misp-circl-feed/feeds/circl/misp/5c9b92ae-0428-46ef-9ced-4d47950d210f.json

4652 lines
No EOL
201 KiB
JSON

{
"type": "bundle",
"id": "bundle--5c9b92ae-0428-46ef-9ced-4d47950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T06:33:52.000Z",
"modified": "2019-04-05T06:33:52.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5c9b92ae-0428-46ef-9ced-4d47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T06:33:52.000Z",
"modified": "2019-04-05T06:33:52.000Z",
"name": "Bulletin d\u2019actualit\u00e9 CERTFR-2019-ACT-005",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5c9c7c27-f578-43fb-8950-f682950d210f",
"url--5c9c7c27-f578-43fb-8950-f682950d210f",
"observed-data--5c9c80a8-de8c-4737-92ae-4250950d210f",
"url--5c9c80a8-de8c-4737-92ae-4250950d210f",
"indicator--5c9c9c28-b844-44bf-91d9-45c5950d210f",
"indicator--5c9c9c28-2aa0-4318-b516-44f8950d210f",
"x-misp-attribute--5c9ca433-92e0-4c95-a054-4528950d210f",
"indicator--5c9cdbca-78dc-499a-86a2-4d6e950d210f",
"indicator--5c9cdbca-0e04-42d7-ab25-4e14950d210f",
"indicator--5c9cdcc4-d2dc-4f8c-8947-43c0950d210f",
"indicator--5c9cdcc7-8654-45c7-b3b1-440b950d210f",
"indicator--5c9cdccf-0b50-4881-8bfe-4b34950d210f",
"indicator--5c9cdcd0-3b78-4d12-b3c2-42ea950d210f",
"indicator--5c9cdcd0-2d68-4958-8ea1-4cc3950d210f",
"indicator--5c9cdcd0-4e7c-4567-a324-4a7d950d210f",
"x-misp-attribute--5c9e39dc-a38c-422e-903f-4831950d210f",
"indicator--5ca1b269-0aa4-479e-80c5-457a950d210f",
"indicator--5ca1b269-97c8-4a64-aec2-46f0950d210f",
"indicator--5ca1b269-b02c-43ad-afbd-4f69950d210f",
"indicator--5ca1b269-01f8-4c66-b7a6-4318950d210f",
"indicator--5ca1b269-6478-47f0-a5cd-4e8f950d210f",
"indicator--5ca1b269-9670-48a3-8bbe-4639950d210f",
"indicator--5ca1b269-f7fc-4efd-9e26-4955950d210f",
"indicator--5ca1b269-eb04-4df7-8a0b-41d9950d210f",
"indicator--5ca1ce9d-cd4c-46b6-9a6a-3ff6950d210f",
"indicator--5ca1ce9d-b568-4caf-bdff-3ff6950d210f",
"indicator--5ca1d8cb-4e80-4388-9890-d6af950d210f",
"indicator--5ca1d8cb-e228-4161-9aa7-d6af950d210f",
"indicator--5ca1d8cb-f2a0-4fca-a92a-d6af950d210f",
"indicator--5ca1d8cb-69b8-4968-9f67-d6af950d210f",
"indicator--5ca1d8cb-1654-4bf2-b765-d6af950d210f",
"indicator--5ca1d8cb-3414-41ec-9f72-d6af950d210f",
"indicator--5ca1d8cb-8b64-4abe-87e7-d6af950d210f",
"indicator--5ca1d8cb-121c-4714-aa3e-d6af950d210f",
"indicator--5ca1d8cb-a8d8-46e0-aa54-d6af950d210f",
"indicator--5ca1d8cb-6ed8-400b-b4fa-d6af950d210f",
"indicator--5ca1d8cb-d90c-47f7-94c8-d6af950d210f",
"indicator--5ca1d8cb-27c4-4c61-a7ef-d6af950d210f",
"indicator--5ca1d8cc-5548-451c-9747-d6af950d210f",
"indicator--5ca1d8cc-c67c-4701-8470-d6af950d210f",
"indicator--5ca1d8cc-a450-4ef1-a1bb-d6af950d210f",
"indicator--5ca1d8cc-f1c0-4dfc-85f9-d6af950d210f",
"indicator--5ca1d8cc-5104-424c-bb78-d6af950d210f",
"indicator--5ca1d8cc-2b0c-4ab6-9304-d6af950d210f",
"indicator--5ca1d8cc-dc90-45a2-a6bf-d6af950d210f",
"indicator--5ca1d8cc-fb50-48bc-8dbb-d6af950d210f",
"indicator--5ca1d8cc-c190-4f11-9122-d6af950d210f",
"indicator--5ca1d8cc-c2f0-469e-8883-d6af950d210f",
"indicator--5ca1d8cc-0cd4-4431-a10f-d6af950d210f",
"indicator--5ca1d8cc-6270-48ed-af05-d6af950d210f",
"indicator--5ca1d8cc-dedc-4b55-ab68-d6af950d210f",
"indicator--5ca1d8cc-3284-4bbd-a95a-d6af950d210f",
"indicator--5ca1d8cc-589c-4067-adcd-d6af950d210f",
"indicator--5ca1d8cc-ac04-4efc-a767-d6af950d210f",
"indicator--5ca1d8cc-4df0-408a-8b83-d6af950d210f",
"indicator--5ca1d8cc-f428-494a-86ac-d6af950d210f",
"indicator--5ca1d8cc-2d24-4de1-8232-d6af950d210f",
"indicator--5ca1d8cc-c530-4ce4-9202-d6af950d210f",
"indicator--5ca1d8cc-5c10-4070-aebe-d6af950d210f",
"indicator--5ca1d8cc-55a0-4f8a-baf7-d6af950d210f",
"indicator--5ca1d8cc-84f4-476c-8619-d6af950d210f",
"indicator--5ca1d8cc-4490-4918-ac84-d6af950d210f",
"indicator--5ca1e082-87c0-4e54-891a-4dba950d210f",
"indicator--5ca1e082-c73c-48e1-91c2-4875950d210f",
"indicator--5ca1e082-a4c8-4094-be2e-4276950d210f",
"indicator--5ca1e082-df5c-42e5-95c1-43ca950d210f",
"indicator--5ca1e082-2f08-4f8b-a82a-4d65950d210f",
"indicator--5ca1e082-08fc-4585-83d4-47c7950d210f",
"indicator--5ca1e082-1960-4f42-89e3-4a5c950d210f",
"indicator--5ca1e082-5a98-4ee3-afa7-48c0950d210f",
"indicator--5ca1e082-9dc4-4403-aaaa-406e950d210f",
"indicator--5ca1e082-1610-4df6-9bd7-4a89950d210f",
"indicator--5ca1e082-0ebc-43d4-b476-48ea950d210f",
"indicator--5ca1e082-aa0c-48ab-ac8e-4840950d210f",
"indicator--5ca1e082-fed8-4893-b9c4-4dc7950d210f",
"indicator--5ca1e082-e1c8-4d0d-8458-41eb950d210f",
"indicator--5ca1e082-72d0-49db-8909-4523950d210f",
"indicator--5ca1e082-7dfc-43c5-864b-494c950d210f",
"indicator--5ca1e082-4b0c-4376-89e9-4075950d210f",
"indicator--5ca1e082-c614-431c-b553-4eff950d210f",
"indicator--5ca1e719-4834-41f6-be6d-4586950d210f",
"indicator--5ca1e719-db18-46a6-9d1c-4acc950d210f",
"indicator--5ca1e719-819c-451a-9977-400e950d210f",
"indicator--5ca1e719-ffe4-4586-9f65-4c75950d210f",
"indicator--5ca1e719-0af8-451f-9ab5-4828950d210f",
"indicator--5ca1e71a-e47c-45fa-95f8-4ebc950d210f",
"indicator--5ca1e71a-eb68-4e2f-afb1-405c950d210f",
"indicator--5ca1e71a-4378-412c-acbe-499f950d210f",
"indicator--5ca21226-bc58-47e2-bc18-4c09950d210f",
"indicator--5ca21226-ff2c-4002-91db-40b4950d210f",
"indicator--5ca21226-c4bc-43b0-b0da-40a8950d210f",
"indicator--5ca61559-4fd4-4df0-976e-43ba950d210f",
"indicator--5c9c866a-b3b4-41e8-9594-f646950d210f",
"indicator--5c9c882a-a40c-46db-a3f5-f383950d210f",
"indicator--5c9cb1a2-817c-414b-b7be-43cd950d210f",
"indicator--5c9cb1c2-6f04-4808-99d0-4d8f950d210f",
"indicator--5c9cb1dc-7ee8-4a94-adef-41cb950d210f",
"indicator--5c9cb2c5-c444-4380-9cd7-4c8a950d210f",
"indicator--5c9cdbf4-ea34-4d13-90a4-4ce6950d210f",
"indicator--5c9cdc5e-12f4-4dfc-9918-4108950d210f",
"indicator--5c9cdc7d-4d18-4cc8-b36e-4c83950d210f",
"indicator--5c9cdeef-4adc-461d-9b72-4062950d210f",
"indicator--5c9e3862-4960-4ec0-a6fc-4f4e950d210f",
"indicator--5c9e3895-b9dc-4d74-baa0-4e3e950d210f",
"indicator--5c9e38d2-e5ac-42e6-8787-4c7a950d210f",
"indicator--5c9e3b43-3128-4838-8d63-4a69950d210f",
"indicator--5c9e3bc2-5a24-4d69-a335-4793950d210f",
"indicator--5ca1b7ca-7424-4d99-8c46-4095950d210f",
"indicator--5ca1ce80-3410-445c-9a8c-20d7950d210f",
"indicator--5ca5e3be-9cc4-4a68-939e-bac6950d210f",
"indicator--f9ccc29b-21e0-4670-bd40-9ddb5e77097a",
"x-misp-object--35c21dc1-1c39-413c-946a-f8bb9b26b6f7",
"indicator--72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1",
"x-misp-object--5108ef6e-6e11-42eb-b04b-c98a3baf0989",
"indicator--f267dc71-bbf0-4cc5-9b5b-3fa211e28a18",
"x-misp-object--f0ef8684-416a-4769-ad67-0b01c27351f8",
"indicator--aea6e39a-79e2-459d-bcc5-4a1ea6a2a033",
"x-misp-object--9d450a87-d02c-4ca7-8e63-51de5717eac9",
"indicator--a1a98fae-2b40-4d36-bd5c-5b601c2ca216",
"x-misp-object--e3d0d58a-ba39-4023-9f87-abc23fee99ab",
"x-misp-object--83d90e56-d8fd-4fb2-bb57-580a66a57ee2",
"x-misp-object--15d2637f-5587-422e-9c0d-b5765db3b370",
"x-misp-object--62d88faa-c81c-4ee2-a031-950e7b8e74eb",
"x-misp-object--655b355a-d27a-47e7-953c-e518814e77d1",
"x-misp-object--aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d",
"x-misp-object--dff728c7-5c19-4f03-86c3-da8de2fb5fe9",
"x-misp-object--5e8bc41a-f1de-4db9-99ce-f8e2d360a71e",
"x-misp-object--90999cf4-f049-48cc-b058-7218d5e66a87",
"x-misp-object--6ec3241c-a53a-4b24-ad19-b37fe1926ca3",
"x-misp-object--0bc1a3db-aa59-4e3e-962c-0141a9507044",
"x-misp-object--c4efd0bd-ca37-4e9a-9669-b284391231d0",
"x-misp-object--91238841-2e89-4fd8-a8e8-eda64827b73d",
"x-misp-object--4a8c1dc6-773d-4883-be6f-8c7008a56ba7",
"x-misp-object--3ba890fa-43c6-4805-a7ab-2fba74c0ced0",
"x-misp-object--c186be47-3752-42e1-89d5-1e5b3d5223de",
"indicator--b6346b5e-5482-4314-9d7b-8671c4155bf1",
"indicator--d74356f9-39d2-4c30-9711-8ed1a401acd3",
"indicator--e668ce8c-af43-4832-89b2-9c08e3f5124c",
"indicator--6e1a65fa-acb6-4ea6-a06b-636c428138b5",
"indicator--f7e26e48-37f4-45a8-8a1c-2ecc11dec53a",
"indicator--d4db8abd-f691-4927-9e28-14ce0ee7d430",
"indicator--3d49a49b-5bc6-49be-a0e6-ab3b72ccfe46",
