misp-circl-feed/feeds/circl/misp/59bbf441-82a4-4a59-ab03-4482950d210f.json

1587 lines
No EOL
68 KiB
JSON

{
"type": "bundle",
"id": "bundle--59bbf441-82a4-4a59-ab03-4482950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59bbf441-82a4-4a59-ab03-4482950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"name": "OSINT - Hangul Word Processor and PostScript Abused Via Malicious Attachments",
"published": "2017-09-15T15:48:21Z",
"object_refs": [
"indicator--59bbf45d-3a10-44c4-8a7b-4105950d210f",
"indicator--59bbf45d-f350-404f-985e-41ae950d210f",
"indicator--59bbf45d-31ac-46ef-b8a8-4ebf950d210f",
"indicator--59bbf45d-30f4-4dc1-bde9-4769950d210f",
"indicator--59bbf45d-7288-422e-9e28-43e9950d210f",
"indicator--59bbf45d-7a54-4d5f-b34c-467d950d210f",
"indicator--59bbf45d-2d10-4c0c-bf9e-4b05950d210f",
"indicator--59bbf45d-36d8-40e6-ad2d-4c5e950d210f",
"indicator--59bbf45d-2ff8-4884-b173-43b9950d210f",
"indicator--59bbf45d-f3f8-438f-9a00-4482950d210f",
"indicator--59bbf45d-70bc-4be2-a766-400f950d210f",
"indicator--59bbf45d-2fe8-4709-b537-40cc950d210f",
"indicator--59bbf45d-d998-4604-a63b-4794950d210f",
"indicator--59bbf45d-dfdc-42e1-b499-434c950d210f",
"indicator--59bbf489-6750-4393-add2-4fb2950d210f",
"x-misp-attribute--59bbf503-57ec-44e0-81f4-4c8d950d210f",
"observed-data--59bbf51d-52d4-4ace-a0b9-4ab1950d210f",
"url--59bbf51d-52d4-4ace-a0b9-4ab1950d210f",
"indicator--59bbf60b-0190-4e7f-9d44-476902de0b81",
"indicator--59bbf60b-0ec4-4a40-85cd-419102de0b81",
"observed-data--59bbf60b-2aec-4170-811d-4d3902de0b81",
"url--59bbf60b-2aec-4170-811d-4d3902de0b81",
"indicator--59bbf60b-0bd8-4589-bd07-450402de0b81",
"indicator--59bbf60c-3d68-4873-b916-49b202de0b81",
"observed-data--59bbf60c-f5d8-4bac-a764-484702de0b81",
"url--59bbf60c-f5d8-4bac-a764-484702de0b81",
"indicator--59bbf60c-83f4-492e-a63c-48b602de0b81",
"indicator--59bbf60c-ee20-4fa8-9ba5-4d3f02de0b81",
"observed-data--59bbf60c-264c-4ab1-93d5-415b02de0b81",
"url--59bbf60c-264c-4ab1-93d5-415b02de0b81",
"indicator--59bbf60c-3d20-4655-9d0c-4ada02de0b81",
"indicator--59bbf60c-5428-4f7d-8a0b-4dad02de0b81",
"observed-data--59bbf60c-551c-40e2-b98e-4fdd02de0b81",
"url--59bbf60c-551c-40e2-b98e-4fdd02de0b81",
"indicator--59bbf60c-2748-4d05-a7be-4fa602de0b81",
"indicator--59bbf60c-71e8-47b2-b8bf-426602de0b81",
"observed-data--59bbf60c-e334-4673-a9ea-435d02de0b81",
"url--59bbf60c-e334-4673-a9ea-435d02de0b81",
"indicator--59bbf60c-ae40-4bcf-9b4a-480c02de0b81",
"indicator--59bbf60c-aa84-43d4-a83e-4fd802de0b81",
"observed-data--59bbf60c-6f10-4b22-84a7-465602de0b81",
"url--59bbf60c-6f10-4b22-84a7-465602de0b81",
"indicator--59bbf60c-5d84-41ab-bee3-4ad202de0b81",
"indicator--59bbf60c-423c-442e-9910-465d02de0b81",
"observed-data--59bbf60c-58ac-4f95-a5ca-45fe02de0b81",
"url--59bbf60c-58ac-4f95-a5ca-45fe02de0b81",
"indicator--59bbf60c-9a14-49dd-a4b4-49e902de0b81",
"indicator--59bbf60c-fc70-4ea9-b7a0-464202de0b81",
"observed-data--59bbf60c-010c-433d-b40c-49b702de0b81",
"url--59bbf60c-010c-433d-b40c-49b702de0b81",
"indicator--59bbf60c-ad7c-47f0-a1e3-476e02de0b81",
"indicator--59bbf60c-bfc4-4b48-8701-424c02de0b81",
"observed-data--59bbf60c-7910-49f6-ba87-48d802de0b81",
"url--59bbf60c-7910-49f6-ba87-48d802de0b81",
"indicator--59bbf60c-44c0-4287-9ee7-469802de0b81",
"indicator--59bbf60c-1e64-4548-abe9-4b1a02de0b81",
"observed-data--59bbf60c-7634-4d0a-8ab2-479102de0b81",
"url--59bbf60c-7634-4d0a-8ab2-479102de0b81",
"indicator--59bbf60c-b030-4f05-8734-417802de0b81",
"indicator--59bbf60c-c5fc-4414-8ac5-4ff902de0b81",
"observed-data--59bbf60c-ddfc-4814-8c79-4d5202de0b81",
"url--59bbf60c-ddfc-4814-8c79-4d5202de0b81",
"indicator--59bbf60c-6c7c-4e81-aaf3-446a02de0b81",
"indicator--59bbf60c-cc40-494b-ab9d-417702de0b81",
"observed-data--59bbf60c-5480-45a5-a5f8-4df802de0b81",
"url--59bbf60c-5480-45a5-a5f8-4df802de0b81",
"indicator--59bbf60c-f23c-4a0f-9d35-444f02de0b81",
