adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/546b1b80-904c-4534-abf1-4b36950d210b.json

3498 lines
No EOL
144 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--546b1b80-904c-4534-abf1-4b36950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:51:44.000Z",
"modified": "2014-11-18T12:51:44.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--546b1b80-904c-4534-abf1-4b36950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:51:44.000Z",
"modified": "2014-11-18T12:51:44.000Z",
"name": "OSINT Analysis of DHS NCCIC Indicators blog post by Secureworks",
"published": "2016-02-22T14:06:21Z",
"object_refs": [
"observed-data--546b1b8b-88d4-4b3b-8e31-46f9950d210b",
"url--546b1b8b-88d4-4b3b-8e31-46f9950d210b",
"x-misp-attribute--546b1b97-d8a0-4a46-a664-4ad0950d210b",
"indicator--546b1bf5-1c90-4447-80aa-4f35950d210b",
"indicator--546b1bf5-e128-4da7-83a7-447a950d210b",
"indicator--546b1bf5-f7b0-48d6-a3c0-44dd950d210b",
"indicator--546b1bf5-1fe8-4b84-ac7c-46eb950d210b",
"indicator--546b1bf5-7a3c-45ff-8e47-4438950d210b",
"indicator--546b1bf5-c7ac-472b-ad56-4f0f950d210b",
"indicator--546b1bf5-1fa8-40fd-af42-451e950d210b",
"indicator--546b1bf5-9554-4b5a-bab1-4fc6950d210b",
"indicator--546b1bf5-f4bc-47ba-b3ee-4fad950d210b",
"indicator--546b1bf5-78dc-4e9e-a923-4d8e950d210b",
"indicator--546b1bf6-0a68-43cc-8b07-481b950d210b",
"indicator--546b1bf6-5724-4082-8502-4c14950d210b",
"indicator--546b1bf6-6dc8-4ac6-8981-4606950d210b",
"indicator--546b1bf6-52e8-4a3b-aab0-40bb950d210b",
"indicator--546b1bf6-8258-4f3c-8b52-4959950d210b",
"indicator--546b1bf6-a518-4e5e-a106-4ee1950d210b",
"indicator--546b1bf6-e040-4be6-9a95-4d0c950d210b",
"indicator--546b1bf6-90a8-4f2c-aa82-4371950d210b",
"indicator--546b1bf6-fe84-47c9-a11e-4a1b950d210b",
"indicator--546b1bf6-7250-4d39-ab09-48a9950d210b",
"indicator--546b1bf6-253c-4965-ba12-4386950d210b",
"indicator--546b1bf6-76b4-487b-85ad-45fd950d210b",
"x-misp-attribute--546b1c05-ff20-46da-8e09-47cd950d210b",
"indicator--546b1c68-9b3c-41d2-97c3-43dd950d210b",
"indicator--546b1c68-6140-4545-bb5b-43ca950d210b",
"indicator--546b1c68-4fe0-47c9-b7cd-4635950d210b",
"indicator--546b1c68-0674-4e85-be79-4945950d210b",
"indicator--546b1c68-38e0-43ee-a4bc-43c9950d210b",
"indicator--546b1cb3-1e90-4614-99f6-40ee950d210b",
"indicator--546b1cb3-7484-47e8-9417-4e27950d210b",
"indicator--546b1cb3-a3fc-44b2-b9cd-4db7950d210b",
"indicator--546b1cc7-63c0-40db-8530-4181950d210b",
"indicator--546b1cc7-6278-4a42-b4d1-4821950d210b",
"indicator--546b1cc8-17a8-4586-b779-4f42950d210b",
"x-misp-attribute--546b1ce6-c1f4-429a-b487-401e950d210b",
"x-misp-attribute--546b1ce6-0fb0-4b54-adab-4918950d210b",
"x-misp-attribute--546b1ce6-49bc-4dd8-8a6a-4c55950d210b",
"indicator--546b1d2c-8fa4-4e0b-a174-4215950d210b",
"indicator--546b1d2c-9db4-414e-984e-4a0e950d210b",
"indicator--546b1d2c-66f8-49c6-aa46-4264950d210b",
"x-misp-attribute--546b1d3c-c7e8-4d29-9761-44e7950d210b",
"indicator--546b1d70-aa88-476a-b961-4235950d210b",
"indicator--546b1d80-316c-40af-8d87-4877950d210b",
"indicator--546b1d9a-e348-4fb1-b430-469d950d210b",
"indicator--546b3aa9-2594-47ab-9530-89b5950d210b",
"indicator--546b3aa9-bae8-41e1-9f47-89b5950d210b",
"indicator--546b3aa9-6d74-4a2e-921d-89b5950d210b",
"indicator--546b3aa9-33dc-46a6-9b53-89b5950d210b",
"indicator--546b3aa9-3194-49b0-8c1e-89b5950d210b",
"indicator--546b3aaa-c460-4ed1-b7c2-89b5950d210b",
"indicator--546b3aaa-788c-4bf4-abf1-89b5950d210b",
"indicator--546b3aaa-0350-4635-b121-89b5950d210b",
"indicator--546b3aaa-64d0-408b-ac20-89b5950d210b",
"indicator--546b3aaa-3280-4870-8937-89b5950d210b",
"indicator--546b3aaa-6d20-4061-9b5e-89b5950d210b",
"indicator--546b3aaa-e800-4759-98ba-89b5950d210b",
"indicator--546b3aaa-b2dc-497a-9038-89b5950d210b",
"indicator--546b3aaa-d874-468d-b371-89b5950d210b",
"indicator--546b3aaa-6488-4000-9c25-89b5950d210b",
"indicator--546b3aaa-358c-46ae-84db-89b5950d210b",
"indicator--546b3aea-4350-4901-a09a-0e7f950d210b",
"indicator--546b3aea-3f68-472d-94a9-0e7f950d210b",
"indicator--546b3aea-3bd0-450d-b469-0e7f950d210b",
"indicator--546b3b5b-83d8-4c4d-8fed-29c7950d210b",
"indicator--546b3b5b-2300-4645-a5fd-29c7950d210b",
"indicator--546b3b5c-5d5c-48a4-8284-29c7950d210b",
"indicator--546b3b5c-f250-48a1-ba83-29c7950d210b",
"indicator--546b3b5c-7d38-4c4c-9499-29c7950d210b",
"indicator--546b3b5c-f200-4bd4-85b0-29c7950d210b",
"indicator--546b3b5c-ed3c-4f3b-8cd9-29c7950d210b",
"indicator--546b3b5c-5f88-461a-ac2b-29c7950d210b",
"indicator--546b3b5c-f2e4-41a2-aeab-29c7950d210b",
"indicator--546b3b96-ed18-4686-b26f-0fec950d210b",
"observed-data--546b3ba9-c290-41cd-a221-433d950d210b",
"file--546b3ba9-c290-41cd-a221-433d950d210b",
"indicator--546b3bc3-f718-4352-af14-89b5950d210b",
"indicator--546b3bd5-fa10-4859-9291-40b5950d210b",
"indicator--546b3bef-23b8-4846-aaa0-4348950d210b",
"indicator--546b3c65-3898-4ca4-a997-29c7950d210b",
"indicator--546b3c89-7450-4721-8d81-0fec950d210b",
"indicator--546b3c89-f014-4d53-8437-0fec950d210b",
"indicator--546b3cb9-0134-4026-b1d3-89be950d210b",
"indicator--546b3cb9-6da8-4a29-8a22-89be950d210b",
"indicator--546b3cb9-2034-442f-805f-89be950d210b",
"indicator--546b3cb9-505c-4428-92e0-89be950d210b",
"indicator--546b3cb9-9f4c-4a99-ac9c-89be950d210b",
"indicator--546b3cb9-fa20-4980-b25e-89be950d210b",
"indicator--546b3cba-2874-44c5-9f8c-89be950d210b",
"indicator--546b3cba-82b4-407f-8cb1-89be950d210b",
"indicator--546b3cba-60b4-4dd1-87ce-89be950d210b",
"indicator--546b3cba-d13c-49f1-92ca-89be950d210b",
"indicator--546b3d0c-b798-46a2-9cf1-43ff950d210b",
"indicator--546b3d0c-ad7c-4181-ad34-49b5950d210b",
"indicator--546b3d0c-63c4-41f4-9cfd-4037950d210b",
"indicator--546b3d29-19fc-4733-9459-4948950d210b",
"x-misp-attribute--546b3d76-dfe4-4258-9518-0fec950d210b",
"x-misp-attribute--546b3d76-b80c-406c-820e-0fec950d210b",
"x-misp-attribute--546b3d76-9d84-4db5-9907-0fec950d210b",