"indicator--f898f5e1-93e1-458b-996c-ebc6dba13222",
"indicator--89b53bf3-e0c4-4f48-8e25-ff54844fae43",
"indicator--1162a78a-804d-4856-82b3-0b77509bcfe7",
"indicator--bf5439e4-3e35-44a0-9ff3-129042947aad",
"indicator--02af3be3-4a7e-4a84-81eb-83f604a3f0a5",
"indicator--dae97fa0-3eb3-4915-82cc-e7e489d64dd1",
"indicator--24e6319c-f91c-43b2-a9d3-7b0bfd5a76a7",
"indicator--3dac003b-a958-48e2-8a96-6d0fdba7875d",
"indicator--c01e648d-7f49-45f7-b7d7-48ce5a507a47",
"indicator--ac91f1d9-024c-44e2-8a7c-06172796ea12",
"indicator--2ba4112d-7327-4b19-8035-a2e6eb73d573",
"indicator--7f430f07-3ff9-4553-b81a-36681949c447",
"indicator--6fe2ec22-3ff6-4a79-af8e-30e6a5253e45",
"indicator--b14e7307-30f6-49c8-b4fe-0b6735a3a94d",
"indicator--3549d1ed-c1c7-4066-a9cc-9d0a86cd8e0a",
"indicator--eaa8dc3c-16ef-45eb-add4-3d736d1bd330",
"indicator--7e91cd8c-c822-43fe-ac0b-5d137f57bc3a",
"indicator--7b59d923-d374-41bc-89b7-e68498bacc72",
"indicator--4b9fdc52-1ce3-45d7-85cc-60215eb30f0c",
"indicator--fa63b93f-2201-4f6c-8341-4a86980805b3",
"indicator--c73504a4-60da-4107-adef-c10a0f52266b",
"indicator--edbac896-cf24-4628-9064-7bac3c8e8d58",
"indicator--d91eacd1-efda-4eaf-ae5a-f815869b10dd",
"indicator--a1a25873-3445-4873-8b6b-7dca2e15615a",
"indicator--9aa33ad7-9f08-4774-b109-cedaed81cd60",
"indicator--dc691061-1ee8-46b1-b3ef-488f082e45c8",
"indicator--8d31887c-d4a7-4e7f-899c-df1d3a41e15f",
"indicator--febd2cf8-35c9-49d2-9963-21b43acb6f04",
"indicator--f63b62d9-f5f1-4c51-9488-139d016e7660",
"relationship--fda6f5a2-8bb2-483c-a116-a85e4af5a63c",
"relationship--8c11cd12-6c58-48f9-9507-cdc20ec4808b",
"relationship--698b9ceb-35b8-42cf-9ff0-2609135d8e4d",
"relationship--47456290-8048-4f4f-8e61-d2f1cdc4352d",
"relationship--3be46b31-0f69-4697-8a2a-4c0eeabbe276",
"relationship--a5f6984a-455b-4b3f-88c0-fa261a2a5a99",
"relationship--7ee3ed03-c55a-4876-83fd-bcb4dfef5f0d",
"relationship--c20ead58-c00a-4a20-a12d-f48037f6ff15",
"relationship--febebabb-5110-4905-86ce-2d648f99cb14",
"relationship--b4fb6776-1cf4-42ad-b133-4760551469cc",
"relationship--651589c3-8f49-40d3-b56a-b248b42885fc",
"relationship--6b7f6e62-f6dd-4ae5-b9fc-b894fea0fc0e",
"relationship--36226550-fccd-4fec-b338-54f706df5ef1",
"relationship--8c6dd630-7dd1-46f7-a6c5-a793600b6d9e",
"relationship--e82243d7-eaa6-4b0d-b35b-0e9c317c57d4",
"relationship--4c8b82ff-6089-4de2-84f0-3b560c0a7e39",
"relationship--352f73c0-c34d-41c2-82e7-dfc48726c068",
"relationship--cd8c80c3-0cfb-49a4-9182-a43caeef1055",
"relationship--878ba33b-1b27-4ad0-88fb-4da7f1bed61b",
"relationship--e1916cea-2bbc-4ea3-871d-a74bbdeeb186",
"relationship--6d6260c4-ddbc-47f4-a506-37a21c70d6a0"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"Ryuk\"",
"misp-galaxy:ransomware=\"LockerGoga\"",
"misp-galaxy:ransomware=\"Ryuk ransomware\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike\"",
"misp-galaxy:mitre-tool=\"Cobalt Strike\"",
"misp-galaxy:rat=\"Cobalt Strike\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c9c7c27-f578-43fb-8950-f682950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T06:33:52.000Z",
"modified": "2019-04-05T06:33:52.000Z",
"first_observed": "2019-04-05T06:33:52Z",
"last_observed": "2019-04-05T06:33:52Z",
"number_observed": 1,
"object_refs": [
"url--5c9c7c27-f578-43fb-8950-f682950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c9c7c27-f578-43fb-8950-f682950d210f",
"value": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2019-ACT-005/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c9c80a8-de8c-4737-92ae-4250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T08:07:20.000Z",
"modified": "2019-03-28T08:07:20.000Z",
"first_observed": "2019-03-28T08:07:20Z",
"last_observed": "2019-03-28T08:07:20Z",
"number_observed": 1,
"object_refs": [
"url--5c9c80a8-de8c-4737-92ae-4250950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c9c80a8-de8c-4737-92ae-4250950d210f",
"value": "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-005.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9c9c28-b844-44bf-91d9-45c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T10:04:24.000Z",
"modified": "2019-03-28T10:04:24.000Z",
"pattern": "[email-message:from_ref.value = 'cottleakela@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T10:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9c9c28-2aa0-4318-b516-44f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T10:04:24.000Z",
"modified": "2019-03-28T10:04:24.000Z",
"pattern": "[email-message:from_ref.value = 'qyavauzehyco1994@o2.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T10:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c9ca433-92e0-4c95-a054-4528950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T10:38:43.000Z",
"modified": "2019-03-28T10:38:43.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Ransomnote",
"x_misp_type": "text",
"x_misp_value": "Greetings!There was a significant flaw in the security system of your company.\r\nYou should be thankful that the flaw was exploited by serious people and not some rookies.\r\nThey would have damaged all of your data by mistake or for fun.\r\n\r\nYour files are encrypted with the strongest military algorithms RSA4096 and AES-256.\r\nWithout our special decoder it is impossible to restore the data.\r\nAttempts to restore your data with third party software as Photorec, RannohDecryptor etc.\r\nwill lead to irreversible destruction of your data.\r\n\r\nTo confirm our honest intentions.\r\nSend us 2-3 different random files and you will get them decrypted.\r\nIt can be from different computers on your network to be sure that our decoder decrypts everything.\r\nSample files we unlock for free (files should not be related to any kind of backups).\r\n\r\nWe exclusively have decryption software for your situation\r\n\r\nDO NOT RESET OR SHUTDOWN - files may be damaged.\r\nDO NOT RENAME the encrypted files.\r\nDO NOT MOVE the encrypted files.\r\nThis may lead to the impossibility of recovery of the certain files.\r\n\r\nTo get information on the price of the decoder contact us at:\r\nCottleAkela@protonmail.com;QyavauZehyco1994@o2.pl\r\nThe payment has to be made in Bitcoins.\r\nThe final price depends on how fast you contact us.\r\nAs soon as we receive the payment you will get the decryption tool and\r\ninstructions on how to improve your systems security"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdbca-78dc-499a-86a2-4d6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:35:54.000Z",
"modified": "2019-03-28T14:35:54.000Z",
"pattern": "[email-message:from_ref.value = 'abbschevis@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:35:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdbca-0e04-42d7-ab25-4e14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:35:54.000Z",
"modified": "2019-03-28T14:35:54.000Z",
"pattern": "[email-message:from_ref.value = 'ijuqodisunovib98@o2.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:35:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdcc4-d2dc-4f8c-8947-43c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:40:04.000Z",
"modified": "2019-03-28T14:40:04.000Z",
"pattern": "[domain-name:value = 'protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdcc7-8654-45c7-b3b1-440b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:40:07.000Z",
"modified": "2019-03-28T14:40:07.000Z",
"pattern": "[domain-name:value = 'o2.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdccf-0b50-4881-8bfe-4b34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:40:15.000Z",
"modified": "2019-03-28T14:40:15.000Z",
"pattern": "[email-message:from_ref.value = 'romanchukeyla@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdcd0-3b78-4d12-b3c2-42ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:40:16.000Z",
"modified": "2019-03-28T14:40:16.000Z",
"pattern": "[email-message:from_ref.value = 'couwetizotofo@o2.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:40:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdcd0-2d68-4958-8ea1-4cc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:40:16.000Z",