"indicator--59bbf60c-1e4c-46e2-b6c2-466302de0b81",
"observed-data--59bbf60c-9b78-40b2-a541-4b7c02de0b81",
"url--59bbf60c-9b78-40b2-a541-4b7c02de0b81",
"indicator--59bbf60c-5c9c-47a7-b535-4e4d02de0b81",
"indicator--59bbf60c-376c-4728-b8d6-4d6b02de0b81",
"observed-data--59bbf60c-731c-405b-ae99-4ee802de0b81",
"url--59bbf60c-731c-405b-ae99-4ee802de0b81",
"indicator--59bbf60c-2e88-40e5-9776-4a9502de0b81",
"indicator--59bbf60c-4944-4856-936b-4e1802de0b81",
"observed-data--59bbf60c-445c-474a-abbe-445202de0b81",
"url--59bbf60c-445c-474a-abbe-445202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-3a10-44c4-8a7b-4105950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '082651553ee19f87282ea700446a1335f3c9e0d78192097cbbe32ddc8c8f0ff3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-f350-404f-985e-41ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '1a69a862a0fb66af0cfc5dc131e435c3d4677525bf2f2dc3e42d35e68ff4b3a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-31ac-46ef-b8a8-4ebf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '4996554df0a31e3d06c08657e61efd50b91b617f1c6d85cb8b67620bfd5d232f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-30f4-4dc1-bde9-4769950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '4f1dd7c10adee45f7ff13dbffa328afae26448ff39ba6d9ae91dec611705dede']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-7288-422e-9e28-43e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '58febbf2e2f3f2add32a81d91a94ed94c7ce4e37b91e6ea5679617e7d899b8b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-7a54-4d5f-b34c-467d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '6b15a7761443f6a9555c0a6cac41de78e71016d803b726abbb4b0489e8cc323f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-2d10-4c0c-bf9e-4b05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '7d099411f19b6f7268a482277cd2da32dffd4a7b58ef4371a71f6b6186705436']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-36d8-40e6-ad2d-4c5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '7df47f410fbd58dbbd995558a9be197da91687f9631bcfe5f0bdb042a67fc41d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-2ff8-4884-b173-43b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '8278cee571bed619ac786898fea1bc03cf67724ebcd8d974c6cbaa942821f93d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-f3f8-438f-9a00-4482950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '851723d38c11654d881cb0528ac82f38b43d30cac9ed12c12364d8b2a47697cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-70bc-4be2-a766-400f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '85bf524950260471dba454c5d3ec43141556d74d8f6b016784ecfa48e9056f49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-2fe8-4709-b537-40cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '904bc03090b39b59180b976b2e87580c9404fa0c9ff5135cbcdb68ecf1fe8c08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-d998-4604-a63b-4794950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = 'd9829e45cc1989617851b1727e9e4aaf19ee24f5e63b46d2cb2160e7b8c8f6e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf45d-dfdc-42e1-b499-434c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = 'e5adba30f177431f91ef71d322091f6f26298cac36bfbcca9e6a1dcee0beff94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf489-6750-4393-add2-4fb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"pattern": "[file:hashes.SHA256 = '56a686c591ac63cb8398824f74d882d8ebd117717fd65e52a11b26b3ee5d0235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59bbf503-57ec-44e0-81f4-4c8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The Hangul Word Processor (HWP) is a word processing application which is fairly popular in South Korea. It possesses the ability to run PostScript code, which is a language originally used for printing and desktop publishing, although it is a fully capable language. Unfortunately, this ability is now being exploited in attacks involving malicious attachments.