"x-misp-attribute--546b3d76-460c-4bff-81d2-0fec950d210b",
"x-misp-attribute--546b3d76-c0a4-4734-ab91-0fec950d210b",
"indicator--546b3daf-c0bc-4cec-99d9-89be950d210b",
"indicator--546b3dc1-d5e4-405f-bf7b-48c1950d210b",
"indicator--546b3dd6-5884-49fc-b455-412d950d210b",
"indicator--546b3de4-e4d8-4917-aec8-4f19950d210b",
"indicator--546b3e6a-9c60-4780-91cc-4571950d210b",
"indicator--546b3e6a-46f8-4eb4-bec9-4bc8950d210b",
"indicator--546b3e6a-36f0-4d0e-93ea-4399950d210b",
"indicator--546b3e6a-2548-4928-8878-4272950d210b",
"indicator--546b3e6a-ab3c-464d-a842-4025950d210b",
"indicator--546b3e6a-80dc-4f45-b956-43e0950d210b",
"indicator--546b3e6a-34c8-4d66-b38d-4d45950d210b",
"indicator--546b3e6a-d28c-40fa-9646-4a9b950d210b",
"indicator--546b3e6a-f838-4499-bdb5-4756950d210b",
"indicator--546b3e6b-c2f0-49e6-99b8-4927950d210b",
"indicator--546b3e6b-8278-48fc-8a53-4d0b950d210b",
"indicator--56c645be-0f64-4fe0-a6e2-c652950d210f",
"indicator--56c645c1-1584-4576-84b7-c650950d210f",
"indicator--56c645c3-9b9c-4093-baf0-5ca1950d210f",
"indicator--56c645c5-7190-4520-91bd-599f950d210f",
"indicator--56c645c8-2cdc-4d9d-9ca6-59a1950d210f",
"indicator--56c645ca-3d58-46b9-8ff2-c651950d210f",
"indicator--56c645cd-b1fc-4e01-bb5a-599e950d210f",
"indicator--56c645cf-f864-4e0c-9b7c-599d950d210f",
"indicator--56c645d1-efe0-46d4-a3a0-c653950d210f",
"indicator--56c645d4-8ac8-4028-883c-445f950d210f",
"indicator--56c645d8-648c-415c-a0a2-c650950d210f",
"indicator--56c645da-21bc-40d2-9b42-c651950d210f",
"indicator--56c645df-6e20-4dcc-a990-599f950d210f",
"indicator--56c645bf-13fc-494e-9656-47cd950d210f",
"indicator--56c645c1-36ac-4ac4-a901-599f950d210f",
"indicator--56c645c3-3764-4385-880c-59a2950d210f",
"indicator--56c645c6-05cc-49be-bd05-48a1950d210f",
"indicator--56c645c9-1c9c-4f24-b852-4230950d210f",
"indicator--56c645cb-6234-440a-be8b-c653950d210f",
"indicator--56c645ce-0848-432c-9219-59a2950d210f",
"indicator--56c645d0-f9a8-44e5-80f1-c654950d210f",
"indicator--56c645d3-1650-4787-b31a-59a3950d210f",
"indicator--56c645d5-7db0-4779-9fe0-599d950d210f",
"indicator--56c645d9-b870-4881-ac5c-5f51950d210f",
"indicator--56c645db-37dc-4713-89a1-4ae0950d210f",
"indicator--56c645e0-059c-489d-b45d-442e950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--546b1b8b-88d4-4b3b-8e31-46f9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:12:27.000Z",
"modified": "2014-11-18T10:12:27.000Z",
"first_observed": "2014-11-18T10:12:27Z",
"last_observed": "2014-11-18T10:12:27Z",
"number_observed": 1,
"object_refs": [
"url--546b1b8b-88d4-4b3b-8e31-46f9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--546b1b8b-88d4-4b3b-8e31-46f9950d210b",
"value": "http://www.secureworks.com/cyber-threat-intelligence/threats/analysis-of-dhs-nccic-indicators/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b1b97-d8a0-4a46-a664-4ad0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:12:39.000Z",
"modified": "2014-11-18T10:12:39.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-1c90-4447-80aa-4f35950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '18c66484e3129643a274086671da4efa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-e128-4da7-83a7-447a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '1f3c731aed7d8085eb2d15132819cb8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-f7b0-48d6-a3c0-44dd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '3a282da31bf93cfaaa8b5a11d441483b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-1fe8-4b84-ac7c-46eb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '3aa3846284b6e7112da90e1d5e4e7711']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-7a3c-45ff-8e47-4438950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '463a12f92652fc82b3c6e53bb917ecf2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-c7ac-472b-ad56-4f0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '52b8063f663563d549ec414a7caf38f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-1fa8-40fd-af42-451e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '54dc517c9f62dc5d435fb8bac0fd59f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-9554-4b5a-bab1-4fc6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '660b856f485fb8fa0ecb3533d88d405e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-f4bc-47ba-b3ee-4fad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '6b8ea95a729551fde76a28244cb95ac1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf5-78dc-4e9e-a923-4d8e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:13.000Z",
"modified": "2014-11-18T10:14:13.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '99f67381b3b389f0e6120603019e0ef9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-0a68-43cc-8b07-481b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = 'a0f71497ca4c4c62c094c1843693381e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-5724-4082-8502-4c14950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = 'e8ee22223b6475d7b3ef8f51383df1ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-6dc8-4ac6-8981-4606950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '0625b5b010a1acb92f02338b8e61bb34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-52e8-4a3b-aab0-40bb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '4e95cb057f351af0f7c972800a07f350']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-8258-4f3c-8b52-4959950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '59534c90c3234fbdc82492d1c1b38e59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-a518-4e5e-a106-4ee1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '726d77fe00b4c00df1bb2c5afd05ad21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-e040-4be6-9a95-4d0c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = 'd5caf69c7a2ac416131133e0b1623066']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-90a8-4f2c-aa82-4371950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '15cb44831bdd295bb3c0decf7cea0dc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-fe84-47c9-a11e-4a1b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '2393b93a762d4990ec88d25c9e809510']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-7250-4d39-ab09-48a9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '3c6ff8b69513bf338a2d5b3440b9a8cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-253c-4965-ba12-4386950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '5e5917967bb61704a473b1ad20c36769']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1bf6-76b4-487b-85ad-45fd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:14.000Z",