"modified": "2019-03-28T14:40:16.000Z",
"pattern": "[email-message:from_ref.value = 'phanthavongsaneveyah@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:40:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdcd0-4e7c-4567-a324-4a7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:40:16.000Z",
"modified": "2019-03-28T14:40:16.000Z",
"pattern": "[email-message:from_ref.value = 'aperywsqaroci@o2.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:40:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c9e39dc-a38c-422e-903f-4831950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-29T15:29:32.000Z",
"modified": "2019-03-29T15:29:32.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pattern-in-file",
"x_misp_value": "javobohisabi yohoxucojanukazahaviwexepeniwa negikicudosoyihuruyadeyafipihaja\r\nTelawefibudi wuzahibe liga. Caku jakacoza zususezebonuli setusidafohi. Xekaho tiyiwifuvu damonixuxaho togubo\r\nxisLadoxuna pibifuzida. Goso sepudahemeli bu zevahilipezipa xurotocomupe. Kofe ridimarijoyane. Yeve.\r\nTuwipufebedopi yocomujiyezejo su su. Timevumavizase hapezo fogiju. Xonucosegogi li. Bobixayogaci. Kuyi. Leto\r\nzoyihebezobu wu ciwu. Docadufe ro judewocekodiki"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-0aa4-479e-80c5-457a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:10:25.000Z",
"modified": "2019-04-01T09:10:25.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.136.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:10:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-97c8-4a64-aec2-46f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T06:40:41.000Z",
"modified": "2019-04-01T06:40:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.0.0/16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T06:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-b02c-43ad-afbd-4f69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:11:07.000Z",
"modified": "2019-04-01T09:11:07.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.202.174.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:11:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-01f8-4c66-b7a6-4318950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T06:40:41.000Z",
"modified": "2019-04-01T06:40:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.202.174.0/24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T06:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-6478-47f0-a5cd-4e8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:11:00.000Z",
"modified": "2019-04-01T09:11:00.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.202.174.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:11:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-9670-48a3-8bbe-4639950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T06:40:41.000Z",
"modified": "2019-04-01T06:40:41.000Z",
"pattern": "[url:value = 'https://pastebin.com/raw/7Qmz6q5v']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T06:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-f7fc-4efd-9e26-4955950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:11:03.000Z",
"modified": "2019-04-01T09:11:03.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.115.26.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:11:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b269-eb04-4df7-8a0b-41d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T06:40:41.000Z",
"modified": "2019-04-01T06:40:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.115.26.0/24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T06:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1ce9d-cd4c-46b6-9a6a-3ff6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T08:41:01.000Z",
"modified": "2019-04-01T08:41:01.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.126.85.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T08:41:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1ce9d-b568-4caf-bdff-3ff6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T08:41:01.000Z",
"modified": "2019-04-01T08:41:01.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.126.85.0/24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T08:41:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-4e80-4388-9890-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.238.0.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-e228-4161-9aa7-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.105.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-f2a0-4fca-a92a-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.105.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-69b8-4968-9f67-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-1654-4bf2-b765-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-3414-41ec-9f72-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.192.108.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-8b64-4abe-87e7-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.192.108.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-121c-4714-aa3e-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-a8d8-46e0-aa54-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-6ed8-400b-b4fa-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-d90c-47f7-94c8-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.185']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cb-27c4-4c61-a7ef-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:27.000Z",
"modified": "2019-04-01T09:24:27.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.184.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-5548-451c-9747-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.184.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-c67c-4701-8470-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-a450-4ef1-a1bb-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-f1c0-4dfc-85f9-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-5104-424c-bb78-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-2b0c-4ab6-9304-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-dc90-45a2-a6bf-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-fb50-48bc-8dbb-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-c190-4f11-9122-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-c2f0-469e-8883-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-0cd4-4431-a10f-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-6270-48ed-af05-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-dedc-4b55-ab68-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-3284-4bbd-a95a-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-589c-4067-adcd-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-ac04-4efc-a767-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-4df0-408a-8b83-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-f428-494a-86ac-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.45.251']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-2d24-4de1-8232-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.45.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-c530-4ce4-9202-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-5c10-4070-aebe-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-55a0-4f8a-baf7-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-84f4-476c-8619-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1d8cc-4490-4918-ac84-d6af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:24:28.000Z",
"modified": "2019-04-01T09:24:28.000Z",