\r\n\r\nA branch of PostScript called Encapsulated PostScript exists, which adds restrictions to the code that may be run. This is supposed to make opening these documents safer, but unfortunately older HWP versions implement these restrictions improperly. We have started seeing malicious attachments that contain malicious PostScript, which is in turn being used to drop shortcuts (or actual malicious files) onto the affected system.\r\n\r\nOffice suites have long been a popular way of getting users to drop and run malware on their systems. The various components of Microsoft Office have been exploited for years, whether via social engineering (macro malware) or vulnerabilities. It shouldn\u00e2\u20ac\u2122t be a surprise that other office suites are similarly targeted."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf51d-52d4-4ace-a0b9-4ab1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"first_observed": "2017-09-15T15:47:23Z",
"last_observed": "2017-09-15T15:47:23Z",
"number_observed": 1,
"object_refs": [
"url--59bbf51d-52d4-4ace-a0b9-4ab1950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf51d-52d4-4ace-a0b9-4ab1950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/hangul-word-processor-postscript-abused-malicious-attachments/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60b-0190-4e7f-9d44-476902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"description": "- Xchecked via VT: 56a686c591ac63cb8398824f74d882d8ebd117717fd65e52a11b26b3ee5d0235",
"pattern": "[file:hashes.SHA1 = 'e8090b3df6482af8d56f72de5e5df1a24e25e29a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60b-0ec4-4a40-85cd-419102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"description": "- Xchecked via VT: 56a686c591ac63cb8398824f74d882d8ebd117717fd65e52a11b26b3ee5d0235",
"pattern": "[file:hashes.MD5 = 'ec06c31cb0992bb378a185f1e781563b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60b-2aec-4170-811d-4d3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"first_observed": "2017-09-15T15:47:23Z",
"last_observed": "2017-09-15T15:47:23Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60b-2aec-4170-811d-4d3902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60b-2aec-4170-811d-4d3902de0b81",
"value": "https://www.virustotal.com/file/56a686c591ac63cb8398824f74d882d8ebd117717fd65e52a11b26b3ee5d0235/analysis/1505476315/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60b-0bd8-4589-bd07-450402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"description": "- Xchecked via VT: e5adba30f177431f91ef71d322091f6f26298cac36bfbcca9e6a1dcee0beff94",
"pattern": "[file:hashes.SHA1 = '0f3364e4a72a01a26ede05769b3aa17596024a3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-3d68-4873-b916-49b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:23.000Z",
"modified": "2017-09-15T15:47:23.000Z",
"description": "- Xchecked via VT: e5adba30f177431f91ef71d322091f6f26298cac36bfbcca9e6a1dcee0beff94",
"pattern": "[file:hashes.MD5 = 'eccee9d7d97356989e7e33d979f3ec3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-f5d8-4bac-a764-484702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-f5d8-4bac-a764-484702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-f5d8-4bac-a764-484702de0b81",
"value": "https://www.virustotal.com/file/e5adba30f177431f91ef71d322091f6f26298cac36bfbcca9e6a1dcee0beff94/analysis/1502098913/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-83f4-492e-a63c-48b602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: d9829e45cc1989617851b1727e9e4aaf19ee24f5e63b46d2cb2160e7b8c8f6e4",
"pattern": "[file:hashes.SHA1 = 'c54b45d12444c99118e8154833e7052223298cad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-ee20-4fa8-9ba5-4d3f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: d9829e45cc1989617851b1727e9e4aaf19ee24f5e63b46d2cb2160e7b8c8f6e4",