"modified": "2014-11-18T10:14:14.000Z",
"description": "BeepService Reverse shell to C2 server",
"pattern": "[file:hashes.MD5 = '73b8facac3e946354a89e58d308d8ebd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:14:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b1c05-ff20-46da-8e09-47cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:14:29.000Z",
"modified": "2014-11-18T10:14:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Beepservice"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1c68-9b3c-41d2-97c3-43dd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:16:08.000Z",
"modified": "2014-11-18T10:16:08.000Z",
"description": "DD Keylogger, remote control",
"pattern": "[file:hashes.MD5 = '12b0e0525c4dc2510a26d4f1f2863c75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1c68-6140-4545-bb5b-43ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:16:08.000Z",
"modified": "2014-11-18T10:16:08.000Z",
"description": "DD Keylogger, remote control",
"pattern": "[file:hashes.MD5 = '78f2acc3309e1e743f98109a16c2b481']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1c68-4fe0-47c9-b7cd-4635950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:16:08.000Z",
"modified": "2014-11-18T10:16:08.000Z",
"description": "DD Keylogger, remote control",
"pattern": "[file:hashes.MD5 = '96c28bddba400ddc9a4b12d6cc806aa3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1c68-0674-4e85-be79-4945950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:16:08.000Z",
"modified": "2014-11-18T10:16:08.000Z",
"description": "DD Keylogger, remote control",
"pattern": "[file:hashes.MD5 = '0e058126f26b54b3a4a950313ec5dbce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1c68-38e0-43ee-a4bc-43c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:16:08.000Z",
"modified": "2014-11-18T10:16:08.000Z",
"description": "DD Keylogger, remote control",
"pattern": "[file:hashes.MD5 = 'b13ab523e89d9bb055aee4d4566ab34f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1cb3-1e90-4614-99f6-40ee950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:17:23.000Z",
"modified": "2014-11-18T10:17:23.000Z",
"pattern": "[domain-name:value = 'status.acmetoy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1cb3-7484-47e8-9417-4e27950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:17:23.000Z",
"modified": "2014-11-18T10:17:23.000Z",
"pattern": "[domain-name:value = 'gfans.onmypc.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1cb3-a3fc-44b2-b9cd-4db7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:17:23.000Z",
"modified": "2014-11-18T10:17:23.000Z",
"pattern": "[domain-name:value = 'arf.dns1.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1cc7-63c0-40db-8530-4181950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:17:43.000Z",
"modified": "2014-11-18T10:17:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.19.122.231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:17:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1cc7-6278-4a42-b4d1-4821950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:17:43.000Z",
"modified": "2014-11-18T10:17:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.199.75.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:17:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1cc8-17a8-4586-b779-4f42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:17:44.000Z",
"modified": "2014-11-18T10:17:44.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.154.111.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:17:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b1ce6-c1f4-429a-b487-401e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:18:14.000Z",
"modified": "2014-11-18T10:18:14.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Campaign ID",
"x_misp_type": "pattern-in-file",
"x_misp_value": "DD5ShowNewsID"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b1ce6-0fb0-4b54-adab-4918950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:18:14.000Z",
"modified": "2014-11-18T10:18:14.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Campaign ID",
"x_misp_type": "pattern-in-file",
"x_misp_value": "WW3-ID"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b1ce6-49bc-4dd8-8a6a-4c55950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:18:14.000Z",
"modified": "2014-11-18T10:18:14.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Campaign ID",
"x_misp_type": "pattern-in-file",
"x_misp_value": "Arf2-ShowNewsID"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1d2c-8fa4-4e0b-a174-4215950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:19:24.000Z",
"modified": "2014-11-18T10:19:24.000Z",
"description": "jspRAT JSP web-based backdoor",
"pattern": "[file:hashes.MD5 = '364691d4de2bbead973f31e06ecaf210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:19:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1d2c-9db4-414e-984e-4a0e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:19:24.000Z",
"modified": "2014-11-18T10:19:24.000Z",
"description": "jspRAT JSP web-based backdoor",