"description": "IP of server administration",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:24:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-87c0-4e54-891a-4dba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '5286a5ed1288e7c54f1ca04d097f17c1d6aea32b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-c73c-48e1-91c2-4875950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '6dc00843f313690075612ee5ce770cae067cd37f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-a4c8-4094-be2e-4276950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = 'ee4c9567c9a072e1d8ed8a78cb06d6ce1a81dd11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-df5c-42e5-95c1-43ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '2200eb3303e448a52404128458e87f3248d4612c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-2f08-4f8b-a82a-4d65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-08fc-4585-83d4-47c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = 'f0e07b689caa5c7b3767bb3b4cfe4cba2aecb5f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-1960-4f42-89e3-4a5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = 'cc9aa7e71ce04b893bcdf49a1da2f0e20e45faf2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-5a98-4ee3-afa7-48c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '840963454567b38a5f1d1df7cd202629804e4c61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-9dc4-4403-aaaa-406e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.58.204.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-1610-4df6-9bd7-4a89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = 'dc8f3c31906c01d077c614809bb1195af2393dc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-0ebc-43d4-b476-48ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '02faf3e291435468607857694df5e45b68851868']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-aa0c-48ab-ac8e-4840950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '28a4481f8138c889367f9112ef48e4f17fb69944']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-fed8-4893-b9c4-4dc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '339cdd57cfd5b141169b615ff31428782d1da639']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-e1c8-4d0d-8458-41eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = 'f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-72d0-49db-8909-4523950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '3712786dd9d1d8ac7db60ba2f989280c7257a3a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-7dfc-43c5-864b-494c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '736a4dc679d682da321563647c60f699f0dfc268']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-4b0c-4376-89e9-4075950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = 'b1bc968bd4f49d622aa89a81f2150152a41d829c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e082-c614-431c-b553-4eff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T09:57:22.000Z",
"modified": "2019-04-01T09:57:22.000Z",
"pattern": "[file:hashes.SHA1 = '15abccaae3920046f55293e25f5f931a6581e00f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T09:57:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e719-4834-41f6-be6d-4586950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:29.000Z",
"modified": "2019-04-01T10:25:29.000Z",
"pattern": "[domain-name:value = 'scourketchupfries.cn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e719-db18-46a6-9d1c-4acc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:29.000Z",
"modified": "2019-04-01T10:25:29.000Z",
"pattern": "[file:name = 'vds58339.localdomain']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e719-819c-451a-9977-400e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:29.000Z",
"modified": "2019-04-01T10:25:29.000Z",
"pattern": "[email-message:from_ref.value = 'root@vds58339.localdomain']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e719-ffe4-4586-9f65-4c75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:29.000Z",
"modified": "2019-04-01T10:25:29.000Z",
"pattern": "[file:name = 'localhost.localdomain']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e719-0af8-451f-9ab5-4828950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:29.000Z",
"modified": "2019-04-01T10:25:29.000Z",
"pattern": "[email-message:from_ref.value = 'root@localhost.localdomain']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e71a-e47c-45fa-95f8-4ebc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:30.000Z",
"modified": "2019-04-01T10:25:30.000Z",
"pattern": "[domain-name:value = 'www.csgolite.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e71a-eb68-4e2f-afb1-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:30.000Z",
"modified": "2019-04-01T10:25:30.000Z",
"pattern": "[domain-name:value = 'tcp.csgolite.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1e71a-4378-412c-acbe-499f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T10:25:30.000Z",
"modified": "2019-04-01T10:25:30.000Z",
"pattern": "[domain-name:value = 'bendermoney.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T10:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca21226-bc58-47e2-bc18-4c09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T13:29:10.000Z",
"modified": "2019-04-01T13:29:10.000Z",
"pattern": "[url:value = 'https://pastebin.com/raw/wdcq0Tda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T13:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca21226-ff2c-4002-91db-40b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T13:29:10.000Z",
"modified": "2019-04-01T13:29:10.000Z",
"pattern": "[url:value = 'https://pastebin.com/raw/9ditgTZh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T13:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca21226-c4bc-43b0-b0da-40a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-01T13:29:10.000Z",
"modified": "2019-04-01T13:29:10.000Z",
"pattern": "[url:value = 'https://pastebin.com/Mzd1HFrN']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-01T13:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca61559-4fd4-4df0-976e-43ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:31:53.000Z",
"modified": "2019-04-04T14:31:53.000Z",
"pattern": "[file:hashes.IMPHASH = 'c226ac4bab6f48634bacbb7a1d34f8f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:31:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"imphash\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:46.000Z",
"modified": "2019-04-04T11:02:46.000Z",
"pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9c882a-a40c-46db-a3f5-f383950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T08:39:06.000Z",
"modified": "2019-03-28T08:39:06.000Z",
"pattern": "[file:name = 'README-NOW.txt' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T08:39:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cb1a2-817c-414b-b7be-43cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:46.000Z",
"modified": "2019-04-04T11:02:46.000Z",
"pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cb1c2-6f04-4808-99d0-4d8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:46.000Z",
"modified": "2019-04-04T11:02:46.000Z",
"pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cb1dc-7ee8-4a94-adef-41cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:46.000Z",
"modified": "2019-04-04T11:02:46.000Z",
"pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cb2c5-c444-4380-9cd7-4c8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:46.000Z",
"modified": "2019-04-04T11:02:46.000Z",
"pattern": "[file:hashes.MD5 = 'a5bc1f94e7505a2e73c866551f7996f9' AND file:hashes.SHA1 = '7dea7ff735023418b902d093964028aefbc486a5' AND file:hashes.SHA256 = '14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdbf4-ea34-4d13-90a4-4ce6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdc5e-12f4-4dfc-9918-4108950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = 'b3d3da12ca3b9efd042953caa6c3b8cd' AND file:hashes.SHA1 = '34fb03a35e723d27e99776ed3e81967229b3afe1' AND file:hashes.SHA256 = '7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdc7d-4d18-4cc8-b36e-4c83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = 'faf4de4e1c5d8e4241088c90cfe8eddd' AND file:hashes.SHA1 = 'fcd241fdcd462199f2907ca34c73ce9c89b03e5f' AND file:hashes.SHA256 = '47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9cdeef-4adc-461d-9b72-4062950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-28T14:49:19.000Z",