"pattern": "[file:hashes.MD5 = '02293478b4944e35060e3eefce5f8113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-264c-4ab1-93d5-415b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-264c-4ab1-93d5-415b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-264c-4ab1-93d5-415b02de0b81",
"value": "https://www.virustotal.com/file/d9829e45cc1989617851b1727e9e4aaf19ee24f5e63b46d2cb2160e7b8c8f6e4/analysis/1505478816/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-3d20-4655-9d0c-4ada02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 904bc03090b39b59180b976b2e87580c9404fa0c9ff5135cbcdb68ecf1fe8c08",
"pattern": "[file:hashes.SHA1 = '6cc125fd20ca7c43778c997b41a4adef5fb9c1e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-5428-4f7d-8a0b-4dad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 904bc03090b39b59180b976b2e87580c9404fa0c9ff5135cbcdb68ecf1fe8c08",
"pattern": "[file:hashes.MD5 = '3d4b6b947283e70cf94a8e1112edfd72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-551c-40e2-b98e-4fdd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-551c-40e2-b98e-4fdd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-551c-40e2-b98e-4fdd02de0b81",
"value": "https://www.virustotal.com/file/904bc03090b39b59180b976b2e87580c9404fa0c9ff5135cbcdb68ecf1fe8c08/analysis/1505478331/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-2748-4d05-a7be-4fa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 85bf524950260471dba454c5d3ec43141556d74d8f6b016784ecfa48e9056f49",
"pattern": "[file:hashes.SHA1 = '677f27a6f18825adfe56e1c35df9a118a43f7169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-71e8-47b2-b8bf-426602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 85bf524950260471dba454c5d3ec43141556d74d8f6b016784ecfa48e9056f49",
"pattern": "[file:hashes.MD5 = 'd09590eca632fa290dbeb0985a12d0c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-e334-4673-a9ea-435d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-e334-4673-a9ea-435d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-e334-4673-a9ea-435d02de0b81",
"value": "https://www.virustotal.com/file/85bf524950260471dba454c5d3ec43141556d74d8f6b016784ecfa48e9056f49/analysis/1505477965/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-ae40-4bcf-9b4a-480c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 851723d38c11654d881cb0528ac82f38b43d30cac9ed12c12364d8b2a47697cc",
"pattern": "[file:hashes.SHA1 = 'aa82eda291f17fba770ec15ee75fe5b3c7468df9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-aa84-43d4-a83e-4fd802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 851723d38c11654d881cb0528ac82f38b43d30cac9ed12c12364d8b2a47697cc",
"pattern": "[file:hashes.MD5 = 'eabef382570b2104fc46e9f44570155b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-6f10-4b22-84a7-465602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-6f10-4b22-84a7-465602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-6f10-4b22-84a7-465602de0b81",
"value": "https://www.virustotal.com/file/851723d38c11654d881cb0528ac82f38b43d30cac9ed12c12364d8b2a47697cc/analysis/1505473979/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-5d84-41ab-bee3-4ad202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 8278cee571bed619ac786898fea1bc03cf67724ebcd8d974c6cbaa942821f93d",
"pattern": "[file:hashes.SHA1 = '97731e68b2fb3e6040187c18ff14adfab570337e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-423c-442e-9910-465d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 8278cee571bed619ac786898fea1bc03cf67724ebcd8d974c6cbaa942821f93d",
"pattern": "[file:hashes.MD5 = 'b39228c9538fd79dc425964dde1501d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-58ac-4f95-a5ca-45fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-58ac-4f95-a5ca-45fe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-58ac-4f95-a5ca-45fe02de0b81",