"pattern": "[file:hashes.MD5 = '69f187a3072be5e6edf1486ad473016b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:19:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1d2c-66f8-49c6-aa46-4264950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:19:24.000Z",
"modified": "2014-11-18T10:19:24.000Z",
"description": "jspRAT JSP web-based backdoor",
"pattern": "[file:hashes.MD5 = '79867b86281293c7f5e4aeccc51cfab9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:19:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b1d3c-c7e8-4d29-9761-44e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:19:40.000Z",
"modified": "2014-11-18T10:19:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "jspRAT"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1d70-aa88-476a-b961-4235950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:20:32.000Z",
"modified": "2014-11-18T10:20:32.000Z",
"description": "File transfer server - broken PE",
"pattern": "[file:hashes.MD5 = 'a4fcff8ea2263e661889b030974a9166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:20:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1d80-316c-40af-8d87-4877950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:20:48.000Z",
"modified": "2014-11-18T10:20:48.000Z",
"description": "File transfer server - fixed PE",
"pattern": "[file:hashes.MD5 = 'b4634b18b8b1c24c117fc8c640916998']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:20:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b1d9a-e348-4fb1-b430-469d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T10:21:14.000Z",
"modified": "2014-11-18T10:21:14.000Z",
"description": "File transfer server",
"pattern": "[file:hashes.MD5 = 'a462d9a24bc6175d356bec99d5e4eca8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T10:21:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aa9-2594-47ab-9530-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:13.000Z",
"modified": "2014-11-18T12:25:13.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '0f171ff1a80822934439edaa7be1023b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aa9-bae8-41e1-9f47-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:13.000Z",
"modified": "2014-11-18T12:25:13.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '3f7601f0aeb5e391638a597c15f80c9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aa9-6d74-4a2e-921d-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:13.000Z",
"modified": "2014-11-18T12:25:13.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '5fa46b686c3a5e27fd4dfe0e1fbb1145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aa9-33dc-46a6-9b53-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:13.000Z",
"modified": "2014-11-18T12:25:13.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '9951f026f491ef90037a59f305269273']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aa9-3194-49b0-8c1e-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:13.000Z",
"modified": "2014-11-18T12:25:13.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = 'b14ad1298928bb33613eb8e549c93e9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-c460-4ed1-b7c2-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '35185b8c5e3cb928c97919aa5ad01315']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-788c-4bf4-abf1-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '47803deb563d9ff917369b8c97c22a7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-0350-4635-b121-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '89e9bed692611692e244ed294c9904cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-64d0-408b-ac20-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = 'a9a53cd80a12519429a9a40f9d34e563']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-3280-4870-8937-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = 'e4cdfa15a38034e6ae7f80334e7d6a14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-6d20-4061-9b5e-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '10d7989355b5fc2915a18004df4f9074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-e800-4759-98ba-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '156085a7cd31d272486193df10d7e26e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-b2dc-497a-9038-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '1a56c6eb1cd54ce642bdfd59168da127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-d874-468d-b371-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '49361de55268ff2ee67add42d359248d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-6488-4000-9c25-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = '5a5d2c6fe70521efd875fecc961ff75a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aaa-358c-46ae-84db-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:25:14.000Z",
"modified": "2014-11-18T12:25:14.000Z",
"description": "ONHAT SOCKS5 proxy server",
"pattern": "[file:hashes.MD5 = 'd414c721c60df0282481df77c0c1cdae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aea-4350-4901-a09a-0e7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:26:18.000Z",
"modified": "2014-11-18T12:26:18.000Z",
"description": "ONHAT SOCKS5 proxy server (ASPACK packed)",
"pattern": "[file:hashes.MD5 = '356c9314ae95a18f3fef630e04f4d8b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aea-3f68-472d-94a9-0e7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:26:18.000Z",
"modified": "2014-11-18T12:26:18.000Z",
"description": "ONHAT SOCKS5 proxy server (ASPACK packed)",
"pattern": "[file:hashes.MD5 = '4734d158048c398f2ae44c035487e249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3aea-3bd0-450d-b469-0e7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:26:18.000Z",
"modified": "2014-11-18T12:26:18.000Z",
"description": "ONHAT SOCKS5 proxy server (ASPACK packed)",
"pattern": "[file:hashes.MD5 = 'a90194c071aefeb21331385ad7115fbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:26:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5b-83d8-4c4d-8fed-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:11.000Z",