"modified": "2019-03-28T14:49:19.000Z",
"pattern": "[file:name = 'READ-ME-NOW.txt' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:parent_directory_ref.path = 'E:\\\\goga\\\\' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-28T14:49:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9e3862-4960-4ec0-a6fc-4f4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = '174e3d9c7b0380dd7576187c715c4681' AND file:hashes.SHA1 = '31fbfe814628db3b459ddc87bf5ed538700db17a' AND file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9e3895-b9dc-4d74-baa0-4e3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = 'a52f26575556d3c4eccd3b51265cb4e6' AND file:hashes.SHA1 = '61fdebb3c9dfa880b54e82579256acfcd4d6d406' AND file:hashes.SHA256 = '97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9e38d2-e5ac-42e6-8787-4c7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = 'ba53d8910ec3e46864c3c86ebd628796' AND file:hashes.SHA1 = 'd1c2dfedc602f5d5f2036b0ba5541cac8f8b4b95' AND file:hashes.SHA256 = 'a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9e3b43-3128-4838-8d63-4a69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = '871aa15f4d61c85e1284e1be3f99f705' AND file:hashes.SHA1 = '236eac0b19f91117b27f1b198a4d8490d99ec2e5' AND file:hashes.SHA256 = 'b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9e3bc2-5a24-4d69-a335-4793950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = '34187a34d0a3c5d63016c26346371b54' AND file:hashes.SHA1 = 'ce8209ff9828aa8cb095bd7d1589fc4d394c298c' AND file:hashes.SHA256 = '5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3' AND file:name = 'kill.bat' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1b7ca-7424-4d99-8c46-4095950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = '644087ccca16d2a728ef7685a4106f09' AND file:hashes.SHA1 = 'eabd6974ac71efd72d9e0688d5a6131f336d169c' AND file:hashes.SHA256 = '385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e' AND file:name = 'cob93.exe' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca1ce80-3410-445c-9a8c-20d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = '7b792de1468a70cfe990b65034d5f3ac' AND file:hashes.SHA1 = '320f1fc66054e98681fd291415ff17b2e1a71b61' AND file:hashes.SHA256 = 'a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b' AND file:name = 'test.bat' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5e3be-9cc4-4a68-939e-bac6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:00:14.000Z",
"modified": "2019-04-04T11:00:14.000Z",
"pattern": "[file:hashes.MD5 = '06457b317d5624590803a77d3770bff2' AND file:name = 'AD.zip' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:size = '472243' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:00:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f9ccc29b-21e0-4670-bd40-9ddb5e77097a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:47.000Z",
"modified": "2019-04-04T11:02:47.000Z",
"pattern": "[file:hashes.MD5 = 'ecf535c505b7752b0af188a915a23786' AND file:hashes.SHA1 = '736a4dc679d682da321563647c60f699f0dfc268' AND file:hashes.SHA256 = 'bfdf4cf3f143ad0db912d8ab3a7c12f617b9ea60ce8b1f4e44f74270fb21b19b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--35c21dc1-1c39-413c-946a-f8bb9b26b6f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-05 00:08:31",
"category": "Other",
"uuid": "a3fa831d-a38e-413e-bb19-1910b97fec2a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bfdf4cf3f143ad0db912d8ab3a7c12f617b9ea60ce8b1f4e44f74270fb21b19b/analysis/1543968511/",
"category": "Payload delivery",
"uuid": "7ad826d7-4477-4290-9dd7-a0d29a060c1f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Payload delivery",
"uuid": "f0291f05-fdde-4969-8684-db393699dea4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"pattern": "[file:hashes.MD5 = '83e10465b722ef33ff0b6f535e8d996b' AND file:hashes.SHA1 = '339cdd57cfd5b141169b615ff31428782d1da639' AND file:hashes.SHA256 = '02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5108ef6e-6e11-42eb-b04b-c98a3baf0989",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-03 11:56:47",
"category": "Other",
"uuid": "f59d8322-50b5-4d3b-a2e4-eb219bcf694b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0/analysis/1554292607/",
"category": "Payload delivery",
"uuid": "270cedd4-baf8-4281-b6fc-0f949fc211ca"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Payload delivery",
"uuid": "ebb52bad-6f2a-4b1b-a485-43be41a61f93"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f267dc71-bbf0-4cc5-9b5b-3fa211e28a18",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"pattern": "[file:hashes.MD5 = '1d3554048578b03f42424dbf20730a3f' AND file:hashes.SHA1 = '02faf3e291435468607857694df5e45b68851868' AND file:hashes.SHA256 = '687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f0ef8684-416a-4769-ad67-0b01c27351f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-30 09:28:42",
"category": "Other",
"uuid": "3576524b-3254-41ac-ac75-478ebe162909"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2/analysis/1553938122/",
"category": "Payload delivery",
"uuid": "f5c8e926-2ac1-49ef-8bb4-6f237baaf112"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Payload delivery",
"uuid": "458c15ba-a1ca-4e47-8901-0500a4203afc"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aea6e39a-79e2-459d-bcc5-4a1ea6a2a033",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"pattern": "[file:hashes.MD5 = '1edaf9ae99ce2920667d0e9a8b3f8c9c' AND file:hashes.SHA1 = 'f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0' AND file:hashes.SHA256 = '4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9d450a87-d02c-4ca7-8e63-51de5717eac9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-20 15:20:14",
"category": "Other",
"uuid": "615d556b-f37c-400f-88e2-020eb673be6d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da/analysis/1553095214/",
"category": "Payload delivery",
"uuid": "3b2c4cbb-41d9-4954-b0dd-4b6a52b87303"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/54",
"category": "Payload delivery",
"uuid": "8d33693b-a8e3-4c60-9df0-6bb18c7686e8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1a98fae-2b40-4d36-bd5c-5b601c2ca216",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:48.000Z",
"modified": "2019-04-04T11:02:48.000Z",
"pattern": "[file:hashes.MD5 = '3e455215095192e1b75d379fb187298a' AND file:hashes.SHA1 = 'b1bc968bd4f49d622aa89a81f2150152a41d829c' AND file:hashes.SHA256 = 'ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T11:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e3d0d58a-ba39-4023-9f87-abc23fee99ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-28 21:20:19",
"category": "Other",
"uuid": "a5771217-664e-468a-b883-963967688281"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99/analysis/1551388819/",
"category": "Payload delivery",
"uuid": "5c9d5e47-d971-4bd4-a0e2-55df09eb31f0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/54",
"category": "Payload delivery",
"uuid": "9b3526d2-e054-419d-b3f6-b36588aa00fb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--83d90e56-d8fd-4fb2-bb57-580a66a57ee2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:10:19",
"category": "Other",
"uuid": "c221b793-ca91-4ea5-9ba9-3a08b8d153b0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1554361819/",
"category": "Payload delivery",
"uuid": "e62b032c-b748-43cf-9663-7bf43b7c811e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/68",
"category": "Payload delivery",
"uuid": "0903cfac-7124-4138-b7ca-350ccf89ef78"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--15d2637f-5587-422e-9c0d-b5765db3b370",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-03 10:15:05",
"category": "Other",
"uuid": "95dd2a05-d5e2-4ca5-9b63-950965df87d7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b/analysis/1554286505/",