"value": "https://www.virustotal.com/file/8278cee571bed619ac786898fea1bc03cf67724ebcd8d974c6cbaa942821f93d/analysis/1505477600/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-9a14-49dd-a4b4-49e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 7df47f410fbd58dbbd995558a9be197da91687f9631bcfe5f0bdb042a67fc41d",
"pattern": "[file:hashes.SHA1 = '2bb5935b46db43434169a5f8309c605fc83bc9d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-fc70-4ea9-b7a0-464202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 7df47f410fbd58dbbd995558a9be197da91687f9631bcfe5f0bdb042a67fc41d",
"pattern": "[file:hashes.MD5 = 'c70cc67afdad1b7a78ffc57e0a3d71c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-010c-433d-b40c-49b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-010c-433d-b40c-49b702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-010c-433d-b40c-49b702de0b81",
"value": "https://www.virustotal.com/file/7df47f410fbd58dbbd995558a9be197da91687f9631bcfe5f0bdb042a67fc41d/analysis/1505477079/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-ad7c-47f0-a1e3-476e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 7d099411f19b6f7268a482277cd2da32dffd4a7b58ef4371a71f6b6186705436",
"pattern": "[file:hashes.SHA1 = 'a20cb7a408c00ee091325fc9d7713a35db7decb1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-bfc4-4b48-8701-424c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 7d099411f19b6f7268a482277cd2da32dffd4a7b58ef4371a71f6b6186705436",
"pattern": "[file:hashes.MD5 = '3a8906ada620c6d204185f643da92ea0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-7910-49f6-ba87-48d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-7910-49f6-ba87-48d802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-7910-49f6-ba87-48d802de0b81",
"value": "https://www.virustotal.com/file/7d099411f19b6f7268a482277cd2da32dffd4a7b58ef4371a71f6b6186705436/analysis/1505410781/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-44c0-4287-9ee7-469802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 6b15a7761443f6a9555c0a6cac41de78e71016d803b726abbb4b0489e8cc323f",
"pattern": "[file:hashes.SHA1 = 'a0fec836dcc3d4ae043b0d0eff74589cfa75f67b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-1e64-4548-abe9-4b1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 6b15a7761443f6a9555c0a6cac41de78e71016d803b726abbb4b0489e8cc323f",
"pattern": "[file:hashes.MD5 = 'f420757270d0987148b950f2066bbbab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-7634-4d0a-8ab2-479102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-7634-4d0a-8ab2-479102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-7634-4d0a-8ab2-479102de0b81",
"value": "https://www.virustotal.com/file/6b15a7761443f6a9555c0a6cac41de78e71016d803b726abbb4b0489e8cc323f/analysis/1505489329/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-b030-4f05-8734-417802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 58febbf2e2f3f2add32a81d91a94ed94c7ce4e37b91e6ea5679617e7d899b8b3",
"pattern": "[file:hashes.SHA1 = 'b3d3f6d5aadf5fab0dac2ec067daf8d6ed012f4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-c5fc-4414-8ac5-4ff902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 58febbf2e2f3f2add32a81d91a94ed94c7ce4e37b91e6ea5679617e7d899b8b3",
"pattern": "[file:hashes.MD5 = '3fd57c3c8abe8357488f28b78c9e3897']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-ddfc-4814-8c79-4d5202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-ddfc-4814-8c79-4d5202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-ddfc-4814-8c79-4d5202de0b81",
"value": "https://www.virustotal.com/file/58febbf2e2f3f2add32a81d91a94ed94c7ce4e37b91e6ea5679617e7d899b8b3/analysis/1502763397/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-6c7c-4e81-aaf3-446a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 4f1dd7c10adee45f7ff13dbffa328afae26448ff39ba6d9ae91dec611705dede",
