T10:53:20.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8",
"pattern": "[file:hashes.SHA256 = '87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a21-28dc-40dd-83a8-431702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:21.000Z",
"modified": "2017-01-08T10:53:21.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8",
"pattern": "[file:hashes.MD5 = '6c833531eb3c6b97095b45fcc8f2a1e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a21-1a9c-414f-94c7-43c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:21.000Z",
"modified": "2017-01-08T10:53:21.000Z",
"first_observed": "2017-01-08T10:53:21Z",
"last_observed": "2017-01-08T10:53:21Z",
"number_observed": 1,
"object_refs": [
"url--58721a21-1a9c-414f-94c7-43c702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a21-1a9c-414f-94c7-43c702de0b81",
"value": "https://www.virustotal.com/file/87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317/analysis/1458047912/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a22-d584-49ff-856c-40ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:22.000Z",
"modified": "2017-01-08T10:53:22.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5",
"pattern": "[file:hashes.SHA256 = '1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a23-37fc-403c-a41a-48a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:23.000Z",
"modified": "2017-01-08T10:53:23.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5",
"pattern": "[file:hashes.MD5 = '898812640c2cb691e5d9cdea96fe9599']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a23-05e8-49af-9028-4e9002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:23.000Z",
"modified": "2017-01-08T10:53:23.000Z",
"first_observed": "2017-01-08T10:53:23Z",
"last_observed": "2017-01-08T10:53:23Z",
"number_observed": 1,
"object_refs": [
"url--58721a23-05e8-49af-9028-4e9002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a23-05e8-49af-9028-4e9002de0b81",
"value": "https://www.virustotal.com/file/1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9/analysis/1483633481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a24-bf78-4e4f-a1c9-455502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:24.000Z",
"modified": "2017-01-08T10:53:24.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411",
"pattern": "[file:hashes.SHA256 = '4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a25-7e24-48af-8641-48b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:25.000Z",
"modified": "2017-01-08T10:53:25.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411",
"pattern": "[file:hashes.MD5 = 'bffc9f409be33207849207f62622db50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a26-1990-4c1e-b4fe-4ac802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:26.000Z",
"modified": "2017-01-08T10:53:26.000Z",
"first_observed": "2017-01-08T10:53:26Z",
"last_observed": "2017-01-08T10:53:26Z",
"number_observed": 1,
"object_refs": [
"url--58721a26-1990-4c1e-b4fe-4ac802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a26-1990-4c1e-b4fe-4ac802de0b81",
"value": "https://www.virustotal.com/file/4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e/analysis/1483633481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a26-2a54-4c67-8966-401402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:26.000Z",
"modified": "2017-01-08T10:53:26.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2",
"pattern": "[file:hashes.SHA256 = 'e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a27-df90-4e23-a7d8-45b602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:27.000Z",
"modified": "2017-01-08T10:53:27.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2",
"pattern": "[file:hashes.MD5 = '2801b537960058643dfdb3fc5199246d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a28-5f34-4997-993f-45b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:28.000Z",
"modified": "2017-01-08T10:53:28.000Z",
"first_observed": "2017-01-08T10:53:28Z",
"last_observed": "2017-01-08T10:53:28Z",
"number_observed": 1,
"object_refs": [
"url--58721a28-5f34-4997-993f-45b402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a28-5f34-4997-993f-45b402de0b81",
"value": "https://www.virustotal.com/file/e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0/analysis/1483698672/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a29-513c-42cd-a8a9-414d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:29.000Z",
"modified": "2017-01-08T10:53:29.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc",
"pattern": "[file:hashes.SHA256 = '0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a29-5e84-4009-935f-4b3b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:29.000Z",
"modified": "2017-01-08T10:53:29.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc",
"pattern": "[file:hashes.MD5 = 'fe1eb07a9068c32efd032404a7472e58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a2a-950c-48b1-9e9c-47ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:30.000Z",
"modified": "2017-01-08T10:53:30.000Z",
"first_observed": "2017-01-08T10:53:30Z",
"last_observed": "2017-01-08T10:53:30Z",
"number_observed": 1,
"object_refs": [
"url--58721a2a-950c-48b1-9e9c-47ad02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a2a-950c-48b1-9e9c-47ad02de0b81",
"value": "https://www.virustotal.com/file/0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85/analysis/1483633481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a2b-e744-411e-b4bb-4f6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:31.000Z",
"modified": "2017-01-08T10:53:31.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6",