"category": "Payload delivery",
"uuid": "92fa1fda-791f-4245-b42c-bf14fc0fb1d5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/58",
"category": "Payload delivery",
"uuid": "9e9cd2ac-2699-4da9-befb-53651ad2aaa6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--62d88faa-c81c-4ee2-a031-950e7b8e74eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-03 10:14:59",
"category": "Other",
"uuid": "8a4b82c6-9892-4c00-9855-b521648e574a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4/analysis/1554286499/",
"category": "Payload delivery",
"uuid": "c8a542e8-a2cb-4cf9-a070-d0b25ee49519"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/71",
"category": "Payload delivery",
"uuid": "9263cb76-ef44-45ae-972c-fe3b90a4b2ff"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--655b355a-d27a-47e7-953c-e518814e77d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 06:54:10",
"category": "Other",
"uuid": "5871b620-bb9b-4dc1-ac8f-2f1c4e0840fd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e/analysis/1554360850/",
"category": "Payload delivery",
"uuid": "1e73fc65-f7ce-4262-8463-0f80f93da9ae"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/70",
"category": "Payload delivery",
"uuid": "796a7fb7-65cf-4b5f-85a8-0a097520d3cb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:24:59",
"category": "Other",
"uuid": "112fad1f-774e-4b50-8947-9657406c3627"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca/analysis/1554362699/",
"category": "Payload delivery",
"uuid": "8b0c280c-7c10-4b30-9fd0-4c073c4ea048"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "56/71",
"category": "Payload delivery",
"uuid": "b138d431-1a16-4779-813e-b149a3421b4b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dff728c7-5c19-4f03-86c3-da8de2fb5fe9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:49.000Z",
"modified": "2019-04-04T11:02:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 06:59:47",
"category": "Other",
"uuid": "96719cd4-a3be-42f9-9edd-7551a3d10efa"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3/analysis/1554361187/",
"category": "Payload delivery",
"uuid": "7f6155ce-dd15-474a-9b1e-b183b029e656"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/57",
"category": "Payload delivery",
"uuid": "33b779b8-ad32-4a69-8bbd-9fe21046e36b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5e8bc41a-f1de-4db9-99ce-f8e2d360a71e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-01 16:37:44",
"category": "Other",
"uuid": "7d9c017b-8edd-49dd-ac87-83ede8411029"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1554136664/",
"category": "Payload delivery",
"uuid": "e9bd4bc8-d8ec-4185-90ed-7e5786a6bce9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/71",
"category": "Payload delivery",
"uuid": "83263b7e-8059-46d2-8b99-5b0b43a37e90"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--90999cf4-f049-48cc-b058-7218d5e66a87",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:05:59",
"category": "Other",
"uuid": "4553a71a-776c-4461-8a66-c7cd64e44318"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1554361559/",
"category": "Payload delivery",
"uuid": "da933654-16fb-498a-8640-44e69146f078"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/61",
"category": "Payload delivery",
"uuid": "a03d25eb-08d2-4ff8-87b8-e8f2c98eb179"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6ec3241c-a53a-4b24-ad19-b37fe1926ca3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-02 23:51:08",
"category": "Other",
"uuid": "b5672881-9c3c-44f9-8db2-298d466a4dd9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43/analysis/1554249068/",
"category": "Payload delivery",
"uuid": "ed5167e6-ce8b-4816-888d-18b7cf9a9b4f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/72",
"category": "Payload delivery",
"uuid": "a4480342-e0bc-4292-bd67-5bcbe6369375"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0bc1a3db-aa59-4e3e-962c-0141a9507044",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-02 23:53:36",
"category": "Other",
"uuid": "19057350-70ca-4b61-bf3a-ccfe54f0490a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a/analysis/1554249216/",
"category": "Payload delivery",
"uuid": "021bca0d-21c1-4af3-ad1d-9ede46c96d73"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Payload delivery",
"uuid": "1d711364-ad24-4f60-a406-579fc420984f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c4efd0bd-ca37-4e9a-9669-b284391231d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:16:09",
"category": "Other",
"uuid": "a3ef3a8c-2c5b-469a-ba3a-232ea3d646b4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1554362169/",
"category": "Payload delivery",
"uuid": "3431a2b3-15e0-4e7b-81e8-3a8a4467c58a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/70",
"category": "Payload delivery",
"uuid": "2fd75f6e-a29d-4193-83af-07e23cc7565e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--91238841-2e89-4fd8-a8e8-eda64827b73d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-03 17:13:07",
"category": "Other",
"uuid": "101cf662-c46e-4335-8eef-189b488e4a31"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262/analysis/1554311587/",
"category": "Payload delivery",
"uuid": "15db5590-265b-4922-b1fd-352d2725bebc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/66",
"category": "Payload delivery",
"uuid": "93ca72df-1be0-455f-a1cd-cf769e550da5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4a8c1dc6-773d-4883-be6f-8c7008a56ba7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:50.000Z",
"modified": "2019-04-04T11:02:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:26:59",
"category": "Other",
"uuid": "0023fe73-0980-46e0-9556-46bbfe5fdec4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125/analysis/1554362819/",
"category": "Payload delivery",
"uuid": "383e14be-cdda-4969-99ae-3adae2fa7b7f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Payload delivery",
"uuid": "ab2852d7-9aae-4a0f-aa4b-549583563ce7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3ba890fa-43c6-4805-a7ab-2fba74c0ced0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:21:45",
"category": "Other",
"uuid": "d4aea7f7-e340-4e76-89c1-2546884db901"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1554362505/",
"category": "Payload delivery",
"uuid": "bcc766b7-352e-4241-b3ba-4dab52c02065"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "55/70",
"category": "Payload delivery",
"uuid": "401b939c-ce2c-426b-9505-0554136fa85c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c186be47-3752-42e1-89d5-1e5b3d5223de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04 07:20:30",
"category": "Other",
"uuid": "29971556-1f8f-491a-bc22-607f26e0cdcf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1554362430/",
"category": "Payload delivery",
"uuid": "088b3a1d-f7d5-4bf0-9998-7fa00b4d1177"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "55/71",
"category": "Payload delivery",
"uuid": "de0d2c55-e16b-426a-95ef-f04995cada4f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b6346b5e-5482-4314-9d7b-8671c4155bf1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:08:41.000Z",
"modified": "2019-04-04T14:08:41.000Z",
"pattern": "[file:hashes.SHA1 = '2a030cc6d84d5785f5e84d0f5888a411d4b06d01' AND file:name = 'soft.exe' AND file:size = '45568']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:08:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d74356f9-39d2-4c30-9711-8ed1a401acd3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:42.000Z",
"modified": "2019-04-04T14:11:42.000Z",
"pattern": "[file:hashes.SHA1 = '2abae839362edfe52d9ebe282fb61113d22b331f' AND file:name = 'sttager.exe' AND file:size = '20480']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e668ce8c-af43-4832-89b2-9c08e3f5124c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:42.000Z",
"modified": "2019-04-04T14:11:42.000Z",