"modified": "2014-11-18T12:28:11.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '5d7c34b6854d48d3da4f96b71550a221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5b-2300-4645-a5fd-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:11.000Z",
"modified": "2014-11-18T12:28:11.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '9f546188e0955737deffc5cec8696d9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-5d5c-48a4-8284-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:11.000Z",
"modified": "2014-11-18T12:28:11.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '9cf67106cd1644125b773133f83b3d64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-f250-48a1-ba83-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:12.000Z",
"modified": "2014-11-18T12:28:12.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '00d0382fe1b02b529701a48a1ee4a543']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-7d38-4c4c-9499-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:12.000Z",
"modified": "2014-11-18T12:28:12.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '36093314059a9e7b95025437d523d259']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-f200-4bd4-85b0-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:12.000Z",
"modified": "2014-11-18T12:28:12.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '59ee8762316018862d7405b595267d8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-ed3c-4f3b-8cd9-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:12.000Z",
"modified": "2014-11-18T12:28:12.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '721c56a617dfd2cecade790d9e9fa9ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-5f88-461a-ac2b-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:12.000Z",
"modified": "2014-11-18T12:28:12.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = '8f73b7653ebf20f66a961cc39249b2e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b5c-f2e4-41a2-aeab-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:28:12.000Z",
"modified": "2014-11-18T12:28:12.000Z",
"description": "SimpleFileMover Transfer arbitrary files (RC4)",
"pattern": "[file:hashes.MD5 = 'dc1a284e82f4f38a628b84b0e43e65d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3b96-ed18-4686-b26f-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:29:10.000Z",
"modified": "2014-11-18T12:29:10.000Z",
"description": "SimpleFileMover Transferarbitrary files (RC4) - pmj packed",
"pattern": "[file:hashes.MD5 = 'b7a68a8b6cac502ad0adcf18d33a34c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--546b3ba9-c290-41cd-a221-433d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:29:29.000Z",
"modified": "2014-11-18T12:29:29.000Z",
"first_observed": "2014-11-18T12:29:29Z",
"last_observed": "2014-11-18T12:29:29Z",
"number_observed": 1,
"object_refs": [
"file--546b3ba9-c290-41cd-a221-433d950d210b"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--546b3ba9-c290-41cd-a221-433d950d210b",
"hashes": {
"MD5": "a72d6dad860ca707e8abf18f771ed3f7"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3bc3-f718-4352-af14-89b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:29:55.000Z",
"modified": "2014-11-18T12:29:55.000Z",
"description": "SimpleFileMover Transferarbitrary files (RC4, Server version) - broken PE",
"pattern": "[file:hashes.MD5 = '6130776a40971d0ca526fd23e16e36ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:29:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3bd5-fa10-4859-9291-40b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:30:13.000Z",
"modified": "2014-11-18T12:30:13.000Z",
"description": "SimpleFileMover Transferarbitrary files (RC4, Server version) - fixed PE",
"pattern": "[file:hashes.MD5 = 'c460db6833e5542dede0bb04fdabdb59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:30:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3bef-23b8-4846-aaa0-4348950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:30:39.000Z",
"modified": "2014-11-18T12:30:39.000Z",
"description": "SimpleFileMover Transferarbitrary files (No crypto, Debug version)",
"pattern": "[file:hashes.MD5 = '731089e10e20b13095df2624b6eb399f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:30:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3c65-3898-4ca4-a997-29c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:32:37.000Z",
"modified": "2014-11-18T12:32:37.000Z",
"description": "(Un)Installs a malicious service - MSSprv",
"pattern": "[file:hashes.MD5 = 'f23ee51aa4a652266c2c1666bc15e15b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3c89-7450-4721-8d81-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:33:13.000Z",
"modified": "2014-11-18T12:33:13.000Z",
"description": "(Un)Installs a malicious service - UPSmgr",
"pattern": "[file:hashes.MD5 = '4a12f4646fe052392641533944d240d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:33:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3c89-f014-4d53-8437-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:33:13.000Z",
"modified": "2014-11-18T12:33:13.000Z",
"description": "(Un)Installs a malicious service - UPSmgr",
"pattern": "[file:hashes.MD5 = 'bc55ba7467d5d62ac0b5c42a2c682fd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:33:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cb9-0134-4026-b1d3-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:01.000Z",
"modified": "2014-11-18T12:34:01.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '8d64f279400d8e1f8bf2170d148203a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cb9-6da8-4a29-8a22-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:01.000Z",
"modified": "2014-11-18T12:34:01.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '90a219684b3b815d6b6c1addd5e28c5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cb9-2034-442f-805f-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:01.000Z",