"pattern": "[file:hashes.SHA256 = '4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a2c-07b8-4db7-9de3-433602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:32.000Z",
"modified": "2017-01-08T10:53:32.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6",
"pattern": "[file:hashes.MD5 = '380cfac90270b45518c17c224aa8e5be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a2c-2080-4fc2-af18-460202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:32.000Z",
"modified": "2017-01-08T10:53:32.000Z",
"first_observed": "2017-01-08T10:53:32Z",
"last_observed": "2017-01-08T10:53:32Z",
"number_observed": 1,
"object_refs": [
"url--58721a2c-2080-4fc2-af18-460202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a2c-2080-4fc2-af18-460202de0b81",
"value": "https://www.virustotal.com/file/4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479/analysis/1483633481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a2d-c900-4abc-aeb2-4c6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:33.000Z",
"modified": "2017-01-08T10:53:33.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66",
"pattern": "[file:hashes.SHA256 = '86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a2e-0338-4f99-8c58-471302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:34.000Z",
"modified": "2017-01-08T10:53:34.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66",
"pattern": "[file:hashes.MD5 = 'ee4563761247361632046c8966a4c790']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a2f-bf20-41b2-bb9a-4a3002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:35.000Z",
"modified": "2017-01-08T10:53:35.000Z",
"first_observed": "2017-01-08T10:53:35Z",
"last_observed": "2017-01-08T10:53:35Z",
"number_observed": 1,
"object_refs": [
"url--58721a2f-bf20-41b2-bb9a-4a3002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a2f-bf20-41b2-bb9a-4a3002de0b81",
"value": "https://www.virustotal.com/file/86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a/analysis/1483633481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a2f-19b0-4b16-81dd-49a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:35.000Z",
"modified": "2017-01-08T10:53:35.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129",
"pattern": "[file:hashes.SHA256 = 'af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a30-4acc-414f-b8e8-45a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:36.000Z",
"modified": "2017-01-08T10:53:36.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129",
"pattern": "[file:hashes.MD5 = 'f38ffc4bfe7b449389b05d483016625b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a31-2a00-4bef-b78c-41eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:37.000Z",
"modified": "2017-01-08T10:53:37.000Z",
"first_observed": "2017-01-08T10:53:37Z",
"last_observed": "2017-01-08T10:53:37Z",
"number_observed": 1,
"object_refs": [
"url--58721a31-2a00-4bef-b78c-41eb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a31-2a00-4bef-b78c-41eb02de0b81",
"value": "https://www.virustotal.com/file/af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93/analysis/1483633480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a31-1f84-45b4-aaf4-4ace02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:37.000Z",
"modified": "2017-01-08T10:53:37.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b",
"pattern": "[file:hashes.SHA256 = '87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a32-8fe8-45ad-8243-4fc502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:38.000Z",
"modified": "2017-01-08T10:53:38.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b",
"pattern": "[file:hashes.MD5 = '50b20197c9f9f3a8ded3a42aa6cf5315']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a33-5160-4698-87dc-40ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:39.000Z",
"modified": "2017-01-08T10:53:39.000Z",
"first_observed": "2017-01-08T10:53:39Z",
"last_observed": "2017-01-08T10:53:39Z",
"number_observed": 1,
"object_refs": [
"url--58721a33-5160-4698-87dc-40ed02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a33-5160-4698-87dc-40ed02de0b81",
"value": "https://www.virustotal.com/file/87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca/analysis/1475469859/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a34-4718-401d-8c17-4eb802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:40.000Z",
"modified": "2017-01-08T10:53:40.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2",
"pattern": "[file:hashes.SHA256 = '62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a34-8cac-494e-95cd-4e4802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:40.000Z",
"modified": "2017-01-08T10:53:40.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2",
"pattern": "[file:hashes.MD5 = '0647bac99b6a8407795134f5d67d4590']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a35-67f0-44c8-9dab-421c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:41.000Z",
"modified": "2017-01-08T10:53:41.000Z",
"first_observed": "2017-01-08T10:53:41Z",
"last_observed": "2017-01-08T10:53:41Z",
"number_observed": 1,
"object_refs": [
"url--58721a35-67f0-44c8-9dab-421c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a35-67f0-44c8-9dab-421c02de0b81",
"value": "https://www.virustotal.com/file/62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829/analysis/1482068488/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a36-c628-4aa7-93d2-499f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:42.000Z",
"modified": "2017-01-08T10:53:42.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c",