"pattern": "[file:hashes.SHA1 = '59883c487ba386fee40d71d07e35767908de6a9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-cc40-494b-ab9d-417702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 4f1dd7c10adee45f7ff13dbffa328afae26448ff39ba6d9ae91dec611705dede",
"pattern": "[file:hashes.MD5 = '0265a51a90a759578e00392419f70791']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-5480-45a5-a5f8-4df802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-5480-45a5-a5f8-4df802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-5480-45a5-a5f8-4df802de0b81",
"value": "https://www.virustotal.com/file/4f1dd7c10adee45f7ff13dbffa328afae26448ff39ba6d9ae91dec611705dede/analysis/1505476142/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-f23c-4a0f-9d35-444f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 4996554df0a31e3d06c08657e61efd50b91b617f1c6d85cb8b67620bfd5d232f",
"pattern": "[file:hashes.SHA1 = '49fb4f910f62b7ff6d5105af58ac6c27aeb7caa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-1e4c-46e2-b6c2-466302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 4996554df0a31e3d06c08657e61efd50b91b617f1c6d85cb8b67620bfd5d232f",
"pattern": "[file:hashes.MD5 = '12cc43a48d7e53bb23688c8e10610a27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-9b78-40b2-a541-4b7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-9b78-40b2-a541-4b7c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-9b78-40b2-a541-4b7c02de0b81",
"value": "https://www.virustotal.com/file/4996554df0a31e3d06c08657e61efd50b91b617f1c6d85cb8b67620bfd5d232f/analysis/1505473988/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-5c9c-47a7-b535-4e4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 1a69a862a0fb66af0cfc5dc131e435c3d4677525bf2f2dc3e42d35e68ff4b3a6",
"pattern": "[file:hashes.SHA1 = '379b974c1ebb58679274d52a885def8e01f9fc2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-376c-4728-b8d6-4d6b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 1a69a862a0fb66af0cfc5dc131e435c3d4677525bf2f2dc3e42d35e68ff4b3a6",
"pattern": "[file:hashes.MD5 = 'ec7ba18cc775a58647943e16d51d01ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-731c-405b-ae99-4ee802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-731c-405b-ae99-4ee802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-731c-405b-ae99-4ee802de0b81",
"value": "https://www.virustotal.com/file/1a69a862a0fb66af0cfc5dc131e435c3d4677525bf2f2dc3e42d35e68ff4b3a6/analysis/1505475728/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-2e88-40e5-9776-4a9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 082651553ee19f87282ea700446a1335f3c9e0d78192097cbbe32ddc8c8f0ff3",
"pattern": "[file:hashes.SHA1 = 'dd3800740950995706a42f84fda3b78e6cfcf147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59bbf60c-4944-4856-936b-4e1802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"description": "- Xchecked via VT: 082651553ee19f87282ea700446a1335f3c9e0d78192097cbbe32ddc8c8f0ff3",
"pattern": "[file:hashes.MD5 = '70ada795ce106484a00c76e3d30b1140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-15T15:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59bbf60c-445c-474a-abbe-445202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-15T15:47:24.000Z",
"modified": "2017-09-15T15:47:24.000Z",
"first_observed": "2017-09-15T15:47:24Z",
"last_observed": "2017-09-15T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--59bbf60c-445c-474a-abbe-445202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59bbf60c-445c-474a-abbe-445202de0b81",
"value": "https://www.virustotal.com/file/082651553ee19f87282ea700446a1335f3c9e0d78192097cbbe32ddc8c8f0ff3/analysis/1505475457/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}