"modified": "2014-11-18T12:34:01.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '3ce19fc2a1a6a42b8450d477a9919de2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cb9-505c-4428-92e0-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:01.000Z",
"modified": "2014-11-18T12:34:01.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '718c6e47512bec8c585320d087041ace']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cb9-9f4c-4a99-ac9c-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:01.000Z",
"modified": "2014-11-18T12:34:01.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '47cc260cf70fc81995f651dc1c5b172a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cb9-fa20-4980-b25e-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:01.000Z",
"modified": "2014-11-18T12:34:01.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = 'ea66e664bdf530124ff7993a4ad510d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cba-2874-44c5-9f8c-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:02.000Z",
"modified": "2014-11-18T12:34:02.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '35f65bd2c9ff5c46186f84f19a3a7d18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cba-82b4-407f-8cb1-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:02.000Z",
"modified": "2014-11-18T12:34:02.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '25721aa47fb29fcba9de1f3406d9f8d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cba-60b4-4dd1-87ce-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:02.000Z",
"modified": "2014-11-18T12:34:02.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '31da84e9dd9b865a7d0e4c3baa7b05a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3cba-d13c-49f1-92ca-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:34:02.000Z",
"modified": "2014-11-18T12:34:02.000Z",
"description": "Ziyang RAT",
"pattern": "[file:hashes.MD5 = '7b30b4d95ed988081ec9fe3908df409e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:34:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3d0c-b798-46a2-9cf1-43ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:35:24.000Z",
"modified": "2014-11-18T12:35:24.000Z",
"description": "Ziyang RAT CnC",
"pattern": "[domain-name:value = 'shabidomain.4456dvr.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:35:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3d0c-ad7c-4181-ad34-49b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:35:24.000Z",
"modified": "2014-11-18T12:35:24.000Z",
"description": "Ziyang RAT CnC",
"pattern": "[domain-name:value = 'inno-tech.isgre.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:35:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3d0c-63c4-41f4-9cfd-4037950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:35:24.000Z",
"modified": "2014-11-18T12:35:24.000Z",
"description": "Ziyang RAT CnC",
"pattern": "[domain-name:value = 'adobeupdater3.isgre.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:35:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3d29-19fc-4733-9459-4948950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:35:53.000Z",
"modified": "2014-11-18T12:35:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.188.43.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:35:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b3d76-dfe4-4258-9518-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:37:10.000Z",
"modified": "2014-11-18T12:37:10.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Ziyang RAT",
"x_misp_type": "pattern-in-file",
"x_misp_value": "The Power Was Blocked, Release it please!"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b3d76-b80c-406c-820e-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:37:10.000Z",
"modified": "2014-11-18T12:37:10.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Ziyang RAT",
"x_misp_type": "pattern-in-file",
"x_misp_value": "The Power Was Blocked, You are not Master!"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b3d76-9d84-4db5-9907-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:37:10.000Z",
"modified": "2014-11-18T12:37:10.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Ziyang RAT",
"x_misp_type": "pattern-in-file",
"x_misp_value": "The Power was released already, Just use it."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b3d76-460c-4bff-81d2-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:37:10.000Z",
"modified": "2014-11-18T12:37:10.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Ziyang RAT",
"x_misp_type": "pattern-in-file",
"x_misp_value": "The Power was released, Just do what you want!"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546b3d76-c0a4-4734-ab91-0fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:37:10.000Z",
"modified": "2014-11-18T12:37:10.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_comment": "Ziyang RAT",
"x_misp_type": "pattern-in-file",
"x_misp_value": "ZiYangZhouhu"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3daf-c0bc-4cec-99d9-89be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:38:07.000Z",
"modified": "2014-11-18T12:38:07.000Z",
"description": "Control module",
"pattern": "[file:hashes.MD5 = 'eb8399483b55f416e48a320d68597d72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3dc1-d5e4-405f-bf7b-48c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:38:25.000Z",
"modified": "2014-11-18T12:38:25.000Z",
"description": "Agent module",
"pattern": "[file:hashes.MD5 = '68aed7b1f171b928913780d5b21f7617']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3dd6-5884-49fc-b455-412d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:38:46.000Z",
"modified": "2014-11-18T12:38:46.000Z",
"description": "Agent module - old version",