"pattern": "[file:hashes.SHA256 = '3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a37-2c60-432a-9471-4e3402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:43.000Z",
"modified": "2017-01-08T10:53:43.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c",
"pattern": "[file:hashes.MD5 = '2826c9c6c25368f773c0e448572585d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a37-4c14-4040-b978-4e5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:43.000Z",
"modified": "2017-01-08T10:53:43.000Z",
"first_observed": "2017-01-08T10:53:43Z",
"last_observed": "2017-01-08T10:53:43Z",
"number_observed": 1,
"object_refs": [
"url--58721a37-4c14-4040-b978-4e5c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a37-4c14-4040-b978-4e5c02de0b81",
"value": "https://www.virustotal.com/file/3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e/analysis/1483633480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a38-e2f4-400c-b548-478102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:44.000Z",
"modified": "2017-01-08T10:53:44.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1",
"pattern": "[file:hashes.SHA256 = 'dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a39-d50c-4ba2-b029-4c4102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:45.000Z",
"modified": "2017-01-08T10:53:45.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1",
"pattern": "[file:hashes.MD5 = '263b6c350cbf7354b99139be17c272d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a39-fc50-49eb-aa98-44be02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:45.000Z",
"modified": "2017-01-08T10:53:45.000Z",
"first_observed": "2017-01-08T10:53:45Z",
"last_observed": "2017-01-08T10:53:45Z",
"number_observed": 1,
"object_refs": [
"url--58721a39-fc50-49eb-aa98-44be02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a39-fc50-49eb-aa98-44be02de0b81",
"value": "https://www.virustotal.com/file/dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce/analysis/1483632797/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a3a-475c-44a4-8137-43f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:46.000Z",
"modified": "2017-01-08T10:53:46.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab",
"pattern": "[file:hashes.SHA256 = 'e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a3b-8860-4374-bcd3-4e4802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:47.000Z",
"modified": "2017-01-08T10:53:47.000Z",
"description": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab",
"pattern": "[file:hashes.MD5 = 'd692a057330361f8f58163f9aa7fc3a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a3c-1a08-4680-9c4f-4e5102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:48.000Z",
"modified": "2017-01-08T10:53:48.000Z",
"first_observed": "2017-01-08T10:53:48Z",
"last_observed": "2017-01-08T10:53:48Z",
"number_observed": 1,
"object_refs": [
"url--58721a3c-1a08-4680-9c4f-4e5102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a3c-1a08-4680-9c4f-4e5102de0b81",
"value": "https://www.virustotal.com/file/e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e/analysis/1483712714/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a3c-aa5c-46e5-9141-416202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:48.000Z",
"modified": "2017-01-08T10:53:48.000Z",
"description": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88",
"pattern": "[file:hashes.SHA256 = 'c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a3d-58ec-49c2-bb1b-424602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:49.000Z",
"modified": "2017-01-08T10:53:49.000Z",
"description": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88",
"pattern": "[file:hashes.MD5 = '1bbc1549b8fe1ced42e65d8375ff7010']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a3e-3fbc-42a7-85d3-47ca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:50.000Z",
"modified": "2017-01-08T10:53:50.000Z",
"first_observed": "2017-01-08T10:53:50Z",
"last_observed": "2017-01-08T10:53:50Z",
"number_observed": 1,
"object_refs": [
"url--58721a3e-3fbc-42a7-85d3-47ca02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a3e-3fbc-42a7-85d3-47ca02de0b81",
"value": "https://www.virustotal.com/file/c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873/analysis/1483633479/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a3f-1e9c-45e9-9f31-4a1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:51.000Z",
"modified": "2017-01-08T10:53:51.000Z",
"description": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525",
"pattern": "[file:hashes.SHA256 = 'a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58721a3f-eba8-4c01-9964-429002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:51.000Z",
"modified": "2017-01-08T10:53:51.000Z",
"description": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525",
"pattern": "[file:hashes.MD5 = 'e2bc937f028602dda3fa56ad204ca726']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-08T10:53:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58721a40-54a0-4945-b198-4a6b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-08T10:53:52.000Z",
"modified": "2017-01-08T10:53:52.000Z",
"first_observed": "2017-01-08T10:53:52Z",
"last_observed": "2017-01-08T10:53:52Z",
"number_observed": 1,
"object_refs": [
"url--58721a40-54a0-4945-b198-4a6b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58721a40-54a0-4945-b198-4a6b02de0b81",
"value": "https://www.virustotal.com/file/a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf/analysis/1483697879/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}