"pattern": "[file:hashes.SHA1 = '6995a32e0a4d4f6d0c9b2a00a96d69bff4b83ea7' AND file:name = 'test443.exe' AND file:size = '373911']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6e1a65fa-acb6-4ea6-a06b-636c428138b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:43.000Z",
"modified": "2019-04-04T14:11:43.000Z",
"pattern": "[file:hashes.SHA1 = '87b1f17fbb4a1e8eef4cb31c1c0194b1426c868c' AND file:name = 'veil.exe' AND file:size = '345761']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f7e26e48-37f4-45a8-8a1c-2ecc11dec53a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:43.000Z",
"modified": "2019-04-04T14:11:43.000Z",
"pattern": "[file:hashes.SHA1 = 'afc36916a4df934446681ea28bef6add4decb98a' AND file:name = '80_http.exe.exe' AND file:size = '411850']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4db8abd-f691-4927-9e28-14ce0ee7d430",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:43.000Z",
"modified": "2019-04-04T14:11:43.000Z",
"pattern": "[file:hashes.SHA1 = 'f832d94391a8d2d5cf92773e6c912905ec7c40c7' AND file:name = 'test1.exe' AND file:size = '406636']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3d49a49b-5bc6-49be-a0e6-ab3b72ccfe46",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:44.000Z",
"modified": "2019-04-04T14:11:44.000Z",
"pattern": "[file:hashes.SHA1 = '056823c7891a04b2fec8903eb401ae3291743a54' AND file:name = 'beca.exe.exe' AND file:size = '23808']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f898f5e1-93e1-458b-996c-ebc6dba13222",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:44.000Z",
"modified": "2019-04-04T14:11:44.000Z",
"pattern": "[file:hashes.SHA1 = 'b7afa7acf1b7ded2c4e3d0884b5cdaa230d9f82e' AND file:name = 'shell1.exe' AND file:size = '24576']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--89b53bf3-e0c4-4f48-8e25-ff54844fae43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:45.000Z",
"modified": "2019-04-04T14:11:45.000Z",
"pattern": "[file:hashes.SHA1 = '4b50b6b9157026ab408d966ece02d1cef8045f82' AND file:name = 'starggge.exe' AND file:size = '27136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1162a78a-804d-4856-82b3-0b77509bcfe7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:45.000Z",
"modified": "2019-04-04T14:11:45.000Z",
"pattern": "[file:hashes.SHA1 = '6042dfd50d33da40e383baec4a7ef7c75bf17481' AND file:name = '8_32.exe' AND file:size = '24064']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf5439e4-3e35-44a0-9ff3-129042947aad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:45.000Z",
"modified": "2019-04-04T14:11:45.000Z",
"pattern": "[file:hashes.SHA1 = '9b50fae63f4d8d402f30c487ca7216f610413642' AND file:name = 'payload.exe' AND file:size = '6144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02af3be3-4a7e-4a84-81eb-83f604a3f0a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:46.000Z",
"modified": "2019-04-04T14:11:46.000Z",
"pattern": "[file:hashes.SHA1 = '781778f789185889259d2a8dec981e80098fa490' AND file:name = '443_12.exe' AND file:size = '28904']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dae97fa0-3eb3-4915-82cc-e7e489d64dd1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:46.000Z",
"modified": "2019-04-04T14:11:46.000Z",
"pattern": "[file:hashes.SHA1 = '153d37f0f0660734a1e05cb67721c4ceff54919f' AND file:name = 'test.exe' AND file:size = '370807']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--24e6319c-f91c-43b2-a9d3-7b0bfd5a76a7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:47.000Z",
"modified": "2019-04-04T14:11:47.000Z",
"pattern": "[file:hashes.SHA1 = '2d038fcd5987b2e7008b2e269b0a9ff968063ee8' AND file:name = 'test_1.exe' AND file:size = '601039']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3dac003b-a958-48e2-8a96-6d0fdba7875d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:47.000Z",
"modified": "2019-04-04T14:11:47.000Z",
"pattern": "[file:hashes.SHA1 = '9d2148cd22c245fc3ba7861a560d223f72f34414' AND file:name = 'synack_network_noinject_x86.ps1' AND file:size = '302611']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c01e648d-7f49-45f7-b7d7-48ce5a507a47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:48.000Z",
"modified": "2019-04-04T14:11:48.000Z",
"pattern": "[file:hashes.SHA1 = 'c8207144f89c9d775ff5565888dbbc8167e09330' AND file:name = 'synack_network_noinject_x64.ps1' AND file:size = '390311']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac91f1d9-024c-44e2-8a7c-06172796ea12",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:49.000Z",
"modified": "2019-04-04T14:11:49.000Z",
"pattern": "[file:hashes.SHA1 = '5131a7a011041e88b32a2a98e5170c42d5c57250' AND file:name = 'synack_network_x64.ps1' AND file:size = '423995']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2ba4112d-7327-4b19-8035-a2e6eb73d573",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:50.000Z",
"modified": "2019-04-04T14:11:50.000Z",
"pattern": "[file:hashes.SHA1 = 'e925c3ba15f007363ad32b84df7da9b299b9b100' AND file:name = 'synack_x64.ps1' AND file:size = '423995']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f430f07-3ff9-4553-b81a-36681949c447",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:51.000Z",
"modified": "2019-04-04T14:11:51.000Z",
"pattern": "[file:hashes.SHA1 = '481b18bcbd9d32c5363bb56ab212d57d78497c05' AND file:name = 'synack_network_x86.ps1' AND file:size = '327187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6fe2ec22-3ff6-4a79-af8e-30e6a5253e45",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:51.000Z",
"modified": "2019-04-04T14:11:51.000Z",
"pattern": "[file:hashes.SHA1 = '2bcfd0679726f0110545b47b4512a8a4ddcb830f' AND file:name = 'synack_x86.ps1' AND file:size = '327187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b14e7307-30f6-49c8-b4fe-0b6735a3a94d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:52.000Z",
"modified": "2019-04-04T14:11:52.000Z",
"pattern": "[file:hashes.SHA1 = 'eaefb5e9ea2e0d301ee594e6358ea136442cd075' AND file:name = 'test.exe' AND file:size = '529477']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3549d1ed-c1c7-4066-a9cc-9d0a86cd8e0a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:52.000Z",
"modified": "2019-04-04T14:11:52.000Z",
"pattern": "[file:hashes.SHA1 = '237b19af7c867b21f46793dd7257dff2f3be1513' AND file:name = 'encryptor.zip' AND file:size = '18211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eaa8dc3c-16ef-45eb-add4-3d736d1bd330",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:52.000Z",
"modified": "2019-04-04T14:11:52.000Z",
"pattern": "[file:hashes.SHA1 = 'f5619064f2d8aebfdba0fc3f566cb60f599f9f6e' AND file:name = 'encryptor.exe' AND file:size = '29696']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e91cd8c-c822-43fe-ac0b-5d137f57bc3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:11:53.000Z",
"modified": "2019-04-04T14:11:53.000Z",
"pattern": "[file:hashes.SHA1 = '399d4d5ab0bdbe0b1a61bac007d56adff005486d' AND file:name = 'tung2901_AU3_EXE_6cr22.rar' AND file:size = '277412']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:11:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b59d923-d374-41bc-89b7-e68498bacc72",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:34.000Z",
"modified": "2019-04-04T14:19:34.000Z",
"pattern": "[file:hashes.MD5 = '644087ccca16d2a728ef7685a4106f09' AND file:hashes.SHA1 = 'eabd6974ac71efd72d9e0688d5a6131f336d169c' AND file:hashes.SHA256 = '385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4b9fdc52-1ce3-45d7-85cc-60215eb30f0c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:34.000Z",
"modified": "2019-04-04T14:19:34.000Z",
"pattern": "[file:hashes.MD5 = '34187a34d0a3c5d63016c26346371b54' AND file:hashes.SHA1 = 'ce8209ff9828aa8cb095bd7d1589fc4d394c298c' AND file:hashes.SHA256 = '5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa63b93f-2201-4f6c-8341-4a86980805b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:35.000Z",
"modified": "2019-04-04T14:19:35.000Z",