"pattern": "[file:hashes.MD5 = '54e4a15a68cfbb2314d0aaad455fbfce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3de4-e4d8-4917-aec8-4f19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:39:00.000Z",
"modified": "2014-11-18T12:39:00.000Z",
"pattern": "[mutex:name = 'Mtx_Sp_On_PC_1_2_8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:39:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-9c60-4780-91cc-4571950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\My Documents\\\\My Pictures\\\\wins']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-46f8-4eb4-bec9-4bc8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Pictures\\\\wins']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-36f0-4d0e-93ea-4399950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\msagent\\\\netwn.drv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-2548-4928-8878-4272950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\NetHood\\\\Microsoft\\\\Windows\\\\Help\\\\set.fl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-ab3c-464d-a842-4025950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\Windows\\\\Network Shortcuts\\\\Microsoft\\\\Windows\\\\Help\\\\set.fl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-80dc-4f45-b956-43e0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Local Settings\\\\Application Data\\\\Microsoft\\\\Windows\\\\Chars\\\\ferf.st']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-34c8-4d66-b38d-4d45950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Microsoft\\\\Windows\\\\Chars\\\\ferf.st']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-d28c-40fa-9646-4a9b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Local Settings\\\\Application Data\\\\Microsoft\\\\Windows\\\\Chars\\\\fert.st']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6a-f838-4499-bdb5-4756950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:14.000Z",
"modified": "2014-11-18T12:41:14.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Microsoft\\\\Windows\\\\Chars\\\\fert.st']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6b-c2f0-49e6-99b8-4927950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:15.000Z",
"modified": "2014-11-18T12:41:15.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Local Settings\\\\Application Data\\\\Microsoft\\\\Windows\\\\Help\\\\update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546b3e6b-8278-48fc-8a53-4d0b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-18T12:41:15.000Z",
"modified": "2014-11-18T12:41:15.000Z",
"pattern": "[file:name = '\\\\%LOCALAPPDATA\\\\%\\\\Microsoft\\\\Windows\\\\Help\\\\update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-18T12:41:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645be-0f64-4fe0-a6e2-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:18.000Z",
"modified": "2016-02-18T22:29:18.000Z",
"description": "Automatically added (via 96c28bddba400ddc9a4b12d6cc806aa3)",
"pattern": "[file:hashes.SHA1 = 'b888a3371d2f04b6a68fc3ecadff3f3194688756']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c1-1584-4576-84b7-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:21.000Z",
"modified": "2016-02-18T22:29:21.000Z",
"description": "Automatically added (via 78f2acc3309e1e743f98109a16c2b481)",
"pattern": "[file:hashes.SHA1 = '612d96c53b7df6c3c44b1358dbb38ccff0aed052']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c3-9b9c-4093-baf0-5ca1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:23.000Z",
"modified": "2016-02-18T22:29:23.000Z",
"description": "Automatically added (via 12b0e0525c4dc2510a26d4f1f2863c75)",
"pattern": "[file:hashes.SHA1 = 'b3f9abbd7dcbb340bdb5acd1fbc74b252508e66b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c5-7190-4520-91bd-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:25.000Z",
"modified": "2016-02-18T22:29:25.000Z",
"description": "Automatically added (via 0f171ff1a80822934439edaa7be1023b)",
"pattern": "[file:hashes.SHA1 = '81c937e76488441f21e85cc76f4e8afda1eaf6be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c8-2cdc-4d9d-9ca6-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:28.000Z",
"modified": "2016-02-18T22:29:28.000Z",
"description": "Automatically added (via 47803deb563d9ff917369b8c97c22a7e)",
"pattern": "[file:hashes.SHA1 = '6f50b0b5e48307f5aa5ea8580287becda6343aee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645ca-3d58-46b9-8ff2-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:30.000Z",
"modified": "2016-02-18T22:29:30.000Z",
"description": "Automatically added (via 10d7989355b5fc2915a18004df4f9074)",
"pattern": "[file:hashes.SHA1 = 'f4e912585460656d7f368ef307522a3c1922f20e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645cd-b1fc-4e01-bb5a-599e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:33.000Z",
"modified": "2016-02-18T22:29:33.000Z",
"description": "Automatically added (via 5d7c34b6854d48d3da4f96b71550a221)",
"pattern": "[file:hashes.SHA1 = '1f0e20fbc74b4a7b1d73a0a6ac131f9543bd6cbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645cf-f864-4e0c-9b7c-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:35.000Z",
"modified": "2016-02-18T22:29:35.000Z",
"description": "Automatically added (via 00d0382fe1b02b529701a48a1ee4a543)",
"pattern": "[file:hashes.SHA1 = '1fb11cd15466f483a211832e48af423d8baea7e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d1-efe0-46d4-a3a0-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:37.000Z",
"modified": "2016-02-18T22:29:37.000Z",
"description": "Automatically added (via 721c56a617dfd2cecade790d9e9fa9ce)",
"pattern": "[file:hashes.SHA1 = '5a9da1fb37a484aeb40e05e81f28655265e75727']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d4-8ac8-4028-883c-445f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:40.000Z",
"modified": "2016-02-18T22:29:40.000Z",
"description": "Automatically added (via 8f73b7653ebf20f66a961cc39249b2e3)",
"pattern": "[file:hashes.SHA1 = '401c196b8fd5f835ebc8cf99e0ce769dd916ecbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d8-648c-415c-a0a2-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:44.000Z",
"modified": "2016-02-18T22:29:44.000Z",
"description": "Automatically added (via 7b30b4d95ed988081ec9fe3908df409e)",
"pattern": "[file:hashes.SHA1 = 'ae8126f84dc5a84ef9dfe0c6c49525b7f21e87ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645da-21bc-40d2-9b42-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:46.000Z",
"modified": "2016-02-18T22:29:46.000Z",
"description": "Automatically added (via 68aed7b1f171b928913780d5b21f7617)",
"pattern": "[file:hashes.SHA1 = '44e711e95311b81d597a7800d96482b873cb8235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645df-6e20-4dcc-a990-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:51.000Z",
"modified": "2016-02-18T22:29:51.000Z",
"description": "Automatically added (via 5e5917967bb61704a473b1ad20c36769)",
"pattern": "[file:hashes.SHA1 = '7243730d1ca58858c49f0c68646aa26dfb040372']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645bf-13fc-494e-9656-47cd950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:19.000Z",
"modified": "2016-02-18T22:29:19.000Z",
"description": "Automatically added (via 96c28bddba400ddc9a4b12d6cc806aa3)",
"pattern": "[file:hashes.SHA256 = '689be4fa4158ab2980030fa0cb3ffd42df51293d6f38d11c0b32804cfd28a2ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c1-36ac-4ac4-a901-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:21.000Z",
"modified": "2016-02-18T22:29:21.000Z",
"description": "Automatically added (via 78f2acc3309e1e743f98109a16c2b481)",
"pattern": "[file:hashes.SHA256 = 'cb374f08d1842b12ce11bd563e86525cc641c39b7584158ececf1e90718f7d75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c3-3764-4385-880c-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:23.000Z",
"modified": "2016-02-18T22:29:23.000Z",
"description": "Automatically added (via 12b0e0525c4dc2510a26d4f1f2863c75)",
"pattern": "[file:hashes.SHA256 = '4fd0c6187360c628be002f8556b04856b3166ecd6a193f4885d7f85fca0cb43f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c6-05cc-49be-bd05-48a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:26.000Z",
"modified": "2016-02-18T22:29:26.000Z",
"description": "Automatically added (via 0f171ff1a80822934439edaa7be1023b)",
"pattern": "[file:hashes.SHA256 = 'd0213a305436dc0bbe0623e190f7095b218d302e6b1f509e2ca0ee7e1deb5142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645c9-1c9c-4f24-b852-4230950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:29.000Z",
"modified": "2016-02-18T22:29:29.000Z",
"description": "Automatically added (via 47803deb563d9ff917369b8c97c22a7e)",
"pattern": "[file:hashes.SHA256 = 'dded62ad85c0bdd68bcc96f88d8ba42d5ad0ef999911ebdea3f561a4491ebbc6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645cb-6234-440a-be8b-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:31.000Z",
"modified": "2016-02-18T22:29:31.000Z",
"description": "Automatically added (via 10d7989355b5fc2915a18004df4f9074)",
"pattern": "[file:hashes.SHA256 = '04a0fe701e2ad53ca0b3055d3e418469845a4b815a35ee4eee354c50a1a9981f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645ce-0848-432c-9219-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:34.000Z",
"modified": "2016-02-18T22:29:34.000Z",
"description": "Automatically added (via 5d7c34b6854d48d3da4f96b71550a221)",
"pattern": "[file:hashes.SHA256 = 'bec31fc132cff00910cb07cf9d66c9fcf5ff511f8182b61622a18843f0fd5841']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d0-f9a8-44e5-80f1-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:36.000Z",
"modified": "2016-02-18T22:29:36.000Z",
"description": "Automatically added (via 00d0382fe1b02b529701a48a1ee4a543)",
"pattern": "[file:hashes.SHA256 = '8c086f47b51839bcf4b6f2c9643e0099c63798a4736d2c18e9aa3f7fa7f6d49b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d3-1650-4787-b31a-59a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:39.000Z",
"modified": "2016-02-18T22:29:39.000Z",
"description": "Automatically added (via 721c56a617dfd2cecade790d9e9fa9ce)",
"pattern": "[file:hashes.SHA256 = '0bd948790ed88ce261b63799ca11aa7199107ced88f2d16d6f5797518c23a5c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d5-7db0-4779-9fe0-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:41.000Z",
"modified": "2016-02-18T22:29:41.000Z",
"description": "Automatically added (via 8f73b7653ebf20f66a961cc39249b2e3)",
"pattern": "[file:hashes.SHA256 = '9088ff0552beeee85634a72d39eab1e80c77b09c677c33559fd28f4bc92ea718']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645d9-b870-4881-ac5c-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:45.000Z",
"modified": "2016-02-18T22:29:45.000Z",
"description": "Automatically added (via 7b30b4d95ed988081ec9fe3908df409e)",
"pattern": "[file:hashes.SHA256 = 'f6e1f835b4087765aba6cc921f8d8a20bf8969f85e1859d2c770fab31139ae42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645db-37dc-4713-89a1-4ae0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:47.000Z",
"modified": "2016-02-18T22:29:47.000Z",
"description": "Automatically added (via 68aed7b1f171b928913780d5b21f7617)",
"pattern": "[file:hashes.SHA256 = '11e823bf9a73daabf9bd5a8b2d8a59cf02a31b31bfdd3bfe63b1758d4bee30cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c645e0-059c-489d-b45d-442e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:29:52.000Z",
"modified": "2016-02-18T22:29:52.000Z",
"description": "Automatically added (via 5e5917967bb61704a473b1ad20c36769)",
"pattern": "[file:hashes.SHA256 = '8521e86ded314b4dde21f5d3815bbf81acf4b961268d8f3e09d9cd0a5c1213cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:29:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue View git blame Copy permalink