"pattern": "[file:hashes.MD5 = '871aa15f4d61c85e1284e1be3f99f705' AND file:hashes.SHA1 = '236eac0b19f91117b27f1b198a4d8490d99ec2e5' AND file:hashes.SHA256 = 'b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c73504a4-60da-4107-adef-c10a0f52266b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:35.000Z",
"modified": "2019-04-04T14:19:35.000Z",
"pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--edbac896-cf24-4628-9064-7bac3c8e8d58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:36.000Z",
"modified": "2019-04-04T14:19:36.000Z",
"pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d91eacd1-efda-4eaf-ae5a-f815869b10dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:36.000Z",
"modified": "2019-04-04T14:19:36.000Z",
"pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1a25873-3445-4873-8b6b-7dca2e15615a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:36.000Z",
"modified": "2019-04-04T14:19:36.000Z",
"pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9aa33ad7-9f08-4774-b109-cedaed81cd60",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:37.000Z",
"modified": "2019-04-04T14:19:37.000Z",
"pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dc691061-1ee8-46b1-b3ef-488f082e45c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:38.000Z",
"modified": "2019-04-04T14:19:38.000Z",
"pattern": "[file:hashes.MD5 = 'a5bc1f94e7505a2e73c866551f7996f9' AND file:hashes.SHA1 = '7dea7ff735023418b902d093964028aefbc486a5' AND file:hashes.SHA256 = '14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8d31887c-d4a7-4e7f-899c-df1d3a41e15f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:38.000Z",
"modified": "2019-04-04T14:19:38.000Z",
"pattern": "[file:hashes.MD5 = 'b3d3da12ca3b9efd042953caa6c3b8cd' AND file:hashes.SHA1 = '34fb03a35e723d27e99776ed3e81967229b3afe1' AND file:hashes.SHA256 = '7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--febd2cf8-35c9-49d2-9963-21b43acb6f04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:39.000Z",
"modified": "2019-04-04T14:19:39.000Z",
"pattern": "[file:hashes.MD5 = 'faf4de4e1c5d8e4241088c90cfe8eddd' AND file:hashes.SHA1 = 'fcd241fdcd462199f2907ca34c73ce9c89b03e5f' AND file:hashes.SHA256 = '47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f63b62d9-f5f1-4c51-9488-139d016e7660",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T14:19:39.000Z",
"modified": "2019-04-04T14:19:39.000Z",
"pattern": "[file:hashes.MD5 = '7b792de1468a70cfe990b65034d5f3ac' AND file:hashes.SHA1 = '320f1fc66054e98681fd291415ff17b2e1a71b61' AND file:hashes.SHA256 = 'a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T14:19:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fda6f5a2-8bb2-483c-a116-a85e4af5a63c",
"created": "2019-03-28T08:39:21.000Z",
"modified": "2019-03-28T08:39:21.000Z",
"relationship_type": "creator-of",
"source_ref": "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f",
"target_ref": "indicator--5c9c882a-a40c-46db-a3f5-f383950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8c11cd12-6c58-48f9-9507-cdc20ec4808b",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f",
"target_ref": "x-misp-object--3ba890fa-43c6-4805-a7ab-2fba74c0ced0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--698b9ceb-35b8-42cf-9ff0-2609135d8e4d",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cb1a2-817c-414b-b7be-43cd950d210f",
"target_ref": "x-misp-object--83d90e56-d8fd-4fb2-bb57-580a66a57ee2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--47456290-8048-4f4f-8e61-d2f1cdc4352d",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cb1c2-6f04-4808-99d0-4d8f950d210f",
"target_ref": "x-misp-object--c4efd0bd-ca37-4e9a-9669-b284391231d0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3be46b31-0f69-4697-8a2a-4c0eeabbe276",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cb1dc-7ee8-4a94-adef-41cb950d210f",
"target_ref": "x-misp-object--c186be47-3752-42e1-89d5-1e5b3d5223de"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a5f6984a-455b-4b3f-88c0-fa261a2a5a99",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cb2c5-c444-4380-9cd7-4c8a950d210f",
"target_ref": "x-misp-object--aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7ee3ed03-c55a-4876-83fd-bcb4dfef5f0d",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cdbf4-ea34-4d13-90a4-4ce6950d210f",
"target_ref": "x-misp-object--90999cf4-f049-48cc-b058-7218d5e66a87"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c20ead58-c00a-4a20-a12d-f48037f6ff15",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cdc5e-12f4-4dfc-9918-4108950d210f",
"target_ref": "x-misp-object--4a8c1dc6-773d-4883-be6f-8c7008a56ba7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--febebabb-5110-4905-86ce-2d648f99cb14",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9cdc7d-4d18-4cc8-b36e-4c83950d210f",
"target_ref": "x-misp-object--62d88faa-c81c-4ee2-a031-950e7b8e74eb"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b4fb6776-1cf4-42ad-b133-4760551469cc",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9e3862-4960-4ec0-a6fc-4f4e950d210f",
"target_ref": "x-misp-object--5e8bc41a-f1de-4db9-99ce-f8e2d360a71e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--651589c3-8f49-40d3-b56a-b248b42885fc",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9e3895-b9dc-4d74-baa0-4e3e950d210f",
"target_ref": "x-misp-object--6ec3241c-a53a-4b24-ad19-b37fe1926ca3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6b7f6e62-f6dd-4ae5-b9fc-b894fea0fc0e",
"created": "2019-04-04T11:02:51.000Z",
"modified": "2019-04-04T11:02:51.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9e38d2-e5ac-42e6-8787-4c7a950d210f",
"target_ref": "x-misp-object--0bc1a3db-aa59-4e3e-962c-0141a9507044"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--36226550-fccd-4fec-b338-54f706df5ef1",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9e3b43-3128-4838-8d63-4a69950d210f",
"target_ref": "x-misp-object--91238841-2e89-4fd8-a8e8-eda64827b73d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8c6dd630-7dd1-46f7-a6c5-a793600b6d9e",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c9e3bc2-5a24-4d69-a335-4793950d210f",
"target_ref": "x-misp-object--dff728c7-5c19-4f03-86c3-da8de2fb5fe9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e82243d7-eaa6-4b0d-b35b-0e9c317c57d4",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5ca1b7ca-7424-4d99-8c46-4095950d210f",
"target_ref": "x-misp-object--655b355a-d27a-47e7-953c-e518814e77d1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4c8b82ff-6089-4de2-84f0-3b560c0a7e39",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5ca1ce80-3410-445c-9a8c-20d7950d210f",
"target_ref": "x-misp-object--15d2637f-5587-422e-9c0d-b5765db3b370"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--352f73c0-c34d-41c2-82e7-dfc48726c068",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f9ccc29b-21e0-4670-bd40-9ddb5e77097a",
"target_ref": "x-misp-object--35c21dc1-1c39-413c-946a-f8bb9b26b6f7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cd8c80c3-0cfb-49a4-9182-a43caeef1055",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1",
"target_ref": "x-misp-object--5108ef6e-6e11-42eb-b04b-c98a3baf0989"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--878ba33b-1b27-4ad0-88fb-4da7f1bed61b",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f267dc71-bbf0-4cc5-9b5b-3fa211e28a18",
"target_ref": "x-misp-object--f0ef8684-416a-4769-ad67-0b01c27351f8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e1916cea-2bbc-4ea3-871d-a74bbdeeb186",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--aea6e39a-79e2-459d-bcc5-4a1ea6a2a033",
"target_ref": "x-misp-object--9d450a87-d02c-4ca7-8e63-51de5717eac9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6d6260c4-ddbc-47f4-a506-37a21c70d6a0",
"created": "2019-04-04T11:02:52.000Z",
"modified": "2019-04-04T11:02:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a1a98fae-2b40-4d36-bd5c-5b601c2ca216",
"target_ref": "x-misp-object--e3d0d58a-ba39-4023-9f87-abc23fee99ab"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}